We, DR Solicitors, are committed to processing any personal information or data that we hold, fairly and transparently in accordance with the law.
Who we are
DR Solicitors is the trading name of DR Solicitors Ltd, a limited company registered in England & Wales with company number 06122637; and whose registered office is at Weybourne House, Hitherbury Close, Guildford, Surrey GU2 4DR. There are 2 directors, Daphne Robertson and Nils Christiansen.
We are authorised and regulated by the Solicitors Regulation Authority under no. 522996. We are subject to the SRA Standards and Regulations which can be viewed here: https://www.sra.org.uk/solicitors/standards-regulations/
The SRA require us to identify individuals fulfilling certain mandatory roles, being:
- Compliance Officer for Legal Practice – Daphne Robertson
- Compliance Officer for Finance & Administration – Nils Christiansen
- Money Laundering Reporting Officer – Nils Christiansen
How we collect data
We may collect your data and personal information:
- Directly from you during the ordinary course of business;
- From publicly available information;
- From a person making an enquiry on your behalf (such as a partner, employee, or a surveyor or accountant);
- Automated technologies and interactions (including Google analytics, cookies etc)
Lawful basis for processing data
We will only use your personal data in accordance with the law.
We rely on the following lawful bases to process your data. These are:
|Lawful Basis & description
||Examples in practice
you have given us clear consent for a specific action
|we only rely on consent as a legal basis for processing your personal data where we have had no previous business relationship with you and you have signed up to receive certain information from us, such as our blog
processing is necessary for our legitimate interests or the legitimate interests of a third party
|to provide legal services to our clients; to respond to enquiries about our services where you have contacted us prior to formally instructing us; for the legitimate running of our business including administration, IT security and fraud prevention; compliance with the Solicitors Regulation Authority’s policies and procedures; to send relevant healthcare law related information to our known clients, former clients and business contacts; to support our own business development strategy;
processing is necessary for a contract we have entered into or because you have asked us to take specific steps before entering into a contract
|it is necessary in order to perform a contract with you or the organisation you work for. This is not normally the legal basis for the provision of legal services to our clients
processing is necessary for us to comply with the law (not including contractual obligations)
|we are required by law to submit your information to a public authority or similar body. Examples of this could include complying with our anti-money laundering obligations
We do not rely on consent as a legal basis for processing your personal data other than as described above.
We will only collect ‘special category’ data as part of a legal matter which we have been instructed upon. The lawful basis for the collection of this data is legitimate interest and the condition for processing is that this data is necessary for the establishment, exercise or defence of legal claims.
Unless we have a legal obligation to continue processing your data, we will stop processing your data if you ask us to do so.
How we will use the information we hold about you
We will only use your personal data for the legal basis upon which it was collected.
We may have to share your personal data with certain third parties such as:
- During the ordinary course of business necessary to conduct your matter, to otherside solicitors, counsel, surveyors, accountants etc
- HM Land Registry, HM Revenue & Customs, regulators and other authorities acting as processors based in the UK who require reporting of processing activities in certain circumstances
- Service providers to DR Solicitors who act as processors and who provide us with IT and business support services
If we do transfer data to third parties, then we will have satisfied ourselves that that they are compliant with the data protection regulations.
We may store some of your personal contact information in a single private cloud located within or outside of the EEA and managed by a third party service provider. Where we transfer your personal information outside the EEA we will take reasonable steps to ensure that your information is treated securely and the means of transfer provide adequate safeguards.
All of our client files and related personal data are stored within the UK.
IT policy: automated technologies and interactions
Our website uses the Facebook Pixel tracking code to help optimise advertising through Facebook. Facebook’s pixel collects three types of data whenever it is loaded:
- Http headers: Anything present in HTTP headers. HTTP headers is a standard web protocol sent by default between any browser request and any server on the Internet. HTTP headers include IP addresses, information about the web browser, page location, document, referrer and user agent.
- Pixel-specific data: This includes the pixel ID and Facebook cookie.
- Optional values: Additional information can be sent about your visit through custom data events. Example custom data events are page type or service type.
Advertising preferences for Facebook can be managed from your Facebook account, via this link: https://www.facebook.com/ads/preferences/
Our website uses Google Analytics cookies which allows us to measure the number of visitors; see how they navigate they site and which resources they access. This helps us develop new content and to improve our website. We are not able to identify individual visitors.
You can choose to enable or disable cookies in your web browser. By default, your browser will accept cookies, however this can be altered. For further details please consult the help menu in your browser. Disabling cookies may prevent you from using the full range of Services available on the website.
Our data retention periods
Our retention periods depend on what the data is and the reasons for which it was collected. We have to comply with the requirements of various commercial bodies including: the SRA’s guidelines; our own professional indemnity insurers’ requirements; and the instructions of banks and other lending institutions where we have acted for a mortgagee.
If you wish to know more about the firm’s retention and destruction policy or any of the firm’s different retention periods, please contact firstname.lastname@example.org
We will securely delete information that is no longer needed and will update any information if we are advised or become aware that it is out of date
How to exercise your individual rights
You may have certain rights in respect of your personal data, including:
- Access to your personal data;
- Amendment of your personal data;
- Erasure of your personal data;
- Objection to and/or restriction on processing of your data;
- Transfer of your personal data;
- The right to withdraw consent.
Data Protection Office
Surrey GU2 4DR
Phone: 01483 511555
Your right to complain
We hope that you won’t ever need to, but if you do need to raise a complaint about our use of personal data, please use our contact details above.
You also have the right to lodge a complaint about our use of your personal data with the Information Commissioner’s Office. You can do this via their website https://ico.org.uk/make-a-complaint/ or by calling them on 0303 123 1113.