Chat with us, powered by LiveChat

Watkins & Gunn is committed to protecting and respecting your privacy.

In accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR),
this Data & Privacy Notice explains, in detail,  out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand how we will treat it, protect it and to understand more about your rights. By providing your personal information to us you are agreeing to us using your information as described in this policy.

Definitions

We or Us: Watkins and Gunn Ltd, a company registered in England & Wales.
​Company registration no: 13198809

Registered Office – Glantorfaen House, Hanbury Road, Pontypool, Torfaen NP4 6XY
Personal data: Any data or information, in electronic or organised hard copy, that identifies you personally or which relates to you when you are identifiable.
Special categories of personal data: Sensitive information relating to you, namely: health records; information regarding your sex life, sexual orientation, political opinions, religious or philosophical beliefs, racial or ethnic origin, trade union membership; and genetic and biometric data

Personal data we process

  • Your name and contact details
  • ID and other information we require to conduct due diligence on you
  • Personal and financial information relating to your legal matter
  • Special categories of personal data, where relevant to your legal matter

Our lawful basis for processing your personal data and special categories of personal data (sensitive information)

  • You have instructed us to give you legal advice and/or representation. The solicitor-client relationship is a contractual one, and it is a requirement that you agree to our terms of business. To perform this contract, it is unavoidable that this requires us to collect, process and store personal information about you.
  • We have legal and regulatory duties to process certain personal data, including ID and other information we require to conduct due diligence on you.
  • The information requested when you instruct us is required in order to identify you and perform our service for you.  If you do not provide the requested information we will not be able to provide our service to you.
  • We have a legitimate interest in contacting you to market our services to you.
  • For special categories of personal data, we are permitted to process your data (e.g. health records) for the purposes of giving legal advice.

In summary, we do not anticipate requiring your explicit consent to process your personal data. If that changes we will let you know.

How will we use your personal data

We use information you provide to us in the following ways:

  • to identify you and provide you with the legal services you have requested;
  • to provide you with information you have requested about services we offer;
  • to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and services that you request from us;
  • to notify you about changes to our service;
  • to deal with your feedback, query or complaint;
  • to comply with any legal or professional obligations which apply to us;
  • we also use your information to administer, support, improve and develop our business generally and to enforce our legal rights.

Where we get your personal data from

  • You or your representatives
  • Public records
  • Other parties you instruct us to contact (e.g. doctors, employers, estate agents, accountants, banks, surveyors, medical professionals, courts, regulatory bodies and other advisors and specialists related to your matter)
  • Opponents in your matter if we are acting for you in a dispute;
  • Our clients and matter contacts may also provide us information about you if you are involved in a transaction or dispute with one of our clients or have a connection with them such as being a tenant or employee of a client.

Your data rights

You have the right, free of charge, to:

  • Access your personal data (known as a subject access request)
  • Have mistakes rectified
  • Have your personal data erased by us or restrict the way we process your personal data (subject to certain conditions)
  • ‘Port’ your personal data to another provider
  • Object to us using your personal data for direct marketing
  • Not be subject to ‘automated processing’ (often referred to as ‘profiling’).

You simply need to contact us to exercise any of your rights. In the case of marketing, there is always an ‘unsubscribe’ button in our marketing emails.

For more information on your legal rights see the Information Commissioner’s website (www.ico.org.uk).

Retention of personal data

We are required by our insurers and regulators to keep your file and personal data for minimum periods. We are not however permitted to keep your personal data indefinitely or for longer than is necessary.

Our retention policy is that the minimum period we will keep files and other personal data relating to a legal matter is six years. We may keep your file for significantly longer than that if it is necessary and in our legitimate interests to do so (for example, files relating to wills, property or children, or where you request this).

We operate a rolling annual programme of file destruction. All our files and other documents containing personal data are destroyed securely.

Sharing your personal data

We may need to share your personal data with other professionals who we instruct on your behalf (e.g. barristers and doctors), third parties who are vital to a transaction (e.g. mortgage provider, the courts), providers of services that are necessary to progress a legal matter (e.g. to perform our client due diligence checks on you), and people who you ask us to share your personal data with (such as estate agents, family members or other representatives).

We may also need to share your personal data with our regulators, insurers, and law enforcement agencies.

We use external auditors to review our files for training, compliance and quality.

Where we share your personal data with third parties, we will ensure that they have appropriate data protection arrangements in place. We provide only the information they need to perform their specific services.
They may only use your data for the exact purposes we specify in our contract with them.

Where we hold your personal data

Your data will be stored at our offices and on our IT equipment, or where your information is shared with a third party, at their premises or on their IT equipment.

We archive our old files to a secure facility prior to destruction. Details are available on request.

How we protect your data

We take protecting your data very seriously. The data you give us may be subject to Legal Professional
Privilege and is often extremely sensitive and confidential.
With this in mind we will treat your data with the utmost care and take all appropriate steps to protect
it. We have clear data protection and information security policies and procedures in place (along with
Regulatory and other legal obligations to keep your data safe) and these are regularly assessed as part
of our Quality Standards and compliance processes.
We protect our IT system from Cyber Attack. Access to your personal data is password‐protected, and
sensitive data is secured by encryption.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration
testing to identify ways to further strengthen security.

How long will we keep your data?

We only keep your data for as long as is necessary for the purpose(s) for which it was provided.
Normally this is for 6 years after your case or matter ends.

Where your data is processed

We store and process all of our data within the European Economic Area (EEA). The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We  we do not have offices outside England & Wales, we have no reason to transfer your personal data outside the UK or the European Economic Area-  unless you or a third party with whom we must share your personal data are based outside the UK or the EEA.

Where we use third party IT services (e.g. ‘cloud’ based software) we shall ensure that their data centres are either within the EEA or that there are lawful safeguards in place to protect your personal data to the same standard as if it were held within the UK or the EEA.

Data Protection Officer

We do not have a Data Protection Officer but have appointed a Data Protection Manager to implement our data protection policies and procedures. Our Data Protection Manager’s details are:

Clive Thomas, Glantorfaen House, Hanbury Road, Pontypool, Torfaen NP4 6XY.

For the purpose of Data Protection legislation, the data controller is Watkins & Gunn.

Complaints and questions

If you have a complaint or question about our use of your personal data, please contact in the first instance our Data Protection Manager by clicking here.

You may also make complaints direct to the Information Commissioner’s Office (web: ico.org.uk/concerns tel: 0303 123 1113).

Directors
Clive Thomas
Jonathan Wellington
Sophie Hughes
Michael Imperato
Lisa Guscott
Kate Roberts
Offices
Cardiff
Newport
Pontypool
Watkins & Gunn is the trading name of Watkins & Gunn Ltd a company registered in England & Wales. Company Registration No. - 13198809| VAT no - 134778838 Authorised & Regulated by the Solicitors Regulation Authority SRA No. 820245 www.sra.org.uk
Designed & Developed by Spindogs