F6.1 Information Handling (F6.1) and Data Protection Policy

The firm will at all times comply with the Data Protection Act 2018 and the GDPR. (See F4.1). The firm’s Data Protection policy is made available on the firm’s website www.taylorslaw.net.

Taylors Data Protection and Information Policy (F6.1)

Data Protection Act 1998 (F4.1)

1. The firm is authorised as a controller and processor of data with the Information Commissioner’s Office in accordance with the Data Protection Act 1998.
2. A client will be made aware that the firm stores data accordingly.
3. All client data will be processed and handled in accordance with the requirements of the Data Protection Act 1998. https://ico.org.uk/for-organisations/guide-to-data-protection/key-definitions/.
4. Furthermore, the Firm will comply fully with the General Data Protection Regulation 2016.
5. In particular, data will be treated:

1. Fairly and lawfully
2. For only the appropriate purposes for which is was obtained

• Only to the extent that is adequate for the service being provided

1. So that it is accurate and up to date
2. Retained for only as long as is necessary and not longer
3. In accordance with the rights of the Data subject

• Available on request by the data subject
• Stored securely at all times and password protected on any electronic system

1. Not provided to international agencies or sent abroad without permission.

The Data Protection Policy and Information Policy sets out:

• The standards that you can expect from Taylors Solicitors and when Taylors Solicitors requests or holds personal information or data about you;
• How you can get access to a copy of your personal data; and
• What you can if you think the standards are not being met.

Taylors Solicitors is a solicitor’s firm regulated by the Solicitors’ Regulation Authority, the Law Society, the Information Commissioner’s Office, and the Legal Aid Agency.

Fiona Taylor is the Data Controller for the personal data held by Taylors Solicitors.

Taylors Solicitors collects and processes personal data for the exercise of its own and associated functions. The legal basis for using and processing data is legal obligation unless specified otherwise.

About Personal Data

Personal data is information that relates to living individuals who can be identified from the data. Personal data is information about you as an individual. Personal data is defined in the UK GDPR as:

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

This means personal data has to be information that relates to an individual. That individual must be identified or identifiable either directly or indirectly from one or more identifiers or from factors specific to the individual.

The UK GDPR covers the processing of personal data in two ways:

• personal data processed wholly or partly by automated means (that is, information in electronic form); and
• personal data processed in a non-automated manner which forms part of, or is intended to form part of, a ‘filing system’ (that is, manual information in a filing system).

Types of Personal Data Processed

We only process personal data that is relevant and necessary for the services the

firm is providing to you. This may include:

• Personal details;
• Family, lifestyle and social circumstances;
• Financial details;
• Employment and education details;
• Physical or mental health details;
• Criminal offences, including alleged offences;
• Criminal and Civil legal proceedings, including outcomes, sentences and Court

orders;

• Nationality and immigration status.

We also collect ‘special categories of personal data’. Some ‘special category’ data is collected because it is directly relevant to making a decision on a legal aid case. We also collect some data for the purposes of monitoring equality and for assisting in the preparation of cases.

Special categories of personal data

Some of the personal data you process can be more sensitive in nature and therefore requires a higher level of protection. The UK GDPR refers to the processing of these data as ‘special categories of personal data’. This means personal data about an individual’s:

• race;
• ethnic origin;
• political opinions;
• religious or philosophical beliefs;
• trade union membership;
• genetic data;
• biometric data (where this is used for identification purposes);
• health data;
• sex life; or
• sexual orientation.

We will safeguard your personal data and will only disclose it where it is lawful to do so, or with your consent. ‘Special categories of personal data’ obtained for equality monitoring purposes will be treated with the strictest confidence and any information published will not identify you or anyone else associated with you.

Such data will be regularly updated, and at least reviewed each time a client instructs us in a new case or matter. Employees or consultants will be asked to advise the Data Protection Officer of any change in their personal data within 14 days.

Sharing Personal Data

We sometimes need to share the personal data we process with the individual themselves, and with other organisations. Where this is necessary we will comply with all aspects of data protection legislation. Types of organisations we may share some of the personal data processed, for one or more reasons, include:

• Family, associates and representatives of the person whose personal data is being processed;
• Current, past and prospective employers;
• Educators, training establishments and examining bodies;
• Healthcare, social and welfare advisors or practitioners;
• Local and Central Government (eg probation service, Legal Aid Agency, HM Courts and Tribunals Service, the police);
• Suppliers and services providers, such as counsel, medical professionals;
• Debt collection and tracing organisations;
• Financial organisations;
• Members of the Judiciary;
• Business associates and other professional advisors and consultants;
• Employees and agents working for the firm;
• Ombudsmen, regulatory authorities and professional standards bodies;
• Police forces;
• The Media;
• Auditors and audit bodies;
• Prosecuting authorities; and
• Security services.

You can contact our Data Protection Officer for further information on the organisations we may share your specific personal data with. Her contact details are set out below.

Overseas data

We do not knowingly transfer personal data overseas.

Privacy Notices

When we collect personal data from you we will inform you of the reasons why it is being collected, the legal basis for collecting it, whether we share the information with other organisations and of our obligations and your rights under data protection legislation. This information will be displayed on a Privacy Notice which will be available to you in our office and is available free of charge upon request.

Our Commitments

When asking for your personal data we promise to:

• Make sure you know why we need your personal data and whether you can

say no when asked for it;

• Ask only for the personal data needed and not collect information that is irrelevant

or excessive;

• Protect your personal data and make sure no unauthorised person has access to it;
• Only share the information with other organisations when it is appropriate and

necessary to do so, for legitimate purposes;

• Make sure your personal data is not kept for longer than is necessary;
• Not make your personal data available for commercial use without your express

consent; and

• Consider your request to stop processing, amend, erase or access your personal

data.

We ask you to:

• Give us accurate information; and
• Tell us as soon as possible if there are any changes to your personal

circumstances, such as your address or finances. This helps us to keep your

personal data reliable, accurate and up to date.

Access to Personal Data

You can find out if we hold any personal data about you and if so, what, by making a Subject Access  Request. To make a Subject Access Request please contact:

Fiona Taylor at 200 Brook Drive, Reading, RG2 6UB or email taylorssolicitors1@outlook.com

You can get more details on:

• Asking us to correct any mistakes;
• Agreements that we have with other organisations for information sharing;
• Circumstances where we can pass on personal data without telling you;
• Instructions to staff on how to collect, use and delete your personal data;
• Checking that the data we hold is accurate and up-to-date;
• Making a complaint about our use of your personal data; and
• Any other concerns about the use of your personal data.

Cookies

Our website uses cookies. You can find details of how cookies are used on our website www.taylorslaw.net. We never knowingly sell your data, but some organisations such as Google may use cookies to track visitors to our sites.

Processing Data

Processing covers a wide range of operations performed on personal data, including by manual or automated means. It includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

The General Data Protection Regulation (GDPR) applies to the processing of personal data wholly or partly by automated means as well as to non-automated processing, if it is part of a structured filing system.

Examples of processing we may undertake include:

• staff management and payroll administration;
• access to/consultation of a contacts database containing personal data;
• sending promotional emails;
• shredding documents containing personal data;
• posting/putting a photo of a person on a website;
• storing IP addresses or MAC addresses;
• video recording (CCTV);
• instructing counsel and agents;
• instructing experts;
• taking your instructions on a case and storing them on our system;
• asking for medical reports;
• asking for references;
• applying for legal aid;
• complying with our auditing processes;
• contacting police and Crown Prosecution Service on your behalf;

In particular, we may collect and process data, including sharing it with your consent, for the purpose of preparing your case, including:

Taking and retaining your instructions – Typically, this might include the following:

Contact details (including your name, address, date of birth, landline and mobile telephone numbers, and email address)

Photographic identification and proof of address documents (to carry out due diligence)

Professional information (such as job title, previous positions, and professional experience)

Banking and financial details (to establish the source of funds where a transaction is involved, or to make payments to you, or to collect information for the Legal Aid Agency if your case is publicly funded)

Information relating to your individual enquiry for legal services from us

Where necessary to act in your best interests, provide legal services to you, and for the establishment, exercise, or defence of your legal matter, we may need to process personal data which is very sensitive in nature such as diversity and health-related details. In some circumstances,

We may need to share this information with third parties, for example a court or tribunal. If you volunteer sensitive personal data, you will be allowing us to process it as part of engaging our services.

Obtaining information about you from the police

Obtaining information about you from the Crown Prosecution Service or other prosecuting agency

Obtaining character references

Obtaining medical records

Commissioning expert/medical/forensic reports

Instructing counsel

Assisting the probation service

Instructing agents

Obtaining public funding of your case

On what legal basis we process your personal data

We will process your personal data on the following bases:

1. For clients, it is necessary for us to perform the contract between us. This is set out in our terms of business and client care letter.
2. For prospective clients, it is necessary so that certain steps can be taken before entering into a contract with you.
3. It is necessary for the purposes of our legitimate interests, except where our interests are overridden by the interests, rights or freedoms of affected individuals (such as you). These legitimate interests will include (for clients) checking for conflicts of interest (so that we do not act for clients where there would be a conflict of interest, as that would place us in breach of the SRA Codes of Conduct) and (for both clients and prospective clients) retaining personal data in order to deal with any complaint or claim that is made about our service.
4. It is necessary in order to comply with mandatory legal obligations to which we are subject under EU or UK law.

Additional use of Your Data

In addition to the matters set out above, we will hold and process personal data about you to:

• Verify your identity and establish the source of funding in any transaction.
• Carry out appropriate anti-fraud checks (by conducting online searches using a third-party

identity provider). Please note that this will not affect your credit rating.

• Communicate with you during the course of providing our services, for example providing you

with advice and dealing with your enquiries and requests.

• Prepare documentation to complete transactions and commence and defend legal

proceedings on your behalf.

• Carry out obligations arising from any contract entered into between you and third parties as

part of your legal matter.

• Refer you to another of our departments about additional legal services that may benefit you.
• For current and previous clients, provide you with information about similar and related legal

services provided by us

• Statistical purposes so we can analyse figures to help us manage our business and plan

strategically for the future.

• Seek advice from third parties in connection with your matter, such as legal Counsel.
• Respond to any complaint or allegation of negligence against us.
• Prevent money laundering or terrorist financing in accordance with financial crime regulations.
• Improve the products and services we provide.

Data may also be processed relating to employees, experts, agents and consultants, including in connection with employment, disciplinary issues, claiming relevant benefits (such as Maternity/Paternity pay), setting up digital case work and office software, social media and websites, and other processes normally associated with employment.

Storage of Data

We use a cloud-based management software system for storing client and staff data. We also use digital back-up devices and access data on computer and telephonic devices.

We use, access and process data using a number of computerised systems, run by our firm and other agencies, upon which data may be stored and through which your data may be processed, including:

LEAP (Case management system);

Microsoft Outlook;

The Criminal Justice Secure Email (cjsm) system;

NICE (a system used by prosecuting agencies);

Crown Court Digital Case System (CCDCS);

Legal Aid Agency and Ministry of Justice Portals;

Common Platform (a system used by agencies within the criminal justice system);

Zoom;

Microsoft Teams;

WordPress;

123-reg.

Destruction or Erasure of Data

We have a duty not to store your data for longer than is necessary. You can request the destruction of your data earlier than the statutory guidelines and those imposed by our profession bodies.

Closed paper files are stored in a secure storage facility which is protected both by digital passwords (changed every month) and rooms being padlocked.

The firm’s case management system has a diarised system which is used to prompt the firm to destroy files after either 7 years or such period is specified or recommended by The Law Society, the SRA and the Data Protection legislation current at the time. This enables us to review and identify retention of data and destroy it if appropriate.

Documenting Our Processing Activities

The documentation of our processing activities will be in writing; this may be in paper or electronic form. All processing is undertaken by Fiona Taylor. The consultant solicitor Jeremy Yuille will also undertake processing activities but will at all times be supervised by and answerable to Fiona Taylor. She will document the processing activities as set out below:

Purposes of processing	Categories of individuals	Categories of personal data
Staff administration	Employees	Contact details
		Financial details Personal details Email address Name Date of Birth Address Training records Equality information Emergency Contacts
Compliance with Legal Requirements	Clients	Contact details
		Financial details
		Email address Name Address Date of Birth National insurance number Medical information Case details Evidence
	Suppliers	Contact details
		Financial details
		Location Nature of business or supplier Quality assessment
Marketing	Customers
	Clients Visitors to Website/SM	Contact details if made available

 

Annual Review of Data Processing Activities

The firm’s data processing activities will be subject to at least annual review on 30^th March of each year. Fiona Taylor will review the processing procedure and whether any changes or updates are required. She will also review whether data should be deleted relating to suppliers, agents, staff and client. A record of the review will be kept in a review folder kept in her room. The review will include review of the organisations practical and technical measures in place, maintenance of accurate records, processing activities, managing and reporting any breaches, compliance with design and default legislation and analysis of any breaches.

Complaints relating to Data Protection

If you ask for information relating to your records and data we keep about you, we will comply with the data protection legislation and the guidance of the SRA. We are registered with the Information Commissioner’s Office, the government body that oversees the enforcement of Data Protection law.

If you consider that your information has been handled incorrectly, you’ve had a problem accessing your personal information from an organisation, or you’re unhappy about how an organisation has handled yours or other people’s information.

You should give us the chance to sort things out before you approach the ICO.

If you complain to the ICO, you’ll need to provide the following information:

• copies of any letters or emails about your complaint, between you and the organisation; and
• any other evidence that supports your complaint.

If you’re complaining for someone else, you will need to send them a letter of consent signed by them or evidence that you can act on their behalf.

If you do not provide the information they need, it may delay the progress of your complaint.

You can contact the Information Commissioner at:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Start a live chat or call our helpline on 0303 123 1113

Web: www.ico.org.uk

Reporting Breach of Data Protection Act 2018

We are required to report any breach of Data Protection Law to the Information Commissioners Office. We would also notify any person whom we knew to be affected by the breach, including as appropriate any staff member, client, supplier or other organisation affected.

Personal data collected from you about other people

During your case, you may provide data about third parties, such as your family members, in which case we will use such data as a data controller in our own right and will comply with data protection legislation in relation to use of that data. You must have the authority to disclose personal data if it relates to someone else and all data disclosed should be complete, accurate and up to date.

How long we keep your personal data for

We will only retain your personal data for as long as is necessary to:

• Carry out the legal work you have asked us to do.
• Establish a defence or respond to any complaints or legal claims (for example negligence

claims) that could be made against us.

• Comply with legal obligations under EU/UK law (anti-money laundering regulations say your

identification and source of funds information must be kept for a minimum period from

conclusion of the matter).

We will keep your data in accordance with our policy covering data retention.

Who your personal data will be shared with

We may, when required and necessary, share your personal data with other organisations.

Depending on the work we are undertaking for you the other organisations may include:

• Contractors from whom we obtain operational services including IT, message-taking, typing

and secretarial support, costs draftsmen, secure document storage and shredding.

• Those that provide professional or commercial services, such as Counsel, other solicitors,

accountants, medical practitioners, surveyors, interpreters and translators

and other experts.

• Providers of insurance, financial and banking services to you and/or to our firm.
• HMRC, HM Courts & Tribunals Service, HM Land Registry, Councils and other national and

local government bodies.

• The Solicitors Regulation Authority, the Information Commissioner’s Office (ICO), the Legal

Aid Agency and organisations involved with the preparation, assessment and certification of

quality standards for which our firm is seeking or maintaining accreditation, including Recognising Excellence.

• We will never share your personal data with other organisations for marketing purposes

Security of your personal data

Your data will be held on secure cloud-based servers within the UK and backed up on secure password protected computer databases.

Erasure of personal data

Where we obtained your personal data to fulfil our contractual obligations to you, or if we have a legitimate interest for processing your personal data, we will erase that data as soon as it is no longer necessary to retain it in relation to the purpose for which it was originally collected. Most data will be kept for seven years from the conclusion of a client’s case, but the time may be extended if lengthy prison sentences are imposed which may necessitate referring to the papers within a longer time limit.

If you are not our client or a prospective client

If you are not our client your personal data may be processed to enable us to provide legal advice to our client and may also be used in legal proceedings on behalf of our client. We are allowed to use your personal data because it is in the legitimate interests of our client (for example, under the terms and conditions of a loan agreement) to do so. We may also have to use your personal data to comply with our own legal and regulatory obligations.

Contacts

If you have any questions about our privacy policies, want to exercise your right to see a copy of the information that we hold about you, think that information we hold about you may need to be corrected, want to delete all or any part of it or to object to the processing on legitimate grounds, please contact Fiona Taylor at 200 Brook Drive, Reading, RG2 6UB or by email at taylorssolicitors1@outlook.com. While you do have the right to complain to the Information Commissioner (information is on the website http://www.ico.org.uk), we would like to be able to resolve any concerns or complaints you may have, and so please do contact us first.

Information included in the records of processing activities.

• The name and contact details of the controller is Fiona Taylor;
• The organisation has an appointed a data protection officer, being Fiona Taylor, 200 Brook Drive, Reading, RG2 6UB, email taylorssolicitors1@outlook.com;
• The purposes of the processing include customer support, employment, marketing, development of service, sales, and all work involved in representing clients and assisting with their legal proceedings, including instructing counsel and experts, obtaining reports, keeping file records, submitting for quality audits, applying for funding, accessing case papers;
• The categories of data subjects are employees, customers, contact persons of clients, and vendors;
• categories of personal data processed (e.g. personal identification information, contact details, health data);
• categories of recipients of personal data (eg partners, third parties, authorities, management);
• where applicable, the list of third countries or international organisations to which the personal data is transferred;
• in the case of transfers of personal data to a third country, the details of the transfer, including the name of the country and other information on the circumstances of the transfer and the safeguards;
• where possible, the retention periods for different categories of personal data;
• a description of the technical and organisational security measures (eg encryption, employee training, restrictions on access to documents and other personal data, anonymisation).

Data Protection by Design and Default (F6.1)

Taylors Solicitors recognises the importance and legal requirement of having in place appropriate technical and organisational measures to implement the data protection principles effectively and safeguard individual rights. This is ‘data protection by design and by default’. We integrate data protection into the processing activities and business practices, from the design stage right through the lifecycle. This is about considering data protection and privacy issues upfront in everything that we do. We consider privacy and data protection issues at the design phase of any system, service, product or process, i.e. at the time of the determination of the means of the processing; and then throughout the lifecycle of the processing activity.

Complying with the seven Foundational Principles of Privacy by Design

The firm adopts the approach of applying the underlying concepts which are expressed in the seven ‘foundational principles’ of privacy by design. These underpin any approach that the business takes. The firm adopts this approach to data protection and privacy issues as follows:

1. ‘Proactive not reactive; preventative not remedial’

The firm takes a proactive approach to data protection and anticipate privacy issues and risks before they happen, instead of waiting until after the fact. This doesn’t just apply in the context of systems design – it involves developing a culture of ‘privacy awareness’ across the organisation.

2. ‘Privacy as the default setting’           

We design any system, service, product, and/or business practice to protect personal data automatically. This means that privacy is built into the system, so clients and suppliers do not have to take any steps to protect their data – their privacy remains intact without them having to do anything.

3. ‘Privacy embedded into design’

Data protection is embedded into the design of any systems, services, products and business practices. We ensure data protection forms part of the core functions of any system or service – essentially, it becomes integral to these systems and services.

4. ‘Full functionality – positive sum, not zero sum’

We look to incorporate all legitimate objectives, particularly privacy and security, whilst ensuring you comply with your obligations.

5. ‘End-to-end security – full lifecycle protection’

We put in place strong security measures from the beginning, and extend this security throughout the ‘data lifecycle’, which means that we process the data securely and then destroy it securely when we no longer need it.

6. ‘Visibility and transparency – keep it open’

We ensure that whatever business practice or technology we use operates according to its premises and objectives and is independently verifiable.

7. ‘Respect for user privacy – keep it user-centric’

We keep the interest of individuals paramount in the design and implementation of any system or service, eg by offering strong privacy defaults, providing individuals with controls, and ensuring appropriate notice is given.

How the Firm Processes Data – Technical and Organisational Measures

We put in place appropriate technical and organisational measures designed to implement the data protection principles effectively; and integrate safeguards into your processing so that you meet the UK GDPR’s requirements and protect individual rights.

As such we do the following:

1. We consider data protection issues as part of the design and implementation of systems, services, products and business practices.
2. We make data protection an essential component of the core functionality of our processing systems and services.
3. We anticipate risks and privacy-invasive events before they occur and take steps to prevent harm to individuals. This includes taking steps such as integrating password protection into our systems and not sharing passwords.
4. We only process the personal data with permission of the data subject, and only to the extent that we need for our purposes(s), and that we only use the data for those purposes and inform the client of the purpose to which is it being put.
5. We ensure that personal data is automatically protected in any IT system, service, product, and/or business practice, so that individuals should not have to take any specific action to protect their privacy.
6. We provide the identity and contact information of those responsible for data protection both within our organisation and to individuals.
7. We adopt a ‘plain language’ policy for any public documents so that individuals easily understand what we are doing with their personal data.
8. We provide individuals with any information they ask for relating to using, processing, storing and deleting their data so they can determine how we are using their personal data, and whether our policies are being properly enforced.
9. We offer strong privacy defaults, user-friendly options and controls, and respect user preferences. ensuring that personal data is not automatically made publicly available to others unless the individual decides to make it so.
10. If appropriate, we pseudonymise personal data as soon as possible;
11. We provide individuals with sufficient controls and options to exercise their rights.
12. We only use data processors that provide sufficient guarantees of their technical and organisational measures for data protection by design. In particular, the case management system used in the office is highly protected.
13. When we use other systems, services or products in our processing activities, we make sure that we only use those whose designers and manufacturers take data protection issues into account. For example, the firm uses Serviced Premises, whose Data Protection and Confidentiality Policies have been obtained and examined to ensure a high level of compliance with the Data Protection Act 2018.
14. We use privacy-enhancing technologies (PETs) to assist us in complying with our data protection by design obligations. Examples of this include our use of government-supported systems to access your data, such as the Secure Criminal Justice Email System.
15. We adopt a ‘privacy-first’ approach with any default settings of systems and applications.
16. If we are required to use other organisations or individuals on your behalf, we only enable data processors who provide ‘sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject’.
17. We review our processes annually on or about 30^th of March, in addition to when any new software is introduced and make a record of such review, which is kept by Fiona Taylor in her room. This review includes considering the state of the art and costs of implementation of any measures; the nature, scope, context and purposes of your processing; and reviewing the risks that your processing poses to the rights and freedoms of individuals.
18. We train our staff accordingly in the importance of prioritising Data Protection.
19. The controller of information (Fiona Taylor) complies with the following requirements in relation to the firm:
20. ‘Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the  determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.’
21. ‘The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons.’

How to contact us

If you would like to ask for information about our policy you can email or write to us. If you would like a copy of this policy in an alternative format please ask.

Visitors to our website

In addition to the above policy, if our website is accessed, cookies may be collected. This may be done by internet providers, search engines and site providers. Cookies are small text files stored on your computer while you are visiting a website. Cookies help make websites work. They also provide us with aggregated information about how users interact with our site. We use this information to try to improve your experience on our website and the quality of service we provide. Cookies help us do this by allowing us to remember personal settings you have chosen at our website. We do not use cookies in any other way to collect information that identifies you personally. Most of the cookies we set are automatically deleted from your computer when you leave our website or shortly afterwards.

Complete information about the cookies we may set on your browser appears below. A hyperlink to this information about cookies appears prominently on most pages of our website.

Cookies set by http://www.taylorslaw.net

Below is a list of cookies set by Taylors website, along with a brief description of what each is used for.

Cookie name Purpose Expiry

ASP.NET_SessionId Unique identifier for sessions, identifies a user’s session When you close your browser
BIGipServerEktron_Web_CMS Used by load balancer to map browser sessions to specific web application servers When you close your browser
Ecm Used by web platform to determine whether user is a logged-in content management system user When you close your browser
firstCookie Used to collect aggregate data on user selections in customer-contact form When you close your browser
CookieDropDowns Used to collect aggregate data on user selections in customer-contact form When you close your browser
ekContentRatingID Intended to prevent single user from biasing content ratings by rating the same content repeatedly 8,000 years (expires 31 Dec 9999)
EktGUID Contains no data other than its file name, which is a unique number referencing user data stored on the web application serve 1 year
webvers Contains no data other than the word “desktop”; stores a user’s preference for desktop-optimised display features regardless of device type 14 days
cookie-acceptance Used to note that you have read our pop-up message on cookies to stop the message appearing multiple times 1 month

Cookies set by WordPress

WordPress may use certain cookies to monitor usage of the site. To the best of our knowledge, these are anonymised. They are not used directly by Taylors and Taylors will not distribute the details to third parties other than in anonymised usage data. Our online account management solution sets several cookies over and above the cookies listed directly above. By logging in to Taylorslaw.net, you consent to the following cookies being set on your browser.

Cookie name Purpose Expiry

ASP.NET_SessionId Unique identifier for sessions, identifies a user’s session When you close your browser
ASPXAUTH Used by web platform to determine whether a user is an authenticated user When you close your browser
BIGipServerMYSRA_POOL_443 Used by load balancer to map browser sessions to specific web application servers When you close your browser
TLSUserName Contains username in encrypted format so that user is automatically logged in to website if cookie is present 100 minutes
TLSPassword Contains password in encrypted format so that user is automatically logged in to website if cookie is present 100 minutes

Cookie name Purpose Expiry
sg-response-939471 Used selectively to identify user and re-direct to appropriate unique instance of form 90 days

Third-party cookies

Some services we use to add value and convenience to those who use our website. The browsers may set cookies on our behalf. These services fall into two broad groups: social media and web analytics.

Social media

We publish some of our video content on YouTube.com, and embed it on our website. When a visitor triggers a video to play, YouTube sets cookies on their browser. Any concerns about those cookies should be checked with Google’s privacy policy.

Some of our web content includes buttons that allow visitors to share content easily with their online networks—using Twitter, LinkedIn and Facebook. When visiting these areas Twitter, LinkedIn and Facebook may set cookies on a visitor’s browser. We do not control the use of these third-party cookies, and any concerns should be checked with the policies of Twitter, LinkedIn and Facebook.

Service Cookie name Expiry
twitter.com Pid 2 years
linkedin.com X-LL-IDC When you close your browser
youtube.com use_hitbox When you close your browser
youtube.com VISITOR_INFO1_LIVE 240 days

Web analytics

To improve our web-based services we collect and use overall data about the use of our site from a third-party service, Google Analytics. When visitors use our website Google Analytics sets cookies on their browser. We do not control the use of these third-party cookies and any concerns should checked with Google’s privacy policy.

Here is a list of cookies we set on our website and a brief description of what we use each for.

Service Cookie name Expiry
Google Analytics _utma 2 years
Google Analytics _utmb After 30 minutes of inactivity
Google Analytics _utmc When you close your browser
Google Analytics _utmz 6 months
Google Analytics _utmv 2 years

In accordance with Google Advertising Policy, the following applies to this site as the site uses GoogleAds:

Our privacy policy

• Third party vendors, including Google, use cookies to serve ads based on a user’s prior visits to your website or other websites.
• Google’s use of advertising cookies enables it and its partners to serve ads to your users based on their visit to your sites and/or other sites on the Internet.
• Users may opt out of personalized advertising by visiting Ads Settings. (Alternatively, you can direct users to opt out of a third-party vendor’s use of cookies for personalized advertising by visiting www.aboutads.info.)
• This site uses certain links to affiliate marketing. We have no control any data which may be collected by organizations from whom third party purchases are made. We do not knowingly share any client or visitor data through this site.

If you have not opted out of third-party ad serving, the cookies of other third-party vendors or ad networks may also be used to serve ads on your site, which should also be disclosed in your privacy policy in the following manner:

• Notify your site visitors of the third-party vendors and ad networks serving ads on your site.
• Provide links to the appropriate vendor and ad network websites.
• Inform your users that they may visit those websites to opt out of the use of cookies for personalized advertising (if the vendor or ad network offers this capability). Alternatively, you can direct users to opt out of some third-party vendors’ uses of cookies for personalized advertising by visiting www.aboutads.info.

More information about cookies

To learn more, including how to manage cookies, visit www.aboutcookies.org. If you have any questions or concerns about cookies set by us, please get in touch.

We may use personal information provided by registered users of TaylorsLaw.net to carry out checks such as fraud and credit checks by independent credit reference and other agencies. We may also use information to improve our service.

We may also prepare and publish or share statistics obtained from data we collect from research carried out but not in a form that identifies anyone.

In appropriate cases, personal information may be disclosed to regulators, the Legal Ombudsman, enforcement or government agencies, other regulators or others with a legitimate interest who may keep a record of that information. We only share information where it is lawful for us to do so, such where it is necessary to do so as part of our, or a third party’s, statutory or public function or because the law permits or requires us to.

We may also share personal information with selected third parties which provide relevant services to us, such as outsourced IT services or legal support but only where this helps us to fulfil effectively our legal duties or to ensure the proper administration of the site.

Complaints about us

When we receive complaints about us we create a complaint file. Usually the file will contain the identity of the person complaining and other people involved in the complaint.

We use personal information to deal with the complaint. We may also use the information to check and improve our level of service.

We may also prepare and publish or share statistics obtained from data we collect such as the number and types of complaints we receive about our service but not in a form that identifies anyone.

In appropriate cases, personal information may be disclosed to other regulators, the Legal Ombudsman, enforcement or government agencies, other regulators or others with a legitimate interest who may keep a record of that information. We only share information where it is lawful for us to do so, such where it is necessary to do so as part of our, or a third party’s, statutory or public function or because the law permits or requires us to.

People who make enquiries or ask for general help

When enquiries are sent to us we usually only use the information to handle the request or to deal with any later issues.

We keep a record of our telephone calls. We may record some telephone calls. Any such recordings will be kept for two months, although in some cases we keep recordings for longer to help with training our staff or where we receive a complaint about our service.

We may also use information to help inform the way we regulate and to check and improve our level of service.

Others connected to our work

The nature of our work means that we handle personal information about third parties who are, in some way, connected to the work we do. This category is broad and examples include witnesses to an investigation, clients of those we regulate, applicants for legal aid.

In appropriate cases, personal information may be disclosed to other regulators, the Legal Ombudsman, enforcement or Government agencies, other regulators or others with a legitimate interest who may keep a record of that information. We only share information where it is lawful for us to do so, such where it is necessary to do so as part of our, or a third party’s, statutory or public function or because the law permits or requires us to. In most cases, we will tell the person whose information we hold that we are sending their information somewhere else.

We may also share personal information with selected third parties which provide relevant services to us, such as outsourced IT services or legal support but only where this helps us to fulfil effectively our statutory and regulatory functions.

Some data is collected when people sign up to newsletters, act as an organisation’s contact, respond to our consultations or register with us for events or webinars. We use personal data collected in this way to deliver the service we provide or to improve the service we offer. Those responding to our consultations can opt to have their data kept confidential. We do not use your data for marketing purposes. You are always entitled to request the removal of your data from records held. We are required by the Law Society to retain certain data for specified periods of time.

Jobs

When people apply to work with us, we use the information sent us to process applications and to monitor our recruitment.

To ensure we are an equal opportunities employer we collect information about age, disability, ethnicity, sex, gender reassignment, sexual orientation, religion or belief, pregnancy and maternity. This information is not used in relation to the application itself and is treated with strict confidence. It does not form part of the job application and is used to monitor our recruitment. We may use the information to help us deliver equal opportunity measures.

Successful applicants who secure fixed term or permanent contracts are asked to agree to an appropriate criminal records check.

Once a person is employed by us, we compile a file relating to their employment. We keep this information secure and only use it for purposes directly related to their employment. When a person’s employment ends with us we destroy the file in line with our retention and disposal policy.