0333 339 1994

AJS Law LLP
AJS Law LLP
  • Home
  • Helpful Links

Privacy

We have implemented clear Privacy Notices setting out: 

  • why data is held; 
  • how it is processed; 
  • how long it is held; and 
  • information about their statutory rights in respect of that data. 


We remind data subjects of their rights under the GDPR including the right to be informed what information our firm holds about them.  We confirm to them that they have the right to request: 

  • access to the personal data we hold about them – more commonly referred to as subject access; 
  • the correction of their personal data when incorrect, out of date or incomplete; and 
  • that we stop any consent-based processing of their personal data after they have withdrawn consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.  


They may request a copy of any information about them that we hold at any time. 


Our Data Privacy Notices confirm the name and contact details of our COLP James Nelson to whom they should contact for any information relating to our firm’s approach to data protection including data subject access requests. 


These privacy notices are reviewed at least annually by James Nelson (and more often if circumstances require). 


Conditions for Processing 

We typically process data only for the performance of our contract / retainer with the data subject (typically our client or our employee) or for statutory or contractual purposes associated with our performance of our contract / retainer with the data subject.  Where we seek to process data for any reason other than for the performance of our contract / retainer with the data subject we will always consider whether we have a lawful basis for that processing and, if necessary, we will seek explicit consent from the data subject. 


We will not be using client data for direct marketing purposes.    


Consent 

Where we need to seek consent (to make it available to an external auditor, other than in legally aided cases where no consent is required) then we will seek individual consent for each of the purposes for which we seek to process the data.  We do not use deemed consent or opt out consent options.  All consents sought will be clearly worded; individual and opt in.  Details of any necessary consents will be recorded on the relevant client file and on our case management system. 


External Data Processors 

There are circumstances where we are likely to have to use external Data Processors.  Typical examples include: 

  • Experts; 
  • Costs Draftsmen; 
  • File Storage Companies; and 
  • IT support and data storage companies. 

Some of these are Data Processors in their own right. 


Guidance from the Bar Standards Board suggests that barristers are not data processors in their own right. In any event, due to the nature of their regulation, they will be required to maintain controls over confidential data. 


Wherever we use external Data Processors we will do so in accordance with our Transfer of Dara to Third Parties Policy.


Data Subject Access Requests 

Requests for information about data we hold about an individual including data subject access requests and/or requests to correct data, whether received verbally or in writing, are handled in accordance with our Information and Dara Subject Access Requests Procedure. 


Training and Awareness 

In accordance with our Staff Learning & Development and Training Plans procedures (as set out in our Quality Manual), all staff are provided with training on this policy and our data protection and information security procedures. 


Our DPO oversees the arrangement and content of: 

  • an induction plan to raise awareness and provide appropriate training to new staff on data protection and information security obligations including the policies and procedures in this Manual for all staff members 
  • annual and refresher training for all staff members within the firm to maintain the level of awareness of obligations to comply with our policies and procedures. We aim to include this in training plans as an annual objective but will also ensure this is delivered more frequently if necessitated by changes in legislation or guidance or as a result of previously identified breaches or changes to our systems, policies or procedures. 


All training is planned, evaluated and recorded in the firm wide and/or individual training plans, as appropriate, in accordance with our Staff Learning & Development and Training Plans procedures outlined in our Quality Manual. 


An ongoing awareness training programme is maintained to ensure that data protection and information security awareness is refreshed and updated regularly. 


Some policies in this Manual also provide specific steps and measures that are taken in relation to raising awareness and ensuring sufficient training is provide to staff members in relation to particular compliance/risk areas. 


Where appropriate, any specific information about data protection and information security responsibilities is included within relevant staff members’ job descriptions. 

Copyright © 2024 AJS Law LLP - All Rights Reserved.


AJS Law LLP is a limited liability partnership registered in England and Wales (OC450108) and by the Information Commissioner's Office (ZB633328).  AJS Law LLP is registered for VAT (No. 474 5937 47).  The registered address of AJS Law LLP is 7 Victoria Road, Darlington DL1 5SN. AJS Law LLP is authorised and regulated by the Solicitors Regulation Authority (8007065).


  • Privacy
  • Complaints
  • Equality & Diversity

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept