Privacy policy
Merriman Solicitors (Incorporating AB Family Law)
HOW WE USE YOUR INFORMATION
Merriman Solicitors has a commitment to comply with the General Data Protection Regulation (GDPR) ((EU) 2016/679) and the UK’s implementation of aspects of the Regulation into UK law, including the Data Protection Act 2018 and any guidance the Information Commissioner’s Office provide, in the acquisition, processing and disposal of your personal data.
This privacy notice tells you what to expect when Merriman Solicitors collects personal information.
It applies to information we collect about:
- visitors to our websites;
- customers and people who use our services;
- complainants and other individuals in relation to a data protection complaint or enquiry;
- people who enquire about our services, e.g. who subscribe to our newsletter or request a publication or other information about our services;
- people who exercise their rights under the Data Protection Act; and
- job applicants and our current and former employees.
This privacy policy addresses information provided to Merriman Solicitors.
In the event that Merriman Solicitors engages with a third-party service provider, to whom we may pass your personal information or to whom you may be expected to provide your personal information, your information will be handled by that third-party service provider as if it were being handled by Merriman Solicitors. This may include but not be limited to external training organisations, external auditing organisations, external certification organisations, external personnel benefits advisers and statutory authorities i.e. HSE. Exceptions to this arrangement are specifically stated within this privacy policy.
CONTROLLER CONTACT DETAILS
Merriman Solicitors is the controller for the personal information we process, unless otherwise stated.
If you want to request information about our privacy policy, have questions or provide feedback regarding this policy, please write, telephone or email us.
Address: Merriman Solicitors, Hughenden House, 107 High Street, Marlborough, Wiltshire SN8 1LN
Telephone: 01672 515846
Data Protection Officer: is Richard Wallace-Lower. You can contact him at richard.wallace-lower@merrimansolicitors.co.uk or via our postal address above.
Please clearly mark the envelope ‘Data Protection Officer’.
CHANGES TO THIS PRIVACY NOTICE
We keep our privacy notice under regular review. This privacy notice was last updated on 24th October 2024. You will always find our latest privacy policy on our main website.
WHO ARE YOU?
You are either a client, an external provider or a member of staff of Merriman Solicitors. In this case you will have provided or will provide certain personal data to us.
Alternatively, if you are merely a visitor to our web site or our premises, this policy notice informs you what data is captured and how.
HOW DO WE GET YOUR INFORMATION?
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- You are a customer or client of ours;
- You have interacted with us via our website;
- You are a supplier or subcontractor to us;
- You have made a complaint or enquiry to us;
- You have made a complaint about us to a regulatory body;
- You have made an information request to us;
- You wish to attend, or have attended, an event;
- You subscribe to our e-newsletter;
- You are a current or former employee;
- You have applied for a job or secondment with us; or
- You are representing your organisation, which falls into one of the categories above.
We also receive personal information indirectly, in the following scenarios:
- We have contacted an organisation about a complaint you have made, and it gives us your personal information in its response.
- A complainant refers to you in their complaint correspondence.
- Whistle-blowers include information about you in their reporting to us.
- From other regulators or law enforcement bodies.
- An employee of ours gives your contact details as an emergency contact or a referee. If it is not disproportionate or prejudicial, we’ll contact you to let you know we are processing your personal information.
VISITORS TO OUR WEBSITES
When you browse this website (www.merrimansolicitors.co.uk), you generally do so anonymously, unless you have previously indicated that you wish Merriman Solicitors to remember your personal information or login and password.
We use cookies on our web site to enhance the experience of users and to try to show appreciation to repeat and returning users. You can read more about how we use cookies on our Cookies Policy page.
and the types of cookies we use on our cookie details plugin page.
If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
SECURITY AND PERFORMANCE
Merriman Solicitors uses a third-party service, The MTM Agency, to help maintain the security and performance of Merriman Solicitors’ website. To deliver this service it processes the IP addresses of visitors to Merriman Solicitors website.
IF YOU FILL OUT ONE OF OUR CONTACT FORMS
If you fill out one of the contact or quote forms on our websites (e.g. the “Get in Touch” form or “Get a conveyancing quote”) the information you submit via the forms will be sent to us via email and will be processed in line with the way we deal with email contact (see below). The details are also stored within our website database for backup purposes, for up to 3 years.
IF YOU USE OUR ONLINE CHAT SERVICE
Via our website it is possible to have an online chat using the “Chat Now” option. We use a third-party service provider to provide this service (Moneypenny). When you access the online chat, you will be asked for your name and email address, this is to allow us to follow-up on any enquiries. As the service is provided via a third-party application, the service provider will be able to see your details and anything you enter within the chat session.
You can find out more about how Moneypenny will use your data during the chat service in their privacy policy: https://www.moneypenny.com/uk/privacy
If your online chat requires further or future engagement with us, your chat transcript will be forwarded to us via email and handled in the same way as we handle emails (see below).
LINKS FROM OUR WEBSITES
Some pages of our websites contain external links. You are advised to verify the privacy practices of such other websites. We are not responsible for the manner of use or misuse of information made available by you at such other websites. We encourage you not to provide personal information, without assuring yourselves of the privacy practices of other websites.
PEOPLE WHO TELEPHONE US
When you call Merriman Solicitors by telephone we collect Calling Line Identification (CLI) information. We use this information to help improve its efficiency and effectiveness. Where it is relevant to do so, we may record your details (name, contact details, phone number, etc.) and details of your enquiry, in our database.
PEOPLE WHO EMAIL US
We use Transport Layer Security (TLS) to encrypt and protect email. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Your emails will be stored with our email service provider and downloaded onto the devices and stored in mailboxes on relevant employees’ devices depending on how your email is received within the business. Where it is relevant to do so, we may record details of your email (along with any contact information such as your name and email address) in our database.
PEOPLE WHO MAKE A COMPLAINT TO US OR COMPLAIN ABOUT US VIA A REGULATORY BODY
When we receive a complaint from a person, we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant does not want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us, we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
When we take enforcement action against someone, we may publish the identity of the defendant in our Annual Report or elsewhere. Usually, we do not identify any complainants unless the details have already been made public.
PEOPLE WHO USE MERRIMAN SOLICITORS’ SERVICES
Merriman Solicitors offers various services to the public. We have to hold the details of the people who have requested the service in order to provide it, this will include your name, contact details (email, phone, address), details relating to the service we provide). We will only use these details to provide the service you have requested and for other closely related purposes (for example, we might use information about people who have used our services to carry out a survey to find out if they are happy with the level of service they received). If we wish to use the information for any other purpose, we will always seek your consent to do so.
When people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing this. The procedure to follow to cancel a contract is detailed within the contract.
Your details and any associated information will be stored within our database system and stored therefore for as long as you are a customer or for other legal obligation (whichever is the longest).
CARD PAYMENTS
We use Worldpay (UK) Limited, an approved service provider, to collect and process transaction information. When you use the Worldpay service to pay for our services using a card payment, all transmissions of personal data are protected by encryption.
Processing of personal data will take place in accordance with applicable legislation, best practices concerning data security and in accordance with the Worldpay privacy policy: https://privacy.worldpay.com/policies
PEOPLE WHO ATTEND OUR EVENTS
If you register online to attend our events, the data you provide will be collected and processed by us for the purposes of facilitating event registration. We may also use this information to follow up with you before, during and after the event where it is appropriate for us to do so. We will not use your registration data for any other purposes unless we have asked your consent to do so.
JOB APPLICANTS, CURRENT AND FORMER MERRIMAN SOLICITORS’ EMPLOYEES
Merriman Solicitors is the data controller for the information you provide during our recruitment process and when you are an employee, unless otherwise stated. If you have any queries about the process or how we handle your information, please contact us.
WHAT WILL WE DO WITH THE INFORMATION YOU PROVIDE TO US DURING THE APPLICATION PROCESS?
All the information you provide during the application process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
WHAT INFORMATION DO WE ASK FOR, AND WHY?
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
The information we ask for is used to assess your suitability for employment. You do not have to provide what we ask for, but it might affect your application if you do not.
For the purposes of applying, we will need a range of information including your name, date of birth, contact details (address, email, phone), your CV, references, etc.
If you application is successful, all the information we collect during the application process will help form your employee personnel file.
APPLICATION STAGE
We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.
You will also be asked to provide equal opportunities information. This is not mandatory information, if you do not provide it, it will not affect your application. This information will not be made available to any staff outside of our recruitment team, including hiring managers, in a way that can identify you.
Any information you do provide, will be used only to produce, and monitor equal opportunities statistics.
SHORTLISTING
Our hiring managers shortlist applications for interview. They will be provided with your name or contact details or with your equal opportunities information if you have provided it.
ASSESSMENTS
We might ask you to participate in assessment days; complete tests or occupational personality profile questionnaires; and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test, or we might take interview notes. This information is held by Merriman Solicitors.
If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we will proactively contact you should any further suitable vacancies arise.
CONDITIONAL OFFER
If we make a conditional offer of employment, we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
You will therefore be required to provide:
- Proof of your identity – you will be asked to attend our office with original documents, we will take copies. For your convenience, this will be done at the interview.
- Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies. For your convenience, this will be done at the interview.
You will be asked to complete a criminal records declaration to declare any unspent convictions.
We will provide your email address to the organisation that will contact you to complete an application for a Basic or Enhanced Criminal Record check via the Disclosure and Barring Service, which will verify your declaration of unspent convictions.
We will contact your referees, using the details you provide in your application, directly to obtain references.
We will also ask you to complete a questionnaire about your health. This is to establish your fitness to work. This is done through a data processor (please see below).
If we make a final offer, we will also ask you for the following:
- Bank details – to process salary payments;
- Emergency contact details – so we know who to contact in case you have an emergency at work; and
- Membership of an existing pension scheme – so we can send you a questionnaire to determine whether you are eligible to re-join your previous scheme.
POST START DATE
Some roles require a higher level of security clearance – this will be clear on the advert. If this is the case, then you will be asked to submit information via the vetting process to Atlantic Data Ltd. Atlantic Data Ltd will be the data controller for this information.
Our Code of Conduct requires all staff to declare if they have any potential conflicts of interest, or if they are active within a political party. If you complete a declaration, the information will be held on your personnel file.
Here is a link to their Privacy Notice: Privacy_Statement.pdf (disclosures.co.uk)
USE OF DATA PROCESSORS
Data processors are third parties who provide elements of our recruitment service for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
We may also use third-party processors to manage your employment information when you are an employee.
HR RECORDS
If you accept a final offer from us, some of your personnel records will be held on Access Group which is an internally used HR records system.
Access Group is a third-party processor for the purposes of our use to store your HR records.
Here is a link to their Privacy Notice: Https://www.theaccessgroup.com/privacy-and-legal
As well as your application data and additional information set out above, we will also record additional information regarding sick leave, holiday, bonuses, etc.
HOW WE MAKE DECISIONS ABOUT RECRUITMENT?
Final recruitment decisions are made by hiring managers and members of our recruitment team. All of the information gathered during the application process is taken into account. You are able to ask about decisions made about your application by speaking to your contact within our recruitment team.
IF YOUR APPLICATION IS UNSUCCESFUL
If we do not pursue your application any further, we will keep your application data for up to 6 months. If we wish to keep it any longer than that, e.g. for a future opportunity, we will seek your consent before doing so.
PEOPLE AND ORGANISATIONS WHO SUPPLY SERVICES TO US
If you are one of our suppliers, we will collect the minimal information about you and your services as required to make use of your services and deal with invoices and payments for your services. Such information will be stored within our accounting package for the purposes of our accounts and will be retained accordingly. Individual employees within our business may also retain your contact details within their email application or via business cards that you may provide to us.
DATA SUPPLIED BY THIRD PARTIES
In some situations, such as when you are a client, we may be provided by information from third-party organisations. Where it is not clear that we would have such information, we will always tell you within one calendar month that we have your data and how we will be using it. If you wish to confirm whether or not we may have information about you within our systems, you can exercise your access right (see below).
OUR USE OF DATA FROM SOCIAL MEDIA
We generally do not collect and process information from our social media channels.
RETENTION OF DATA
Unless stated elsewhere in this document or in our terms of services we only store the data necessary to provide the services we provide to you. We will keep this data for as long as it is lawful for us to do so (this may be for as long as you are a customer or because of a legal obligation to retain the information, whichever is the longest).
THIRD-PARTY PROCESSORS
We use a number of third-party cloud-based services for the purposes of effectively running our business and providing our services to you.
We also use a number of third-party organisations, e.g. accountants, HR support, etc. In all cases where we are using a third-party service or company, we will only provide the minimal amount of information for the purposes of delivering the service to us and to meet our requirements.
We always carry out due diligence against all our third-party suppliers for the purposes of ensuring their compliance with data protection, maintaining adequate security of your data and ensuring they apply adequate data protection principles to the processing of the data we supply.
We also make sure a legally binding contract (sometimes called a Data Processing Agreement or DPA) is also in place to protect your data. If any of our suppliers or third-party providers advise us of any breach that affects the data that we hold about you, where the data protection legislation requires, e will inform you as soon as possible, and at least within 48 hours of becoming aware of the data breach.
YOUR RIGHTS
Under UK data protection legislation, you have rights as an individual which you can exercise in relation to the information we hold about you:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object; and
- Rights in relation to automated decision making and profiling.
You can read more about these rights here: Individual rights – guidance and resources | ICO
You can also get further information on:
- agreements we have with other organisations for sharing information;
- circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymized statistics;
- our instructions to staff on how to collect, use and delete personal data; and
- how we check that the information we hold is accurate and up to date.
- Links to other websites
COMPLAINTS OR QUERIES
Merriman Solicitors tries to meet the highest standards when collecting and using personal information.
For this reason, we take any complaints we receive about this very seriously.
We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
We would also welcome any suggestions for improving our procedures.
If you feel this privacy notice does not go far enough in explaining how we have used your personal data, we are happy to provide any additional information or explanation needed.
Any requests for this should be sent to the contact details above.
If you want to make a complaint about the way we have processed your personal information, we’d rather you brought it to us in the first instance, but of course you can contact the Information Commissioner’s Office in their capacity as the statutory body that oversees data protection law – Make a complaint | ICO
ACCESS TO PERSONAL INFORMATION
Merriman Solicitors tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’. If we do hold information about you, we will:
- give you a description of it;
- tell you why we are holding it;
- tell you to whom it could be disclosed; and
- let you have a copy of the information in an intelligible form.
To make a request to Merriman Solicitors for any personal information we may hold, we’d prefer it if you would put the request in writing addressing it to our Data Protection Officer or by writing to the address provided above.
We will need to verify your identity before providing the information and where necessary may contact you further to ensure we understand what data you are requesting. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
Regardless, we will deal with your request within one calendar month and generally free of charge. If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting the Data Protection Officer.
HOW TO WITHDRAW CONSENT AND OBJECT TO PROCESSING
Where we are processing your data and needed to ask your permission to do so, you are able to withdraw your consent at any time. If you wish to stop receiving our marketing emails you can do so, by clicking on the “unsubscribe” link at the bottom or the email or by contacting us. You should also contact us, if you wish to raise concerns about the way we are processing your data or would like to raise an objection to the processing.
KEEPING YOUR DATA UP TO DATE
It is important that any of your data that we process is kept up to date. We will from time to time ask you to verify your contact details but if you wish to update any information we hold about you, please contact us with your updated details.
ERASURE OF YOUR DATA (THE “RIGHT TO BE FORGOTTEN”)
Under some circumstances you may request us to delete your data from our systems. Where this is possible (e.g. we don’t have any legal purpose for continuing to process your data) we will erase it from our systems.
PORTABILITY
Your right to portability allows you to request a machine-readable format of the data you supplied to us and associated service logs (where we store them).
DISCLOSURE OF PERSONAL INFORMATION
We will not disclose personal data to any third parties unless it is lawful for us to do so, or if it is required by law or if you provide us with permission to do so. However, when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies.
CHILDREN’S ONLINE PRIVACY PROTECTION
Merriman Solicitors will retain information of children under the age of 13 in connection with Childcare & Criminal Matters, if it is in the interests of freedom & justice to do so. This information will be retained in accordance with SRA & Law Society Guidelines. Should it be necessary to seek consent from the child (under 13) then we will also seek consent from the parent or guardian where it is possible for us to do so.