Written below is the GDPR policy for Millan solicitors

How and why do we collect information about you? At certain points during your visit to our office, we may ask you to provide personal details such as your name, address, telephone number or email address. You will also be informed about the purpose of which your data will be used and asked whether you consent to the manner of its usage.

The data controller at Millan solicitors is Goldie Millan. We gather, process and retain information about you in order to deliver effective legal services to you, at your request. The data is utilised for our own purpose and as part of providing the service to you and to fulfil a request you make when disclosing those details. Furthermore, your information will be held for up to 6 years, in accordance to the data protection law, and will then be destroyed.

Will we disclose the information to third parties? Your personal information will be kept private and confidential and all files will be kept safeguarded, eliminating the chances of data breach. We only share your information, on valid and legitimate grounds, to an approved third party with your consent. Information will be held and handled with utmost concealment by our firm.

Review Privacy Policy. We will ensure that our privacy policy, is regularly reviewed on an annual basis. The Privacy Policy was last updated and reviewed July 2018 and changes were made to it to reflect the additional requirements in relation to data protection by GDPR. Any changes with Privacy Policy will be published in our guidance.

Key principles of GDPR and how it’s dealt with:

•Lawfulness, fairness and transparency. Personal information shall be dealt with in a transparent manner and you will be informed on what data processing is to be done. Also, fairness will be ensured with regards to your personal data, as we will ensure that the information that is processed, matches up with how it has been described. Furthermore, we process your information lawfully and with accordance to the tests described in GDPR.

•Purpose limitation. Your personal information will be collected for specified, explicit and legitimate purposes and will only be used in a manner that you have consented to. We will limit the usage of your data to the provision of legal services and will prevent the information being used for new purposes if they are 'incompatible' with your original purpose for collecting the data.

•Data minimisation. Your personal information shall be adequate, relevant and limited to what is essential in relation to the provision of the legal service. We will ensure that the information we hold of you is not excessive and will be of strict necessity in relation to the purpose of providing a legal service. As a law firm, if it required, we will condense your information to what we find appropriate and essential for the case, in order to effectively provide a legal service.

•Accuracy. We will ensure that your personal information is accurate and, where necessary, kept up to date. In occasions where your information is seen to be inaccurate, we will ensure to implement deletion or rectification of the data without delay, so that we hold information that is of a precise nature, from which we can effectively carry out our legal service to you.

•Storage limitation. Your personal information will be kept for the specified duration of the provision of our legal service, and for no longer than required, and will also be kept in a form which permits the identification of the data for no longer than necessary.

We carefully consider and justify how long we keep your personal information and also ensure that the information is reviewed on a regular basis, whereby if it is necessary for us to make changes, we will ensure to erase or anonymise personal data when we no longer need it. This includes files held on our computers and paper files.

•Integrity and confidentiality. Your personal information will be processed and utilised in a secure manner, in order to preserve its integrity and ensure confidentiality, whilst it is in custody of our respected law firm. We will ensure the appropriate security is in place, such as protecting the data from unlawful or unauthorised processing and against accidental loss, destruction or damage, using the appropriate technical or organisational measures, including antivirus software.

•Accountability. The data controller of this law firm will ensure that processing activities are demonstrated in compliance with the principles of GDPR. We will also be accountable for ensuring that we stick to the obligations as follows from the data protection law, making sure that we enforce the GDPR principles, to lawfully and effectively provide a legal service.