DATA PROTECTION

I comply with the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”). Except as explained below, I will maintain my professional and legal obligations of confidentiality in relation to the work I undertake for you and in relation to information which is confidential to you which comes into my possession in the course of undertaking that work. However, provided that any such disclosures are limited to a need to know basis, I may make disclosures of information which is confidential to you:

1. for the purpose of acting for you including, without limitation, disclosures to your other advisers or to third parties involved in the work I am undertaking for you;
2. to my auditors for the purposes of the audit of my accounts;
3. to my professional indemnity insurers if, in relation to your matter, it becomes necessary under the terms of my professional indemnity insurance to notify circumstances which may give rise to a claim against my (this may include communications which would ordinarily be protected by legal professional privilege);
4. as required by law or by any regulatory authority to which I am subject;
5. for the purposes of complying with my obligations under anti-money laundering or counter terrorist financing legislation for the time being in force;
6. for the purpose of applying my risk management policies.
7. as a controller under the Data Protection Act 2018, I use the information you provide (including personal data) primarily for the provision of my services to you, but also for related purposes including creating and maintaining notarial records, issuing invoices, collecting payments and debts, analysis for the purposes of practice management, statutory returns, insurance, legal and regulatory compliance. Please note that my work for you may require me to share information with third parties such as other advisors or with the management of the law firm of which I am a partner. You have a right of access to the personal data that I hold about you as well as other rights under the Data Protection Act 2018.
8. I retain your personal data for only so long as is necessary or as otherwise required by applicable law.
9. I may use third parties, including third parties located abroad, to perform certain support services on my behalf in relation to work that I do for you. This may include (without limitation) word processing, copying, printing, translation and other support services. The work that is outsourced may include sensitive personal data as defined in the Data Protection Act 2018.
10. Where third parties provide support and services as a processor, I will as controller take appropriate measures to maintain client confidentiality by ensuring that a Confidentiality Agreement and a Data Processor Agreement is executed with those third parties to enable me to comply with the provisions of the Data Protection Act 2018.