Information security and privacy
Data Protection Statement
At O’Neill Patient Solicitors we are committed to protecting the security and privacy of all personal data.
O’Neill Patient Solicitors LLP will use any personal information you provide solely for the purposes of marketing, administration and for the provision of legal services.
You are not obliged to provide us with any personal information if you do not wish to do so.
If you have any queries regarding Data Protection matters, then please contact: enquiries@grindeys.co.uk
or by post to:
Data Protection Enquiry O’Neill Patient Solicitors LLP 2 Stockport Exchange,
2nd & 3rd Floors, Stockport Cheshire
SK1 3GG
If you are a current or former employee, consultant, or contractor, we may hold additional personal information about you. For more information, please contact complianceteam@grindeys.co.uk.
The purpose of this notice is to explain how and why we collect your personal data, where we collect this data from, and your rights in how we process this data. In this data protection statement, and for the purposes of the Data Protection Act 2018 (‘DPA’), the data controller is O’Neill Patient Solicitors LLP of Chester House, 2 Stockport Exchange, 2nd & 3rd Floors, Stockport, Cheshire, SK1 3GG.
O’Neill Patient Solicitors LLP is a limited liability partnership registered at Companies House number OC322650. We have been registered as Data Controller with the Information Commissioner’s office, registration number Z5454188 since June 2001.
We are certified under ISO 27001:2017 certificate number 205171.
The type of personal information we collect
We currently collect and process the following information: –
- Your name and contact information, including addresses, e-mail address and telephone number(s)
- Information to confirm your identity, such as: –
- Your full names
- Your date of birth
- Your address and contact details
- Identity documents which may contain biometric data (e.g., passports)
- Gender information
- Billing information, transaction, and payment card information (including bank details for transfers)
- Details of your financial position
- Supplier information, such as: –
- Business details, including contact numbers, addresses,
- Key contact information
- Financial information (including bank details for transfers)
Information gathering and use
Most of the personal information we process is provided to us directly by you for one of the following reasons: –
- You have instructed us to act on your behalf in a legal matter
- You have contacted us for information on our services
- You have applied for a career at ONP
We also receive personal information indirectly, from the following sources in the following scenarios: –
- Various Brokers/Lenders
- Any data that is passed to us indirectly through a third party will always be done with your consent
- Publicly accessible sources, such as Companies House, or HM Land Registry
- A third party with your consent, e.g., your bank or building society
- Search Providers
- ID Verification Providers
- Records Management & Archive Storage companies
- IT Service Providers
The information supplied is primarily used for the provision of legal services to you; however, we may also use your data for the following reasons: –
- Legal and Regulatory Compliance
- External audits and compliance checks (ISO 27001 assessment, Cyber Essentials Plus, etc.)
- Fraud Prevention
- Data analysis to enhance client records
We will aim to anonymise your personal data where it is practical
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
- You are able to remove your consent at any time. You can do this by contacting enquiries@grindeys.co.uk
or by post to:
Data Protection Enquiry O’Neill Patient Solicitors LLP 2 Stockport Exchange,
2nd & 3rd Floors, Stockport Cheshire
SK1 3GG
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We have a legitimate interest
How we store your personal information
Your information is securely stored within our offices, a highly encrypted Tier 3 data centre, and may be available at other third parties listed within this document (dependent on the nature of information and legitimate interest/legal obligation to maintain this data.)
We strictly limit access to your personal data by minimising its availability to employees with legitimate reasons, knowledge, and training to access and process the information. All of employees are subject to a duty of confidentiality and are regularly trained on information security principles.
Our retention for data is as follows: –
- Transactions relating to Conveyancing (sale, purchase, or re-mortgage) will be stored for 6 years from the point of matter closure
- Other matters will be retained for 15 years from the point of matter
- Financial records will be retained for a period of 6 years from the date of matter
- Personal data provided to us in order to obtain a quote for our services will be retained for 6 months from the date of the quote (noting that the actual quote will only be valid for the specified time )
- Information pertaining to Wills will be kept
When destroying records, the following is implemented: –
- For physical documents, these are securely destroyed onsite and are certified by a confidential waste management
- For digital media, when data is no longer needed or is outside of the retention period, the data is deleted from any case management/processing applications/services, any back- end files are removed, any archives are purged of the data, and backups are updated to exclude retention of this We achieve this through a mixture of automated and manual processes.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances where we do not have a legal obligation to retain your data.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances where it does not impede our ability to provide contractual services to you/on your behalf.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
If you wish to make a request, then please contact us at: –
Data Protection Enquiry
O’Neill Patient Solicitors LLP 2 Stockport Exchange,
2nd & 3rd Floors, Stockport Cheshire
SK1 3GG
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to our Data Protection Manager, by e-mailing complianceteam@grindeys.co.uk
The DPA also ensures your right to complain directly to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office Wycliffe House
Water Lane Wilmslow Cheshire SK9 5AF
Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk
Changes to the Privacy Notice
This privacy notice is regularly reviewed to ensure it is accurate and up to date. It was last updated in March 2022.