Data Protection Policy & Privacy Notice
Who we are
DCB Legal Ltd is a company registered in England under company number 10633864. We manage and make decisions about personally identifiable information we hold, as well as conducting specific activities using data provided by other companies, on their behalf.
- DCB Legal Ltd (company number 10633864)
What we do
We carry out legal services for our clients on their behalf, upon their instruction, and perform other services related to these matters. This often involves receiving personal information from our clients so that we can effectively carry out our services, some of which are externally regulated. We also transfer information to other companies that perform specific actions at our request, and this may involve the transfer of personal data for that purpose.
How to contact us
Our Data Protection Officer (DPO) is the main contact for anyone who wants to discuss matters covered under this policy or the law, including any person whose personal data we have come into contact with and used or stored, whether for our own purposes or on behalf of another company.
You may write to us; our office address is:
DCB Legal Ltd
DCB Legal is based in England and thus subject to law applicable in England & Wales. In the case of data protection, the primary legislation in effect from 25th May 2018 is Regulation EU 216/679 (the General Data Protection Regulation), as well as the Data Protection Act 2018.
Personally Identifiable Information
DCB Legal stores and uses information that could be used to identify a living person. The purpose of this storage and use will vary depending on the area of the business that it pertains to. Where consent is required or used as the basis for storage and use of personal information, this will be clearly communicated, and the person providing their consent has the right to withdraw it at any time.
We store information relating to employees and contractors so that we have adequate records to be able to contact, manage and pay them, and meet our legal obligations as an employer. This information may be sent to another company working on our behalf, where the relationship is defined by a contract, and they are not permitted to use the information in any way we have not explicitly asked them to. Only certain authorised personnel within the company have access to this information.
We collect data concerning health relating to employees, so we can make any necessary adjustments for their benefit and so that we may pass relevant information on to emergency services and healthcare professionals in the event of an illness or accident at work in order to protect their vital interests.
Whenever we sell products and services, we collect and store information about the person or people we have dealt with in the course of the sale, including prior to any sale taking place, in order to serve the mutual interests of our own and our clients’ or prospective clients’ companies. This information usually consists of names and contact details associated with a business and is used for the purpose of completing the sale, managing service delivery, and marketing further products and services in the future.
We conduct direct marketing activities in order to obtain new and repeat business, and sometimes this requires that we store and use names and business contact details of specific people whom we know or believe to be the most appropriate recipient of our marketing communications. This work is also performed by other companies on our behalf. Since we obtain published or offered contact details for people in their business role and take steps to ensure that we and our suppliers are compliant with legal requirements such as the provision of a means of opting out of further marketing communications, we believe recipients’ privacy rights are balanced with our business interests.
From time to time we may store names and business contact details of individual people working for our suppliers’ business. This is necessary to ensure we are able to contact the relevant people and maintain a relationship to the benefit of both our and their business.
In order to deliver services to our clients, we also collect, store and use personally identifiable information including names, addresses, telephone numbers, email addresses and demographic information, as far as it is necessary for the provision of that service.
Sources of Personal Information
Information about individuals may originate from different sources, including being collected from the person themselves. We agree to disclose the source of any data we hold about a person upon their request, as long as there is no overriding legal requirement not to do so. Such requests should be directed to the Data Protection Officer.
Rights of Data Subjects
People whose information we hold are called “data subjects”. We respect the rights of data subjects and will work with anyone exercising those rights to ensure their expectation of privacy is met. Anyone wishing to make a request under their legal rights should contact our Data Protection Officer in the first instance.
Where we are storing or using someone’s personal information because it has been provided to us by another company to use on their behalf, we will work with the other company to ensure data subjects’ rights are upheld. Where the data subject contacts us to make a request, we will help them to contact the relevant company who can deal with that request.
Anyone has the right to object to the use of their personal information for the purpose of direct marketing at any time, and DCB Legal will always respect such a decision, provided that it is communicated clearly and that we can verify the identity of the person making the request. This can be as simple as making the request from the same email address or telephone number that we associate with the person. We do not use data subject requests to collect further information about a person, and any additional contact details obtained in the course of such discussions are used only in connection with that request, so that we can maintain clear and informative communication with the person and ensure their needs and expectations are met.
If a data subject is unhappy with the way DCB Legal have collected, stored or used their personal information, or the way we have dealt with their request, we acknowledge that they have the right to lodge a complaint with the Information Commissioner’s Office in the United Kingdom.
Data Storage and Security
We do our best to store information relating to our business on computer systems rather than paper files, although it is often necessary to print or write upon certain documents, especially where legal documents are concerned. While these and similar items are ordinarily transferred quickly in sealed envelopes or given directly to the recipient, any storage of them is managed by authorised staff who ensure that unauthorised persons do not have direct access. Paper files transported by agents operating in approved vehicles will be locked in a mobile safe according to our policy on data in transit.
The majority of information is however stored in computer systems. We apply an information security management system in accordance with ISO 27001. Critical systems such as those relating to finance and service delivery are regularly backed up and/or continuously mirrored to protect against data loss and are physically located in secure premises.
It is our policy that data stored electronically be protected from unauthorised access, accidental deletion and malicious hacking attempts. In addition to internal processes, we employ third party service providers to manage elements of this.
DCB Legal may make transfers of personal data outside the United Kingdom, including out of the European Economic Area. Such cases are usually due to the physical location of a digital service provider that is storing data on our behalf, whose services are regulated by terms compatible with this policy and our compliance with applicable law.
Except where a legal obligation to retain data exists, DCB Legal does not store personal information for any longer than is necessary for its defined purpose. Wherever an individual has expressed that they no longer wish to have information we hold about them used for the purpose under which we hold it, we may need to continue storing certain identifiers to ensure that person’s information does not re-enter our systems at a later date. This data is stored apart from data that is in current use, is clearly labelled and access to it is restricted.
Data we hold on behalf of our clients will be held for up to 12 months unless it is needed for longer in order to complete the delivery of the service we have agreed to provide.
When data is no longer to be retained, its removal, deletion or erasure will be performed according to processes suitable for the medium, for example the secure shredding of paper documents, deletion from internal systems, or overwriting (wiping) of hard disks.