Data Controller: Wingrove Law is a trading name of Geoffrey Peter of Wingrove House, Beech Avenue, Holgate, York YO24 4JJ, who is the data controller.
Purposes of Processing: Your data will be processed in order to:
Legal Basis: Your data will be processed on the basis that Wingrove Law has a legitimate interest in being able to achieve the aims of processing set out above. Where special category data is provided, the provider of the data warrants that they consent to Wingrove Law processing that data or that they have obtained written consent from the data subject.
Personal Data Held: As a minimum, Wingrove Law is required to positively identify its clients. This also includes positively identifying a director in the case of a corporate client. In addition, Wingrove Law holds whatever information is provided to it by its clients and others. This will rarely include special category data.
Failure to Provide Data: If you fail to provide Wingrove Law with the data required you will not receive services or marketing.
Data Sources: Wingrove Law obtains most personal data from its clients and those who have indicated that they have an interest in Wingrove Law services. Wingrove Law also obtains some personal data from other correspondents. Wingrove Law also collects some data from publicly available sources (e.g. Companies House).
Recipients: Any data provided by a client is treated as confidential to that client and will only be shared with others in so far as this is necessary in order to provide the services contracted for by the client, to comply with regulatory and other legal obligations and to protect Wingrove Law against a potential claim. In order to provide its services, Wingrove Law relies on the services of certain data processors. These include secure cloud storage for files and emails. In each case, Wingrove Law ensures that data is processed in compliance with this policy.
Third Countries and Safeguards: Other than where required in order to provide services as required in individual client matters, data is rarely sent to third countries. Where it is, the relevant devices are password protected and equipped with tracking and remote wipe software. The devices are personally accompanied.
Retention Period: Data is held for a minimum of six years from the end of the relevant matter or for six years where not associated with a particular matter. Data is then destroyed or permanently deleted within a reasonable time after the expiry of the six-year minimum period.
Data Subject’s Rights: Where relevant, you have the right (subject to client confidentiality) to:
Automated Decision Making: None.