Privacy Policy

Fullers Family Law Limited (‘Fullers’, ‘we’, ‘us’) respects the privacy and legal rights of the individuals and organisations we deal with.

This privacy policy provides information about how we collect, store and use personal data from our clients and the persons and organisations we deal with when providing services and administering our business.

This privacy policy does not apply to any third-party websites that may have links to our own website.

Clients of this firm should read this policy alongside our general terms and conditions, which provide further information on confidentiality.

Your personal data

‘Personal Data’ means any information relating to an identifiable person who can be directly or indirectly identified by data held by us.

For the purposes of the Data Protection Act 2018 (‘DPA 2018’) and the General Data Protection Regulations (‘GDPR’), the Data Controller in respect of any data controlled by the firm is Fullers Family Law Limited, a limited company under the laws of England and Wales, registered under number 8069084.

The DPA and GDPR regulate our use of your personal data.

Our registered address is Ashton House, 409 Silbury Boulevard, Milton Keynes, MK9 2AH; telephone 01234 343134.

We are authorised and regulated by the Solicitors Regulation Authority under number 569016.

Our services and website are not aimed specifically at children [ who are usually represented by their parents or guardians]. If you are a child and you want further information about how we might use your data, please contact us (see ‘How to contact us’ below).

How do we collect your personal data?

Mostly we obtain personal data from you for the purposes of providing you with legal services or a quote for legal services when you provide information via our website, when you use our online client portal, contact us by telephone, visit our offices or when you correspond with us.

However, we may also collect information:

from publicly accessible sources, e.g., Companies House or HM Land Registry;
directly from a third party, eg: client due diligence providers;
from a third party with your consent, eg:
- your bank or building society, another financial institution or advisor;
- your employer or pension administrators;
- your doctors, medical and occupational health professionals;
via our website—we use cookies and similar technologies on our website (for more information on cookies, please see https://fullersfamilylaw.com/cookies
via our information technology (IT) systems [e.g]
- via our case management, document management and time recording systems;
- from door entry systems and reception logs;
- through automated monitoring of our websites and other technical systems, such as our computer networks and connections, and access control systems, communications systems, email and instant messaging systems.

What personal data do we collect?

The data we obtain may include:

your name, address, contact details, date of birth,
information to verify your identity,
details of your finances (such as property, bank accounts, tax and pensions), children, the opponent and your personal circumstances relevant to your family dispute,
national insurance number, employment and medical details where they are relevant to your case,
information about your use of our IT, communication and other systems, and other monitoring information [e.g. if using our secure online client portal]

We collect and use this personal data to provide services to you.

If you apply for employment with us or make an employment enquiry, then we may obtain your data through you uploading your cv to our website or through you e-mailing us your cv. The data that you supply for these purposes may include name, address, contact details, referee details and employment and education history.

The bases of collecting and processing your data will be with your consent, and/or performance of contract and/or our legitimate interests as a business.

A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests You have the right to object to processing based on legitimate interests. We must then stop the processing unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms or the processing is required to establish, exercise or defend legal claims.

All telephone calls in and out of the firm are recorded for training and quality purposes. If you object to this, please let us know when you call.

Please note that if you are a third party not a client and we are processing your information in connection with legal proceedings, and/or if legal professional privilege applies, then it is likely we are exempt from any requirement to inform you that we are processing your information.

What we use your personal data for	Our reasons
Providing services to you	To fulfil our contract with you or to take steps at your request before entering into a contract
Preventing and detecting fraud against you or us	For our and/or your legitimate interests, ie to minimise fraud that could be damaging for you and/or us
Conducting checks to identify our clients and verify their identity (including via third party agency) Screening for financial and other sanctions or embargoes (including via a third-party agency) Other activities necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g., under health and safety law or rules issued by our professional regulator	Depending on the circumstances: —to comply with our legal and regulatory obligations —for our legitimate interests
To enforce legal rights or defend or take legal proceedings	Depending on the circumstances: —to comply with our legal and regulatory obligations —for our legitimate interests, i.e. to protect our business, interests and rights
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies	Depending on the circumstances: —to comply with our legal and regulatory obligations —for our legitimate interests
Ensuring internal business policies are complied with, e.g., policies covering security and internet use	For our legitimate interests, i.e., to make sure we are following our own internal procedures so we can deliver the best service to you
Operational reasons, such as improving efficiency, training and quality control	For our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service to you at the best price
Ensuring the confidentiality of commercially sensitive information	Depending on the circumstances: —for our legitimate interests, i.e., to protect trade secrets and other commercially valuable information —to comply with our legal and regulatory obligations
Statistical analysis to help us manage our business, eg in relation to our financial performance, client base, services range or other efficiency measures	For our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service to you at the best price
Protecting the security of systems and data used to provide services, preventing unauthorised access and changes to our systems	Depending on the circumstances: —for our legitimate interests, i.e. to prevent and detect criminal activity that could be damaging for you and/or us —to comply with our legal and regulatory obligations
Updating [and enhancing] client records	Depending on the circumstances: —to fulfil our contract with you or to take steps at your request before entering into a contract —to comply with our legal and regulatory obligations —for our legitimate interests,
Statutory returns	To comply with our legal and regulatory obligations
Ensuring safe working practices, staff administration and assessments	Depending on the circumstances: —to comply with our legal and regulatory obligations —for our legitimate interests, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you
External audits and quality checks, e.g. for Lexcel or Investors in People accreditation and the audit of our accounts [to the extent not covered by ‘activities necessary to comply with legal and regulatory obligations’ above]	Depending on the circumstances: —for our legitimate interests, i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards —to comply with our legal and regulatory obligations
To consider your application or enquiry relating to employment or consultancy	Depending on the circumstances: —with your consent —for our legitimate interests to allow us to make a decision on your application and to perform due diligence

Where we process special category personal data we will also ensure we are permitted to do so under data protection laws, e.g.:

we have your explicit consent;
the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent;
the processing is necessary to establish, exercise or defend legal claims; or
the processing is necessary for reasons of substantial public interest.

Special category personal data is:

personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership;
genetic data;
biometric data (where used for identification purposes);
data concerning health, sex life or sexual orientation.

Who will have access to your personal data?

Access to your personal data may be given to employees, contractors or agents of Fullers solely for the purpose of performing their duties or contractual responsibilities to you or for the proper management of our business.

We routinely share personal data with:

third parties we use to help deliver our services to you e.g. providers of our case management and finance system, IT service providers including cloud service providers such as data storage platforms, shared service centres and financial institutions in connection with invoicing and payments;
with your consent third party external advisors or experts engaged in the course of providing services to you, e.g. barristers, pension advisers;
companies providing services for money laundering checks and other crime prevention purposes and companies providing similar services, including financial institutions and credit reference agencies
our insurers and brokers;
our bank[s];

We only allow those organisations to handle your personal data if we are satisfied that they take appropriate measures to protect your personal data. We ensure all outsourcing providers operate under service agreements that are consistent with our legal and professional obligations, including in relation to confidentiality.

We or the third parties mentioned above may occasionally also share personal data with:

our (and their) external auditors, e.g. in relation to the audit of our (or their}accounts, or the award of Lexcel accreditation to us in which case the recipient of the information will be bound by confidentiality obligations;
our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations.

If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).

Where your personal data is held

Data is usually held via our secure third-party hosted IT system including in the cloud.

Personal data may also be held at our offices and, third party agencies, service providers, representatives and agents as described above (see ‘Who we share your personal data with’).

Some of these third parties may be based outside the UK. For more information, including on how we safeguard your personal data when this occurs, see below: ‘Transferring your personal data abroad’.

Transferring your personal data abroad

It is sometimes necessary for us to transfer your personal data to countries outside the UK [and EEA]. This may include countries which do not provide the same level of protection of personal data as the UK [or EEA].

We will transfer your personal data outside the UK [and EEA] only where:

the UK government [or European Commission] has decided the recipient country ensures an adequate level of protection of personal data (known as an adequacy decision); or
there are appropriate safeguards in place (e.g. standard contractual data protection clauses published or approved by the relevant data protection regulator), together with enforceable rights and effective legal remedies for you; or
a specific exception applies under data protection law.

You can contact us (see ‘How to contact us’ below) if you would like a list of countries benefiting from a UK or European adequacy decision or for any other information about protection of personal data when it is transferred abroad.

How long do we keep your data?

Data is stored for a period of one year in respect of prospective clients who make an enquiry and/or have a free interview but do not instruct Fullers and for a period of seven years from the end of the case for those clients who do instruct Fullers after which time it will be destroyed.

Note that telephone recordings are stored for seven years but in relation to prospective clients who make an enquiry and/or have a free interview but do not instruct Fullers we will no longer be able to access them after one year.

Recordings of Zoom or Microsoft Team meetings are destroyed after three months unless saved onto a client’s file in which case they will be kept for seven years.

If you make an enquiry in relation to employment, we will keep your information for three months.

If you apply for a job role with us and are unsuccessful, we will keep your information for twelve months.

Automated decision making

We may use the personal information that you supply us with to carry out an automated decision-making process via a third party as to the validity of your identity, and as to whether you are a politically exposed person or on the sanctions list. If a query or issue arises in relation to those checks that might prevent us from providing legal services, the decision will not be made automatically and we will make further enquiries of you.

Keeping your personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We are accredited for cyber essentials (a government-backed certification, awarded to companies who follow the core principles of cyber security).

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Your rights in respect of the personal data we process

The GPDR provides for the following rights in relation to your personal data. Please note that these rights usually contain a number of exceptions:

The right to be informed about the collection and use of your data.
The right of access – to be provided with a copy of your personal data.
The right to require us to correct any mistakes in your personal data.
The right to have the data erased. We will not erase the data if it is still necessary for the purpose it was supplied, if there is still a lawful reason to process or retain the data or if one of a number of exceptions applies such as compliance with a legal obligation or for the establishment, exercise or defence of legal claims.
The right to restrict processing of your personal data in certain situations e.g. if you contest its accuracy.
The right to receive the personal information we hold about you in a portable format in certain situations e.g., if the processing has been done by automated means.
The right to object to at any time to your personal data being processed for direct marketing (including profiling).
The right to object in certain other situations to our continued processing of your personal data, e.g., processing carried out for our legitimate interests unless we demonstrate compelling legitimate grounds for the processing which override your interests or for establishing, exercising or defending legal claims.
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
If you have provided us with a consent to use your personal data, you have a right to withdraw that consent at any time. See How to contact us below. Withdrawing consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn. In some circumstances it may lead to us no longer being able to provide services to you.

How to contact us

If you wish to exercise any of the above rights or require further information about them, please contact: The Data Protection Officer (Martin Fuller) at the registered address above, via telephone 01234 343 134 or via email enquiries@fullersfamilylaw.com. There is no charge for exercising your rights but we may make a charge if additional copies of documents are requested.

If you have any questions about this policy or have a complaint about how we have processed your data, please contact us as above so we may investigate your complaint. You also have the right to contact the ICO via www.ico.org.uk/concerns/ or on their helpline 0303 123 1113.