Date created: 25 May 2018

Harper & Odell solicitors

Privacy Policy and Privacy Notice

Introduction

Welcome to Harper & Odell’s privacy policy.

Harper & Odell respects your privacy and is committed to protecting your personal data. This privacy

policy will inform you as to how we look after your personal data and tell you about your privacy

rights and how the law protects you.

1. Who we are

2. Key terms

3. Personal data we collect about you

3.1. Personal data we will collect

3.2. We may collect the following data depending on the work you have asked us to do

4. How your personal data is collected

4.1. Why we use your personal data

5. What we use your personal data for

6. Promotional Communications

7. Who we share your personal data with

8. Where your personal data is held

9. How long your personal data will be kept

10. Retention policy

10.1. Responsibility

10.2. Our process

11. Data retention period

12. Transferring your personal data out of the EEA

13. Your legal rights

14. Keeping your personal data secure

15. How to complain

16. Changes to this privacy notice & privacy policy

17. How to contact us

Date created: 25 May 2018

Date Reviewed: 20 September 2018

1. Who we are

Harper & Odell collects, uses and is responsible for certain personal information about you. When

we do so we are regulated under the General Data Protection Regulation (‘GDPR’) which applies

across the European Union (including in the United Kingdom) and we are responsible as a ‘controller’

of that personal information.

We take your privacy very seriously. Please read this privacy notice and privacy policy carefully as it

contains important information on who we are and how and why we collect, store, use and share

your personal data. It also explains your rights in relation to your personal data and how to contact

us or supervisory authorities in the event you have a complaint.

Our use of your personal data is subject to your instructions, the EU General Data Protection

Regulation (GDPR), other relevant UK and EU legislation and our professional duty of confidentiality.

2. Key terms

It would be helpful to start by explaining some key terms used throughout this document:

We, us, our means Harper & Odell solicitors

Personal data means any information relating to an identified or identifiable individual

Special category personal data means Personal data revealing racial or ethnic origin, political

opinions, religious beliefs, philosophical beliefs or trade union membership; Genetic and biometric

data; Data concerning health, sex life or sexual orientation

3. Personal data we collect about you

The personal data we will or may collect in the course of advising and/or acting for you is as follows:

3.1 Personal data we will collect

1) Identity data which includes your name, date of birth, address and telephone number

2) Information to enable us to check and verify your identity, e.g. your date of birth or passport

details and proof of address.

3) Electronic contact details, e.g. your email address, mobile phone number and telephone

number.

4) Transactional data relating to the matter in which you are seeking our advice or

representation e.g. details of your assets/income/liabilities in relation to preparing a will.

Date created: 25 May 2018

Date Reviewed: 20 September 2018

5) Financial data in so far as relevant to your instructions, e.g. the source of your funds if you

are instructing us on a purchase transaction.

3.2 We may collect the following data depending on the work you have asked

us to do

1) Your National Insurance number.

2) Your bank and/or building society details.

3) Details of your professional online presence, e.g. LinkedIn profile.

4) Details of your spouse/partner and dependants or other family members, e.g. if you instruct

us on a family matter or a will.

5) Marriage certificates, e.g. if you instruct us on a matrimonial matter.

6) Your employment status and details including salary and benefits, e.g. if you instruct us on a

matter related to your employment or in which your employment status or income is

relevant.

7) Your nationality and immigration status and information from related documents, such as

your passport or other identification e.g. if you instruct us on an immigration matter.

8) Details of your pension arrangements, e.g. if you instruct us on a pension matter or in

relation to financial arrangements following the breakdown of a relationship.

9) your employment records, including, where relevant, records relating to sickness and

attendance, performance, disciplinary, conduct and grievances (including relevant special

category personal data), e.g. if you instruct us on a matter related to your employment or in

which your employment records are relevant.

10) Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs

providing it is relevant to your instructions, e.g. if you instruct us on discrimination claim

(Special category data, see ‘2. Key Terms’ or ‘Glossary’).

11) Your trade union membership, e.g. if you instruct us on a discrimination claim or your matter

is funded by a trade union.

12) Your medical records, e.g. if we are acting for you in a personal injury claim.

This personal data is required so we can work for you.

The personal data requested by us includes the necessary personal details and more specific

details or documentation that is required to carry out your instructions sufficiently and to

support the performance of your contract.

Date created: 25 May 2018

Date Reviewed: 20 September 2018

4. How your personal data is collected

We collect most of this information from you. However, we may also collect information:

from publicly accessible sources, e.g. Companies House or HM Land Registry;

directly from a third party, e.g. credit reference agencies;

from a third party with your consent, e.g.: your bank or building society;

4.1 Why we use your personal data

Under data protection law, we can only use your personal data if we have a proper reason

for doing so, e.g.:

to comply with our legal and regulatory obligations;

for the performance of our contract with you or to take steps at your request before entering

into a contract; or

for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your

information, so long as this does not infringe on your rights and interests, e.g. for fraud

prevention and direct marketing (see ‘13. Your legal rights’ below).

5. What we use your personal data for

The primary reason for asking you to provide us with your personal data is to allow us to carry out

your requests – which will ordinarily be to represent you and carry out your legal work.

The following are some examples, although not exhaustive, of what we may use your information

for:

• Verifying your identity

• Verifying source of funds

• Communicating with you

• To establish funding of your matter or transaction

• Obtaining insurance policies on your behalf

• Processing your legal transaction including;

• Providing you with advice; carrying out litigation on your behalf; attending hearings

on your behalf; preparing documents or to complete transactions

• Keeping financial records of your transactions and the transactions we make on your

behalf

Date created: 25 May 2018

Date Reviewed: 20 September 2018

• Seeking advice from third parties; such as legal and non-legal experts

• Responding to any complaint or allegation of negligence against us

The above does not apply to special category personal data, which we will only process with your

explicit consent (see’ Glossary’ for definition).

6. Promotional communications

We may contact you for the purpose of direct marketing. This means that we may use your personal

data that we have collected in accordance with this privacy policy to contact you about our products

or services, events etc. which may interest you. The direct marketing communications may be

provided to you by social media channels, email or post. We will never send marketing

communications via SMS or call you without your specific consent; nor do we ever pass on or sell

your details to a third party.

7. Who we share your personal data with

We routinely share personal data with:

1) professional advisers who we instruct on your behalf or refer you to, e.g. barristers,

solicitors, medical professionals, accountants, tax advisors or other experts;

2) other specific third parties where necessary to carry out your instructions, e.g. your

mortgage provider or HM Land Registry in the case of a property transaction or

Companies House;

3) insurers and brokers;

4) external auditors, e.g. in relation to Conveyancing Quality Scheme (CQS) and the audit of

our accounts; our banks; and

5) our case management providers, including Osprey.

We only allow our service providers to handle your personal data if we are satisfied they take

appropriate measures to protect your personal data. We require that all third parties treat your

personal data in accordance with the law. We do not allow third parties to use your personal data

for their own purposes and only allow them to process your personal data in accordance with our

instructions.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to

comply with our legal and regulatory obligations.

Date created: 25 May 2018

Date Reviewed: 20 September 2018

8. Where your personal data is held

Information may be held at our offices, third party agencies, service providers, representatives and

agents as described above (see ‘5. What we use your personal data for’).

Some of these third parties may be based outside the European Economic Area. For more

information, including on how we safeguard your personal data when this occurs (see below ‘12:

Transferring your personal data out of the EEA’).

9. How long your personal data will be kept

We will keep your personal data after we have finished advising or acting for you. We will do so for

one of these reasons:

1) to respond to any questions, complaints or claims made by you or on your behalf;

2) to show that we treated you fairly;

3) to keep records required by law.

We will not retain your data for longer than necessary for the purposes set out in this policy.

Different retention periods apply for different types of data. Further details on this are set below

(see ‘10. Retention Policy’).

When it is no longer necessary to retain your personal data, we will delete it or make it anonymous.

10. Retention Policy

We will only retain your personal information for as long as necessary to fulfil the purposes we

collected it for, including for satisfying any legal, accounting, or reporting requirements.

In some circumstances we may make your personal data anonymous so that it can no longer be

associated with you, in which case we may use such information without further notice to you.

To determine the appropriate retention period for personal data, we follow the guidance given by

the Solicitors Regulation Authority.

By law we have to keep basic information about our customers (including Contact, Identity, Financial

and Transactional Data) for legal, regulatory and tax purposes.

This policy sets out how long information will normally be held by us and when that information will

be confidentially destroyed.

10.1 Responsibility

Date created: 25 May 2018

Date Reviewed: 20 September 2018

Harper & Odell solicitors is responsible for implementing and monitoring compliance with

our privacy policy when dealing with your personal data. We will undertake an annual

review of this policy to verify that it is effective.

10.2 Our process

Information (hard copy and electronic) will be retained for at least the period specified in

our Data Retention Period (see below, ‘11. Data Retention Period’).

All information must be reviewed before destruction to determine if there are special

factors that mean destruction should be delayed, e.g.:

1) potential litigation

2) complaints

3) ongoing cases

We will endeavour to delete hard copy and electronically held documents and information

at the end of the retention period.

When your legal matter is complete and we have ensured that there are no outstanding

financial matters in relation to your case. We will return all original documents that you have

supplied to us. The Solicitors Regulation Authority requires us to store case papers for a

specific period (refer to point 11 ‘Data retention period’), after which we will utilise our

procedure for destroying closed files in a confidential manner. Closed files are archived into

a secure storage facility for the retention period and shall be physically destroyed once this

period is over.

You may ask for the return of any of the original documents passed to us by you up until the

end of this period. You may also ask for documents or information relating to your file, at

any time up until the file is destroyed, although we do reserve the right to make a charge to

you for this service. This depends on the amount of time that it takes us to recover the file

and to provide the information you require.

11. Data Retention Period

Matter type Retention period

Anti-money laundering records including records 6 years after the business relationship ends

of client identity and verification checks made or the transaction completes.

under our client due diligence procedure.

Purchase transactions 12 years

Sale transactions 6 years

Matters on behalf of minors 6 years from the date of the client attaining

18 years

Wills 6 years from the date of death of the

Date created: 25 May 2018

Date Reviewed: 20 September 2018

Testator

Tax 12 years after the end of the period or

assessment

All other client matter files 6 years

12. Transferring your personal data out of the EEA

To deliver services to you, it is sometimes necessary for us to share your personal data outside the

EEA.

These non-EEA countries may not have the same data protection laws as the United Kingdom and

the EEA. We will, however, endeavour that the transfer complies with data protection law and all

personal data will be secure.

13. Your legal rights

You have the following rights under data protection laws, which you can exercise free of charge:

1) Access - the right to be provided with a copy of your personal data

2) Rectification - The right to require us to correct any mistakes in your personal data

3) To be forgotten - The right to require us to delete your personal data. This right only applies

in the following circumstances:

a. Where the personal data is no longer necessary in regards to the purpose for which

it was originally collected;

b. Where consent is relied upon as the lawful basis for holding your data and you

withdraw your consent;

c. Where you object to the processing and there is no overriding legitimate interest for

continuing the processing;

d. The personal data was unlawfully processed; or

e. Where you object to the processing for direct marketing purposes

4) Restriction of processing - The right to require us to restrict processing of your personal data.

This right only applies in the following circumstances:

a. Where you contest the accuracy of the personal data – we should restrict the

processing until we have verified the accuracy of that data; or

b. Where you object to the processing and we are considering whether our

organisation’s legitimate grounds override your right; or

c. Where processing is unlawful and you request restriction; or

d. If we no longer need the personal data but you require the data to establish,

exercise or defend a legal claim

Date created: 25 May 2018

Date Reviewed: 20 September 2018

5) Data portability - The right to receive the personal data you provided to us, in a structured,

commonly used and machine-readable format and/or transmit that data to a third party in

certain situations

6) To object - The right to object at any time to your personal data being processed for direct

marketing (including profiling); the right to object in certain other situations to our

continued processing of your personal data, e.g. processing carried out for the purpose of

our legitimate interests

7) Not to be subject to automated individual decision-making - The right not to be subject to a

decision based solely on automated processing (including profiling) that produces legal

effects concerning you, or similarly significantly affects you

If you would like to exercise any of those rights, please:

• email or send us a letter (see ‘17. How to contact us’ below); and

• let us have enough information to identify you (e.g. your full name, address and client or

matter reference number); and

• let us have proof of your identity and address (a copy of your driving licence or passport and

a recent utility or credit card bill); and

• let us know what right you want to exercise and the information to which your request

relates.

14. Keeping your personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or

used or accessed unlawfully, altered or disclosed. We limit access to your personal data where it is

required. We will only process your information in an authorised manner and are subject to a duty

of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify

you and any applicable regulator of a suspected data security breach where we are legally required

to do so.

We have put in place appropriate security measures to prevent your personal data from being

accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit

access to your personal data to those employees, agents, contractors and other third parties who

require this data for business purposes. They will only process your personal data on our instructions

and they are subject to a duty of confidentiality.

15. How to complain

We always aim to resolve any query or concern regarding the use of your information directly with

you.

Date created: 25 May 2018

Date Reviewed: 20 September 2018

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory

authority. In the UK the supervisory authority is the Information Commissioner who may be

contacted at https://ico.org.uk/concerns or by telephone: 0303 123 1113. We would, however,

appreciate the chance to deal with your concerns before you approach the Information

Commissioner so please contact us in the first instance (refer to ‘17. How to contact us’).

In addition to this, Harper & Odell is committed to providing a high quality legal advice and client

care. If you are unhappy about any aspect of the service you have received, please contact Mr Reza

Hussein on 0207 490 0500 or by post to our London office. We have eight weeks to consider your

complaint. If we have not resolved it within this time you may complain to the Legal Ombudsman.

If you are not satisfied with our handling of your complaint you can ask the Legal Ombudsman, at PO

Box 6806 Wolverhampton WV1 9WJ to consider the complaint. Normally, you will need to bring a

complaint to the Legal Ombudsman within six months of receiving a final written response from us

about your complaint or within six years of the act or omission about which you are complaining

occurring (or if outside of this period, within three years of when you should reasonably have been

aware of it).

16. Changes to this privacy notice & privacy policy

This privacy notice was published on 25 May 2018.

We may change this privacy notice from time to time and in accordance with legislative updates and

requirements.

17. How to contact us

Please contact us by post, email or telephone if you have any questions about this privacy policy or

the information we hold about you.

Our contact details are:

Harper & Odell

61-63 St. John Street, Clerkenwell, London EC1M 4AN

DX: 53319 Clerkenwell

Fax: 0207 490 8040

Tel: 0207 490 0500

Email: law@harperandodell.co.uk

Date created: 25 May 2018

Date Reviewed: 20 September 2018

Glossary

Comply with a legal obligation means processing your personal data where it is necessary for

compliance with a legal obligation that we are subject to.

Data Controller means Harper and Odell, who are the controllers and are responsible for your

personal data, (collectively refer to Harper and Odell, ‘we’, ‘us’, ‘our’ in this privacy policy).

Data Protection Officer is an individual who is responsible for the handling of your personal data on

behalf of Harper & Odell.

Explicit Consent means you have provided us with clear written and witnessed consent to utilise

your personal data for the reasons requested or required by us.

General Data Protection Regulations means the regulations which have replaced the Data

Protection Act 1998. The new regulations provide for specific personal data that can be processed in

relation to your contract with us. It provides a route of redress in the event of a breach by us or by a

third party that we have forwarded your personal data to.

Legitimate Interest means the interest of our business in conducting and managing our business to

enable us to give you the best service/ product and the best and most secure experience. We make

sure to balance both the positive and negative impact and your rights before processing your

personal data for our legitimate interests. We do not use your personal data for activities where our

interests are overridden by the impact on you (unless we have your consent).

Performance of contract means processing your data where it is necessary for the performance of a

contract to which you are a party to or to take steps at your request before entering into such a

contract.

Personal Data means any information relating to an identified individual or company. Personal data,

or personal information, means any information about an individual from which that person can be

identified.

Special Category Data means any specific personal information that is used to process your matter

or to perform your contract. This may be data which reveals racial or ethnic origin, political opinions,

religious beliefs, philosophical beliefs or trade union membership; Genetic and biometric data; Data

concerning health, sex life or sexual orientation.

We, us & our means Harper & Odell solicitors.

A tradition of trusted legal advice

Harper & Odell is a long-established firm of solicitors based in Clerkenwell, London. For over 75 years, we have provided clear, dependable legal advice to individuals, families and businesses across our core practice areas. Our work is defined by integrity, discretion and a commitment to achieving the right outcome for every client.

Navigation

Home

Home

About Us

About Us

Practice Areas

Practice Areas

Pricing

Pricing

Contact Us

Contact Us

Privacy Policy

Privacy Policy

Address

61-63 St John Street

London, EC1M 4AN

United Kingdom

© Harper & Odell Solicitors 2026. All rights reserved. SRA No: 50671.