Privacy Policy

I have a responsibility to protect your personal data, and I take it seriously.

Please read the following privacy policy carefully as it contains important information about how, where and why I collect, store, use and share your personal information, your rights in relation to this personal information, and how to contact myself or supervising authorities if you would like to make a complaint.

Who am I?

I am Ricky Hepburn, an SRA-regulated freelance solicitor (SRA Number: 8013018). I am the data controller of this website.

Whose personal data do I hold?

I may hold data about the following kinds of persons:

  • Clients
  • Enquirers
  • Suppliers and service providers
  • Advisers, consultants and other professional experts
  • Complainants

What kinds of personal data do I process?

I will only collect information from you that is relevant to those matters that I assist you with. This might include the following types of personal data:

  • Personal details
  • Details of personal finances
  • Family, lifestyle and/or social circumstances
  • Business activities

To the extent that it is necessary to provide legal services or comply with laws and regulations, I might also collect “Special Category data” information pertaining to your:

  • Physical and/or mental health
  • Racial and/or ethnic origin
  • Religious beliefs
  • Sexual orientation
  • Political affiliations

Where do I obtain personal data from?

I may collect personal data from a variety of sources.

You might directly provide personal data to me via this website, for example by completing the contact form via the webpage entitled ‘Contact Me’.

Where doing enables me to provide services that have been requested, I may collect data from publicly available sources, and/or request it from third parties.

I collect personal data via Cookies on this website. A cookie is a small text file which is placed onto your device (eg computer, smartphone or other electronic device) when you visit the website. This data is then provided to me in an aggregated and anonymous manner that does not identify you specifically. This provides me with insights which include information about how and when visitors use my website.

When can I process personal data?

The basis on which I process your personal data is one or more of the following:

  • It is necessary to enable my performance of contractual obligations owed to you.
  • It is necessary for enabling my compliance with legal and/or regulatory obligations.
  • Doing so falls within my legitimate business interests.
  • You have provided me with your consent.

How will I use your data?

I may use your information for the following purposes:

  • Provision of legal services;
  • Marketing
  • Education and development
  • Maintaining accounts and records

When can I share your personal data with third parties?

Your personal data will usually only be shared to persons who will assist in the proper performance of our contracted services for you. This may include:

  • Barristers
  • Accountants
  • Medical Experts
  • Private investigators
  • Healthcare professionals, social and welfare organisations
  • Courts, tribunals and government departments

Where you authorise us we may also disclose your information to your family, associates or representatives and we may also disclose your information to debt collection agencies if you do not pay our bills.

I may otherwise be also required to provide your personal data to government and/or regulatory authorities, in order to comply with legal and/or regulatory requirements.

I may, when appropriate, transfer your personal data to a country outside of the EEA. Usually this will occur when necessary for me to act in relation to legal claims on your behalf. In any event, should I have to make such a transfer, I shall ensure that appropriate safeguards are always in place.

Security arrangements

I shall ensure that all information that you provide to me is kept secure using appropriate technical and organisational measures.

In the event of a personal data breach, I shall:

  • Execute procedures designed to minimise any impact that might arise therefrom.
  • Where appropriate, inform affected individuals and regulatory authorities.

For how long will I keep your personal data?

I will normally keep your personal data throughout the period of time that I am contractually engaged to provide services for you, and thereafter for a period of six years, in compliance with legal and regulatory requirements.

You shall be advised if circumstances arise which would require me to keep your personal data for more or less time than the normal period stated above.

Complaints

If you would like to make a complaint in respect of this privacy policy, or more generally seek to assert your rights under the GDPR, please let me know.

I shall review and respond to you as soon as possible.

If you remain unsatisfied with my response, you may refer the matter to the Information Commissioner’s Office. Their details are available at www.ico.org.uk.