Data Protection Policy


Higgins & Co Lawyers Limited maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The new *General Data Protection Regulations (GDPR) (soon to be incorporated in the Data Protection Act 2018) provides Articles that should be complied with from 25th May 2018 for the processing of people’s personal information or data. Personal data is any information which identifies a living personSome information is defined as sensitive personal data, and special conditions for processing apply. Sensitive personal data include details of racial origin, health, criminal proceedings or convictions. Processing data covers just about everything that can be done with information held electronically or manually, including obtaining, retrieving, organising and sorting, disclosing or simply holding or storing. Higgins & Co Lawyers Limited recognises the importance of the​ ​correct​ ​and​ ​lawful​ ​treatment​ ​of​ ​personal​ ​data.

Examples of personal data which Higgins & Co Lawyers Limited may require from clients include the following​ ​and​ ​for​ ​the​ ​reasons​ ​ascribed​ ​to​ ​each:

Name​ ​and​ ​address​ ​of​ ​client​ ​and​ ​date​ ​of birth

● To​ ​undertake​ ​legal​ ​services​ ​on​ ​the​ ​client’s​ ​


● To comply with regulatory and anti-money

laundering procedures

● For​ ​marketing​ ​purposes

Paper​ ​and​ ​computer​ ​records​ ​of​ ​legal services​ ​work​ ​undertaken​ ​by​ ​the​ ​firm​ ​on behalf​ ​of​ ​clients

● To​ ​enable​ ​us​ ​to​ ​undertake​ ​those​ ​legal​ ​


● To​ ​comply​ ​with​​ ​recommended​ ​

practices​ ​as to​ ​the​ ​retention​ ​of​ ​files

● To​ ​enable​ ​us​ ​to​ ​respond​ ​to​ ​enquiries​ ​from​ ​

clients​ ​at​ ​a later​ ​date

● To​ ​enable​ ​us​ ​to​ ​respond​ ​to​ ​complaints​ ​

and​ ​claims

Legal​ ​documents​ ​of​ ​record

● For​ ​safe​ ​keeping​ ​purposes​ ​and​ ​at​ ​the​ ​

strict​ ​instruction of​ ​the​ ​client

Names​ ​and​ ​addresses​ ​of​ ​business​ ​contacts e.g.​ ​Barristers,​ ​Agents

● To​ ​enable​ ​the​ ​firm​ ​to​ ​carry​ ​out​ ​

instructions​ ​on​ ​behalf of​ ​the​ ​client

● For​ ​marketing​ ​purposes

Higgins & Co Lawyers Limited fully endorses and adheres to the provision of GDPR. Employees and others who obtain, handle, process, transport and store personal data for the firm must comply with GDPR,​ ​and​ ​adhere​ ​to​ ​Article 5 Principles relating to the processing of data’.

1) Personal data shall be:

  • Processed​ ​fairly​ ​and​ ​lawfully​ ​and​ ​in a transparent manner in relation to the data subject.
  • Collected for a specific, explicit and legitimate purpose and not further processed in a manner that is incompatible  with those purposes.
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
  • Accurate​ ​and,​ ​where​ ​necessary,​ ​kept​ ​up​ ​to​ ​date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without undue delay.
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).

2) The business shall be responsible for the above and able to demonstrate compliance with 1.a to 1.f above.

Satisfaction of Article 5 Principles Relating to the Processing of Data.

Higgins & Co Lawyers Limited shall:

  • Observe fully Articles 1.a to 1.regarding the fair collection and use of personal​ ​data;
  • Meet​ ​its​ ​obligation​ ​​by​ ​the​ ​purposes​ ​for​ ​which​ ​personal​ ​data​ ​is​ ​used;
  • Collect and process appropriate personal data only to the extent that it is needed to fulfil operational and​ ​legal​ ​requirements;
  • Ensure​ ​the​ ​quality​ ​of​ ​personal​ ​data​ ​used;
  • Apply​ ​strict​ ​checks​ ​to​ ​determine​ ​the​ ​length​ ​of​ ​time​ ​personal​ ​data​ ​is​ ​retained;
  • Ensure that the rights of individuals about whom the personal data is held, can be fully exercised under​ ​GDPR;
  • Take​ ​the​ ​appropriate​ ​technical​ ​and​ ​organisational​ ​security​ ​measures​ ​to​ ​safeguard​ ​personal​ ​data;​ ​and
  • Ensure​ ​that​ ​personal​ ​data​ ​is​ ​not​ ​transferred​ ​abroad​ ​without​ ​suitable​ ​safeguards.

We only collect data as necessary to carry out lawful processing as detailed in our table of legal basis for processing at the end of this Data Protection Policy.

Information​ ​Compliance​ ​Manager

The Information Compliance Manager for Higgins & Co Lawyers Limited is responsible for compliance with GDPR and implementation of this policy on behalf of the firm. The Information Compliance Manager is Paul Higgins. Any questions or concerns about the interpretation or operation​ ​of​ ​this​ ​policy​ ​should​ ​be​ ​taken​ ​up​ ​in​ ​the​ ​first​ ​instance​ ​with​ ​the​ ​Information​ ​Compliance​ ​Manager.

Status​ ​of​ ​the​ ​Policy

Any breach of this policy will be taken seriously and may result in disciplinary action. Any employee who considers that the policy has not been followed in respect of personal data about themselves should raise the matter​ ​with​ ​their​ ​manager​ ​or​ ​the​ ​firm’s​ ​Information​ ​Compliance​ ​Manager.

Employee​ ​Responsibilities

If as part of their responsibilities, employees collect personal data (e.g. about clients or about employees), they must​ ​comply​ ​with​ ​this​ ​policyAll​ ​employees​ ​are​ ​responsible​ ​for;

  • Checking that any personal data which they provide to Higgins & Co Lawyers Limited is accurate​ ​and​ ​up​ ​to​ ​date;
  • Informing Higgins & Co Lawyers Limited of any changes to information which they have provided​ ​e.g.​ ​changes​ ​of​ ​address;
  • Checking any information that Higgins & Co Lawyers Limited may send out from time to time,​ ​giving​ ​details​ ​of​ ​information​ ​that​ ​is​ ​being​ ​kept​ ​and​ ​processed.

Data​ ​Security

The need to ensure that personal data is kept securely means that precautions must be taken against physical loss or damage, and that both access and disclosure must be restrictive. All staff are responsible in ensuring that:

  • Any personal data which they hold is kept securely;
  • Personal data should not be disclosed either orally or in writing or otherwise to any unauthorised third​ ​party.

Rights​ ​to​ ​access​ ​information

Employees and other subjects of personal data held by Higgins & Co Lawyers Limited have the right to access any personal data that is being kept about them on computer and also have access to paper-based data held in certain manual filing systems. Any person who wishes to exercise this right should make the request in writing to the firm’s​ ​Information​ ​Compliance​ ​Manager.

Higgins & Co Lawyers Limited reserves the right to charge the maximum fee payable for each subject access request up to 25th May 2018; thereafter all requests will be provided without charge unless a request is determined to be either unreasonable or excessive.

If personal details are inaccurate they can be amended upon request.

Higgins & Co Lawyers Limited aims to comply with requests for access to personal information as quickly as possible and within 40 days of receipt of a completed request up to 25th May 2018; thereafter within 30 days unless there is good reason for delay. In such cases, the reason​ ​for​ ​delay​ ​will​ ​be​ ​explained​ ​in​ ​writing​ ​to​ ​the​ ​individual​ ​making​ ​the​ ​request.

Subject​ ​Access

All individuals who are the subject of personal data held by Higgins & Co Lawyers Limited are entitled​ ​to:

  • Obtain a copy of ​ ​information​ ​held​ ​about​ ​them​ ​and​ ​why;
  • Ask​ ​how​ ​to​ ​gain​ ​access​ ​to​ ​it;
  • Be​ ​informed​ ​how​ ​to​ ​keep​ ​it​ ​up​ ​to​ ​date; ​and
  • Be informed about how we comply with our obligations to GDPR

Subject​ ​Consent

The need to process data for specified purposes should be communicated to all data subjects and is further available in the table provided below. If we intend to market data subjects in the future we will only do so where we have ‘provable consent’ acquired by way of either a verbal recorded agreement or a preference opt-in from our website form. Consent will be specific to marketing individuals about mis-sold pensions, investments, SIPPs and other similar investment products.

If an individual could not reasonably foresee how their data will be used it is important that further information be supplied to the individual concerned. Care should be taken not to collect personal data of which the individual is unaware.

Consent must be obtained if the purpose changes. In some cases, if the data is sensitive, for example information abouhealth, race or gender, express consent to process the data must be obtained. Processing may be necessary by way of legitimate interest for example; to operate​ ​Higgins & Co Lawyers ​Limited​’s​ ​policies​ ​such​ ​as​ ​health​ ​and​ ​safety​ ​and​ ​equal​ ​opportunities.

Retention​ ​of​ ​Data

Higgins & Co Lawyers Limited will keep some forms of information for longer than others. All staff are​ ​responsible​ ​for​ ​ensuring​ ​that​ ​information​ ​is​ ​not​ ​kept​ ​for​ ​longer​ ​than​ ​necessary.

Quality​ ​of​ ​Data

Personal data should be adequate, relevant and not excessive in relation to the purpose or purposes for which the data is processed. Data should be kept to the minimum necessary to meet the stated purpose. Personal data​ ​should​ ​also​ ​be​ ​adequate​ ​and​ ​up​ ​to​ ​date.


Our use of your data

Legal basis for processing

To carry out our contract with you to provide you with our service/s including claims management services, processingpayment and where required provide advice

Necessary for the performance of our contract with you

To assist you in deciding whether you wish to contract with us to provide you with service/s detailed above

Necessary for consideration prior to entering into contract

To advise you of any changes to our service

Necessary for the performance of our contract with you or to take steps to enter into a contract with you

To send you marketing information about our services that may be of interest to you

You have given your consent for us to contact you

To manage the effectiveness of any online service and deliver the website service to you

You have given your consent for us to track cookies

To make recommendations about our products and services

You have given your consent for us to contact you

To make sure that the content of our website is presented as effectively as possible.

Our use of your data is necessary for our legitimate interest of making sure that the service we provide is managed effectively

To create statistical information which will help us manage the service we provide and make improvements to the service

Our use of your data is necessary for our legitimate interest of making sure that the service we provide is managed effectively

To monitor our website to make sure it is functioning correctly and to its optimum and to be able to correct any issues to improve the customer journey

Our use of your data is necessary for our legitimate interest of making sure that the service we provide is managed effectively

To allow our customers to access any interactive features of our website that facilitate account login to access claim information (where applicable).

Our use of your data is necessary for our legitimate interest of making sure that the service we provide is managed effectively

To protect your personal information when you use our website and when you make a purchase

To protect your data and your identity