DATA POLICIES
Category of Data/Data processing item Policy
1. Network Security Policy
Access to the Network is by User Name and Password. Each user is assigned a User Name and they then create a Password.
2. Data Access Policy
Any Data stored on the Server or Servers within the Network can be accessed by the staff member provided he or she has suitable permission levels.
All staff members who deal with client matters are afforded access to all client data stored on the Network.
Access to the firm’s Accounting is through Username and Password. Users will be granted permissions to areas of the Accounting based on their position within the business.
Generally, all solicitors, paralegal or legal executive and secretarial staff will be afforded access to all client records, matter (case) records, client ledgers, documents and important stored documents (strongroom (or equivalent area))
3. Data Storage Policy
On premises electronic data is stored in Folders on the firm’s server on the Network. Access to email (hosted online) is by secure encrypted connection.
Physical paper files are stored in filing cabinets/cupboards within the firm’s offices.
Outwith office hours, all our offices are locked and alarmed.
Any data accessed remotely will be accessed across a secure VPN connection and, were possible, the data will not be transferred to the remote machine.
Any removable media used to transport data will be encrypted to ensure secure transfer.
Any paper files will be taken from and returned to the office in a locked case or bag and will never be left unattended whilst outwith the office.
Once files are completed, they are forwarded to an offsite storage facility where they will be scanned digitally and then destroyed. These files can be accessed remotely by authorised users by allocated user name and password, but will not be transferred to any machine located outwith our offices.
The files are also transferred to DVD discs which are sent to us and stored under lock and key in our safe in Rutherglen.
4. Third Party Processing Policy
Only data required for processing will be processed by any third party. All third parties will enter into a Third-Party Contract for processing services containing all required conditions as set down in the GDPR. We will not deal with any third-party organisation unless they agree to provide such a contract.
5. Data Retention Policy
Data will be retained for the periods specified in this policy, based on legal, regulatory, and business requirements. The firm does not have a policy of holding files indefinitely.
If a client exercises their right of erasure, this request will be complied with provided that the last movement date on the file or client ledger in connection with the matter is beyond our minimum retention period.
Our minimum retention period will accord with the timescales recommended by the Law Society of Scotland from time to time or five years, whichever is longer.
6. Specific Retention Periods
Simple Debt Collection
Files shall be retained for ten years after final completion, i.e., after the time for appeal has elapsed.
Divorce and Consistorial Matters
Files shall be retained for ten years after final completion, e.g., after maintenance, residence, and contact orders have ceased to have effect, or children have reached majority.
Civil Court Cases
Files shall be retained for ten years after completion.
Criminal Cases
- Summary Cases: Retain files for three years following the conclusion of proceedings.
- Solemn Cases:
- If resulting in conviction, retain files for the duration of the custodial sentence if it exceeds three years.
- If acquitted or if the sentence is less than three years, retain files for three years from the date of conclusion.
- If the case is neither indicted nor reduced to summary complaint, retain files for three years, beginning one year after the first appearance on petition or upon receipt of written confirmation of ‘no further proceedings.’
- Murder and Life Imprisonment Cases: Retain all papers indefinitely.
Executries
Files shall be retained for the later of:
- Twenty years after the approval of the “final” accounts of the executry, or
- Two years from the death of the deceased’s spouse or civil partner (if applicable).
Relevant documents may, by agreement, be sent to the Executor for safekeeping.
Continuing Trusts
Files shall be retained for ten years after the termination of the Trust.
Conveyancing Transactions
- Purchase: Retain for ten years after completion.
- Sale: Retain for one year after completion.
Solicitors must comply with any obligations imposed by regulatory bodies such as UK Finance.
Company Work
Files shall be retained for ten years after completion.
Endowment and Investment Business
Files should be retained in line with guidance from the Financial Conduct Authority.
Other Correspondence Files
Files shall be retained for five years after completion of the business.
Financial Records
Accounting records must be retained for six financial years beyond the current financial year, in compliance with Rule B6.1.1.
Documents containing clients’ tax and VAT affairs must be retained in accordance with statutory requirements.
Money Laundering - Customer Due Diligence Records
All data collected in order to comply with our money laundering requirements will be stored for at least five years from the end of the business transaction, as per Regulation 40 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. We might retain this information for longer if there are longer retention periods on the file as highlighted in the retention periods above. If you would like us to delete it after 5 years, please let us know.
Closing of Files
In cases where a matter has not reached an obvious conclusion, there is a professional duty to notify the client in writing that the file will be closed in the absence of further instructions within a reasonable period.
Privacy Statement
Privacy Statement Wording
Chen Jie Solicitors LTD have our place of business at 117 Crow Road, Glasgow G11 7SH. You can contact us by phone on 0141 641 0089, or by email jade@chenjiesolicitors.co.uk
Our Undertaking to you
In this Privacy Statement we will tell you how we collect and use your data. We will use it to look after your interests in the best way we can and to ensure the we can properly act on your behalf. We will make sure we collect and store your data securely.
If you’re a client of the firm:
We collect your data from you. This is either face to face, over the phone, email, letter or text
If you’re a client of another law firm:
We will receive your personal data from your solicitor
If you are not a client of our firm but sign up to our Newsletter:
We will receive your personal data from you when you complete an online signup form.
Data we receive from third parties
We will also receive and process personal data of third parties for whom we neither act nor have any connection with. This can belong to the defender or witness in in a court case, the beneficiary in a Will or Executry case or the other party in an accident case. These are examples of where we might receive and process personal data which does not belong to our clients. This list is not exhaustive and we will receive and process personal data from a wide range of third parties
The types of personal data we collect
We collect name and contact details including your postal address, telephone numbers and email addresses. We collect identification information from you.
If you are a client, we collect additional personal data as is necessary to properly represent you and carry out your lawful instructions to us. This can include personal and business financial information, health and medical information, information on your family members and their circumstances.
What we will do with your personal data?
We will use your personal data to act on your behalf in the matter or matters you have instructed us in. These are set out in the Terms of Engagement we have sent to you and which you can view here [insert link to Terms of Engagement}] Note: on Printed version of this document, consider attaching the Terms of Business/Engagement.
We will also be in touch with you from time to time to explain other services we can provide that may be relevant to your circumstances and inform you about changes in the law that might impact on you, your family, your business or your employment or which otherwise may affect you. If you do not wish to receive such communications, please let us know and you will be excluded from receiving them
You have the following rights in relation to your personal data:
You have the following rights:
- Access to the personal data we hold about you, free of charge in most cases;
- The correction of your personal data when incorrect, out of date or incomplete;
- Object to the processing of your personal data where we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end;
- That we stop using your personal data for direct marketing;
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- To ask us to delete or erase your personal data (subject to our Terms of Business in the case of clients)
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
What is our Complaints Procedure?
Our complaints procedure in respect of any legal work we carry out on your behalf is stated in our Terms of Business letter to you. If you are not a client of the firm, you should write to us at the contact address show at the beginning of this Privacy Statement
If you are unsatisfied with the manner in which we have dealt with any complaint relating to your personal data, you are entitled to ask the Information Commissioner to investigate. You will find information on how to raise a concern with the information Commissioner on their website by clicking this link: https://ico.org.uk/concerns/ If you do not have Internet Access, you can call the Information Commissioner by telephoning 0303 123 1113.
On what basis are we processing your personal data?
Where you are a client
Our Lawful Basis for Processing your personal data is based on the Contract we have with you as set out in our Terms of Business letter to you
Where you are not a client of the firm and have signed up for our Newsletter and other marketing materials
Our Lawful Basis for Processing your personal data is your Consent which can be withdrawn at any time after which you will receive no further communications of this nature from us.
If another solicitor or organisation acting for you has provided your personal data in the course of a transaction with us on behalf of a client for whom we act.
Our Lawful Basis for Processing your personal data is the Legitimate Interests of this firm and its clients to properly and lawfully represent our clients’ interests. This Lawful Basis for Processing also applied to personal data of individuals who have no connection with our firm where our clients instruct us to carry out such processing. Examples of such individuals are beneficiaries named in a Will, the Defender who we are instructed to sue, or a witness in a court action. This list is not exhaustive and there are many other instances where we will be required to process personal data as instructed by our clients.
If we are acting as a Processor of your personal information
Our Lawful Basis for Processing your personal data is based on the contract we have with the Data Controller who asked us to deal with your transaction, case or business and you should look to their Privacy Statement to determine their Lawful Basis for Processing your personal data.
Measures in place to ensure the protection of any Children’s or Special Category of data held
We ensure any children’s or special category of data we hold are properly stored in our access controlled data store on our Network and in our firm’s Practice Management systems which, again, can only be accessed through a secure username and password.
Any data of this nature held in paper files, is held in secure filing cabinets within our offices which are locked and alarmed when unoccupied.
This data is only accessed by solicitors and staff members within our firm and no access is available to third parties in respect of this data.
Data is stored in our access controlled data store on our Network and in our firm’s Practice Management systems which, again, can only be accessed through a secure username and password.
Any data of this nature held in paper files, is held in secure filing cabinets within our offices which are locked [and alarmed] when unoccupied
Mention any CCTV employed as an additional security measure
Personal data processed by third parties on our behalf
Your personal data will be processed by third parties with whom we are required to deal with when acting properly and lawfully for you. Examples of such parties are professional searchers, our IT support company and our practice management system support desk, our external Cashroom service, our file store for closed files, our secure shredding company and our fax to email conversion service.
We are regulated by The Law Society of Scotland and they have a right of access to our books and records to carry out regulatory inspections. They may remove personal data from our premises and systems in order to carry out regulatory checks.
Our eNewsletter and other email marketing activities are managed by Client Communications Ltd. You can view their Privacy Statement here: http://www.clientcommunications.co.uk/privacy-policy/
Client Communications Ltd. uses The Rocket Science Group LLC, of the State of Georgia, USA, trading as MailChimp to process the data for our eNewsletter and email marketing campaigns. MailChimp has certified its agreement to the EU-US Privacy Shield Framework. You can view its Privacy Policy here: https://mailchimp.com/legal/privacy/
Our Data Retention Policy
Where you are a client
We will retain your data in accordance with our current data retention policy. This is set out in our Terms of Business we sent to you.
Where you are not a client
If you are not a client and have signed up to our eNewsletter, you can unsubscribe at any time and ask us to delete any data we hold at any time.
If you are a third party
We will retain your data in accordance with our client’s instructions and any data retained within our digital or paper filing system or storage will be subject to our data retention policy.
Revision History
| Revision Number | Date | Author | Description of Change |
|---|---|---|---|
| 1.0 | 07/02/2025 | Jade Smitheram | Change to Specific Retention Periods |
| 1.1 | 09/03/2026 | Jade Smitheram | Changes to Money Laundering - Customer Due Diligence Records |
| 1.2 | |||
| 1.3 | |||
| 1.4 |