Astraea Legal (a trading name of Astraea Legal Consulting) of 17 Mann Island, Liverpool Waterfront, L3 1BP is a limited company incorporated in England and Wales and is a ‘data controller’ under the General Data Protection Regulation. It has notified the Information Commissioner’s Office that it processes and controls personal data (under number ZA310085).
We are committed to protecting and keeping confidential all the information you provide to us, subject to certain legal duties.
What will happen to any personal data that you provide to us as a result of using our website www.astraealegal.com?
Your privacy is important to us. By providing personal information such as your name and e-mail address via the forms on this website, you agree to us contacting you with regard to the information provided.
Some forms on our website also include a check box asking you for permission to add you to our mailing list. This is an opt-in mailing list and your personal information will be used solely by us (and all such emails include a link for opt-out).
Any data that you submit through a website form or using email@example.com will be held by securely for 12 months before being securely and confidentially destroyed [unless you have consented to joining our mailing list in which case your contact details will be removed only when you unsubscribe].
Your data will not be disclosed to any third parties without your consent or as otherwise allowed by the relevant Data Protection legislation and will only be used for responding to your query (or purposes associated with that purpose).
How We Use Your Personal Data
We use the data you provide via this website to:
- communicate with you, for example: we use contact details such as email address or phone number when responding to enquiries made via online forms
- monitor website trends, for example: we use Google Analytics to help us aggregate traffic so we can monitor how the website is being used
- operate our business more effectively, for example: we seek feedback and use this to help improve our service
Our “Lawful Reasons” For Processing Your Personal Data
The “General Data Protection Regulation” (GDPR) is the primary piece of legislation defining your rights over our processing of your personal information. The GDPR requires us to declare which of six “lawful reasons” we are relying on when we are processing your personal data: we operate on the basis of “consent” when sending newsletters (you won’t get sent a newsletter unless you have explicitly opted in to receive one)…. and we operate on the basis of “legitimate interest” when communicating with you in other ways (e.g. when responding to your enquiry).
Transfer of Personal Data
From time to time we may pass personal data such as your name and email address to other services that we use to send out newsletters and other communications (both electronic and print). However, your personal data will remain in the EU or countries considered by the EU to have equivalent policies such as Jersey, Guersey, Switzerland, New Zealand and Cananda. Companies based in the USA that have certified with the EU-US Privacy Shield programme are also considered to be permitted destinations by the EU (this includes popular US products like Gmail, DropBox and MailChimp).
Our Use of Google Analytics
We use Google Analytics to monitor how our website is being used so we can make improvements. Our use of Google Analytics requires us to pass to Google your IP address (but no other information) – Google uses this information to prepare site usage reports for us, but Google may also share this information with other Google services. In particular, Google may use the data collected to contextualize and personalize the ads of its own advertising network.
The information we collect from you
We will only collect information from you that is relevant to the matter that we are dealing with and we may collect additional information about you from emails or other correspondence that you send to us. In particular we may collect the following information from you which is defined as ‘personal data’.
- Personal details
- Family, lifestyle and social circumstances
- Financial details
- Business activities of the person whose details we are processing
We may also collect information that is referred to as being in a ‘special category’. This could include:
- Physical or mental health details
- Racial or ethnic origin
- Religious beliefs or other beliefs of a similar nature
- Criminal convictions
- Sexual orientation
The data we collect from you will be stored within the European Economic Area and we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.
How we use your information
We will mainly use your information for the provision of legal advice or for personnel, administrative and management purposes which is necessary for the performance of the contract between us. We may also use it for:
- Administering any accounts
- Processing your bank/credit card details in order to obtain payment
- The prevention and detection of fraud
- Market research
- Reference checks
How we share your information
Under our Code of Conduct there are very strict rules about who we can share your information with and this will normally be limited to other people who will assist with your matter or employment. This may include the following but the list is not exhaustive:
- Medical experts
- Private investigators
- Defence forensic experts
- Healthcare professionals, social and welfare organisations
- Courts and Tribunals
- Employment lawyers
Where you authorise us we may also disclose your information to your family, associates or representatives and we may also disclose your information to debt collection agencies if you do not pay our invoices.
We use a private, secure, cloud computing service to assist us in processing and protecting your information and keeping it secure from the risks of cybercrime and fraud. Any IT providers we use are subject to strict confidentiality agreements with the firm and we will ensure that they meet GDPR obligations in relation to the service they provide to us. All the personal information you provide to us is kept in the EEA; we will not transfer any of your personal data to another country outside the EEA unless you specifically instruct us to do so.
There may be occasions when we are under a legal duty to share personal information with law enforcement or other authorities, including the Solicitors Regulation Authority or the Information Commissioner. If we are required to disclose information to the National Crime Agency, we may not be able to tell you that a disclosure has been made. We may have to stop working for you for a period of time and may not be able to tell you why. We cannot be held liable for any loss you suffer due to delay or our failure to provide information in these circumstances.
Occasionally some of our client files may be audited strictly confidentially by external auditors or examiners to ensure we meet our legal, quality and financial management standards. Some information may be disclosed to our professional indemnity insurers and to our financial auditors if required. You may object at any time and refusing your consent will not affect our work for you. We will not submit files for external audit or disclose personal information to directories where there is particularly sensitive material.
We will not share your personal information with any other third party and will not issue any publicity material or information to the media about our relationship and the work we are doing for you without your explicit consent.
Storage of Information
We will keep your information throughout the period of time that we do work for you or you are employed by the firm and afterwards for a period of six years as we are required to do by law.
You have a series of rights under the General Data Protection Regulation which include:
- Transparency/right to be informed
- Right to Access
- Right to Erasure
- Restricting processing
- Data portability
- Right to object
- Automated decision-making/profiling
Any access request may in the first instance be free of charge but may be subject to a reasonable fee if requests are found to be excessive. Proof of ID will be requested where an access request is made. Further information on this issue can be obtained from the Information Commissioner’s Office, www.ico.org.uk or from our Data Protection Officer, Angela Dempsey at firstname.lastname@example.org.
If you are unhappy about how we are using your information then initially you should contact the Data Protection Officer and if your complaint remains unresolved then you can contact the Information Commissioner’s Office, details available at www.ico.org.uk.
Changes to our privacy notice
We may revise this privacy notice at any time by amending this page.