This notice explains when and why we collect personal information and how we use it, the conditions under which we may disclose it to others and how we keep it secure. This notice does not apply to any websites that may have a link to ours. We are committed to protecting your personal data.
Who we are
Data is collected, processed and stored by Woodruff Billing and we are what is known as the ‘data processor’ of the information you, the ‘data controller’ provide to us.
We have a data protection regime in place to oversee the effective and secure processing of your personal data.
We are the Data Processors instructed by a Data Controller to carry out work on their legal aid matters.
We process this data for the sole purpose of billing the case. These personal details will not be used for any other reason, other than for the purpose in which Woodruff Billing are instructed.
We have a data protection regime in place to oversee the effective and secure processing of the data. Woodruff Billing will not sell or rent the data to third parties, nor will we share the data with third parties for marketing purposes.
We will only act on the instructions of the data controller (unless required by law to act without such instructions)
We will ensure that any person processing the data are subject to a duty of confidence
We will take appropriate measures to ensure the security of processing (Article 32 GDPR)
We will only engage a sub-processor with the prior consent of the data controller and a written contract
We will assist the data controller in providing the subject access and allowing data subjects to exercise their rights under the GDPR (Articles 15-22 GDPR)
We will assist the data controller in meeting its GDPR obligations in relation to the security of processing (Article 32 GDPR), the notification of personal data breaches (Article 33 GDPR) and data protection impact assessments (Article 35 GDPR)
We will delete or return all personal data to the controller as requested at the end of the contract
We will submit to audits and inspections, provide the controller with whatever information it needs to ensure that they are both meeting their Article 28 obligations and tell the controller immediately if asked to do something infringing the GDPR or other data protection law of the EU or a member state.
Data Security
Protecting your data is important to us and we have put in place security measures to prevent your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to employees who are subject to a duty of confidentiality.
We have exceptional standards of technology and operational security in order to protect personally identifiable data from loss, misuse, alteration or destruction. Similarly, we adopt a high threshold when it comes to confidentiality obligations to ensure all personal data is handled and processed in line with our stringent confidentiality and data protection policies.
We use computer safeguards such as Anti-Virus, Ransomware protection and all digital files are kept in a secure manner. We enforce physical access controls to our buildings and files to keep data safe.
We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data Retention
Your personal information will be retained, usually in computer or manual files, only for as long as necessary to fulfill the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us for as long as necessary to carry out our work
You are able to exercise certain rights in relation to your personal data that we process.
These are set out in more detail at: -
Information Commissioner’s Office (ICO) – GDPR
Marketing data
We will never send marketing communications via SMS or call you in regards to marketing without your specific consent; nor do we ever pass on or sell your details to a third party.
How we collect personal data
The following are examples, although not exhaustive, of how we collect your personal information:
Submitting an online enquiry
Personal details form when first instructing us
Following/liking/subscribing to our social media channels
Ask us a question or submit any queries or concerns you have via email or on social media channels
Post information to our website or social media channels, for example when we offer the option for you to comment on, or join, discussions
When you leave a review about us on, for example, Google Reviews
How we may use your details
The following are examples, although not exhaustive, of how we may use your personal information for our legitimate business interests:
Fraud prevention Network and information systems security
We may use your personal information for legitimate interests such reasonable expectation to provide you with information you would expect to receive or that would benefit and enhance our relationship. This information will help us review and improve our products and services.