Morton Pacitti LLP takes your data privacy seriously. In order to provide you with our services we collect and use personal data which means that we are a ‘Data Controller’ and we are responsible for complying with Data Protection Laws and the General Data Protection Regulations (GDPR).
In this Privacy Notice, we want to inform you what information we collect, how we use it and what rights individuals have in relation to the collection and processing of their personal data.
General contact details such as, Name, Address, email address, Telephone number
General Information such as National Insurance numbers and Date of Birth
Proof of Identification documents such as Passport or Driving Licence
Standard Security Information
Details of Goods and Services provided to you
Financial Details – such as credit history, payment or bank details
Gifted Deposit Details
In the event of recruitment, Employment and Education History
In respect of employment, payroll, tax and pension information
Your marketing preferences
Special Categories of Personal Data that we collect:
In respect of Power of Attorney services, Health & Medical Information
How we collect your information
In most cases, we collect your data directly from you. We collect data and process it when you
Complete an online ‘contact us’ form
Complete an employment application form
Meet with us to discuss and agree services
Speak to us on the telephone to discuss or use our services
Email or write to us to enquire about or use our services
Provide us with documentation in relation to agreed services
We also receive your data indirectly from the following sources:
From Will documents
Family members or beneficiaries who have authority
Executors or notifiers
Public sources – demographic data, Market Research
Banks or building societies
Why do we collect your information?
Where we collect and process personal data, we identify both the purpose and legal basis for doing so. There are 6 possible legal bases which are:
Consent – where we have consent from the individual to the processing of his or her personal data for one or more specific purpose.
Contract – where the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal Obligation – The processing is necessary for compliance with a legal obligation to which we are subject.
Vital Interests – Where the processing is necessary in order to protect the vital interests of the data subject or another natural person.
Public Interest – Where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Legitimate Interests – Where the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Our purpose and legal basis for the information we collect, and process allows us to:
Understand your requirements prior to entering into a contract of legal services with you
The processing is necessary for the performance of an anticipated Contract
Understand your requirements to ensure that any contract of legal services meet your needs
The processing is necessary for the performance of a Contract with you
Fulfil our contract with you and provide you with the agreed services therein
The processing is necessary for the performance of our Contract with you
Manage our business operations and comply with any internal policies and procedures
It is in our legitimate interests to use your personal information to ensure that we provide and adapt our services
Notify you about changes to our service
It is in our Legitimate Interests to use your personal information to keep you informed about any changes that may affect you
Verify your Identity
To comply with our Legal Obligations including in relation to Anti Money Laundering Regulations
Establish Funding Sources
Where this is necessary in relation to the services and performance of our Contract with you
Comply with our legal obligations, law enforcement, court and regulatory bodies requirements
To comply with our Legal Obligations
Identify and prevent fraud
It is in our Legitimate Interests to act as a responsible business
Where we rely on your consent you have the right to withdraw this consent at any time by contacting:
Legitimate Interests – Where the processing of personal data is based on our Legitimate Interests, it is to improve on our service, security and prevent fraud or illegal activity in favour of the wellbeing of our customers and employees.
Who do we share your information with?
From time to time we may share your personal information with the following third parties for the purposes set out above:
Payment Services Providers
Software and Service Providers such as Anti Money Laundering software, cloud storage services
Specialist Experts for example legal consultations, website operators
Fraud detection Agencies
Police and Law Enforcement agencies where reasonably necessary for the prevention or detection of crime
Debt Collection Agencies
Credit Reference Agencies
Regulators and governing bodies such as HMRC in respect of employment & Payroll data
Selected Third Parties in connection with the sale, transfer or disposal of our business
International data transfers
We do not currently transfer personal data outside of the EU/UK.
Automated decision-making or Profiling
We do not process personal data for automated decision making or profiling.
How Long do we keep personal data for?
We will delete your personal data in accordance with our data retention and deletion policy or take steps to properly render the data anonymous, unless we are legally obliged to keep your personal data longer (e.g. for tax, accounting or auditing purposes).
The following details the criteria used to establish the retention period set out within our policy;
Where it is still necessary for the provision of our Services
This includes the duration of any contract for services we have with you and for a period of 12 months after the end (or fulfilment) of any contract with you, with a view to maintaining and improving the performance of our products, keeping our systems secure, and maintaining appropriate business and financial records. This can mean that we retain the information for further periods to ensure that any contract of service which relies on future events can be fulfilled. Most of our retention periods are determined on the basis of this general rule.
Where required by Statutory, contractual or other similar obligations
Corresponding storage obligations may arise, for example, from laws or regulation. It may also be necessary to store personal data with regard to pending or future legal disputes. Personal data contained in contracts, notifications and business letters may be subject to statutory storage obligations depending on national law.
Your Rights as a data subject
As a data subject, you have rights in relation to your personal data. These are:
The Right to Access – You have the right to request details of personal information held or processed and to copies of this data. We do not usually charge for this service.
The Right to Rectification – You have the right to request that any information be corrected that you believe is inaccurate or to complete any information that you believe is incomplete.
The Right to Erasure – You have the right to request that we erase your personal information under certain conditions.
The Right to Restrict Processing – You have the right to request that we restrict the processing of your personal data under certain circumstances.
The Right to Object to Processing – You have the right to object to our processing of your data, under certain conditions.
The Right to Data Portability – You have the right to request that we transfer the data that we have collected to another organisation or directly to you, under certain conditions.
You also have the Right to Withdraw Consent where you have previously provided this at any time.
You also have the right to complain to the Supervisory Authority. Where you wish to report a complaint or feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office at:
Information Commissioners Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Contractual Obligations and Consequences
In some circumstances, the provision of personal data is partly required by law (for example, tax regulations, legal obligations) or can also result from contractual provisions. This means that it may sometimes be necessary to conclude or fulfil a contract, that the personal data be provided. In those circumstances where the data is not provided or where certain rights are exercised, (Erasure, Objection) there is a possible consequence that the contract could not be fulfilled or concluded and may be cancelled.
Cookies & Similar Technologies
We protect your personal data through technical and organisational security measures to minimise risks associated with data loss, misuse, unauthorised access and unauthorised disclosure and alteration. We store your data via cloud storage and secure software systems. In addition, we maintain physical security measures where manual files are in use. We have records management policy which details both physical and electronic access, password security and clear desk restrictions. In addition, we use firewalls and may use data encryption.
Changes to our Privacy Notice
Morton Pacitti LLP keep our Privacy Notice under regular review. This Privacy Notice was last updated on 16th December 2019.
If you have any questions in respect of this Privacy Notice or how we manage your personal data, please contact: