Privacy Policy

This privacy policy (the “Policy”) explains how we collect, store and process your personal data, whether it is provided by telephone, via our website, through correspondence, or where you may otherwise communicate with us in the course of the services we provide. It also explains the rights you have in relation to your personal data.

This Policy applies to anyone whose personal data we hold (including clients, visitors to our website, etc.) but does not apply to:

  • Our employees (handling of their personal data is governed by our employee privacy policy); or,
  • Services we provide as a data processor, which will be governed by a written agreement with the third party data controller and their own privacy policy.

We may change this Policy from time to time, so please check back regularly to keep informed of any updates. This version of the Policy was updated on 25/05/2018.

About Us

In this Policy we use the terms “we”, “us”, and “our” (and other similar terms) to refer to File Dynamics Limited; we act as a data controller responsible for your personal data.

File Dynamics Limited is a company registered in England & Wales (company no. 09424085). Our registered office is at 43 Queen Square, Bristol, BS1 4QP.

Information We Collect About You

Personal data means any information about you from which you can be identified. The personal data we collect depends on the nature of the services we are providing but can include:

  • Identification data (including name, date of birth, photo ID and video footage);
  • Contact details (including postal address, email address and telephone number);
  • Financial information (including bank account details, signatures and payment card details);
  • Professional information (such as job title, qualifications, previous experience and NI number);
  • Details of visits to our website (including your IP address, login information, and other analytical information). Please refer to our Cookies Policy for more details; and,
  • Any other personal data we collect in the course of providing services or in the course of operating our business.

In certain circumstances, we may collect certain “special category data”, which is data relating to ethnicity, race, religious beliefs, trade union membership, previous convictions and data concerning health (including disabilities).

We will collect personal data about you by various means, including:

  • In person when meeting with you;
  • By telephone;
  • By correspondence (including by post, text, email or otherwise);
  • Via our website or online portals (e.g. when submitting a enquiry on our contact form);
  • Networking events;
  • CCTV footage collected by us and/or our buildings’ landlords;
  • Publicly accessible sources (e.g. Companies House or HM Land Registry); and,
  • Third parties (including your employer; professional bodies; HMRC or other public bodies; other professionals we may engage in relation to your matter; your doctor, medical or occupational health professional).

If you provide us with personal information about another person, for example details of an employee, you must ensure that:

  • You have the authority to give us that information; and,
  • All personal data disclosed is complete, accurate and up to date.

If you are a business you must ensure that the disclosure is made in accordance with all applicable data protection or privacy law.

How Will We Use Your Information?

In general we use your personal data for the following purposes:

  • To administer our relationship with you (and/or your business);
  • For business management purposes (M.I. data);
  • To provide our services to you and respond to enquiries;
  • To facilitate marketing and business development;
  • Staff administration (including recruitment);
  • To provide telephone support (including recording conversations for monitoring/quality purposes);
  • To allow the billing of services provided and to obtain payment;
  • To process and respond to any complaints;
  • To comply with any other legal, professional or regulatory obligations imposed on us; and,
  • To audit the use of our websites.

 We do not use your personal data for automated decision making.

 Legal Grounds For Processing Your Information

 We rely on the following legal reasons for processing your personal data:

  • Contractual necessity: We will process your personal data when it is necessary to perform a contract you have entered into, or in order to take steps at your request prior to entry into a contract.
  • Legal obligation: We will process your personal data when it is necessary to comply with a legal or regulatory obligation (e.g. identity checks, external auditing, statutory returns).
  • Legitimate interests. We will process your personal data when we, or a third party, have a legitimate interest in processing it (e.g. responding to complaints, ensuring our business policies are adhered to, or improving our business by monitoring and recording information relating to our services). We only process for this reason if the legitimate interest is not overridden by your own interests or fundamental rights or freedoms. Please contact us if you would like more information on our, or a third party’s, legitimate interests and the balancing test we use to ensure processing is lawful.

Normally we will only process ‘special category data’ (e.g. data concerning health) when it is necessary for the purposes of carrying out the obligations and exercising specific rights of us, your employer or you in the field of employment law, or for the purposes of occupational medicine. In certain circumstances where we need to process ‘special category data’ in the context of our services but outside the scope of employment law (e.g. in order for the quality of our service to be audited) we will obtain your express consent to do so. You may withdraw your consent at any time.

We will only use your personal data for the purpose, or purposes, for which we have obtained it. If we reasonably consider that we need to use it for another reason we will only do so if that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will inform you and explain the legal basis which allows us to do so.

We may process your personal data without your knowledge or consent where this is required by law.

Please contact us if you would like further information on the lawful basis for any specific data processing activity.

Sharing Your Information

We will share your personal data when:

  • You specifically request it, or it is necessary for us to provide our services and fulfil our contractual obligations to you and/or our clients;
  • We are under a legal or regulatory duty to disclose your information (e.g. money laundering and fraud prevention);
  • As a result of any changes in business ownership or organisation; or,
  • In the course of providing our services to you we believe it is in your best interests to use the products or services of a third party.

Who exactly we share your data with will depend on the nature of the service we are providing but can include:

  • Our associated, affiliated or group practices;
  • Banks (File Dynamics’ bank is Lloyds Bank);
  • Insurers or their agents or representatives (both yours and ours);
  • Our auditors, including external accreditation bodies (including AJA Registrars);
  • Law enforcement agencies and regulators;
  • Public bodies (e.g. HMRC or Companies House);
  • Other professional advisors or third parties who we instruct in the course of providing our services to you (e.g. accountants, IT specialists, solicitors, consultants);
  • Our external service suppliers who provide business support services (including IT, security, building maintenance, archiving, data storage);
  • Third Parties whose products and services we feel you may be interested in relating to your matter;
  • Analytics and search engine providers who assist in improving our website; and,
  • Any other third party you may ask us to share your data with.

International Transfers

File Dynamics will not typically transfer any of your personal data outside of the European Economic Area (“EEA”). On the occasions that data may be accessed outside of the EEA, for example when our systems are accessed remotely by employees abroad, they will do so in accordance with our policies and procedures.

Storage And Retention Of Your Personal Data

Your information may be held at our offices or with our external service providers as outlined above. We are committed to the security of your data. All appropriate technological and organisational measures have been put in place to protect your data from unauthorised access. These measures are updated as necessary.

How long we retain your personal data for will vary but will be determined in accordance will the following criteria:

  • The length of time necessary to complete our contract for services with you (some contracts may include longer term storage of data);
  • Any time limits for establishing or defending legal claims or responding to complaints (the limitation period for negligence claims is 6 years however limitation periods for other matters can be open-ended e.g. criminal matters);
  • Any period necessary to comply with our legal obligations under EU/UK law; and,
  • Any periods for retention that is recommended by regulators or professional bodies.

Unless contrary to a legal or contractual requirement, we typically retain personal data for 15 years. Please contact us if you would like further information on the retention period for your personal data.

Your Rights

You have the right to obtain confirmation from us as to whether we are processing your personal data and, if we are, to request a copy of the personal data we hold about you. This is known as a ‘data subject request’. You also have the right to ask that we update any information we hold about you that may be incorrect. It is important that the information we hold about you is accurate and up to date. If any of your personal information changes please let us know.

In certain circumstances you have the right to request that we restrict the way in which we process your data, or that we erase all personal information that we hold about you.

You have the right to object to certain types of processing.

We will try our best to comply with any request to restrict, object or erase your personal data, however processing of some data may still be required for legitimate business purposes or to comply with legal obligations. Please note that if you want us to restrict or stop processing your data this may prevent us from acting for you.

You have the right to request that we send a copy of your personal data, that you have provided to us, to another organisation for your own purposes (e.g. if you wish to change service provider). This data must be provided in a structured and usable format. This right only applies to personal data processed by way of consent or in pursuant to our contract with you. If you wish us to transfer your personal data please let us know.

You will not have to pay a fee to access your personal data or to exercise any of your other rights. However we may charge a reasonable fee should your request be clearly unfounded, repetitive or excessive. In order to prevent unauthorised access to information we may ask for proof of identity. We will do our best to respond to your request within one month, however if that is not possible due to the number or complexity of requests we will notify you and keep you updated.

If you wish to contact us in relation to any of your data subject right please contact us by post at  File Dynamics, 43 Queen Square, Bristol, BS1 4QP, by email at [email protected] or  by telephone on 0330 053 9410.

Your Concerns

If you wish to raise a concern about how we have handled your personal data please contact us and we will be happy to discuss your concerns.

You have the right to raise a concern at any time to the Information Commissioner’s Office (“ICO”) who is the UK supervisory authority for data protection issues. For more information on submitting a concern, or the data protection regime in general, please visit the ICO’s website.