Privacy Policy

Intended purposes for processing

In order to provide you with legal services, for the administration of our files and records and, if you agree, to enable us to send you information about other services Noor Law offers, we will be processing (using and storing) your personal data, which includes information that identifies you, such as your name, address, job title and contact information. In some cases we may also process special categories of personal data, such as your health records, racial or ethnic origins, political or religious beliefs and/or criminal conviction and offence records.

Lawful bases for processing

We may be required to process your personal data in order to comply with our obligations under legislation such as the Proceeds of Crime Act 2002, the Money Laundering Regulations 2017, the Criminal Finances Act 2017, the Foreign Account Tax Compliance Act 2010 (for clients with US ‘person’ status) and under common law. We may, on occasion, be required to share your personal data with the relevant authorities. This processing of your personal data is to comply with the law, and we would be unable to act for you without doing so.

In addition, we may process your personal data on the basis that we have a contract with you. Alternatively, in some instances we may have a legitimate interest in processing your personal data.

Whenever we are processing special categories of personal data, and/or criminal conviction and offence records, we will only use that data to deliver the services you have instructed us to provide.

All your personal data will be processed, and erased, in accordance with our Data Retention and Erasure Policy, a copy of which is available upon request from our Data Protection Officer, Mr Irfan Arif.

Recipients of your personal data

In addition to our firm we may, when required and necessary, share your personal data with other organisations. Depending on the work we are undertaking for you the other organisations may include:

All of the above are located in the UK.

Marketing

We should like to send you information about our services which we believe may be of interest to you. If you consent to being contacted on this basis, please tick the box on our Marketing Opt-In Request form, sign and date the document and send it to us. We may contact you by mail, telephone, email or text. If, at a later date, you change your mind you may opt-out of receiving marketing information from us. To opt-out please either write to our Data Protection Officer, whose name and address are above, or send an email to us with “Stop Marketing” in the subject line.

Your rights in relation to your personal data

You have the right of access to your personal data and to verify the lawfulness of the processing. If you would like a copy of your personal data that we are processing please contact our Data Protection Officer, whose name and address are above. Kindly note, we will need to verify your identity before responding to your request. Normally we make no charge for doing this, and will endeavour to send it to you within 1 month of receipt of your request. If you notice that any of the information we send you is inaccurate or incomplete, please tell us and we will rectify it promptly.

If you are dissatisfied with our response you may complain to a supervisory authority which, in the UK, is the ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. The ICO’s website is at https://ico.org.uk/ There may also be judicial remedies available to you.

Erasure of personal data

We will not erase or restrict the processing of your personal data during the period in which we have a legal obligation to retain that data under the applicable Act, Regulations or in common law.

Where we obtained your personal data to fulfil our contractual obligations to you, or if we have a legitimate interest for processing your personal data for the exercise or defence of legal claims, we will erase that data as soon as it is no longer necessary to retain it in relation to the purpose for which it was originally collected. Please see our Data Retention and Erasure Policy for timescales.

If you consented to our using your personal data for marketing purposes we will erase the data used for that purpose if and when you inform us that you wish to withdraw your consent.

Security

We are committed to ensuring that all information we hold about you is secure. In order to prevent unauthorised access or disclosure we have implemented appropriate physical, electronic and managerial procedures to safeguard and protect that information.

Other data controller recipients of your personal data are each responsible for implementing appropriate physical, electronic and managerial procedures to safeguard and protect that information, and to keep it secure.

Data processor recipients of your personal data have provided sufficient guarantees that they have implemented measures to ensure compliance with the GDPR and to protect your rights.

Transferring your personal data

We will not transfer your personal data overseas.