Joint Privacy Notice
This is a joint Privacy Statement by Fiona Johnson Limited and our Associates pursuant to Article 26 of the UK’s General Data Protection Regulation (the “GDPR”) as joint controllers of your data.
Fiona Johnson Limited – means the Company who acts as a Data Controller for the purposes of the data protection legislation when they collect, use and process personal data.
Associate – means the experts/ case managers that are legally separate trading entities (either self-employed sole traders or limited companies) that are appointed by Fiona Johnson Limited to provide expert witness medico-legal reports/ case management for and on behalf of Fiona Johnson Limited. Each Associate acts as a Data Controller in respect of the data protection legislation when they collect, use and process personal data. Each Associate is registered with the ICO and those details can be obtained on request.
We/ our/ us – means Fiona Johnson Limited and any of the Company’s Associates in their capacity as Joint Data Controllers in accordance with the Joint Data Controller Agreement made between them. (Please see below for the agreed roles and responsibilities).
Staff – means direct employees of Fiona Johnson Limited.
Our overriding objective is to respect and protect your privacy, act transparently and be accountable to you in line with the relevant data protection legislation.
Our contact details:
We are Joint Data Controllers but for the purposes of this privacy notice we have appointed a single point of contact for data protection concerns.
Michelle Hornsby – Legal Services Manager
7 Stamford Street
Telephone: 0161 304 4305
Why this notice?
This privacy notice aims to:
- describe the personal information collected, stored and otherwise processed about you and the purposes and lawful bases for that processing;
- tell you with whom Fiona Johnson Limited and our Associates share this information;
- the mechanisms and measures Fiona Johnson Limited and our Associates have put in place to protect your personal information;
- your rights in relation to the processing of such information;
- how to contact us in the event you need further information or have a complaint.
What type of information we have
Personal data, or personal information, means any information about an individual from which that person may be identified or be identifiable. It does not include data where the identity has been removed (anonymous data).
We are frequently instructed by corporate entities and those entities are not data subjects. As part of those instructions, personal information about other persons may also be provided to us directly.
We collect some or all of the following personal information that you provide, including when providing medico-legal/ case management services or references – it is not possible to anticipate exactly which categories of personal information might be obtained in particular cases (and some may not be obtained at all):
- personal details (includes names, usernames or similar identifiers, marital status, title, date of birth, gender, your image by way of photos or video recording)
- family details
- lifestyle and social circumstances
- financial details (including bank/building society and payment card details)
- education, training and employment details
- physical or mental health details (including your medical records where you are a party to actual or contemplated legal proceedings and you have consented to the release of such records for the purposes of investigating or bringing a claim)
- racial or ethnic origin
- religious, philosophical or other beliefs
- trade union membership
- sex life or sexual orientation
- genetic information
- biometric information for the purpose of uniquely identifying a natural person
- other personal information relevant to instructions to provide medico-legal services, including information specific to the instructions in question
- transaction data, including details about payments to/ from you
- marketing and communications data, such as your preferences in receiving marketing from us, and your communications preferences.
How do we get the information?
The personal information we collect comes through one or more of the following:
- provided by you when you interact with us by ‘phone, post, sms, email, fax, social media, or through any agreed communications such as video conferencing platforms (Zoom, Microsoft Teams); at events; in person; or through forms on our website.
- provided by third parties:
- legal professionals,
- other legal experts
- courts and tribunals
- family and associates of the person whose personal information Fiona Johnson Limited is assessing
- other regulatory authorities current, past or prospective employers
- education and examining bodies
- the intended recipient, where you have asked us to provide a reference.
Why do we have it?
We may use your personal information for the following purposes and with the following lawful bases:
|Purpose/reason||Lawful basis of processing||Data controller applicability|
|to promote and market the services of Fiona Johnson Limited
to promote and market the services of individual Associates
|For our legitimate interests or that of a third party – to promote our business and services to existing, former and potential clients||FJ limited|
|to provide experts reports case management and other expert services to clients, training and statutory funding advice.||For the performance of a contract (or in order to take steps at your request prior to entering into a contract)||Fiona Johnson Limited
|to recruit staff and associates||For our legitimate interests – to grow our business effectively||Fiona Johnson Limited|
|to fulfil equality and diversity and other regulatory requirements||Performing or exercising obligations or rights imposed or conferred by law on us or you in connection with employment, social security or social protection||Fiona Johnson Limited|
|to manage matters relating to employment (HR, payroll, benefits)||Performing or exercising obligations or rights imposed or conferred by law on us or you in connection with employment, social security or social protection||Fiona Johnson Limited|
|the keeping of accounting records and carrying out of office administration||To comply with a Legal obligation
Our legitimate interest – to run our business effectively
|Fiona Johnson Limited
|to check for potential conflicts of interest in relation to future potential cases||Legal obligation||Fiona Johnson Limited|
|to procure goods and services||For the performance of a contract with you (or in order to take steps at your request prior to entering into a contract)
|Fiona Johnson Limited|
|to respond to requests for references||Your consent||Fiona Johnson Limited|
|to respond to potential complaints or make complaints||Our legitimate interests – to defend our reputation and interests
|Fiona Johnson Limited
What do we do with the information?
We do not rent or sell personal information to anyone. We share personal data internally strictly on a need to know basis.
We may share information with outsourced services providers such as accountants, photocopying companies and digital dictation services, but this is pursuant to them confirming they are GDPR complaint via written contracts.
If required, we may share information with the HMRC and the VAT Commissioner as they require, or with others pursuant to a Court Order.
Transfer of your information outside the European Economic Area (EEA)
We do not routinely transfer personal data outside of the European Economic Area. Should the need to do so arise we will ensure that transfers are done using secure methods that offer sufficient assurances and guarantees that your data is afforded the necessary safeguards laid down by the legislation governing the transfer.
How we store your information?
Your information is at all times securely stored either in locked premises where it is in paper form or encrypted devices/ a secure cloud where it is in electronic format.
Our data retention policy is to keep your personal data only for as long as it is needed to fulfil the purposes for which we collected it, including any legal, accounting or reporting requirements. To decide how long we keep your personal data, we consider the amount, nature and sensitivity of the data, the potential risk of harm, the reasons why we process your personal data and whether we still need your data, and any applicable legal requirements.
In general we will store personal data for at least one year following the expiry of any limitation period (which will usually be 6 years or longer where the information relates to a minor). A client’s name and contact information will be retained beyond this period and until it is no longer required for the purpose of conflict checking.
Personal data contained in records relating to any complaint will be retained for a period of 6 years from the determination of the complaint.
In certain circumstances, we may anonymise your personal data (so that it cannot be associated with you) for research/ training or statistical purposes in which case we may use this information indefinitely, without further notice. We will delete or anonymise your personal information unless:
- the lawful basis for collecting it is ongoing
- we are engaged with you in relation to a particular matter or that matter has not finally terminated, or there is an unresolved issue such as a claim or dispute
- we are legally required to; or
- there is a legitimate interest (such as protecting safety and security of customers; fraud prevention)
Names and contact details held for marketing will be held until we become aware, or are informed, that the individual in question is no longer a potential or actual client.
- Where Fiona Johnson Limited is the Data Controller for information and when a breach has occurred, an immediate investigation will be conducted, and the breach will be reported to the Information Commissioner within 24 hours.
- Where an Associate is the Data Controller for information and when a breach has occurred the Associate will conduct an immediate investigation and the breach will be reported to the Information Commissioner within 24 hours.
Under data protection law, you have rights including:
Your right of access You have rights to ask us for copies of your personal information.
Your right to rectification You have the right to ask us to rectify information you think it inaccurate. You also have the right to ask is to complete information you think is incomplete.
Your right to erasure You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to restriction of processing You have the right to ask us to restrict the processing of your personal data in certain circumstances.
Your right to object to processing You have the right to object to processing of your personal data in certain circumstances.
Your right to data portability You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
How to complain
You have the right to lodge a complaint with the Information Commissioner’s Officer who can be contacted as follows:
Information Commissioner’s Office
Telephone: 0303 123 1113
This Privacy Notice was published on 18th April 2019 being last updated in March 2021. We will from time to time update this Privacy Notice in the light of developments and changed practices.