OUR DATA PROTECTION POLICY
Introduction
​
Main Nickolls LLP is committed to ensuring the privacy, confidentiality, and security of personal data in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and any other applicable data protection legislation. This Data Protection Policy outlines the principles and procedures that Main Nickolls LLP follows to protect the personal data of our clients, employees, and other individuals.
​
​
1. Scope
​
This policy applies to all personal data processed by Main Nickolls LLP in the course of our legal practice, covering criminal defence and family matters. It encompasses data processed both electronically and in hard copy.
​
​
2. Data Protection Principles
​
Main Nickolls LLP adheres to the following data protection principles:
​
2.1 Lawfulness, Fairness, and Transparency:
-
We process personal data lawfully, fairly, and transparently, ensuring individuals are informed about how their data will be used.
2.2 Purpose Limitation:
-
Personal data is collected for specified, explicit, and legitimate purposes, and we do not process it in ways incompatible with those purposes.
2.3 Data Minimization:
-
We only collect and process personal data that is necessary for the purposes for which it is intended.
2.4 Accuracy:
-
We take reasonable steps to ensure that personal data is accurate, kept up to date, and rectified without delay when inaccuracies are identified.
2.5 Storage Limitation:
-
Personal data is retained for no longer than necessary for the purposes for which it was processed, and we have established data retention periods.
2.6 Integrity and Confidentiality:
-
We implement appropriate security measures to protect personal data from unauthorised or unlawful processing and accidental loss, destruction, or damage.
3. Data Processing Activities
3.1 Client Data:
-
Personal data collected from clients is processed for the purpose of providing legal services, managing cases, and fulfilling our contractual obligations.
3.2 Employee Data:
-
Employee data is processed for employment-related purposes, such as payroll, HR management, and compliance with employment laws.
3.3 Marketing and Communications:
-
Personal data used for marketing and communications purposes is processed based on explicit consent or legitimate interests, and individuals are provided with the option to opt out.
4. Data Subject Rights
Main Nickolls LLP recognises and respects the rights of data subjects, including the right to access, rectify, erase, restrict processing, and object to processing. Requests related to these rights will be handled promptly and in accordance with the law.
5. Data Security
Main Nickolls LLP implements appropriate technical and organisational measures to ensure the security of personal data. This includes measures to protect against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
​
​
6. Data Breach Response
​
In the event of a personal data breach, Main Nickolls LLP has established procedures to assess the risk and, where required, notify the Information Commissioner's Office (ICO) and affected individuals without undue delay.
​
​
7. Data Protection Officer (DPO)
​
Main Nickolls LLP has appointed a Data Protection Officer who is responsible for overseeing compliance with this policy and ensuring that data protection matters are appropriately addressed within the firm.
​
​
8. Training and Awareness
​
All employees receive training on data protection and are aware of their responsibilities under this policy.
​
​
9. Review and Revision
​
This policy is subject to regular review to ensure it remains current and effective. Any necessary updates will be made in accordance with changes in legislation or business practices.
​
​
Conclusion
​
Main Nickolls LLP is committed to upholding the highest standards of data protection and privacy. This policy reflects our dedication to ensuring that personal data is processed responsibly, ethically, and in compliance with the law.