This Policy (“Policy”) sets out the Data Protection Principles which I, James Bowyer LL.B, (“Notary”) commit to comply with when processing personal data in the course of my business as notary public (“Business”).]

The Business has notified its data processing activities to the Information Commissioner’s Office under registration number: Z1222254.

The Appendix contains a Glossary of the defined terms in this Policy.

COMPLIANCE WITH THIS POLICY

The Business will ensure the protection of personal data in accordance with this Policy by the Notary, all Personnel and Suppliers.

A breach of data protection laws by the Notary, any Personnel or Supplier could result not only in monetary penalties awarded against the Business but also negative publicity which could affect the Business as well as the entire notaries’ profession.

THE DATA PROTECTION PRINCIPLES

The Business shall comply with the following Data Protection Principles when processing personal data.

1. Fairness and Transparency: The Business must process personal data fairly and provide individuals with information about how and why their personal data is processed.

The Business must provide a privacy notice to each client, Personnel and Supplier to inform them of:

· the identity of the Business as Controller;

· the purposes for which their personal data are processed;

· the legal basis for processing;

· any legitimate interests pursued by the Business or a third party, if applicable;

· the recipients or categories of recipients of the personal data, if any;

· where applicable, the fact that the Business intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the relevant authority, or reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available;

· the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;

· the existence of the right to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;

· the existence of the right to withdraw consent at any time, if applicable;

· the right to lodge a complaint with a supervisory authority;

· whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data; and

· the existence of Automated Decisions, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

For example, such privacy notice should be included in each client engagement letter or service agreement. If no engagement letter is issued, the privacy notice can be made available on the Business website or in other appropriate and easily accessible form. If the notice is published on the website, a conspicuous link to the website or privacy notice should be included in the Business email footer or other Notary stationery to bring the notice to the data subjects’ attention.

Where a client provides personal data of third party data subjects to the Business, no notice will have to be provided to those third party data subjects by the Business if such information must remain confidential subject to an obligation of professional secrecy. To the extent that no such obligation of professional secrecy applies, the Business should place a contractual obligation on each client and Supplier to ensure that such notice is provided to those third party data subjects on behalf of the Business.

2. Lawful Processing: The Business must only process personal data, including special category personal data, lawfully where it has a valid basis for the processing.


Generally, personal data must not be processed without a legal ground. In the context of the Business, personal data are typically processed on the basis that:

· processing is necessary for the performance of a contract (e.g. engagement letter) to which the data subject (e.g. the client) is party or in order to take steps at the request of the data subject prior to entering into a contract;

· processing is necessary for the legitimate interests pursued by a client or the Business, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. This ground may apply to the processing of the personal data of any third party data subjects whose personal data are provided by the client;

· a legal obligation to which the Business is subject and where compliance with such obligation necessitates the processing of personal data by the Business;

· data subject’s consent, where such consent is procured from the client; and

· other legal grounds.