Privacy Notice

Introduction 

Christodoulos LTD trading under the name ‘Theodorous’ is committed to protecting the privacy and security of your personal information (collectively referred to as “Theodorous”, “we”, “us” or “our”). 

Theodorous is a limited company, authorised and regulated by the Solicitors Regulation Authority registration number 809508. 

This Privacy Notice (“Notice” ) describes how we collect and use personal information about you during and after your relationship with us, in accordance with the General Data Protection Regulation (“GDPR”). This includes whether you become a client of Theodorous or contact us through our website and gives details of what to expect when you interact with Theodorous online and how and what happens if we collect personal information through these interactions. 

It is important that you read this Notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information. Please note this Notice does not form part of any contract to provide services you may have with us from time to time. 

We reserve the right to amend this Notice at any time without notice to you so, please check to ensure that you are referring to the latest copy of this Notice. We may also notify you in other ways from time to time about the processing of your personal data. 

This Notice was last updated on 22 September 2021. 

Data Controller 

Theodorous of Edmund House, Birmingham, B3 3EW, England is a “data controller” for the purposes of the GDPR. This means that we are responsible for deciding how we use and hold personal information about you. 

If you have any questions about this Notice or how we handle your personal information, please contact Paris Theodorou who is the Data Protection Officer at the above address, or alternatively, by email at paris@theodorous.com 

You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. 

  

How we will use information about you 

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following instances: 

  • Where we need to perform the contract we have entered into with you. 

  • Where we need to comply with a legal obligation. 

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. 

  • We may also use your personal information in the following situations, which are likely to be rare: 

  • Where we need to protect your interests (or someone else’s interests). 

  • Where it is needed for official purposes. 

Generally, we do not rely on consent as a legal basis for processing your personal data and we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. If it becomes necessary to obtain your consent, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of any contract with us that you agree to any request for consent from us and you will be able to withdraw your consent at any time. 

  

Visitors to our websites/apps 

Any data that you submit using a form on our websites or apps (ie; your name, email address) will be held for the shortest time required and only for the purpose for which it is needed  

For example, if you make a booking that you are unable to attend, your provided information will be deleted. If your appointment results in you becoming a client of the firm, then your data will be stored as part of your client record and kept in accordance with the requirements relating to client records (in respect of which you will be advised separately on entering a retainer). 

If you subscribe to our mailing list, your data will not be disclosed to any third parties without your consent or as otherwise allowed by the relevant data protection legislation and will only be used for responding to your query (or purposes associated with that purpose). 

  

People who make a complaint to us 

When we receive a complaint from a person we create a file which will contain the details of the person complaining and other relevant details (including details of other people) that are relevant to the complaint. We only use this information for the purposes of investigating and responding to the complaint. We do compile and review statistics showing information about the number of complaints we receive but aside from reports that are provided to our regulators, the Legal Aid Agency or other auditors engaged in quality control of our business, none of these reports are published externally and, if they were, would not include information that would enable any individual to be identified. 

We will keep personal information contained in complaint files in line with our retention policy for client files. This means that information relating to a complaint will be retained at least six years from closure within our case management system. 

  

Job Applicants, Current and Former Employees 

If you apply for a job with Theodorous, information you provide will only be used for the purpose of processing your application. We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. 

Application stage 

We will ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and may also ask you for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information. 

You will also be asked to provide equal opportunities information. This is not mandatory information and if you don't provide it, it will not affect your application. This information will not be made available to any staff outside of our recruitment team in a way which can identify you. Any information you do provide, will be used only to produce and monitor equal opportunities statistics. 

Offer of employment 

If we make an offer of employment we may ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks before you will be able to commence work with us. We ask for this information as we are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability. 

You will therefore be required to provide: 

  • Proof of your identity ” you will be asked to attend our office with original documents, we will take copies. 

  • Proof of your qualifications ” you will be asked to attend our office with original documents, we will take copies. 

  • We may contact your referees, using the details you provide in your application, directly to obtain references. 

  • We may also ask you to complete a questionnaire about your health. This is to establish your fitness to work. 

Assuming that you are able to commence employment with us, we will also ask you for the following: 

  • Bank details and other information to process salary payments and enrol you for your pension entitlements 

  • Emergency contact details ” so we know who to contact in case you have an emergency at work 

Your HR file 

If you are employed by Theodorous or are a Consultant providing services through Theodorous, your personnel records will be held on our case management system to which all files are password protected.  

 

Pension 

The firm has a pension plan in place that we are required to contribute to as part of the statutory requirement to auto-enroll our employees to receive their pension entitlement. We will share such data with the pension provider, from time to time, as required in order to facilitate the processing of pension payments and reports. 

  

How long is the information retained for? 

If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. 

If you are unsuccessful at any stage of the process, the information you have provided will be deleted from our systems within 12 months. 

  

Internships 

We also offer opportunities for people to come and work with us on a secondment basis. We accept applications from individuals or from other organisations who think they could benefit from their staff working with us. We might ask you to provide more information about your skills and experience or invite you to an interview. 

If we do not have any suitable work at the time, we”ll let you know but we might ask you if you would like us to retain your application so that we can proactively contact you about possible opportunities in the future. If you say yes, we will keep your application for 12 months. 

If you are invited to work with us, you will be expected to adhere to a confidentiality agreement and code of conduct, which will be explained to you on induction. 

After your internship has ended, we might ask you if you would like us to retain your information so that we can proactively contact you about possible opportunities in the future, either at Tuckers or at other firms that we know may be recruiting for positions that you might be interested in. If you say yes, we will keep your information for a further 12 months. 

  

Disclosure of personal information 

We will only disclose personal data to third parties where permitted to do so by law and in the normal course of our business. For example, when acting for you in defending a criminal allegation against you, we might share your personal information with the Crown Prosecution Service if it is in the best interests of you in order to advance your defence, or if you are an employee, we might share your personal information with HMRC in the context of ensuring that your payroll records are correct. 

There are times where it will not be realistic to get your express permission in connection with each and every disclosure of this nature. If you have any concerns that any of your data has been incorrectly shared, then this should be raised with us through our standard procedures (ie; the Complaints Procedure in respect of clients and the Grievance Procedure in respect of employees etc). 

  

Transfers of data outside the EEA 

We may also be required to transfer your personal data outside the EU. The GDPR restricts data transfers to countries outside the EEA in order to ensure that the level of data protection afforded to individuals by the GDPR is not undermined. We transfer personal data originating in one country across borders when we transmit, send, view or access that data in or to a different country. 

We may transfer Personal Data outside the EEA if one of the following conditions applies: 

  • the European Commission has issued a decision confirming that the country to which we transfer the personal data ensures an adequate level of protection for the data subjects’ rights and freedoms; 

  • appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism; 

  • you have provided explicit consent to the proposed transfer after being informed of any potential risks; or 

  • the transfer is necessary for one of the other reasons set out in the GDPR including the performance of your contract with us, reasons of public interest, to establish, exercise or defend legal claims or to protect your vital interests where you are physically or legally incapable of giving consent and, in some limited cases, for our legitimate interest. 

If you have any questions about the transfer of data outside the EEA, please contact us for further information. 

  

Your rights 

You have a right to access the personal data we hold about you. You may ask us to rectify or erase the personal data we hold about you or to restrict the processing we carry out. You can also object to the way we are processing your personal data or request that we transfer it to a third party. 

For a full list of your rights and how these can be exercised, please visit www.ico.org.uk/your-data-matters for further details. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. 

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us by email at paris@theorodous.com 

  

Our Website 

Third-party links 

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.