Beckett & Co Solicitors (“We”) are committed to protecting and keeping confidential all of the information you provide to us, subject to certain legal duties.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
This privacy notice contains important information about how and why we collect, store, use and share personal information; your rights in relation to your personal information; and how to contact us and supervisory authorities in the event you have a complaint.
We will collect, use and are responsible for certain personal information about you. When we do this, we are regulated under the GDPR by the Information Commissioner and are responsible as a ‘controller’ of that personal information.
The registered Data Controller is Donna Marie Walmsley t/a Beckett & Co, 3 Farrington Street, Chorley, PR7 1DY.
The General Data Protection Regulation (GDPR) is an important European regulation that applies to all EU Member States from 25 May 2018.
The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).
Data controller – A controller determines the purposes and means of processing personal data.
Data processor – A processor is responsible for processing personal data on behalf of a controller.
Data subject – Natural person
Categories of data: Personal data and special categories of personal data
Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
2. What Information Do We Collect About You?
In general terms, we seek to collect information about you so that we can:
· Administer our relationship with you, provide services and respond to enquiries
· Enable business development including sending legal updates, publications and
details of events
· Process applications for employment
· Deliver requested information to you about our services
· Ensure the billing of any procured services and obtain payment
· Process and respond to any complaints
· Enable us to meet our legal and other regulatory obligations imposed on us
· Audit usage of our websites
· Usage information about your visits to our website. This information enables our website to remember information about you and your preferences and use of our site. This may include information about your visit, including the full Uniform Resource Locators (URL),clicks through to and from our site (including date and time), page response times download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
The information that we need for these purposes is known as your “personal data”.
3. How do we collect personal data?
We will collect the following personal information when you provide it to us:
- Name, address, date of birth, contact information (telephone and email where appropriate), National Insurance number (where appropriate).
- Additional information required to enable us to advise you and progress your matter – for example employment and financial information.
- Information to verify your identity;
- Information that is necessary to exercise or defend a legal claim on your behalf and which may include sensitive information. This may include racial/ethnic origin, your racial or ethnic origin, religion, sexual orientation, political opinions, health data, trade union membership, philosophical views, biometric and genetic data
- If you contact us, we may keep a record of that correspondence, voicemail or details of any conversation we may have with you;
- If you are a job applicant your name, job title, contact information, CV and other information relevant for recruitment purposes;
- Details of communications received through our website.
We also collect personal information provided to us by other parties:
- Details of your visits to our website and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access;
- Information that is available from publicly available sources, including Companies House and social media websites.
We also collect sensitive classes of information that may include physical or mental health details.
In relation to a claim for damages for personal injury, the personal information we collect is likely to include information about your medical conditions and treatment, and copies of your medical records. You will be asked to sign a separate consent and release form before we obtain copies of your medical records.
4. Cookies & their use on our website
5. Reasons we can collect and use your personal information
We intend to rely on (i) Your consent, (ii) Contractual obligations, (iii) Legal Obligations; and (iv) Legitimate interests to collect and use your personal or sensitive personal data.
6. What is our legal basis for processing your personal data?
We may use and process your personal information in the following ways:
The purpose for processing data
The legal basis for processing data
To make decisions on whether to provide legal and other services
To perform our obligations in accordance with any contract that we anticipate or that we may have with you.
To administer our relationship with you, provide services and respond to enquiries
To perform our obligations in accordance with any contract that we may have with you.
To manage our business operations and comply with internal policies and procedures.
It is in our legitimate interest or a third party’s legitimate interest to use your personal information to ensure that we provide efficient services and to comply with our legal obligations
To communicate with you about legal updates, breaking news, newsletters and event invitations which are relevant to your interests and in line with your preferences
It is in our legitimate interest to use your personal information for marketing purposes. We will make sure our communications are relevant to you, tailored to your interests.
For recruitment purposes, including to assess your skills, qualifications and suitability for a position, in relation to recruitment specifically, and/or to review our equal opportunity procedures;
To decide whether to enter into a contract of employment with you;
To carry out background and reference checks, in relation to recruitment specifically
In anticipation of a contract of employment that we may have with you following a recruitment process; Or where it’s in our legitimate business interest to use your personal information to make recruitment decisions.
To communicate with you about the recruitment process, in relation to recruitment specifically;
To keep records related to our hiring processes in relation to recruitment specifically.
In anticipation of a contract of employment that we may have with you following a recruitment process; Or where it’s in our legitimate business interest to use your personal information to make recruitment decisions.
To comply with our legal obligations.
Using your personal information to comply with our legal obligations
To respond to telephone enquiries
It is in our legitimate interest to respond to telephone enquiries; and
To fulfil contractual obligations including taking action before entering into a contract.
To enhance the security of our network and information systems
It is in our legitimate interests to ensure we offer a secure and responsive service
To identify and prevent fraud
It is in our legitimate interests to act responsibly as a business and to comply with our legal obligations
To maintain accounts and records
To comply with our legal obligations in relation to record keeping and accounting
To respond to live chat or online enquiries
It is in our legitimate interests to respond to enquiries and to provide any information requested in order to generate and develop business
To comply with law enforcement, court and regulatory bodies’ requirements
To comply with our legal obligations in relation to the law
To make or defend legal claims
To perform our obligations in accordance with any contract that we may have with you and to comply with our legal and regulatory obligations
For training and quality purposes
It is in our legitimate interests to continually monitor and improve our services to our clients
To monitor and record information relating to the use of our services, to include our website.
It is in our legitimate interests to improve the services and experience of our clients and website users
To process and respond to complaints
To comply with our contractual, legal and regulatory obligations
Your consent to our processing of your personal information for certain purposes may be necessary to comply with applicable data protection laws; and where this is the case we will ask you for your consent in accordance with those laws.
You may withdraw your consent to such processing at any time. However, if you withdraw your consent in relation to advisory or legal services that we have provided then this is likely to impact our ability to provide those advisory services or legal services.
8. How do we use your personal information?
We use your personal information primarily to enable us to provide you with a legal service in accordance with your instructions. We also use your personal information for related purposes including identity verification, administration of files, updating existing records if you have instructed us previously, analysis to help improve our management, for statutory returns and legal and regulatory compliance. The information will be held in hard copy and/or electronic format.
You are responsible for ensuring the accuracy of all the personal data you supply to us, and we will not be held liable for any errors unless you have advised us previously of any changes in your personal data.
We do not use any form of automated decision making or automated profiling in our business
9. Disclosure of your information to third parties
If we are working on your matter in conjunction with other professionals who are advising you, including experts, medical experts, and barristers, we will assume, unless you notify us otherwise, that we may share and disclose relevant personal data and information about your matter to them, if we feel it is appropriate and necessary to progress your case.
In relation to personal injury claims we use the services of medical reporting agencies to arrange and provide expert medical reports for use in support of your claim. We may also use the services of rehabilitation and medical investigation service providers (for example for the provision of treatment, x-rays and scans recommended by medical experts). We will seek your consent to arrange such services and will share your personal data with these agencies as appropriate to enable the services to be provided effectively.
Personal data may be required, under the terms of the insurance policy, to be disclosed to any providers of Legal Expenses Insurance which may be in use to fund your case.
On occasions we may ask other trusted companies to provide services to support work on our files to ensure that this work can be done promptly. We also use the services of outsourced telephone answering and messaging service providers. We will always obtain a confidentiality agreement from outsourced providers to ensure that they keep information sent to them securely and confidentially.
We use private, secure, cloud computing services to assist us carrying out tasks required in the provision of our services and in processing, and for protecting your information and keeping it secure from the risks of cybercrime and fraud. This includes providers of website, data storage, email, identity verification, accounting, and case management services.
Some of our client files may be audited strictly confidentially by external auditors or examiners to ensure we meet our legal, quality and financial management standards. Our accounting system contains personal data which is available to our financial auditors who must carry out a full review and audit each year to satisfy the requirements of the Solicitors regulation Authority. We may also be required to disclose personal data to HMRC as part of our financial management. Some information may be required to be disclosed to our professional indemnity insurers
There may be occasions when we are under a legal duty to share personal information with law enforcement or other authorities, including the Solicitors Regulation Authority or the Information Commissioner. If we are required to disclose information to the National Crime Agency, we may not be able to tell you that a disclosure has been made. We may have to stop working for you for a period of time and may not be able to tell you why. We cannot be held liable for any loss you suffer due to delay or our failure to provide information in these circumstances.
If false or inaccurate information is provided and/or fraud is identified or suspected, details may be passed to fraud prevention and anti-money laundering agencies, law enforcement agencies or other insurers and may be recorded by us or by them.
We and other organisations may also access and use this information to prevent fraud and other crime.
We may disclose your personal information to third parties, the courts and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or in order to enable us to comply with our regulatory requirements or dialogue with our regulators as applicable.
We may disclose your personal information to third parties:
· In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
· If the business of Beckett & Co Solicitors or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
· If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements; or to protect the rights, property, or safety of Beckett & Co Solicitors, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
10. Transfer & Storage of Personal Data
All transfers of your personal data will be for specific purposes only and in accordance with the law. We require all third parties to treat your data confidentially, and to maintain the security of your data in accordance with all applicable laws and regulations.
The data that we collect from you may, as part of the cloud IT services and software we use, be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). In such cases we will ensure that:
· The transfer is to a service provider based in a country which the European Commission has approved as having an adequate level of security for personal data; or
· In the event of transfers to a US-based service provider there will be in place the US-EU Privacy Shield which provides an equivalent level of safeguards as in EU countries
Visitor comments and contact form communications on our website are checked through an automated spam detection service.
11. Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
In relation to future marketing, we would like to keep in touch with you and let you know periodically about information that we think may be of specific interest to you or to tell you about events or our developments.
We will not add your personal details to our marketing database unless you confirm to us that you want to “opt in” to us sending you such information in the future. If you provide your consent, you may withdraw it at any time by contacting us to confirm that you no longer want us to contact you. If you provide your consent, we may use third party software and services to assist us in relation to the processing of our marketing communications, but we will ensure we have confidentiality agreements in place and will never disclose your information to third parties for them to use for their own marketing purposes.
13. External website content
Our website may, from time to time, contain links to and from external websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
14. How long will we keep your personal data?
We will hold your personal data for no longer than it is reasonably required.
For clients this means that we will hold your personal data including your name, address and contact details, billing information, and your file of papers for a period of 7 years. After this period of time, your file of papers, including the electronic file, will be destroyed confidentially without further reference to you, unless we contact you to confirm other arrangements or you contact us to request your file of papers at an earlier date.
In order to meet our regulatory requirements, we may be required to retain basic information about you to include your name, address and date of birth on our electronic database for a longer period of time.
If you leave a comment on our website, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
15. Your rights
Under GDPR you have a number of important rights. These rights may include the right to require us to:
- Provide you with further details on the use we make of your personal information
- Provide you with a copy of the personal information we hold about you
- Update any inaccuracies in the personal information we hold about you
- Delete any of your personal information that we no longer have a lawful ground to use
- Where processing is based on consent, stop that particular processing by withdrawing your consent
- Object to our processing of your personal information in certain circumstances
- Provide you with a copy of your personal data in an accessible format
- In certain circumstances, we may need to restrict your rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege)
You also have the right to raise concerns with us about our use of your personal data.
Further information about these rights can be found on the Information Commissioners Website www.ico.org.uk/for-the-public/.
If you would like further information about your rights, or if you wish to exercise any of these rights, please:
- write to our Data Protection Officer, Donna Walmsley at Beckett & Co Solicitors, 3 Farrington Street, Chorley, PR7 1DY or email firstname.lastname@example.org
- let us have enough information to identify you
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates, including any account or reference numbers, if you have them.
16. Changes to this privacy notice
We may change this privacy notice from time to time. When we do we will inform you via our website or by a direct communication with you.
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information.
The GDPR also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at www.ico.org.uk/concerns/ or telephone 0303 1231113.