This Privacy Policy Notice is provided in compliance with the General Data Protection Regulation legislation (GDPR). It provides information on how we use and protect your personal data and privacy and your rights in relation to this.
This policy applies to our clients and to third parties. We take our privacy responsibilities seriously and are committed to protecting and respecting your privacy.
The policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred to our data controller and Data Protection Compliance Manager, Mark Fowler, of Broadgate Legal, Longcroft House, 2/8 Victoria Avenue, London EC2M 4NS, which is registered with the Solicitors Regulation Authority under SRA Number 524077, with the ICO under Data Protection Reg No PZ2074537, and on the Financial Services Authority Register under No LS 524077.
*****
1. What we do:
Our core professional activity is pre-litigation and post litigation dispute resolution, including personal injury claims, immigration law, and some general litigation, and the nature of that activity is reflected in this Privacy Policy Notice.
*****
2. What information do we hold about our clients and other third parties?
We may collect, store and use personal data about you (referred to throughout this privacy policy as personal information).
This could include:
-
Personal details such as your name, title, personal telephone and e-mail address and your postal address.
-
Your family details.
-
Payment information such as credit/ debit card number, expiration date, security code and name as it appears on the card and address the card is registered to.
-
Evidence of your identity, such as driving licence, passport, other identity card, home invoices.
-
Any personal information you provide to us during your interactions with us, by way of verbal conversations and meetings, and written or emailed correspondence by way of our communications to you, and your replies.
-
In appropriate cases details of your employer, your income levels, tax codes, national insurance numbers, Unique Taxpayer Reference, benefits received, pension details, whether you have student loan repayments and any attachment of earnings.
-
Information which might be required from your accountant, such as your personal records and tax returns.
We will receive information from third parties, and provide information to third parties, which could include the following:
-
marketing organisations
-
general practitioners and hospitals
-
insurance companies
-
unions
-
banks and building societies
-
Her Majesty’s Revenue and Customs (HMRC)
-
Her Majesty’s Courts and Tribunal Services (HMCTS)
-
the Criminal Injuries Compensation Authority (CICA)
-
Portal Co
-
enquiry and investigative agents and other outsourced service providers
-
accountants
-
hire and storage companies
-
non-expert witnesses
-
medical and non-medical experts and their support companies and organisations
-
care and rehabilitation providers
-
insurance brokers
-
solicitors
-
the Motor Insurance Bureau (MIB)
-
The Department of Work and Pensions (DWP)
-
the Police
-
The Health and Safety Executive (HSE)
-
Medco
-
interpreters
-
engineers
-
employers and employees
-
case management software providers and other technical support providers
This is not intended to be an exhaustive list, but it generally outlines the nature of correspondents encountered during our line of work.
*****
3. How long will we use your personal information and what is the legal ground we rely on for doing so?
We will only use your personal information when the law allows us to. When we use your personal information, we must have a legal ground for doing so. The following are (amongst others) the legal grounds by which we can use your personal information:
-
Where you have provided us with your consent for us to do so.
-
Where we need that information in order to perform the contract we have entered into with you or to take steps to enter into a contract with you.
-
Where we need to comply with a legal obligation to which we are subject, such as carrying out identity checks so as to comply with our anti-money laundering obligations, and generally our obligations to identify and prevent fraud (for you, for us and for the general good).
-
Where it is in pursuit of our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
-
Where we need details of your income or your medical history (we do not send encrypted data but we operate with high level firewalls and antivirus protection).
Once the specific contract under which we are representing you has concluded, we have no existing arrangements under which we will contact you to provide you with further information on our products and services, or to seek repeat business.
We will only use your personal information for the purposes for which it was received, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose, or unless we are required to do so for a legitimate reason which is outside our control, such as a police or court initiated enquiry or process; in which eventuality we may not be permitted to contact you.
We require third parties, consultants and employees with access to your data, to respect the security of your personal information and to treat it in accordance with the law.
For example, where we instruct third party service providers, we carry out due diligence on those providers to ensure they treat your personal information as seriously as we do.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for (i.e. during the course of a claim) and in compliance with applicable regulations, such as those required by the Solicitors Regulation Authority, and as set out in our client care letter, and any supporting notes for guidance.
*****
4. Data Security / Where we store your personal information
Electronic versions of your personal information are stored on a terminal server which is currently located on our office premises and on back up servers off our premises for disaster recovery purposes.
We have taken steps to ensure that our IT providers respect your personal information and treat it in accordance with the law.
Retained hard copy documents are archived in secure premises for the applicable seven-year regulated period.
Where we use third party service providers to assist us, your personal information may also be stored in accordance with their practices and procedures. We require third parties to respect your personal information and to treat it in accordance with the law.
*****
5. Rights of access, correction, erasure and restriction in connection with your personal information
Under certain circumstances, by law you have the right to:
-
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
-
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
-
Request the erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it, but subject to our regulatory obligations.
-
Request the transfer of your personal information to another party.
-
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, or request that we transfer a copy of your personal information to another party, please contact our Data Protection Compliance Manager in writing using the contact details set out at the beginning of this privacy policy.
No fee usually required:
-
In normal circumstances you will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, or if there is any other good reason why a fee should be charged.
-
Alternatively, we may refuse to comply with the request in such circumstances.
*****
6. What happens if you fail to provide personal information?
If you fail to provide certain information when requested, we may not be able to perform the legal services contract we have entered into with you, or we may be prevented from complying with our legal obligations.
*****
7. Changes to this privacy notice
We may change, modify, add or remove portions of this privacy policy at any time, and any changes will become effective immediately.
*****
8. Cookies Policy
The Broadgate Legal Website use "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web page server.
Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page.
As a general rule you have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Broadgate Legal website, or other websites you may visit.
As an exception to the above rule, we run one default language cookie which allows our website to support multiple languages, but this expires with each user’s session on the website.
Security of your Personal Information
Broadgate Legal secures your personal information from unauthorized access, use or disclosure by recording the personally identifiable information which you provide onto computer servers in a controlled and protected environment.
It is not our practice to send you updates about our services, and we therefore maintain no ‘unsubscribe link’ for your attention.
*****
9. Data Analysis and Updating Your Contact Details
We may track website visits and use analytical tools, such as Google Analytics, to use this information to improve our website.
Both Google Analytics and our Twitter Platform attract exposure to external third party cookies but can be disabled at any time if the need arose.
We will update your data when we receive notification from yourself of any change in your contact details or if any information from publicly available sources indicates that the data we hold is out of date.
*****
10. Other Websites
This privacy policy only applies to our data retention but may contain links to other websites. When you link to other websites you should read their own privacy notice.
*****
11. Right to complain
You have a right to make a complaint if you wish to do so. The organisation with oversight of our data protection processing is the Information Commissioner’s Office (ICO) https://ico.org.uk/concerns, which can be contacted in writing at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, by telephone (0303 123 1113) or by e-mail (casework@ico.org.uk).
*****