When you instruct AmicusLaw (the ‘Firm‘) you trust us with your information. We take privacy seriously and are committed to protecting the data you provide to us.
This policy explains when and why we collect personal data about you, how this data is used, the conditions under which it may be disclosed to others and how it is kept secure and protected by law.
This notice may change from time to time so please revisit this page occasionally to ensure that you are happy with any changes. It is also important that all personal information we hold is accurate and up to date. We ask you to keep us informed of any changes that occur during your relationship with us.
- Who We Are
The Firm is a limited liability partnership with registered company number OC399264 and its registered office is at Regional Rural Business Centre, Market Way, Bridgwater, Somerset, TA6 6DF. The Firm is the controller of your personal data when you engage it to provide services to you; this means that we decide why and how your personal data is processed. The Firm is also registered with the Information Commissioner under registration number Z2138086.
Where this policy refers to the ‘Firm’, ‘we’, ‘our’ or ‘us’ below, unless it mentions otherwise, it is referring to the particular company that is the controller of your personal data.
- Who we collect personal information from
- Employees and prospective employees.
- Suppliers and service providers.
- Business and Legal contacts.
- Information we may collect about you
Personal data means any information relating to an individual from which they can be identified. It does not include anonymous data, i.e. any data where the individual’s identity has been removed.
The various types of data include the following:
- Personal information such as name, date of birth, gender, marital status, national insurance number, passport and driving licence, family, employment etc.
- Contact information such as address, telephone numbers, email addresses, social media.
- Financial information such as bank and building society account details, credit card cards, income and expenditure, pensions and HMRC.
- Technical information obtained in the course of access made to our website, and in relation to your use of our services and the provision of services to you.
- The transaction details.
- Marketing preferences.
We may also acquire and process certain sensitive data which is a special category of information relating to an individual. We are only able to process such information if you have given specific consent, it is a legal requirement for us to hold such information or it is necessary to enable us to provide you with the service we are contracted to provide. The categories of information concerned are as follows:
- Racial or ethnic origin.
- Political opinion.
- Religious or philosophical beliefs.
- Trade Union membership.
- Genetic and biometric data.
- Sex life or sexual orientation.
We do not collect or store information relating to any offences committed by an individual or their criminal convictions unless it directly relates to the matter for which we have been instructed or we are legally obliged to retain it.
Criminal convictions or offences must be treated in the same way as special category data.
Data about children will be handled carefully as they require additional protection.
- How We Collect and Process Your Personal Data
We may receive information about you from you or third parties when we are acting for, considering acting for, a client which will require us to obtain information about you (i.e. if you are a beneficiary of an estate or a party or a witness in a case).
Where we receive information about you, we will only use that information for the purposes of the legal transaction, case or matter (‘matter’).
a. Information That You Provide
You provide information about yourself when you make an enquiry or ask us to provide legal services to you, when entering information on our website, completing opt-in/consent forms, or by communicating with us by phone, post, email, live chat, social media or otherwise. It also includes additional information that you provide during any matter.
The information you provide mainly includes your contact details, identification information, financial or billing information, employment information, details included in any correspondence and information about you in connection with any matter on which we are engaged to advise to help us in the course of a transaction or to pursue or defend a case.
Personal data is collected from you by various methods, the most frequent of which are:
- Direct contact with you face to face, by email, letter and telephone. The level and type of data collected will depend upon the basis of our relationship with you. In particular, whether you are a client or a prospective client, an employee or a prospective employee, a supplier, service provider or contractor.
- From our website via the ‘Contact Us’ page, the message service on the website and through our social media platforms. When you contact us using our website certain technical information is automatically collected such as your IP address operating system and browser type together with information concerning your use of the site, such as the URL, length of visit and pages viewed.
- Networking events and seminars attended by you. We may from time to time invite you to certain networking events and seminars being held by us where we feel they would be of use and interest to you.
- Marketing. It is a legal obligation for us to obtain your consent before providing any marketing communications and we shall not do so without having such consent. You can also withdraw your consent to receiving marketing material from us at any time either by contacting us directly or unsubscribing via the link on any electronic communication received. At present we do not undertake any form of direct marketing.
- Through third parties such as those we have joined with to provide relevant information concerning the use of our website such as Google Analytics, companies and organisations providing specific search information such as Jordans and Companies House or public resources such as search engines and social media platforms.
b. Information We Receive from Other Sources
We may receive information about you from third parties:
a. In transactional matters:
Law firms, accountants and other professional advisers acting for you where you or our client is a party to or otherwise concerned in the course of, for example:
- a corporate transaction (where your details may be placed in an online data room by us or another party);
- a commercial or domestic property transaction;
- a family, trust or probate matter; and
- due diligence
b. In litigation, arbitration, mediation and other forms of dispute resolution:
Law firms, counsel, experts and other professional advisers acting for you or our client, or from third parties, where you or our client is a party to or otherwise concerned in the course of, for example:
- dispute resolution whether potential or current;
- disclosure, exchange of witness or expert evidence;
- obtaining employment, health, educational records or reports; or
- liaising with court agents, court officers (i.e. sheriffs and enforcement officers) or trace agents in order to progress or respond to a matter.
c. From financial institutions:
Banks, building societies and finance companies, who are clients of ours or from whom we are given or request information, where you are their customer/debtor.
d. From clients acting in a representative capacity:
Personal representatives, attorneys, trustees, deputies and litigation friends who may provide us with information in connection with a matter, whether non-contentious or not, in which we are acting for you or a client.
Friends, family members or colleagues who may provide information about you as part of the work we undertake, for example where you are or may be:
- a beneficiary of an estate or trust;
- appointed by them in some representative capacity, such as executor; or
- a party in or a witness to a dispute
e. From people connected to recruitment:
- Recruitment consultants who may provide information about you to us in relation to a potential job at this firm.
- Employers who may provide a reference about you to us.
f. From regulatory bodies:
- Regulatory bodies when making regulatory enquiries;
- The police when making enquiries into potential criminal offences.
g. From introducers and referrers:
- Professional advisers who may refer your matter to us;
- Any other introducer of a matter to us.
We may supplement the personal data collected about you with information from publicly available sources, such as information to validate your identity or address, or to perform a credit check.
The information that we receive about you from others includes contact details, biographical, behavioural, fraud and billing information.
The information that we receive about you from others can include both personal and special category data as detailed in paragraph 3 above.
- Information We Collect About You
We may automatically collect information about you that we may observe, detect or create without directly asking you to provide the information to us. In common with most other businesses, this will mainly include information gathered automatically through your use of our website or online services.
- Mandatory Information
If you are a client, please note that your provision of documents for identity verification purposes is necessary for us to comply with our legal and statutory obligations. Failure to provide these documents will result in our being unable to undertake identity verification as required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and, subsequently, we will not be able to act for you or the organisation instructing us, as applicable.
- Types of Personal Data We May Process About You
As a legal practice dealing with cases and matters, we may process a range of personal data about you. To make it easier to understand the information that we use about you, we have divided this information into categories in the table below and provided a short explanation of the type of information each category covers (please note that not all categories may be applicable to you):
Personal data included in this category
Information used to send/receive funds to/from you or that appears on your bills
Your activities, actions and behaviours
Your life experiences and circumstances
Your payment card details
Information that can be used to address, send or otherwise communicate a message to you (i.e. email address, postal address, employer name and job title)
Information contained in our correspondence or other communications with you or about you, about our products, services or business
Your previous, current or future employment details
Information that contains or reveals the location of your electronic device
Information contained in a formal identification document or social security or other unique reference relating to you
Your insurance applications and any information relating to your insurance claim
Information relating to legal claims made by you or against you or the claims process
We may record phone calls and retain transcripts of dialogue (i.e. livechat conversations) either for our records or for training purposes. If you visit one of our offices your image may be recorded on CCTV for security purposes
Special categories of personal data
Your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, any personal data that relates to your health, sex life, sexual orientation or criminal offences or records or any genetic or biometric data about you
- How and Why We Use Your Personal Data
We may use the information we collect about you in the following ways:
a. Where it is necessary for us to perform a CONTRACT with you.
We may use and process your personal data where we have supplied you (or continue to supply you) with any legal services, where we have arranged for the supply of another firm’s services to you, or where you are in discussions with us about a particular matter on which you are considering taking advice. We will use your information in connection with the contract for the provision of services when it is necessary to carry out that contract, or for you to enter into it.
We may also use and process your personal data in connection with our recruitment activities, if you apply for a position with us (whether directly or through a third party) or send your details to us on a speculative basis.
Unfortunately, if you do not wish to provide us with your personal information we will be unable to provide any service to you.
b. Where we have a LEGITIMATE INTEREST
We may use and process your personal data where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
- To carry out our conflict checks so we can provide services to you;
- To enter into and perform the contract we have with you or your business;
- To assess and improve our service to clients or our clients’ customers (where applicable) through recordings of any calls and livechat sessions;
- For the prevention of fraud and other criminal activities;
- To verify the accuracy of the data that we hold about you and to create a better understanding of you as a client and our clients’ customers (where applicable);
- To create a profile of you based on any preferences you have indicated to enable us to decide what products and services to offer to you for marketing purposes (if any);
- To undertake analysis to inform our business and marketing strategy;
- To manage and deliver internal projects for business improvement;
- For network and information security purposes to enable us to take steps to protect your personal data against loss or damage, theft or unauthorised access;
- To comply with a request from you in connection with the exercise of your rights (for example, where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
- To assist in the management of queries, complaints or claims;
- To notify you or your business of changes in the law that might affect you or your business; and
- For the establishment, exercise or defence of our legal rights.
c. Where you have provided CONSENT
Where you have given us your consent (via an opt-in consent process), we may use and process your personal data to send you email communications about events, products and news updates and relevant news and announcements. Such communications may include content on relevant legal updates, seminar and event invitations and other news/announcements. At present this is not something which the firm undertakes.
Please note that your information may be used to send you details of our services that we have identified as likely to be of interest to you.
We will seek separate and specific consent from you in circumstances where we wish to feature your identity in a published case study, press release, advertisement or testimonial or wish to include your image in a photograph or video in connection with public relations or promotional activities.
You have the right to withdraw your consent at any time. Please see ‘Withdrawing your consent’ for further details.
d. Where required by LAW
Where you engage us to provide legal services to you, we will process your personal data and the personal data of third parties in order to comply with our legal obligations, for example under the Civil Procedure Rules or the Family Procedure Rules. We also have a legal obligation to comply with the SRA’s Standards and Regulations.
It is also a legal requirement for you to provide us with information to verify your identity in connection with anti-money laundering and criminal financing legislation. We will use that information for the purpose of complying with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (or such other legislation that may replace or supersede these Regulations from time to time) unless we have obtained your consent to use it for any other purpose.
We may also use and process your personal data in order to comply with other legal obligations to which we are subject, as follows:
- to maintain a register of corporate gifts and hospitality to comply with anti-bribery laws;
- to maintain a record of undertakings where you are either a beneficiary of an undertaking or the person obliged to perform it;
- to maintain a record of undertakings where the Firm is the giver or receiver of an undertaking; and
- to comply with our other legal and regulatory obligations, e.g. undertaking conflict checks.
e. In the VITAL INTERESTS of the individual
From time to time when representing individuals who may be troubled, in danger, very young or otherwise unable to exercise due care for their own safety, we may, in extreme circumstances, use information about you or a person connected with you in order to take action to protect you or them.
- Special Categories of Personal Data
We may have to process sensitive personal data (known as ‘special categories of personal data’) about you or others associated with you, for example your family. We will only use this kind of information where:
- We have your explicit consent;
- It is necessary for us to use this information to protect your vital interests or those of another person where it is not possible to obtain consent;
- It is necessary to do so in connection with the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; or
- In exceptional circumstances, another ground for processing special categories of personal data is met.
Where you have provided us with explicit consent to use special categories of personal data about you, you may withdraw your consent for us to process this data at any time. Please see ‘Withdrawing your consent’ for further details.
Please note that if you withdraw your consent for us to process special categories of personal data about you, this may impact our ability to provide legal or support services to you.
- Others Who May Receive or Have Access to Your Personal Data
a. Our suppliers and service providers
We may share your personal information with certain external third parties to enable us to properly carry out our services to you and comply with our legal and regulatory obligations as referred to previously. Examples of such third parties include:
- Those providing IT, software, marketing and administration services. In particular our external IT support is provided by Bluegrass Computer Systems and our case management system is provided by Solicitors Own Software.
- Other professionals including lawyers, accountants, experts, bankers, insurance providers and recruitment services.
- HMRC, Companies House and HM Land Registry.
- Event and marketing organisers.
We do not accept any liability for the actions of third parties in relation to your personal information and neither do we have any responsibility for their privacy policies.
b. Others involved in your case or matter
Our work for you may require us to provide information to third parties such as law firms, accountants, counsel, expert witnesses, medical professionals and other professional advisers, who will use your information in connection with the matter. They may provide their own services directly to you.
Where we are engaged by a third party, such as a bank or lender in connection with your contract with them, we may share information with that third party about the progress of the case.
Any third party to whom we disclose information about you will be under an obligation to keep your information secure and not to use it for any purpose other than that for which it was disclosed unless you agree with them otherwise.
c. Other ways we may share your personal data
We may transfer your personal data to a third party as part of a sale of some, or all, of our business and assets or as part of any business restructuring or reorganisation. We may also transfer your personal data if we are under a duty to disclose or share it to comply with any legal obligation, to detect or report a crime, to protect your vital interests, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and clients. However, we will ensure that your privacy rights continue to be protected.
- Where Your Personal Data is Stored
All personal information held electronically is stored on secure servers within the UK. If your data is transferred, stored or processed outside the European Economic Area (EEA) it will be for a legitimate reason to enable us to provide relevant services to you.
Where personal information is transferred outside the EEA we ensure that safeguards are in place. This can be by ensuring either:
- The jurisdiction of the recipient is considered to provide an adequate level of data protection, as determined by the European Commission.
- That contracts approved by the European Commission are in place.
- That a U.S. based recipient is part of the Privacy Shield which requires them to afford the similar protection to that agreed between Europe and the U.S.
- How Long Your Data is Kept
If we collect your personal data, the length of time we retain it is determined by various factors including the type of data, the purpose for which we use it and our regulatory and legal obligations. We do not retain personal data in an identifiable format for longer than is necessary.
We maintain a full schedule of types of data and the specified period we will retain them for.
Typically, we retain data in accordance with the SRA and Law Society guidelines. The retention criteria for the following data types are:
Data category/ document
Retention in case of queries or claims. We will retain client files for a minimum of seven years.
Retention of data about potential instructions. We will keep this data for a period of up to seven years, depending on the type of transaction.
Retention in accordance with legal and regulatory requirements. We will consider whether we must retain your personal data after the period described above in case of a legal or regulatory requirement.
We will retain your application data for up to 12 months following receipt of your application.
The only exceptions to this are where:
- The law requires us to hold your personal data for a longer period or to delete it sooner;
- You exercise your right to have the data erased (where it applies) and it is not necessary for this Firm to hold it in connection with any of the reasons permitted or required under the law (see ‘Erasing your personal data or restricting its processing’); or
- In limited cases, the law permits us to keep your personal data indefinitely provided we have certain protections in place.
- Your Rights
You have various rights in relation to your personal data under data protection legislation. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us search for your personal data. Except in rare cases, we will respond to you within 30 days from either the date that we have confirmed your identity or, where we do not need to do this, from the date we received your request.
The data protection laws give you certain rights over your personal information which are exercisable by you in some circumstances:
- You have the right to request access to the personal data we hold about you by making a ‘data subject access request’. This includes the right to know what personal information we hold, why we hold it and to request a copy. This means that you are able to ensure that we are processing your data lawfully.
- You have the right to request rectification of any incomplete or inaccurate personal information held subject to verification by us of its accuracy.
- You have the right to object to the processing of your information on grounds relating to your personal situation and the impact that the processing has upon this. However, our legitimate grounds for processing your data may override your rights and freedom. You also have the right to object to the processing of your personal data for marketing purposes.
- You have the right to request that your personal information be erased where there is no lawful or legitimate reason for it to be retained by us or where you have successfully exercised your right to object to the processing of your data.
- You have the right to restrict the processing of your personal information if you contest the accuracy of your data (and for so long as this takes to verify), the processing is unlawful but you do not require erasure, we no longer require the data save to defend or exercise our legal rights or if we need to verify whether or not we have overriding grounds for processing the same.
- You have the right to request the transfer of your personal data to a third party or for it to be released to you. Any data so requested will be supplied in a structured, commonly used, machine-readable format. This right only applies to automated information which you provided contest to us using, or which we were required to use in the performance of our contract with you.
- You have the right to withdraw your consent to us using your information at any time where you have previously given your consent. If this is likely to affect any of the services we currently offer to you we will advise you accordingly.
Should you wish to exercise any of the rights listed above please contact us. You will not have to pay a fee to access your personal data or exercise your rights although we reserve the right to do so if your request is deemed unreasonable, unfounded or excessive. In such circumstances we can also refuse to comply with your request.
- Accessing your Personal Data
You have the right to ask for a copy of the data that we hold about you by emailing or writing to us at the address at the end of this policy. In certain circumstances we may not provide you with a copy of your personal data, but we will explain why we are unable to provide it.
- Correcting and Updating Your Personal Data
The accuracy of your data is important.
If you change your name or address, your email address, or you discover that any of the other data we hold is inaccurate or out of date, please contact us using the details at the end of this policy.
- Withdrawing Your Consent
Where we rely on your consent as the legal basis for processing your personal data, as set out under ‘How and Why We Use Your Personal Data’, you may withdraw your consent at any time by emailing the Firm (please use ‘Withdrawal of consent’ as the subject heading of your email).
If you would like to withdraw your consent to receiving any email communications to which you believe you have opted into, please visit the Firm’s website and email your request to ‘email@example.com’ which can be accessed via the contact tab at the top of the home screen.
If you withdraw your consent, our use of your personal data before you withdraw your consent is still lawful.
- Objecting to Our Use of Your Personal Data and Automated Decisions Made About You
Where we rely on our legitimate interests as the legal basis for processing your personal data for any purpose(s), as set out under ‘How and Why We Use Your Personal Data’, you may object to our using your personal data for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are satisfied we can continue to process your personal data, we will temporarily stop processing your personal data in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection legislation, we will permanently stop processing your data for those purposes. Otherwise, we will provide you with our justification as to why we must continue processing your data.
You may object to our processing your personal data for direct marketing purposes and we will immediately comply with your request. If you would like to do so, please use our Unsubscribe tool.
You may also contest a decision made about you based on automated decision making by emailing or writing to us at the address at the end of this policy.
- Erasing Your Personal Data or Restricting its Processing
In certain circumstances, you may ask for your personal data to be removed from our systems by emailing or writing to us at the address at the end of this policy. Provided we do not have any ongoing lawful basis to continue processing or holding your personal data, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal data where:
- you believe our processing is unlawful;
- you contest its accuracy;
- you have objected to its use and our investigation is pending; or
- you require us to keep it in connection with legal proceedings.
We may only process your personal data while its processing is restricted if we have your consent or are legally permitted to do so, e.g. for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
- Transferring Your Personal Data in a Structured Data File
Where we rely on your consent as the legal basis for processing your personal data or have to process it in connection with your contract, as set out under ‘How We Use Your Personal Data’, you may ask us to provide you with a copy of that data in a structured data file. We will provide this to you electronically in a structured, commonly used and machine-readable form, such as a CSV file.
You can ask us to send your personal data directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal data in certain circumstances but will explain why we are unable to do so.
- Complaining to the UK Data Protection Regulator
You have the right to complain to the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your personal data. Please visit the ICO’s website (ico.org.uk) for further details.
- Security and Links to Other Sites
a, Security measures we put in place to protect your personal data
Appropriate security measures are put in place to prevent your personal information from being accessed or used without your authority or from being lost, changed or disclosed.
Please bear in mind that the transfer of data via the internet and email may not be secure and whilst we will use our best endeavours to protect your personal information we cannot guarantee the security of any information sent to us via the ‘Contact Us’ page on our website and sending information by this method is at your own risk.
Access to your data is limited to those who need access for legitimate business reasons such as relevant employees and third parties. Your personal information will only be processed on our instruction and any party with access is, and remains, subject to a duty of confidentiality.
Should we suspect that there has been a personal data breach we will notify you immediately along with the relevant regulators as required by law.
b. Links to other websites
Our website may contain links to other websites run by different organisations. This policy does not apply to other websites, so you should read their privacy statements. We are not responsible for the privacy policies and practices of other websites even if you access them using any links that we provide, and their security cannot be guaranteed.
If you linked to our website from a third-party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party website and recommend that you check their policies.
- Contact Us
The person responsible for data protection at AmicusLaw is Stephen Forsey. Please direct any queries about this policy or about the way we process your personal data to him at the contact details below.
All questions, comments and requests regarding this policy should be addressed to the Compliance Team by email at firstname.lastname@example.org or in writing to AmicusLaw LLP, 2 Fore Street, Wellington, Somerset, TA21 8AQ. If you would prefer to speak to us by phone, please call 01823 755800.