1. The Purpose of this Notice
This notice explains how we will collect and use your personal data. We are the data controller for personal data that we process about you. If there is anything you are unclear about, please contact our Office manager, who will be happy to answer any queries you may have concerning this notice or the way in which we process your personal data. The Office Manager’s contact details are provided at the foot of this notice.
2. Website Visitors
This statement explains how we may collect and use information about you through our website. If you have any questions about our privacy policies, want to exercise your right to see a copy of the information that we hold about you, or think that information we hold about you may need to be corrected, please contact us.
If we propose to use your details to send you information from Brookman Solicitors about events or legal developments which we believe are of legitimate interest to you (other than information that you have specifically requested, or information sent as part of your case), we give you an opportunity to tell us that you do not wish to receive such information by ticking a box. We will not use your information for purposes that are not clear when you provide your details, and will not disclose it outside Brookman Solicitors, except in very limited circumstances – for example, with your agreement or where we are legally obliged to do so.
3. Data Categories
We collect data about your use of our website and services. This may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
Enquiry data is information contained in any enquiry you submit to us regarding or services. Enquiry data may include your name and email address plus any details you provide to us to assist with your enquiry. We will process this in order to contact you either by phone or an email address provided by you to discuss further the legal services we offer.
“Client data” includes your contact details, your case details and your contract with us. It is stored on our secure network and case management software.
“Job Application Data”
We collect the information that you provide to us for the purpose of applying for a role at Brookman Solicitors Ltd. “Job application data” can include your contact details, CV and Agent’s details.
“Special Categories of Personal Data”
We may process special categories of personal data if these have been voluntarily provided to us (including ethnicity, nationality and medical history).
4. Where the data comes from
Most of the data we collect about you is provided by you voluntarily.
Usage Data: As detailed in “Website Visitors” some grouped and anonymised data is sourced from Google Analytics.
Enquiry data: All data is provided by you voluntarily.
Client data: We obtain personal data about you from the following sources:
- from you, for example when you provide your details on the website, by email, over the phone or at a consultation;
- from third party sources (e.g. banks, pension providers, CAFCASS, Land Registry etc.) When we obtain personal data about you from third party sources, we will look to ensure that the third party has lawful authority to provide us with your personal data.
- data that we and our staff generate about you, such as time recordings and invoicing records;
- any previous solicitors if they provide your file to us.
Job application data: We obtain data from you, your agent and may obtain data from the referees provided.
5. The purpose for which we process the data and the legal basis for that processing:
In general terms, we process your personal data for the administration and delivery of your contract with us. The law requires that we provide you with information about the lawful basis on which we process your personal data, and for what purposes. Most commonly, we will process your data on the following lawful grounds:
- Where it is necessary to perform the contract we have entered into with you;
- Where it is necessary to comply with a legal obligation;
- Where it is necessary for our legitimate interests and fundamental rights do not override those interests.
In a small number of cases where other lawful bases do not apply, we will process your data on the basis of your consent.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
In general terms:
Usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is consent or our legitimate interests, namely monitoring and improving our website and services.
The legal basis for processing enquiry data is consent.
When your file is open, the legal basis for processing client data is necessary for the performance of your contract – on many occasions Brookman will process your data to enable it to meet its commitments to you. It may also be processed on the basis of our legitimate interests, namely our interest in the proper administration of our business. We use your personal information for:
- Service provision and internal processing (i.e. to assess and/or provide and to service your matter).
- Management of relationship (e.g. to develop your relationship with us).
- Resolving queries.
- Training and service review (e.g. to help us enhance our services and the quality of those services).
- Statistical analysis (e.g. to help us enhance our products and services or delivery channels to keep costs down).
- Complying with legal obligations (e.g. to prevent, investigate and prosecute crime, including fraud and money laundering).
- To administer your account with us, including tracing and collecting any debts.
When your matter is completed and/or your file is closed, we may still process your personal information where we have a legitimate interest in doing so, where we are permitted by law, or to comply with applicable laws and regulation.
Examples of such instances will include:
- Complying with legal obligations for statutory and regulatory requirements including for example, HMRC Returns, complaint handling, anti-money laundering, reporting to our regulatory body – the Solicitors Regulation Authority;
- Archiving and Storage of your file for the periods outlined below. (Archiving and Storage of personal data is still classed as a processing activity even though it is not being regularly accessed and remains securely locked away); and
- Our legitimate interests to conduct conflict of interest checks, statistical analysis and research to help us enhance our products and services.
Job application data is processed for the purposes of recruitment only. We use your personal information to keep the recruitment process running smoothly from end to end. Although you’ll usually be applying for one particular role, we may review your details against future vacancies. If you’d prefer us not to contact you about future vacancies, please contact us. The legal basis for this is consent.
6. Our Duty of Confidentiality
We will treat any information which is confidential to you and which we obtain as a result of acting for you as strictly confidential, save:-
- for the purpose of acting for you; or
- for legitimate interest disclosures to our auditors or other advisers or for the purposes of our professional indemnity insurance; or
- as otherwise required by law or other regulatory authority to which we are subject.
If you do not wish to disclose your details and file to be released, you must notify us in writing and discuss this with us when signing and returning a copy of the Authority to Proceed or other such document. We may be unable to act for you in such circumstances.
We shall be under no duty to disclose to you (or take into account in the course of providing the services) any information acquired by us in acting for any other client or any information in respect of which we owe a duty of confidentiality to a third party.
Like most organisations we use external companies to carry out some aspects of our business, as well as systems and tools provided or hosted externally.
We keep information passed to us confidential and will not disclose it to third parties except as authorised by you or required by law. However, if on your instruction, we are working with other professional service providers (see below) we will assume that we may disclose any relevant information about your matter to them, but will request your permission ahead of doing so.
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions. We also impose contractual obligations on service providers relating to ensure they can only use your personal data to provide services to us and to you. We will not share your personal data with any other third party unless you instruct us to.
We may share personal data with:
- our regulators (i.e. Lexcel, Legal Ombudsman, SRA);
- professional advisers who you may wish us to obtain a quote from or instruct on your behalf or refer to you (e.g. medical professionals, experts, tax advisors, barristers, conveyancers etc). We will share your personal information only if it is necessary.
- our insurers when lawfully required;
- external service suppliers, representatives and agents that we use to make our business more efficient (i.e. transcription services, website developers, document storage service, confidential data disposal service, our technology, system and software providers).
The above data will be shared subject to our duty of confidentiality as well as Solicitors Code of Conduct.
Sharing outside of the EU
Brookman stores all data inside England and Wales. In order to perform aspects of our contract with you, we may need to send your personal data to organisations based within the European Union. Should we need to share your data to organisations outside the EU we will take reasonable steps to ensure an adequate level of protection is in place.
We store information about you, your matter or any other documents and correspondence relating to your file(s) using cloud-based technology. We take every possible precaution to protect your personal information. If you do not wish for your file or other information to be stored in this way, please inform us in writing before we commence work on your matter.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, contractors and other third parties who have a business requirement to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained upon request (our details are set out at the foot of this document). We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Brookman does not keep data for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims. We will thereafter delete or securely dispose of your personal data in accordance with our retention policies. Below is an outline of our retention timescales:
Website Usage Data – we retain anonymised website usage data indefinitely. We do not collect website usage data that identifies you.
Enquiry Data – We retain data collected from enquiries made by you for 2 years.
Client Data – Client data is held for 6 years in order to comply with regulatory and auditing requirements. At the end of the 6 year period original files will be destroyed/deleted from our system but we will continue to maintain a record of your name for the purposes of a conflict search and also for the purposes of having a record of your contract with us in the event that you choose to re-instruct us in future.
You are entitled to request that all contact details for you are deleted at the end of the six-year period from the date of your file closure. However, in signing your Authority to Proceed, you are acknowledging that we can retain these basic records after the six-year period.
Job Application Data – We hold unsuccessful application data for a period of 12 months. We may use that data in order to contact you about further roles that may become available. If you do not wish to be contacted about other roles, please let us know. Successful application data forms part of the future employee record.
You have the right to access the personal data that Brookman holds on you. There are some exemptions to this right, specifically where the personal data of other people may also be involved.
If you would like to request access to your personal data, then please contact us.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
There will be no fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. Please see https://ico.org.uk/ for further information on the above rights. You may also contact the us for further information.
In addition to a copy of your personal data, you also have a right to the following information:
- withdraw consent at any time where that is the legal basis of our processing;
- rectify inaccuracies in personal data that we hold about you;
- be forgotten, that is your details to be removed from systems that we use to process your personal data where that does not conflict with other obligations we may have to continue to hold it;
- restrict the processing in certain ways;
- obtain a copy of your data in a commonly used electronic form; and
- object certain processing of your personal data by us.
You have a right to complain to the Information Commissioner’s Office about the way in which we process your personal data, the details of which are as follows:
Information Commissioner’s Office
Tel: 0303 123 1113
The ICO website is available here.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes while instructing us and until your matter has been finalised
12. Contact Details
If you have any concerns with regard to the way your personal data is being processed or have a query with regard to this Notice, please contact us on +44 (0)20 7430 8470. Our postal address is 81 Chancery Lane, London WC2A 1DD.
Our data controller registration number provided by the Information Commissioner’s Office is Z7616534.