We take the privacy and confidentiality of our clients, potential clients, ex-clients and their affiliates very seriously. We are therefore committed to safeguarding the privacy of the personal information that is provided to us or collected by us during the course of our business as well as the personal information we receive from visitors to our Bowcock Cuerden website.
1. About us
Bowcock Cuerden is a limited liability partnership, authorised and regulated by the Solicitors Regulation Authority under number 419650.
Our Data Protection Officer is Carina Pennant-Williams who can be contacted by email – email@example.com
In common with many other website operators, we use standard technology called ‘cookies’ on our website. Cookies are small pieces of information that are stored by the browser on your computer’s hard drive and they are used to record how you navigate websites on each visit.
Our website and services are not aimed at children because in legal work children are generally represented by their parent or guardians. If you are a child and need further advice or explanation about how we would use your data, please email firstname.lastname@example.org
4. What information do we collect?
Most of the personal information we process is provided to us directly by you in relation to a legal claim, legal advice or a legal transaction. All personal information that we collect about you will be recorded, used and protected by us in accordance with applicable data protection legislation, including the UK GDPR and this Notice.
We may supplement the information that you provide with other information that we obtain from our dealings with you; however, we will not use that information for purposes which are not clear when you provide your details.
The exact information we will request from you will depend on what you have instructed us to do and the terms of our contractual retainer with you.
There are two types of personal data (personal information):
· “Sensitive Personal Data” is, by its nature, more sensitive information which may include your racial or ethnic origin, religion, sexual orientation, political opinions, health data, trade union membership, philosophical views, biometric and genetic data.
In the majority of cases Personal Data will be restricted to basic information and information needed to complete ID checks and carry out our work in accordance with our retainer. Some types of work may require us to ask for more information, but we will not ask for Sensitive Personal Data.
5. How we collect Personal Data
We may collect Personal Data from you directly through the online contact forms on our website, by email, in person, by telephone or via other digital platforms including social media.
6. Sources of information
Information about you may be obtained from a number of sources; including:
· information which you may provide about yourself;
· information which you may provide about someone else, if you have the authority to do so;
o Banks or building societies
o Organisations who allocate legal work to law firms on their panel
o Organisations who refer work to us
o Financial institutions which provide your personal records or other information.
7. Why we need it
The primary reason for asking you to provide us with your Personal Data is to allow us to comply with your instructions – which will ordinarily be to represent you and carry out your legal work.
These are non- exhaustive examples of what we may use your information for:
· verifying your identity;
· verifying the source of funds you are to transfer to us;
· communicating with you in relation to the funding of your matter or transaction
· obtaining insurance policy quotations on your behalf;
· keeping financial records of your transactions and the transactions we undertake on your behalf;
· on your behalf, instructing third parties to perform services, for example counsel and experts;
· responding to any complaint or allegation of negligence against us.
8. Who has access to it
We have a data protection regime in place to oversee the effective and secure processing of your Personal Data. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Generally, we will only use your information within Bowcock Cuerden LLP. However, there may be circumstances in undertaking your legal work where we may need to disclose some information to third parties, for example:
· HM Land Registry, to register dealings with a property’s title;
· HM Revenue & Customs, e.g. for Stamp Duty Land Tax or stamp duty liability;
· a Court or Tribunal;
· the solicitors acting for your opponent or another party to your transaction;
· counsel, when submitting instructions to advise and / or to represent you;
· non legal experts, when instructing them to obtain advice or assistance;
· translation agencies;
· contracted suppliers;
· external assessors or our Regulator; e.g. Lexcel, SRA, ICO etc;
· a bank or building society, or other financial institutions;
· insurance companies;
· providers of identity verification services;
· where disclosure is required by law or regulation, such as the prevention of financial crime and terrorism;
· if there is an emergency and we think that you or others are at risk.
In the event that any of your Personal Data is shared with a third party, we ensure that they comply, strictly and confidentially, with our instructions and that they do not use your Personal Data for their own purposes unless you have explicitly consented to them doing so.
We may use Clients’ Personal Data for legitimate interests such as direct marketing or where there is a reasonable expectation to be provided with information to benefit and enhance our relationship, such as:
• emails sent to you on legal issues that we believe would be useful or of interest to you;
• emails detailing our other services that we believe would be useful or of interest to you.
Direct marketing will never be sent without written prior approval from the client. Following the provision of approval, clients may email email@example.com at any time if they wish to change their preference and no longer wish to receive marketing communications.
If you choose to unsubscribe you will still receive specific emails from us in relation to a matter on which you have instructed us.
9. How do we protect your Data
We recognise that your Personal Data is valuable and we take all reasonable measures to protect it whilst it is in our care.
We have exceptional standards of technology and operational security in order to protect personally identifiable data from loss, misuse, alteration or destruction. Similarly, we adopt a high threshold when it comes to confidentiality obligations and both internal and external parties have agreed to protect confidentiality of all information and to ensure that all Personal Data is handled and processed in line with our stringent confidentiality and data protection policies.
We use computer safeguards such as firewalls and data encryption and annual penetration testing and we enforce, where possible, physical access controls to our buildings and files to keep data safe.
10. How long we keep it for
Your personal information will be retained, usually in computer or manual files, only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is provided by our contract of retainer with you. So, for example this may be:
· as long as is necessary to carry out your legal work;
· for a minimum of 7 years from the termination of our contract of retainer with you (in case you, or we, need to access your file to deal with queries, to assist in a future matter or to deal with any complaint or claim against us;
· for the duration of a trust;
· files and data in relation to some types of matter may be kept for 16 years, such as land purchases or the grant of a lease;
· wills powers of attorney and related documents may be kept indefinitely;
· Deeds related to unregistered property may be kept indefinitely as they evidence ownership
11. What are your rights
Under UK GDPR, you are entitled to access your Personal Data (this is known as a “right to access”). If you wish to make a request, please do so in writing addressed to our Data Protection Officer Carina Pennant-Williams, or contact the person dealing with your matter.
A right to access your Personal Data means that you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc.- but it does not mean you are entitled to the documents that contain this data.
Under certain circumstances, in addition to your right to access, you have these rights:
A. The right to be informed: which is fulfilled by our making the Policy available and our transparent explanation as to how we use your Personal Data;
B. The right to rectification: you are entitled to have Personal Data rectified if it is inaccurate or incomplete;
C. The right to erasure / ‘right to be forgotten’: you have the right to request the deletion or removal of your Personal Data where there is no compelling reason for its continued processing. This right only applies in these circumstances:
· where the Personal Data is no longer necessary as regards the purpose for which it was originally collected;
· where consent is relied upon as the lawful basis for holding your data, and you withdraw your consent;
· where you object to the processing, and there is no overriding legitimate interest for continuing the processing;
· that the personal data was unlawfully processed;
· where you object to the processing for direct marketing purposes.
D. The right to object: you have the right to object to processing based on legitimate interests, and direct marketing. This right only applies in these circumstances:
· an objection to stop processing personal data for direct marketing purposes is absolute; there are no exemptions or grounds to refuse and we must stop processing for such purposes;
· where you have an objection based on grounds relating to your particular situation;
We must stop processing your Personal Data unless:
· we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
· the processing is for the establishment, exercise or defence of legal claims.
E. The right to restrict processing: you have the right to request the restriction or suppression of your Personal Data. When processing is restricted, we can store the data but not use it. This right only applies in these circumstances:
· where you contest the accuracy of the Personal Data, we should restrict the processing until we have verified the accuracy of that data;
· where you object to data processing which was necessary for the performance of a public interest or purpose of legitimate interests, and we are considering whether our legitimate grounds override your right;
· where the processing is unlawful and you request restriction;
· if we no longer need the data, but you require it to establish, exercise or defend a legal claim.
When contacting us please ensure that you provide relevant information to allow us to identify you and state the right or rights that you wish to exercise. We may need to contact you to request further information to verify your identity.
We will respond to you within one month of receipt of a valid request unless the request is particularly ‘complex or numerous’ in which case we may then extend the deadline by up to an additional two months if necessary, as provided by the UK GDPR. If the deadline is extended then we will contact you within one month of receipt of your request informing you why the extension is necessary.
12. Complaints about the use of Personal Date
If you wish to make a complaint about our handling of your Personal Data, you can contact our Data Protection Officer who will investigate further. Our Data Protection Officer is Carina Pennant-Williams and you can contact her at firstname.lastname@example.org
If you are not satisfied with our response or believe we are not processing your Personal Data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO):
You can also contact the Information Commissioner’s Office by visiting their website https://www.ico.org.uk
We may amend this policy at any time by posting a revised version on our website.
If we make a change to this policy, we will take the continued use of our services after that date as your acceptance of the change.
Any questions regarding the Policy and our privacy practices should be sent by email to email@example.com