MB SOLICITORS (the Company) is committed to protecting the privacy of your personal information. For the purpose of applicable data protection law, including the Data Protection Act 1998 and, from its entry into force on 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/679) (together, DP Law), the Company is the data controller. Our Privacy Notice explains what we do with any personal information which we collect from you, including when you use our website and when you interact with us in other ways offline, for example when you provide us any personal details which enable us to provide you services. If you have any questions regarding our Privacy Notice, please contact us at the address on email@example.com .
This Privacy Notice explains how we collect, use and disclose personal information about you when you visit the site and when you contact us, whether by e-mail, post, fax or telephone or using the contact options on our website.
What type of personal information do we collect?
The personal information we collect from you is used primarily to enable us to provide the specific service you require.
Personal information can include the following:
- your title, forename and surname and gender;
- your personal or work related (depending on which you choose to submit) e-mail address and your password (which allow us to create your user account and your unique agreement number);
- your personal or work related contact details (depending on which you choose to submit) such as your telephone number(s), fax numbers and postal address;
- your date of birth and national insurance number;
- your marital status;
- your residential status and address details for the last 3 years;
- employment status;
- employer details and time periods in that occupation and with that employer and any other employers within a 3 year period;
- your bank details, including your bank name and address, sort code, account number, account type and time period at your bank;
- information necessary for legal compliance; and/or to information required to provide your chosen service.
Personal information also includes special categories of personal data. This is data about your racial or ethnic origin, political opinions, religious or philosophical believes, trade union membership, genetic data, biometric data, and data concerning your health, sex life or sexual orientation. In the unlikely event that any of this is collected from you during your use of the website or during any other offline interaction with us you may be asked at the point of collection to provide your explicit consent where needed in order to justify our processing of it.
This information will be collected primarily from you as information voluntarily provided to us, but (as explained above) we may also collect it where lawful to do so from (and combine it with information from) public sources, third party service providers and other third parties.
The legal basis for our use and other processing of your personal information under DP Law
This will include (as relevant):
- processing your personal information so that we may perform our obligations under a contract with you (such as an agreement to run your legal matter) (“Your Contract or retainer”);
- processing for legitimate interests provided these are not overridden by your interests and fundamental rights and freedoms (this includes our own legitimate interests). For example, this is relevant when we use and process your personal data to deal with our legal and regulatory and internal governance obligations; and in addition / together with the processing condition described above (“Legitimate Interests”),
- processing which is necessary for compliance with our legal obligations laid down by European Union law (where relevant) and by English Laws applicable to us in the United Kingdom (“Our Legal Obligations”).
- Your consent may also be a lawful reason for processing your personal data in certain cases (“Your Consent”). This means your freely given, specific, informed and unambiguous consent which may be collected from you, for instance: when you agree to receive marketing communications from us or when you agree to take part in surveys or market research (as relevant). You should be aware that you are entitled under DP Law to withdraw your consent where you have given it to us at any time. If you do this and if there is no alternative lawful reason for us to rely on to justify our use or other processing on your personal data, this may affect our ability to provide you with some of our services.
In summary, we need certain categories of personal data in order to provide you with our services. Certain other personal data is processed for our Legitimate Interests in cases where this does not result in prejudice to you. Certain other personal data is processed based on a consent.
What other personal information do we collect and why?
In this section we explain the personal information we collect from you when you interact with us online and offline. Where we explain why we use this information, we have also referred to the relevant legal basis which we consider applies to the processing, as explained in the section above. Presenting the information in this way will make it easier for you to understand your rights in relation to your personal information, and this is explained further below in the sections headed “Your rights to access your personal information” and “Your rights under DP Law”.
Our Legal Obligations and/or Legitimate Interests
- we may record phone conversations to offer you additional security, resolve complaints, for staff training purposes and to improve our service standards;
Your Contact and/or Legitimate Interests
- We may require your personal details and process your personal details to fulfil a retainer with you. For example if you have a personal injury claim running we will be required to pass your details onto a medical agency in order to organize a medical for you. We will also need to provide your details to the third party insurer, courts and other organisations in order to run your claim effectively. Likewise in other matters such as immigration, conveyancing or family matter we will need to transfer your data to other organisations.
- sign up to receive our various newsletters by email; and
- be notified of products and/or services that may be of interest to you (based on your purchase history or browsing of our Websites).
How we use your personal information
We have explained below the purposes for which we may use information about you. As with the section above, we have explained why we use your information with reference to the relevant legal basis. Presenting the information in this way will make it easier for you to understand your rights in relation to your personal information, and this is explained further below in the sections headed “Your rights to access your personal information” and “Your rights under DP Law”:
We may use your personal information for the following Legitimate interests:
- to improve our products and services and to ensure that content from the websites is presented in the most effective manner for you and for your computer (or other electronic Internet-enabled device);
- to administer the websites;
- for internal record keeping;
- to contact you by e-mail or phone for any of the above reasons;
- where necessary as part of any restructuring of the Company or sale of the Company’s business or assets;
- to analyse trends and customer journeys in using and accessing our websites;
- to perform any contract the Company has with you to provide legal services and to ensure that your case has been run smoothly.
- subject to your consent where required under applicable laws, to carry out direct marketing and/or e-mail marketing;
Our Legal Obligations
- where we carry out identity checks, anti-money laundering checks, and checks with Fraud Prevention Agencies and where we share your personal information with Fraud Prevention Agencies for these purposes;
- monitoring and recording of telephone calls and email communications where necessary for compliance with regulatory rules or self-regulatory practices or procedures relevant to our business, to prevent or detect crime, for quality, training and security purposes; and
- for compliance with our legal, regulatory and other good governance obligations.
This list is not intended to be exhaustive and may be updated from time to time as business needs and legal requirements dictate. Some of the personal information that we maintain will be kept in paper files, while other personal information will be included in computerised files and electronic databases.
We may convert your personal data into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from that data. We may use this aggregated data to conduct market research and analysis, including to produce statistical research and reports. For example, we may produce reports on which of our product and services are most popular. We may share aggregated data in several ways, including for the same reasons as we might share personal data (see below).
In addition, we may use pixels or transparent GIF files, to help manage online advertising.
How long do we keep your personal information for (and the criteria used to determine this)?
Your personal data will not be kept for longer than is necessary to fulfil the specific purposes outlined in this Notice and to allow us to comply with our legal requirements and regulatory requirements. The Solicitors Regulation Authority requires that we keep copies of files for a period of six years.
The criteria we use to determine data retention periods includes the following:
(i) Retention in case of queries. We may retain it for a reasonable period (up to 6 months) after you have enquired about one of our products or services in case of follow up queries from you;
(ii) Retention in case of claims. We may retain it for the period in which you might legally bring claims against us (in the UK this means we will retain it for 6 years) if and to the extent this is relevant; and
(iii) Retention in accordance with legal and regulatory requirements. We will consider whether we need to retain your personal data after the period described in (ii) (above) because of a legal or regulatory requirement. Some or all of these criteria may be relevant to retention of your personal data collected in connection with our products and services. The Solicitors Regulation Authority currently require us to keep copies of our files for a period of 6 years after they are closed.
If you would like further information about our data retention practices please contact us (see below)..
Does the Company share my personal information with third parties?
Your personal information will be made available for the purposes mentioned above (or as otherwise notified to you from time to time), on a ‘need-to-know’ basis and only to responsible management, accounting, legal, logistics, audit, compliance, information technology and other corporate staff who properly need to know these details for their functions within the Company. Please note that certain individuals who will see your personal information may not be based at the firm.
We may share personal information within the Firm as needed for reasonable management, analysis, planning and decision making, including in relation to taking decisions regarding the expansion and promotion of our service offering, order or customer request fulfilment and for use by those companies for the other purposes described in this Notice.
Your personal information may also be made available to third parties providing relevant services under contract to the Company(see below for further details) to help us provide our services to you. Third parties in this context means other corporate entities, providers to the Company of responsible management, accounting, legal, logistics, audit, compliance, information technology, marketing and other services.
We will not sell your personal information to any third party other than as part of any restructuring of the Company or sale of a relevant Group business.
Will my personal information be transferred abroad?
We have explained above how your personal information may be shared outside of the Company. As part of this, including for instance where we work with service providers, your personal information may be transferred to countries outside the European Economic Area which don’t have equivalent standards of protection under their legislation and on these occasions we take other steps to protect the data as required under DP Law.
The steps we take may include the use of European Model Clause contracts and (where relevant to our suppliers) US Privacy Shield. You can find out what these are by using the Contact/address details below
Managing your marketing preferences
We may wish to provide you with information about new services, promotions and offers, which may be of interest to you. We may also invite you to take part in market research or request feedback on our services. This communication may occur by e-mail, telephone, post or SMS. We will seek your consent for this where necessary under DP Law. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data and if you do not wish to consent then please do pay attention to the marketing consent check boxes.
You also have the right to ask us not to process your personal data for marketing purposes at any time. This means you can change your mind about receiving marketing communications from us when you have previously consented to this. You can opt-out of receiving such communications by clicking the “unsubscribe” link on any email that we send to you or by emailing firstname.lastname@example.org at any time.
Please note that marketing communications are not the same as “information only” communications and that consents are not usually required in order for us to communicate with you about the services you have enquired about or have signed up to obtain through the Website or otherwise using contact details you have provided for this purpose.
Your rights to access your personal information
You have a number of other rights in respect of your personal information under applicable DP Law. These include the right to access or obtain copies of your personal information and to have inaccurate information about you corrected.
To exercise your right to access your personal data please write to our MB Solciitors, 3 Cosgrove Way, Luton, LU1 1XL.
Your rights under DP Law
[As well as the right to access the personal information we hold about you, you have a number of other rights in respect of your personal information under DP Law. These may include (as relevant):
- the right to access or obtain copies of your personal information that we hold (see above);
- the right to rectification, including to require us to correct inaccurate personal data;
- the right to request restriction of processing concerning you or to object to processing of your personal data;
- the right to request the erasure of your personal data where it is no longer necessary for us to retain it;
- the right to data portability including to obtain personal data in a commonly used machine readable format in certain circumstances such as where our processing of it is based on your consent;
- the right to object to automated decision making including profiling (if any) that has a legal or significant effect on you as an individual; and
- where you have an option to provide us with your personal data or not in connection with your use of our website or in connection with any of our products or services, you have the right to be informed about the possible consequences of not giving it to us;
- the right to withdraw your consent to any processing for which you have previously given that consent.
Please contact us at email@example.com if you would like to exercise any of your rights explained above in relation to your personal information.
Your right to complain to the data privacy supervisory authority
Without prejudice to any other administrative or judicial remedy you might have, you have the right to lodge a complaint with the UK’s Information Commissioner if you consider that we have infringed applicable data privacy laws when processing your personal data. In the UK the Information Commissioner’s Office can be contacted using the following link: https://ico.org.uk/.
Keeping you informed
We will keep your details on record until we have completely dealt with your request, enquiry or application and then for a reasonable period afterwards (normally 6 years in accordance with regulatory requirements), in accordance with data protection and other applicable legislation.
The Company may keep your details on record for as long as is necessary for the purposes set out above and will then endeavour to delete your details in accordance with data protection and other applicable legislation.
Changes to this Notice
We keep this Notice under regular review. We may change this Notice from time to time by updating this in order to reflect changes in the law and/or our privacy practices. The date at the top of this Notice will be updated accordingly and we encourage you to check this from time to time for any updates or changes. Where you have provided us with your email address, we may also contact you to let you know that we have updated the Notice. We may also take that opportunity to ask you if you would like to update your marketing preferences.
By using our websites, submitting your personal information to us, registering an account, registering a customer credit account or interacting with us in other ways, you consent to the use of your personal information as described in this Notice (as amended from time to time).
This Notice does not extend to your use of, provision of data to and collection of data on any website not connected to us to which you may link to by using the hypertext links within our websites.
If you have any questions about this Notice, please contact us at MB Solicitors, 3 Cosgrove Way, Luton, LU1 1XL.