This notice explains how we may use personal data which we obtain about you. It sets out who we are, how and why we collect, store, use and share your personal data and the basis on which we do so. It also explains your rights in relation to personal data, and explains how to contact us or the supervisory authority should it be necessary.
Who we are and how to contact us
BCL Solicitors LLP is a law firm based in London. We are a limited liability partnership registered in England & Wales with registration number OC411856. We are regulated by the Solicitors Regulation Authority (SRA no. 630433).
Our website may be found here: www.bcl.com
Data Protection Officer: Julian Hayes
Address: BCL Solicitors LLP, 51 Lincoln’s Inn Fields, London WC2A 3LZ
Tel: +44 (0)20 7430 2277
Fax: +44 (0)20 7430 1101
- Personal data – any information relating to an identified or identifiable living individual.
- Special category personal data – information revealing an individual’s racial or ethnic origin, data about ethnic origin, religious, philosophical and political beliefs, trade union membership, health and genetic data and data concerning a person’s sex life and sexual orientation.
- Controller – the organisation which determines the way in which personal data is processed and the reasons for which it is processed.
When we use your personal data, we are a ‘controller’ of data. Our use of personal data is therefore regulated by the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), as well as our professional duty of confidentiality towards our clients.
The personal data we may collect about you
We may collect the following types of personal data about you:
- Identity and contact details (eg. name, date of birth, email address, postal address, telephone numbers, ‘Know Your Customer’ details such as proof of address and photo ID including passport and driving licence details).
- Financial and transaction data (eg. bank/building society details, payment card details and details of payments from and to others).
- Technical and usage data (including information about how individuals use our website).
- Marketing data (eg. individuals’ preferences in receiving marketing from us and dietary and accessibility requirements for the purpose of attending any events to which we invite you).
- Employment data (eg. employment history, sickness and attendance records, disciplinary records, and remuneration data).
- Information used to provide our services (eg. information provided to us by or on behalf of our clients or otherwise provided to us or generated by us in the course of providing services to our clients).
- Special category data (including data concerning health).
- Data relating to criminal convictions and offences.
How we collect your personal data
We collect personal data in various ways, including:
- Directly from you via electronic means (eg. email and instant messaging), post, telephone and in person.
- From third parties with your consent (eg. from your bank, building society or other financial institution, consultants engaged in relation to your matter, your employer, accountant, pension administrator, trade union and health professionals).
- IT systems which we use (eg. case and document management and time recording systems, automated monitoring of our website, our computer network and electronic communications systems). For further information, see ‘Cookies, online forms & third party websites’ below.
How we use your personal data
We use your personal data on the following bases:
- To perform a contract with you or in order to take steps at your request before entering into a contract.
- In the case of special category data, where it is necessary for the purpose of obtaining legal advice, for the establishment, exercise or defence of legal claims or proceedings, or where we need to do so as an employer.
- To comply with legal and regulatory obligations.
- For our legitimate business interests. A legitimate interest is when we have a business or commercial reason to use your personal data, as long as this is not overridden by your own rights and interests. (For further details of our legitimate interest use of personal data, see ‘Promotional communications’ below).
We may use your personal data to send you updates by email or post about legal developments which might be of interest to you and/or where we begin offering a new service which may be of use to you.
Where we communicate with you in this way, we have a legitimate business interest in processing your personal data for such purposes (see ‘How we use your personal data’ above).
We will not share your personal data with other organisations for marketing purposes.
You have the right to opt out of receiving promotional communications from us at any time. If you wish to do this, you should contact our Head of Marketing, Duncan Edgecombe, at BCL Solicitors LLP, 51 Lincoln’s Inn Fields, London, WC2A 3LZ, email email@example.com, tel: +44 (0)20 7430 2277.
Who we will share your personal data with
We may share your personal data with certain trusted third parties including:
- In the course of providing services to you (eg. instructing counsel or financial and medical experts).
- Providers of IT and reprographics services to BCL.
- Our own professional advisers (eg. auditors, bankers and insurers).
Where personal data is shared with such people, we do so only if we are satisfied that they take appropriate measures to protect it and that they treat it in accordance with the law. We do not sell, rent or otherwise make personal data available to third parties.
Where we are legally obliged to, personal data may also be shared with regulatory authorities (including the Information Commissioner’s Office (‘ICO’) and the Solicitors Regulatory Authority), courts, tribunals, government agencies and law enforcement agencies. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
How we protect your personal data
We try to take all reasonable steps to protect your personal data but cannot guarantee the security of any data you disclose to us online. Please note that email is not a secure medium and its confidentiality cannot be guaranteed. It can be intercepted, corrupted, lost or delayed. You accept the security risks of providing information over the Internet and will not hold us responsible for any breach of security unless this is due to our negligence or wilful default. If you do not wish us to communicate with you by email, please inform us immediately.
In line with the data protection laws and any applicable guidance, we use a variety of technical and organisational measures to prevent unauthorised access, loss, use, disclosure, alteration or destruction of personal data.
We have put in place appropriate training measures to inform our staff about keeping personal data secure.
We have also put in place procedures to deal with any suspected data breach. We will notify you and any applicable regulator of a suspected personal data breach where we are legally obliged to do so.
Transferring your personal data out of the UK
To deliver services to you, it may sometimes necessary for us to share your personal data outside the UK. For example, this may happen:
- Where your and our service providers are located outside the UK.
- If you are based outside the UK.
- Where there is an international dimension to the matter on which we are advising or representing you.
Where we transfer personal data outside the UK, we ensure that it is permissible under the special rules governing such transfers under UK data protection legislation. These special rules include where: (i) the country, territory, sector or international organisation to which we intend to send the personal data provides adequate protection for individual’s rights and freedoms in respect of personal data; (ii) where we and the intended recipient of the personal data have entered into a contract incorporating standard data protection clauses recognised or issued under the UK data protection regime; or (iii) where one of the exceptions in the UK GDPR applies.
Data storage & retention period
BCL holds personal data in physical and electronic forms. Where data is held in physical form, it is stored securely either on our premises or in secure off-site storage. Where data is held electronically, it is securely stored on our servers which are located in the UK.
BCL will process personal data in accordance with its records retention practices or as long as required by the terms of a contract. In setting retention periods, we take account of the purpose for which personal data was collected, legal and regulatory obligations on us to retain information, limitation periods for legal action and our business purposes.
Where it is no longer necessary to retain your personal data, we will delete or anonymise it.
Your rights to access personal data
You have the right to receive information about the personal data which we hold about you. You may do this by making a written request known as a ‘data subject access request’.
If you are concerned that any of the information we hold on you is incorrect please contact us (see ‘Data subject rights’ below).
Data subject rights
Under the UK GDPR you have a number of important rights which you may exercise free of charge. In summary, your rights include:
- Access – you have the right to request a copy of the information that we hold about you (see ‘Your rights to access personal data’ above).
- Rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- To be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- To restrict processing – where certain conditions apply to have a right to restrict the processing.
- Portability – you have the right to have the data we hold about you transferred to another organisation.
- To object – you have the right to object to certain types of processing such as direct marketing.
- To object to automated processing, including profiling – the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you, or similarly, which significantly affects you.
If you would like to exercise any of your rights, please:
- Write to Data Protection, BCL Solicitors LLP, 51 Lincoln’s Inn Fields, London WC2A 3LZ, email us: firstname.lastname@example.org, or telephone our Data Protection Officer on +44 (0)20 7430 2277;
- Let us have enough information to identify you (ie. your full name, address and matter number);
- Provide us with proof of your identity and address (eg. a copy of your driving licence or passport and a recent utility or credit card bill);
- Inform us which right you wish to exercise; and
- Let us know the information to which your request relates, including any applicable matter number(s), if you have them.
Cookies, online forms & third party websites
When accessing our website, BCL collects standard internet log information for statistical purposes and to provide the website experience.
When we collect personal data, for example via an online form, we will explain what we intend to do with it.
We might also obtain your personal data through your use of social media such as Facebook, WhatsApp, Twitter, LinkedIn or YouTube, depending on your settings or the privacy notices of these social media and messaging services. To change your settings on these services, please refer to their individual privacy notices, which will tell you how to do this.
Questions and complaints
Although we would hope that we could resolve any concern that you may have, the UK GDPR also gives you the right to lodge a complaint with the supervisory authority for data protection issues. The supervisory authority is the ICO. The ICO’s website is: www.ico.org.uk. The ICO’s telephone number is: 0303 123 1113.