This notice explains how we may use personal data which we obtain about you. It sets out who we are, how and why we collect, store, use and share your personal data and the basis on which we do so. It also explains your rights in relation to personal data, and explains how to contact us or the supervisory authority should it be necessary.
Who we are and how to contact us
BCL Solicitors LLP is a law firm based in London. We are a limited liability partnership registered in England & Wales with registration number OC411856. We are regulated by the Solicitors Regulation Authority (SRA no. 630433).
Our website may be found here: www.bcl.com
If you have any queries about our policy or wish to exercise any of the rights described in it, you should contact:
Data Protection Officer: Michael Drury
Address: BCL Solicitors LLP, 51 Lincoln’s Inn Fields, London WC2A 3LZ.
Tel: +44 (0)20 7430 2277
Fax: +44 (0)20 7430 1101
- Personal data – any information relating to an identified or identifiable individual.
- Special category personal data – information revealing an individual’s racial or ethnic origin, data about ethnic origin, religious, philosophical and political beliefs, trade union membership, health and genetic data and data concerning a person’s sex life and sexual orientation.
When we use your personal data, we are a ‘controller’ of data. Our use of personal data is therefore regulated by the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), as well as our professional duty of confidentiality towards our clients.
The personal data we may collect about you
We may collect the following types of personal data about you:
- Identity and contact details (eg. name, date of birth, email address, postal address, telephone numbers, ‘Know Your Customer’ details such as proof of address and photo ID including passport and driving licence details).
- Financial and transaction data (eg. bank/building society details, payment card details and details of payments from and to others).
- Technical and usage data (including information about how individuals use our website).
- Marketing data (eg. individuals’ preferences in receiving marketing from us and dietary and accessibility requirements for the purpose of attending any events to which we invite you).
- Employment data (eg. employment history, sickness and attendance records, disciplinary records, and remuneration data).
- Information used to provide our services (eg. information provided to us by or on behalf of our clients or otherwise provided to us or generated by us in the course of providing services to our clients).
- Special category data (including data concerning health).
- Data relating to criminal convictions and offences.
How we collect your personal data
We collect personal data in various ways, including:
- Directly from you via electronic means (eg. email and instant messaging), post, telephone and in person.
- From third parties with your consent (eg. from your bank, building society or other financial institution, consultants engaged in relation to your matter, your employer, accountant, pension administrator, trade union and health professionals).
- IT systems which we use (eg. case and document management and time recording systems, automated monitoring of our website, our computer network and electronic communications systems). For further information, see ‘Cookies, online forms & third party websites’ below.
How we use your personal data
We use your personal data on the following bases:
- To perform a contract with you or in order to take steps at your request before entering into a contract.
- In the case of special category data, where it is necessary for the purpose of obtaining legal advice, for the establishment, exercise or defence of legal claims or proceedings, or where we need to do so as an employer.
- To comply with legal and regulatory obligations.
- For our legitimate business interests. A legitimate interest is when we have a business or commercial reason to use your personal data, as long as this is not overridden by your own rights and interests. (For further details of our legitimate interest use of personal data, see ‘Promotional communications’ below).
We may use your personal data to send you updates by email or post about legal developments which might be of interest to you and/or where we begin offering a new service which may be of use to you.
Where we communicate with you in this way, we have a legitimate business interest in processing your personal data for such purposes (see ‘How we use your personal data’ – above).
We will not share your personal data with other organisations for marketing purposes.
You have the right to opt out of receiving promotional communications from us at any time. If you wish to do this, you should contact our head of marketing, Duncan Edgecombe:
T: +44 (0)20 7430 2277
Who we will share your personal data with
We may share your personal data with certain trusted third parties including:
- Suppliers to whom we outsource certain support services such as counsel and experts involved with your case.
- Providers of IT and reprographics services to BCL.
- Our own professional advisers (eg. auditors, bankers and insurers).
Where personal data is shared with such people, we do so only if we are satisfied that they take appropriate measures to protect it and that they treat it in accordance with the law. We do not sell, rent or otherwise make personal data available to third parties.
Where we are legally obliged to, personal data may also be shared with regulatory authorities (including the Information Commissioner’s Office (‘ICO’) and the Solicitors Regulatory Authority), courts, tribunals, government agencies and law enforcement agencies. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
How we protect your personal data
We try to take all reasonable steps to protect your personal data but cannot guarantee the security of any data you disclose to us online. Please note that email is not a secure medium, and should not be used to send confidential or sensitive information. You accept the inherent security risks of providing information over the Internet and will not hold us responsible for any breach of security unless this is due to our negligence or wilful default.
In line with the data protection laws and any applicable guidance, we use a variety of technical and organisational measures to prevent unauthorised access, loss, use, disclosure, alteration or destruction of personal data.
We have put in place appropriate training measures to inform our staff about keeping personal data secure.
We have also put in place procedures to deal with any suspected data breach. We will notify you and any applicable regulator of a suspected personal data breach where we are legally obliged to do so.
Transferring your personal data out of the EEA
To deliver services to you, it may sometimes necessary for us to share your personal data outside the European Economic Area (‘EEA’). For example, this may happen:
- Where your and our service providers are located outside the EEA.
- If you are based outside the EEA.
- Where there is an international dimension to the matter on which we are advising or representing you.
Where we transfer personal data outside the EEA, we ensure that it is permissible under the special rules governing such transfers under EU and UK data protection legislation.
Data storage & retention period
BCL holds personal data in physical and electronic forms. Where data is held in physical form, it is stored securely either on our premises or in secure off-site storage. Where data is held electronically, it is securely stored on our servers which are located in the UK.
BCL will process personal data in accordance with its records retention practices or as long as required by the terms of a contract. In setting retention periods, we take account of the purpose for which personal data was collected, legal and regulatory obligations on us to retain information, limitation periods for legal action and our business purposes.
Where it is no longer necessary to retain your personal data, we will delete or anonymise it.
Your rights to access personal data
You have the right to receive information about the personal data which we hold about you. You may do this by making a written request known as a ‘data subject access request’.
If you are concerned that any of the information we hold on you is incorrect please contact us (see ‘Data Subject Rights’ below).
Data Subject Rights
Under the GDPR you have a number of important rights which you may exercise free of charge. In summary, your rights include:
- Access – you have the right to request a copy of the information that we hold about you (see 13 above).
- Rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- To be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- To restrict processing – where certain conditions apply to have a right to restrict the processing.
- Portability – you have the right to have the data we hold about you transferred to another organisation.
- To object – you have the right to object to certain types of processing such as direct marketing.
- To object to automated processing, including profiling – the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you, or similarly, which significantly affects you.
If you would like to exercise any of your rights, please:
- Write to Data Protection, BCL Solicitors LLP, 51 Lincoln’s Inn Fields, London WC2A 3LZ, email us: firstname.lastname@example.org , or telephone our Data Protection Officer on +44 (0)207 430 2277;
- Let us have enough information to identify you (ie. your full name, address and matter number);
- Provide us with proof of your identity and address (eg. a copy of your driving licence or passport and a recent utility or credit card bill);
- Inform us which right you wish to exercise; and
- Let us know the information to which your request relates, including any applicable matter number(s), if you have them.
Cookies, online forms & third party websites
When accessing our website, BCL collects standard internet log information for statistical purposes and to provide the website experience.
When we collect personal data, for example via an online form, we will explain what we intend to do with it.
We might also obtain your personal data through your use of social media such as Facebook, WhatsApp, Twitter, LinkedIn or YouTube, depending on your settings or the privacy notices of these social media and messaging services. To change your settings on these services, please refer to their individual privacy notices, which will tell you how to do this.
Questions and Complaints
Although we would hope that we could resolve any concern that you may have, the GDPR also gives you the right to lodge a complaint with the supervisory authority for data protection issues. In the UK, the supervisory authority is the ICO. The ICO’s website is: www.ico.org.uk. The ICO’s telephone number is: 0303 123 1113