Last updated: 25 May 2018
This policy explains how Beviss & Beckingsale LLP (also referred to as ‘we’, ‘us’, ‘our’, and the ‘firm’) collects, uses and shares personal data provided to us in the course of operating our business and website.
‘Personal data’ has the meaning given in Article 4(1) of the General Data Protection Regulation (GDPR). The information in this policy is given in accordance the GDPR and the Data Protection Act 2018.
This policy supplements our general Terms of Business for legal matters, our Website Terms and Conditions, our Cookies notice, and any other privacy statement we may give at the point of collecting data.
Beviss & Beckingsale LLP is a limited liability partnership incorporated in England and Wales, and a data controller registered with the Information Commissioner’s Office (ref. ZA279930). Our registered office is:
Beviss & Beckingsale LLP
Devon EX13 5AH
Our Data Protection Officer is Sue Borkowski. You can contact Sue by telephone (01297 630700) and by email (email@example.com).
We hold data about the following categories of people:
Depending on the matter and our business relationship with you, we may need to collect data in the following categories:
Depending on the matter and our business relationship with you, we may need to collect data in the following categories of sensitive data:
For the purposes of providing legal advice and representation to our clients, we will collect and receive from them data relevant to their matter. We may also receive data from third parties such as a client’s employer and other parties relevant to the services we are providing.
As part of our recruitment procedures we may collect data such as contact details, past employment, qualifications, education, and opinions from third parties.
Where applicable, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 require us to conduct Customer Due Diligence, including but not limited to obtaining and verifying information about our clients’ and any beneficial owners’ identity.
If we need to collect data by law, or under the terms of a contract and you fail to provide that data, we may not be able to perform the contract we have or are trying to enter into with you.
We may use the data we collect for one or more of the following purposes:
We rely on one or more the following for a lawful basis to process data in compliance with the GDPR and the Data Protection Act 2018:
We may rely on consent for some limited processing of data. You may withdraw consent at any time by writing to our Data Protection Officer.
Depending on the circumstances of our business relationship, in pursuance of your matter, or as required by law, regulation or court order it may be necessary for us to share your data with:
As a law firm authorised and regulated by the Solicitors Regulation Authority, our sharing of data is also subject to strict rules about confidentiality and disclosure set out in the SRA Handbook.
We may share data with third party suppliers such as IT and communication providers for the purposes of processing data described in this policy. Our sharing of this data is subject to appropriate confidentiality agreements and security measures.
We may share data with third parties relevant to the legal services that we provide, which may include but is not limited to: parties to a transaction or litigation, professional service providers, regulators, and government institutions.
Our website uses Google Maps, Google ReCAPTCHA, and Google Universal Analytics. Google LLC is a company based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Anonymised data about visitors to our website is shared with Google LLC via cookies. The following links load web pages containing relevant privacy information from Google:
For more information about privacy and Google Universal Analytics, see the ‘Safeguarding your data’ web page of the Google Analytics Help Centre.
For more information about cookies, see the Cookies notice on our website.
We will keep your personal data for as long as is necessary to fulfil the purpose it was collected for and:
Our criteria for determining an appropriate retention period for personal data is to consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for our processing and whether we can achieve these by other means, legal requirements, industry good practice, protecting our clients and ourselves from claims, and advice from our insurers.
It may sometimes be necessary to transfer personal information overseas. This might be necessary, for example, for the performance of your contract with us or for the exercise of defence of legal claims on your behalf. All transfers of data will be made in full compliance with applicable data protection legislation.
In some rare circumstances it may be necessary for us to transfer your personal data outside of the European Economic Area. If so, we will ensure protection is afforded to it by ensuring that at least one of the following safeguards applies, as appropriate:
For example, transfers of anonymous data to Google LLC are subject to the protection operated by Google LLC that complies with the EU-US Privacy Shield Framework.
The personal data that we collect from will be stored in a variety of hard copy and electronic formats, including on servers based in the UK, which are managed for us by our third-party provider of IT, also based in the UK
We have appropriate technical and organisational measures in place to minimise the risks to data of unauthorised or unlawful processing, loss, destruction and damage.
We are accredited by the Law Society’s Lexcel Scheme, which requires us to have a written policy setting out our general approach to information management and security.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You have the following rights under the General Data Protection Regulation to ensure fair and transparent processing of your data:
More information about these rights is given on the Information Commissioner’s Office’s website, in its Guide to the General Data Protection Regulation (GDPR).
For details of how to make a request under these rights, please contact our Data Protection Officer (tel. 01297 630700 or email firstname.lastname@example.org).
If you are unhappy about any aspect of our processing of your personal data, please contact our Data Protection Officer (tel. 01297 630700 or email email@example.com).
If our Data Protection Officer has been unable to resolve your complaint about our processing of your data, then you have the right complain to the Information Commissioner’s Office (ICO, telephone 0300 123 1113 and https://ico.org.uk).
The ICO is the supervisory authority for the purposes of the Data Protection Act, General Data Protection Regulation and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
Staff have been very friendly and compassionate during a very difficult time for me.