• Axminster: 01297 630700
  • Seaton: 01297 626950
  • Chard: 01460 269700
  • Honiton: 01404 548050

Privacy Policy

Privacy policy

Version: 1.0
Last updated: 25 May 2018

This policy explains how Beviss & Beckingsale LLP (also referred to as ‘we’, ‘us’, ‘our’, and the ‘firm’) collects, uses and shares personal data provided to us in the course of operating our business and website.

‘Personal data’ has the meaning given in Article 4(1) of the General Data Protection Regulation (GDPR). The information in this policy is given in accordance the GDPR and the Data Protection Act 2018.

This policy is published on our website and is subject to regular review and updating from time to time. Previous versions of our privacy policy are available on request to our Data Protection Officer.

This policy supplements our general Terms of Business for legal matters, our Website Terms and Conditions, our Cookies notice, and any other privacy statement we may give at the point of collecting data.

About us

Beviss & Beckingsale LLP is a limited liability partnership incorporated in England and Wales, and a data controller registered with the Information Commissioner’s Office (ref. ZA279930). Our registered office is:

Beviss & Beckingsale LLP
Law Chambers
Silver Street
Devon EX13 5AH

Our Data Protection Officer is Sue Borkowski. You can contact Sue by telephone (01297 630700) and by email (sue.borkowski@bevissandbeckingsale.co.uk).

Whose data do we hold?

We hold data about the following categories of people:

  • clients;
  • suppliers and service providers;
  • complainants;
  • enquirers;
  • advisers, consultants and professional experts; and
  •  employees.

Categories of data we collect

Depending on the matter and our business relationship with you, we may need to collect data in the following categories:

  • personal details;
  • family details;
  • lifestyle and social circumstances;
  • goods and services;
  • financial details;
  • business of the person whose personal information we are processing; and
  • education and employment details.

Sensitive data we may collect

Depending on the matter and our business relationship with you, we may need to collect data in the following categories of sensitive data:

  • physical or mental health details;
  • racial or ethnic origin;
  • political opinions;
  • religious or other beliefs;
  • sexual life;
  • trade union membership;
  • offences and alleged offences; and
  • criminal proceedings, outcomes and sentences.

How we collect data

For the purposes of providing legal advice and representation to our clients, we will collect and receive from them data relevant to their matter. We may also receive data from third parties such as a client’s employer and other parties relevant to the services we are providing.

As part of our recruitment procedures we may collect data such as contact details, past employment, qualifications, education, and opinions from third parties.

Where applicable, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 require us to conduct Customer Due Diligence, including but not limited to obtaining and verifying information about our clients’ and any beneficial owners’ identity. 

If you fail to provide us with data

If we need to collect data by law, or under the terms of a contract and you fail to provide that data, we may not be able to perform the contract we have or are trying to enter into with you.

Our use of data

We may use the data we collect for one or more of the following purposes:

  • reviewing and responding to communications from enquirers;
  • provision of legal services, including advising and acting on behalf of clients;
  • complying with our legal and regulatory obligations (e.g. checks to reduce the risk of financial crime);
  • record keeping and audit;
  • accounting and financial management;
  • reviewing and processing applications from prospective employees;
  • managing and supporting employees;
  • conducting business research, monitoring and analysis;
  • analysing anonymous data about visits to our website;
  • promoting our legal services and related events to people who have instructed us;
  • exercising our legal rights or in relation to legal proceedings; and
  • reviewing and responding to communications from complainants.

The lawful basis for our processing data

We rely on one or more the following for a lawful basis to process data in compliance with the GDPR and the Data Protection Act 2018:

  • performance of a contract (such as our retainer with clients set out in our client care letter, letter of advice and Terms of Business);
  • compliance with law or regulation (such as the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017); and
  • legitimate interests (such as those interests listed under the heading ‘Our use of data’ above).

We may rely on consent for some limited processing of data. You may withdraw consent at any time by writing to our Data Protection Officer.

Sharing data

Depending on the circumstances of our business relationship, in pursuance of your matter, or as required by law, regulation or court order it may be necessary for us to share your data with:

  • family, associates or representatives;
  • current, past or prospective employers;
  • educators and examining bodies;
  • healthcare professionals, social and welfare organisations;
  • business associates;
  • trade associations and professional bodies;
  • suppliers and service providers;
  • ombudsman and regulatory authorities;
  • employment and recruitment agencies;
  • complainants;
  • enquirers;
  • financial organisations;
  • debt collection and tracing agencies;
  • credit reference agencies;
  • private investigators;
  • courts and tribunals; and
  • central government.

As a law firm authorised and regulated by the Solicitors Regulation Authority, our sharing of data is also subject to strict rules about confidentiality and disclosure set out in the SRA Handbook.

We may share data with third party suppliers such as IT and communication providers for the purposes of processing data described in this policy. Our sharing of this data is subject to appropriate confidentiality agreements and security measures.

We may share data with third parties relevant to the legal services that we provide, which may include but is not limited to: parties to a transaction or litigation, professional service providers, regulators, and government institutions.

Our website uses Google Maps, Google ReCAPTCHA, and Google Universal Analytics. Google LLC is a company based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Anonymised data about visitors to our website is shared with Google LLC via cookies. The following links load web pages containing relevant privacy information from Google:

For more information about privacy and Google Universal Analytics, see the ‘Safeguarding your data’ web page of the Google Analytics Help Centre.

For more information about cookies, see the Cookies notice on our website.

How long will we keep data for?

We will keep your personal data for as long as is necessary to fulfil the purpose it was collected for and:

  • for the purposes of satisfying any legal, accounting or reporting requirements; and
  • in accordance with our file management and retention procedures.

Our criteria for determining an appropriate retention period for personal data is to consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for our processing and whether we can achieve these by other means, legal requirements, industry good practice, protecting our clients and ourselves from claims, and advice from our insurers.

Transfers of personal data to third countries or international organisations

It may sometimes be necessary to transfer personal information overseas. This might be necessary, for example, for the performance of your contract with us or for the exercise of defence of legal claims on your behalf. All transfers of data will be made in full compliance with applicable data protection legislation.

In some rare circumstances it may be necessary for us to transfer your personal data outside of the European Economic Area. If so, we will ensure protection is afforded to it by ensuring that at least one of the following safeguards applies, as appropriate:

  • the transfer will be to country that has been deemed to provide an adequate level of protection for personal data by the European Commission; or
  • we will use specific contracts approved by the European Commission which give personal data the same protection it has in Europe; or
  • the transfer will be to an organisation that offers protection that complies with the Privacy Shield Framework.

For example, transfers of anonymous data to Google LLC are subject to the protection operated by Google LLC that complies with the EU-US Privacy Shield Framework.

Our security arrangements for your data

The personal data that we collect from will be stored in a variety of hard copy and electronic formats, including on servers based in the UK, which are managed for us by our third-party provider of IT, also based in the UK

We have appropriate technical and organisational measures in place to minimise the risks to data of unauthorised or unlawful processing, loss, destruction and damage.

We are accredited by the Law Society’s Lexcel Scheme, which requires us to have a written policy setting out our general approach to information management and security.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your legal rights

You have the following rights under the General Data Protection Regulation to ensure fair and transparent processing of your data:

  • Right of access (i.e. by making a data subject access request);
  • Right to rectification;
  • Right to erasure;
  • Right to restriction of processing;
  • Right to object to processing;
  • Right to data portability;
  • Right to withdraw consent; and
  • Rights concerning automated decision-making and profiling.

More information about these rights is given on the Information Commissioner’s Office’s website, in its Guide to the General Data Protection Regulation (GDPR).

For details of how to make a request under these rights, please contact our Data Protection Officer (tel. 01297 630700 or email sue.borkowski@bevissandbeckingsale.co.uk).

Your right to complain about processing of your personal data

If you are unhappy about any aspect of our processing of your personal data, please contact our Data Protection Officer (tel. 01297 630700 or email sue.borkowski@bevissandbeckingsale.co.uk).

Your right to lodge a complaint with the ICO

If our Data Protection Officer has been unable to resolve your complaint about our processing of your data, then you have the right complain to the Information Commissioner’s Office (ICO, telephone 0300 123 1113 and https://ico.org.uk).

The ICO is the supervisory authority for the purposes of the Data Protection Act, General Data Protection Regulation and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

Send an


Solicitors and support staff all very helpful and easy to access.