Berlad Graham LLP
Privacy Notice (Legal Services and Business Relationships)
Welcome to Berlad Graham LLP (“Berlad Graham LLP”) Privacy Notice (Legal Services and Business Relationships).
This notice relates to the processing of personal data in connection with the provision of legal services and in connection with business relationships.
Berlad Graham LLP respects your privacy and is committed to protecting the personal data it collects. This privacy notice will inform you how we collect, use, share and look after personal data in connection with the provision of legal services and in connection with business relationships.
1. Who we are
Berlad Graham LLP is a Limited Liability Partnership (Company number: OC366951) and our registered office is Boundary House, Cricket Field Road, Uxbridge, UB8 1QG.
Berlad Graham LLP is the controller of your personal data and responsible for personal data processed in connection with the provision of legal services and in connection with business relationships. We are registered with the Information Commissioner under registration number ZA079408.
We do not have a data protection officer. We have appointed a data privacy manager. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.
Our full details are:
Berlad Graham LLP
Postal address: Boundary House, Cricket Field Road, Uxbridge UB8 1QG
Telephone number: +44 (0) 1895 457474
Name or title of data privacy manager: Stewart Graham
Email address: email@example.com
Data Subjects whose personal data is processed by us have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to the privacy notice
This version is effective from the effective date as indicated at the end of this notice. Historic versions (if any) can be obtained by contacting us.
2. How we collect your personal data
We may collect and process the following information about you in the following ways.
We may receive information about you from you or third parties when we are acting for, or considering acting for, a client and we are required to obtain information about you, for example if you are a beneficiary of an estate or a party or a witness in a case. The information we receive may include your contact details, identification information, financial information, employment information, details included in any correspondence and information about you in connection with any matter on which we are engaged or may be engaged to advise our client. Where we receive information about you, we will only use that information for the purposes of the legal transaction, case or matter (‘matter’).
Information that you give to us
The information you give to us mainly includes your contact details, identification information, financial or billing information, employment information, details included in any correspondence and information about you in connection with any matter on which we are engaged to advise to help us in the course of a transaction or to pursue or defend a case.
Information we receive from other sources
We may receive information about you from third parties. For example:
- In transactional matters
Law firms, accountants and other professional advisers acting for you where you or our client is a party to or otherwise concerned in the course of, for example:
– a corporate transaction (where your details may be placed in an online data room by us or another party);
– a commercial or domestic property transaction;
– a family, trust or probate matter; and
– due diligence.
- In litigation, arbitration, mediation and other forms of dispute resolution
Law firms, counsel, experts and other professional advisers acting for you or our client, or from third parties, where you or our client is a party to or otherwise concerned in the course of, for example:
– dispute resolution whether potential or current;
– disclosure, exchange of witness or expert evidence;
– obtaining employment, health, educational records or reports; or
– liaising with court agents, court officers (i.e. sheriffs and enforcement officers) or trace agents in order to progress or respond to a matter.
- From financial institutions
Banks, building societies and finance companies, who are clients of ours or from whom we are given or request information, where you are their customer/debtor.
- From clients acting in a representative capacity
Personal representatives, attorneys, trustees, deputies and litigation friends who may provide us with information in connection with a matter, whether non-contentious or not, in which we are acting for you or a client.
Friends, family members or colleagues who may provide information about you as part of the work we undertake, for example where you are or may be:
– a beneficiary of an estate or trust;
– appointed by them in some representative capacity, such as executor; or
– a party in or a witness to a dispute.
- From people connected to recruitment
– Recruitment consultants who may provide information about you to us in relation to a potential job at Berlad Graham LLP;
– Employers who may provide a reference about you to us.
- From regulatory bodies
– Regulatory bodies when making regulatory enquiries;
– The police when making enquiries into potential criminal offences.
- From introducers and referrers
– Professional advisers who may refer your matter to us;
– Any other introducer of a matter to us.
We may supplement the personal data collected about you with information from publicly available sources, such as information to validate your identity or address, or to perform a credit check.
The information that we receive about you from others includes contact details, biographical, behavioural, fraud and billing information.
The information that we receive about you from others can include both personal and special category data. Special categories of personal data are personal data about an individual’s:
(b) ethnic origin;
(e) trade union membership;
(g) biometrics (when used for ID purposes);
(j) sexual orientation.
Criminal convictions or offences must be treated in the same way as special category data.
Data about children will be handled carefully as they require particular protection.
Information we collect about you
If you are a client, please note that your provision of documents for identity verification purposes is necessary for us to comply with our legal and statutory obligations. Failure to provide these documents will result in our being unable to undertake identity verification as required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and, subsequently, we will not be able to act for you or the organisation instructing us, as applicable.
3. The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
As a legal practice dealing with cases and matters, we may process a range of personal data about you. To make it easier to understand the information that we use about you, we have divided this information into categories below and provided a short explanation of the type of information each category covers (please note that not all categories may be applicable to you):
- Attendance Data: CCTV footage and information completed in the visitor book if you visit our office
- Behavioural Data – Your activities, actions and behaviours
- Biographical data – Your life experiences and circumstances
- Contact Data: Information that can be used to address, send or otherwise communicate a message to you such as first name, last name, title, email address, postal address, telephone numbers, employer and job title, shareholdings held, officer positions
- Correspondence – Information contained in our correspondence or other communications with you or about you, about our products, services or business
- Employment – Your previous, current or future employment details
- Financial Data: such as information to enable us to make or receive payments to and from you and for the purposes of fraud prevention which may include your payment card details
- Geo-location – Information that contains or reveals the location of your electronic device
- Identity Data: Information contained in a formal identification document or social security or other unique reference relating to you such as your passport or driving licence.
- Insurance – Your insurance applications and any information relating to your insurance claim
- Legal – Information relating to legal claims made by you or against you or the claims process
- Monitoring – We may retain transcripts of dialogue (i.e. live chat conversations) either for our records or for training purposes. If you visit one of our offices, your image may be recorded on CCTV for security purposes
- Other Information any information you choose to provide to us such as an inability to attend a meeting due to a holiday, publicly available information and other information obtained in connection with the provision of legal services or in connection with business relationships.
- Special Category Data: such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data or criminal offences or records.
3. How and why we use your personal data
This privacy notice only deals with the use of personal data in connection with the provision of legal services and in connection with business relationships.
If we require personal data in order to provide our legal services and that data is not provided, we will not be able to perform the services for which we have been engaged.
We may use the information we collect about you in the following ways:
Where it is necessary for us to perform a CONTRACT with you
We may use and process your personal data where we have supplied you (or continue to supply you) with any legal services, where we have arranged for the supply of another firm’s services to you, or where you are in discussions with us about a particular matter on which you are considering taking advice.
We will use your information in connection with the contract for the provision of services when it is necessary to carry out that contract or for you to enter into it.
We may also use and process your personal data in connection with our recruitment activities, if you apply for a position with us (whether directly or through a third party) or send your details to us on a speculative basis.
Where we have a LEGITIMATE INTEREST
We may use and process your personal data where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
- to carry out our conflict checks so we are able to provide services to you;
- to enter into and perform the contract we have with you or your business;
- to assess and improve our service to clients or our clients’ customers (where applicable) through record keeping
- for the prevention of fraud and other criminal activities;
- to verify the accuracy of the data that we hold about you and to create a better understanding of you as a client and our clients’ customers (where applicable);
- to create a profile of you based on any preferences you have indicated to enable us to decide what products and services to offer to you for marketing purposes;
- to undertake analysis to inform our business and marketing strategy;
- to manage and deliver internal projects for business improvement;
- for network and information security purposes to enable us to take steps to protect your personal data against loss or damage, theft or unauthorised access;
- to comply with a request from you in connection with the exercise of your rights (for example, where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
- to assist in the management of queries, complaints or claims;
- to notify you or your business of changes in the law that might affect you or your business; and
- for the establishment, exercise or defence of our legal rights.
Where you have provided CONSENT
Where you have given us your consent, we will use and process your personal data to send you email communications about events, products and news updates and relevant news and announcements. Such communications may include content on relevant legal updates, seminar and event invitations and other news/announcements.
Please note that your information may be used to send you details of our products or services that we have identified as likely to be of interest to you, based on the preferences you have indicated to us.
We will seek separate and specific consent from you in circumstances where we wish to feature your identity in a published case study, press release, advertisement or testimonial or wish to include your image in a photograph or video in connection with public relations or promotional activities.
You have the right to withdraw your consent at any time. Please see ‘Withdrawing your consent’ for further details.
Where required by LAW
Where you engage us to provide legal services to you, we will process your personal data and the personal data of third parties in order to comply with our legal obligations, for example under the Civil Procedure Rules or the Family Procedure Rules. We also have a legal obligation to comply with the SRA’s Standards and Regulations.
It is also a legal requirement for you to provide us with information to verify your identity in connection with anti-money laundering and criminal financing legislation. We will use that information for the purpose of complying with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (or such other legislation that may replace or supersede these Regulations from time to time) unless we have obtained your consent to use it for any other purpose.
We may also use and process your personal data in order to comply with other legal obligations to which we are subject, as follows:
- to maintain a register of corporate gifts and hospitality to comply with anti-bribery laws;
- to maintain a record of undertakings where you are either a beneficiary of an undertaking or the person obliged to perform it;
- to maintain a record of undertakings where Berlad Graham LLP is the giver or receiver of an undertaking; and
- to comply with our other legal and regulatory obligations, e.g. undertaking conflict checks.
In the VITAL INTERESTS of the individual
From time to time when representing individuals who may be troubled, in danger, very young or otherwise unable to exercise due care for their own safety, we may in extreme circumstances use information about you or a person connected with you in order to take action to protect you or them.
Special categories of personal data
We may have to process sensitive personal data (known as ‘special categories of personal data’) about you or others associated with you, for example your family. We will only use this kind of information where:
- we have your explicit consent;
- it is necessary for us to use this information to protect your vital interests or those of another person where it is not possible to obtain consent;
- it is necessary to do so in connection with the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; or
- in exceptional circumstances, another ground for processing special categories of personal data is met.
Where you have provided us with explicit consent to use special categories of personal data about you, you may withdraw your consent for us to process this data at any time. Please see ‘Withdrawing your consent’ for further details.
Please note that if you withdraw your consent for us to process special categories of personal data about you, this may impact our ability to provide legal or support services to you.
4. Sharing of information and international transfers
Personal data may be transferred to and viewed by any individual within Berlad Graham LLP.
Personal data may be transferred to and viewed by any party providing services to us to support the operation of our business, such as IT and other administrative support.
Personal data may be transferred to any person within our client organisation or any organisation to whom you are connected.
We may pass your details onto clients or contacts by way of referral and networking where you are a professional service provider.
Personal data may be transferred to third parties in connection with the legal services that we provide including our suppliers and service providers, others involved in your case or matter or for regulatory purposes. Examples include, but are not limited to, law firms, accountants, counsel, expert witnesses, medical professionals and other professional advisors, property search providers, regulators, electronic verification providers, insurers, authorities, our auditors and professional advisers, governmental institutions, consultants and data room providers.
Where we are engaged by a third party, such as a bank or lender in connection with your contract with them, we may share information with that third party about the progress of the case. Any third party to whom we disclose information about you will be under an obligation to keep your information secure and not to use it for any purpose other than that for which it was disclosed unless you agree with them otherwise.
Personal data may be transferred to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
Where you are a professional service provider and we pass your details onto clients or contacts by way of referral and networking they may be outside the European Union.
Where we transfer your personal data outside the European Union, we ensure that it is transferred in accordance with data protection legislation. This can be done in a number of different ways, including:
- transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- by using model contractual clauses approved by the European Commission which give personal data the same protection it has in Europe.
- if we use providers based in the US, by ensuring that they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
- other means permitted by applicable data protection law.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Please contact us at firstname.lastname@example.org if you want further information on the specific mechanism used by us when transferring your personal data out of the European Union.
5. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
6. Data retention – How long will we process personal data for?
We will retain personal data for as long as we consider is necessary and appropriate to fulfil the purposes for which it is collected, to protect our interests as a law firm and as is required by law and the regulatory obligations to which we are subject.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and the applicable legal requirements.
7. Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal data. Except in rare cases, we will respond to you within 30 days from either (i) the date that we have confirmed your identity; or (ii) where we do not need to do this because we already have this information, from the date we received your request. You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. We may not provide you with a copy of your personal data in certain circumstances, but we will explain why we are unable to provide the data.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. The accuracy of your data is important to us. If you change your name or address/email address, or you discover that any of the other data we hold is inaccurate or out of date, please contact us using the details in this policy.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You may object to our processing your personal data for direct marketing purposes and we will immediately comply with your request. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. We may only process your personal data while its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. We may not provide you with a copy of your personal data in certain circumstances, but we will explain why we are unable to provide the data.
Withdrawing your consent – Where we rely on your consent as the legal basis for processing your personal data, you may withdraw your consent at any time by emailing the Data privacy manager. If you withdraw your consent, our use of your personal data before you withdraw your consent is still lawful.
If you wish to exercise any of the rights set out above, please contact us at email@example.com so that we may consider your request. As a law firm we have certain legal and regulatory obligations which we will need to take into account in considering any request. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). We may also contact you to ask you for further information in relation to your request to speed up our response.
Effective Date: 04 September 2019
Berlad Graham LLP