Privacy Policy

This policy is addressed to individuals who are either clients of Pritchetts Law LLP (we, our or us) in their own right, or representatives of a client (including prospective clients), visitors to our website or social media accounts, and other individuals that may deal with us, including suppliers and individuals related to a matter we are working on. We collectively refer to these categories of individuals as “you”.

If you are applying for a job, or you are a staff member of the firm, a different policy will apply, which will be provided to you.

 
It describes how we process your personal data when you deal with us, receive our services, visit our website https://www.pritchettslaw.com/ (our site), interact with us via our social media accounts, complete a survey, or make a complaint.

We have set out our privacy policy in full below for those of you that like a good read. If you know what information you are looking for, you can click on the following links to take you to the relevant section.

1. Who we are and how to contact us

2. Who is responsible for your personal data

3. Changes to this policy

4. Third-party links

5. Where we get your personal data from and how we use it

6. Change of purpose

7. Marketing

8. How long we store your personal data

9. What personal data do you have to provide?

10. Transferring your personal data outside the EU

11. Keeping your personal data confidential – disclosures to third parties

12. Security

13. Your rights

1.  Who we are and how to contact us

We are Pritchetts Law LLP of The Moat, 1a Rosery Close, Westbury-on-Trym, Bristol, BS9 3HF. If you have any questions about this policy, or how we process your personal data, email our Compliance Officer for Legal Practice at info@pritchettslaw.com or at +44 (0) 117 307 0266.

If you have a complaint, we ask you to get in touch with us as soon as you can. You can, of course, make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues, at
https://ico.org.uk/make-a-complaint.

In this policy, we refer to our clients’ transactions, disputes and other situations requiring legal advice as “matters”, and that term is used in this policy. “SRA” refers to the Solicitors Regulation Authority.

2.  Who is responsible for your personal data

For the purposes of the EU General Data Protection Regulation, as it is applied in the UK, we process your personal data as a controller.
 
It is important that the personal data we hold is accurate and current. Please inform us if your personal data changes during your relationship with us.
 

3.  Changes to this policy

This policy was last updated on 24 May 2018. You can obtain previous versions by contacting us.
 
Any changes that we make to this policy in the future will be posted on this page and, where appropriate, notified to you by email.
 

4.  Third-party links

Our site, and information that we may post on our site or via our social media accounts, may include links to third-party websites, plug-ins and applications for your convenience and information. If you use these links, you will leave our site or our accounts. When you access a site or social media account that is owned by a third party, we do not control the content and are not responsible, or liable, for how they process your personal data. For example, they may send their own cookies to users, collect data or solicit personal data from you. We encourage you to read the privacy policy of every website, app and social media account that you use or visit.
 

5.. Where we get your personal data from and how we use it

Your name, address and other contact details
 
We get these from you, or your organisation, or persons associated with you and your affairs. We use these for:
  • If you are our client, communicating with you in connection with your matters, this being necessary to take steps at your request prior to entering into a contract, and the performance of our contract with you.
  • If you are a representative of our client, or are an individual connected to any matter on which we are advising, we use this information for communicating with you and your colleagues in connection with your organisation's matters, which we have a legitimate interest in when entering into a contract, and performing our contract with your organisation.
  • Obtaining information from credit reference agencies, or credit checking services, about your ability to pay our charges, and then collecting and processing those charges, this being necessary for ensuring that we get paid promptly, which we have a legitimate interest in doing.
  • Telling you about our services and legal issues which we believe will be of interest to you, this being necessary for promoting our business, which we have a legitimate interest in doing. For example, we send a regular email newsletter, specific legal or industry updates where we think they are relevant, and we may contact you or share information via our social media platforms. See further information on Marketing below.
  • To provide contact details of our clients to legal directory providers (such as The Legal 500 and Chambers & Partners) to obtain your feedback on us, and for them to assess us for their directory rankings, which is necessary for our legitimate interests to seek industry recognition to promote our firm.
  • If you or your organisation is a supplier, for agreeing our terms and managing our relationship with you which we have a legitimate interest in doing, or, if you are an individual for the performance of our contract with you.
  • To notify you of changes to this policy which is a legal obligation, and of changes to any applicable terms and conditions which we have a legitimate interest in doing to maintain our relationship with you.
  • To keep our records updated, which we have a legal obligation to do.
     
Information about your affairs
 
By this, we mean information about the matter we are advising on which relates to you, including our communications with you or about you. We get this from you, other people associated with you or with your affairs (e.g. other parties to your transactions and disputes), official sources (e.g. details of your company directorships and shareholdings from Companies House) and occasionally other public sources. We use it for:
  • Providing our services, this being necessary to take steps at your request prior to entering into a contract, and the performance of our contract, with you.
  • If you are a representative of our client, or are an individual connected to any matter on which we are advising, we use this information for communicating with you and your colleagues in connection with your organisation’s matters, which we have a legitimate interest in when entering into a contract, and performing our contract with your organisation.
  • Completing our file opening procedures, including avoiding conflicts of interest (i.e. between your interests and those of our other clients), this being necessary for complying with our legal obligations under common law and the SRA code of conduct for solicitors, and for the performance of our contract with you.
  • Keeping records of your identity and affairs, assessing the likelihood that money laundering or terrorism financing might be taking place, and notifying the appropriate authorities if necessary. We have a legitimate interest in doing this and, where they apply, this is necessary for complying with our legal obligations under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
  • Dealing properly and fairly with complaints, this being necessary for complying with our legal obligations under the SRA code of conduct for solicitors and for the performance of our contract with you; we also have a legitimate interest in doing this to manage our business properly and maintain our relationships with our clients and other third parties.
  • Defending claims against us, for which we have a legitimate interest to manage our business properly.
  • Managing payments, and collecting and recovering money owed to us for which we have a legitimate interest in when performing our contract with your organisation and to manage our business properly.
  • Keeping proper business records (e.g. accounts and copies of invoices), this being necessary for complying with our legal obligations under The Companies Act 2006 and the SRA code of conduct for solicitors; we also have a legitimate interest in managing our business properly.
  • Obtaining professional indemnity insurance and processing claims under the policy, this being necessary for complying with our legal obligations under The SRA Indemnity Insurance Rules 2013; we also have a legitimate interest in obtaining and benefitting from this insurance cover.
  • Sending you information in accordance with the SRA’s requirements, this being necessary for complying with our legal obligations under the SRA code of conduct for solicitors.
  • Conducting strategic business planning about our services and our clients, which we have a legitimate interest to do.
  • If you or your organisation is a supplier, for agreeing our terms and managing our relationship with you or your organisation which we have a legitimate interest in doing, or, if you are an individual for the performance of our contract with you.
  • If we sell part or all of our business, or restructure our business, then we may disclose appropriate personal data about you as necessary for that purpose provided we have in place appropriate confidentiality restrictions, which we have a legitimate interest to do.
     
Information we collect through your use of our site
 
This is information about traffic volumes to our site, content viewed or searched for on our site, your device you are using, its software, and IP address associated with it and your connection, the network you are using. We use this for presenting our website content to you in the best format for your device, for security (where our website hosting provider checks for spammers or targeted attacks), all this being necessary for ensuring its proper operation, developing it, and understanding how visitors (at a statistical level) interact with our site, which we have a legitimate interest in doing.
 
Information we collect through our social media accounts
 
Where you interact with us via our social media accounts, we will receive information from those social media platforms about who you are, what action you took (such as liking, sharing or commenting on us or our content), any communications or content that you send to us or share with us via that platform, and when you interacted with us. We will use this information to interact with you via the relevant platform, or to contact you directly if requested, which we have a legitimate interest in doing.
 
Where you interact with social media functions on our website, you may provide information to those social media platforms about you, and where you have linked from. You should check their privacy policy to understand how they process such data.
 
Sensitive personal data/special categories of personal data
 
While it is unlikely, depending on the nature of the services that we provide to you, we may collect special categories of personal data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic data. We may also need to collect information about actual or alleged criminal convictions and offences. We will tell you how we collect this type of data, and for what purposes at the time.
 
Automated decision-making
 
We provide a very personal service and we do not make any decisions which could have a legal effect, or other significant effect on you, based solely on automated processing of your personal data.
 

6.  Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like to understand more about any of our purposes, please contact us. We will notify you to explain if we need to use your personal data for an unrelated purpose.
 

7. Marketing

We hope that you enjoy and value our newsletter and updates, and our marketing material generally. We may send you this information by various means, including email, text message, post, telephone, or social media. We respect your right to choose what marketing messages you receive. You can opt out of any marketing material that we send you at any time by clicking the unsubscribe link in our emails, unsubscribing from our social media accounts, or by contacting us.
 
We use an email marketing management platform. That platform provides information to us which helps us understand the effectiveness of an email campaign and plan future email campaigns. For example, it will tell us about whether you opened the email, what you clicked on, the email delivery status and geographic location.
 
We may ask you to confirm or update your marketing preferences over time, such as when you instruct us to provide further services in the future, or if there are changes in the law or the regulation or structure of our business.
 

8.  How long we store your personal data

Personal data we have obtained solely for the purpose of assessing your ability to pay our charges will be deleted once we have decided what credit limit to apply.
 
Personal data we have obtained solely for the purpose of complying with money-laundering and terrorism-financing laws will be kept in accordance with those laws. Currently this means that it will be deleted 5 years after our business relationship with you has come to an end.
 
All information which relates to one of your matters will be stored in a file dedicated to that matter. We take reasonable steps to ensure any papers are scanned and stored on the electronic file, then where appropriate they are shredded and disposed of securely or otherwise kept in a locked cabinet.
 
The file will be kept on our computer until we have completed our work and closed it. Then it will be archived securely on our system, where we retain it for 15 years in case it is needed in connection with a complaint or claim it will not be accessed during that period unless a complaint or claim arises. At the end of that period it will be reviewed and then deleted unless there is reason to believe that it should be retained in connection with a potential claim.
 
If we close the firm, we may pass your matter file, including any personal data in it, to our insurer who will retain your matter file in accordance with their own privacy policy, solely for the purposes of dealing with an actual or potential claim.
 
Our client name, brief details of your matter, and the names of any third parties who are involved, will be kept in a register so that we can see when the file was archived and deleted, and identify potential conflicts of interest. This information will stay on our computer even after the file has been deleted but only for this purpose.
 
We may also choose to anonymise your personal data, by making sure that you are no longer identifiable. We can then keep that data indefinitely.
 

9.  What personal data do you have to provide?

It is entirely up to you what personal data you provide, although if you withhold any relevant information our advice may be inadequate or inappropriate, or we may even have to decline to advise or continue providing our advice. However, if there is any indication of money laundering or terrorism financing by anyone, we may have to ask you for certain information and we will not be able to do any more work until you provide it. Your failure to provide it may trigger a report to the authorities. We will tell you when this is the case if we can, although the law may prevent us from doing so.
 

10.  Transferring your personal data outside the EU

We will not intentionally transfer your personal data outside the EU without ensuring appropriate safeguards are in place. For example, we may put in place standard contractual clauses, or, if that is not appropriate, we may seek your explicit consent. However, we have no control over the routes emails take, and even emails exchanged between two people in the UK could appear on equipment in countries outside the EU, where they may not be protected by strong privacy or data protection laws. You will probably not consider this an issue, but if you have any concerns please raise them with us and we will make alternative arrangements.
 
Currently, we transfer your personal data to the following jurisdictions:
  • Our email is hosted by an email hosting provider based in the US. They are subject to the EU-US Privacy Shield, which provides adequate measures to protect your personal data.
  • We use an email marketing management platform which is based in the US. Our contract with them incorporates the appropriate EU Standard Contractual Clauses.
If you would like further information about these arrangements, please contact us.
 

11.  Keeping your personal data confidential – disclosures to third parties

Our duty to keep information about you and your affairs confidential is set by law (including the SRA’s code of conduct for solicitors). In summary, we have to keep it confidential unless: (i) we need to disclose it in the course of providing our service to you; (ii) you have given us permission to disclose it to a particular person; or (iii) the law or a rule or order of the court requires us to disclose it.
 
We may disclose your personal data to the businesses we use to provide and support our services, this being necessary for them to provide that service (which we have a legitimate interest in them doing). For example, we may engage sub-contractors in providing our advice such as consultants or perform part of our services, or engage other professionals on your behalf. We also use support service providers such as IT support, cloud storage, off-site disaster recovery, storage, archiving, shredding, payment services (which are operated by our bank), call answering and conference calling, marketing and advertising services, analytics, and search and social media information and optimisation services. Those businesses have all signed confidentiality agreements which only permit them to use personal data as necessary to provide their services to us, and that their staff had made appropriate confidentiality commitments.
 
We may provide contact details of our clients to legal directory providers (such as The Legal 500 and Chambers & Partners) to obtain your feedback on us, and for them to assess us for their directory rankings.
 
We may also be required to disclose your personal data to our professional indemnity insurer in relation to any actual or potential claims.
 
If our business, or part of it, should ever be put up for sale, or we re-structure our business, we may allow potential buyers or transferees, to have access to your personal data and matter files after they have signed confidentiality agreements which restrict their use of it to that transaction.
 

12.  Security

To help keep your personal data confidential:
  • We limit access to your personal data to those employees, consultants, or external third parties who have a business need to know. Where those parties act as our processors, they will only process your personal data on our instructions and they are subject to a duty of confidentiality.
  • Our computer systems including backups and archives are encrypted using strong passwords.
  • Our matter files are backed-up to a secure encrypted central server.
  • Our website uses a Secure Socket Layer certificate to protect data passing through it.
  • We take reasonable precautions to reduce the risk of hackers gaining access to our computers. For example, we use anti-virus and firewall software.
  • When your matter file is closed it will be transferred to an offline archive to further reduce the risk that it might be accessed or corrupted by hackers.
  • Third parties have access to our offices very rarely, and when they do they are closely supervised and all computers are locked and all papers locked away before they enter.
  • Our offices are kept locked whenever it is unattended.
  • Our staff receive regular data protection training.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
 
If you would like to know more about our data security measures please contact us.
 
A warning about website security
 
Information carried over the Internet is not secure; information can be intercepted, lost, redirected, changed and read by other people. If you need to send us personal data securely then please contact your main point of contact.
 

13.  Your rights

You have the right to ask us:
  • To receive a copy of the personal data we hold about you and to check that it is being lawfully processed.
  • Where the legal basis for our processing is your consent, or that it is necessary for the performance of our contract with you, you are entitled to receive a copy of your personal data (or have it passed to a third party) in a common and structured electronic format.
  • To correct your personal data if it is wrong and to complete it if it is incomplete.
  • How and why we are processing your personal data, the legal basis for that processing, who we have disclosed it to and who we will disclose it to (which we have done in this privacy policy).
  • To stop using your personal data for direct marketing.
  • To restrict our processing your personal data  you may want to do this while we consider your request to have it corrected.
  • To erase your personal data, but we will retain your data for the purposes of dealing with any claims or we have any other legitimate reason to retain it.
You also have the right:
  • To withdraw your consent to our processing your personal data (where that is relevant) at any time.
  • To object to how we are processing it, for example if we are processing it on the basis of a legitimate interest and that does not override your individual rights.
  • To complain to the Information Commissioner’s Office about our processing or our response to your requests and objections. To do so, go to https://ico.org.uk/make-a-complaint or call 0303 123 1113.
No fee usually required – you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee or refuse your request, if your request is clearly unfounded, repetitive or excessive.
 
What we may need from you – we may need to request proportionate information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
 
Time limit to respond – we try to respond to all legitimate requests. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
 
 We will be pleased to discuss any of this with you, so please contact us.
 

Pritchetts Law LLP is a Limited Liability Partnership registered in England and Wales (company no. OC413975) and authorised and regulated by the Solicitors Regulation Authority (SRA no. 647155). "Partner" refers to a member of Pritchetts Law LLP. A list of members can be inspected at The Moat, 1a Rosery Close, Westbury-on-Trym, Bristol, BS9 3HF, and at our other offices.


 
© Copyright 2018 Pritchetts Law LLPWeb Design By Toolkit Websites