GDPR And Data Protection Privacy Notice
Definitions
Personal data: Information relating to an identified or identifiable person.
Processing: Operations performed on personal data, whether automated or not.
Controller: Entity determining processing purposes and means.
Processor: Entity processing data on behalf of the controller.
Special categories: Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or other sensitive information.
Introduction
At Laws Bureau, we handle diverse personal data to deliver top-notch legal advice and services, and we are committed to upholding your privacy and confidentiality in compliance with legal obligations. This document delineates your rights regarding the use and retention of your personal data, explains how and why we process your information, and outlines the associated legal obligations.
As of May 25, 2018, the EU General Data Protection Regulations (GDPR) came into effect, superseding the Data Protection Act 1998. These regulations bolster individuals' rights and provide enhanced protection for personal data processing. The Data Protection Act (2018) further refines the rights of data subjects and the obligations of entities processing their data as defined in the EU General Data Protection Regulations.
This document is crafted for clarity. Throughout, references are made to GDPR sections (articles), accessible on the user-friendly website at [https://gdpr-info.eu/](https://gdpr-info.eu/). Please note that this is a third-party website, and while we strive for accuracy, we recommend cross-verification on the European Commission or Information Commissioner’s websites.
Information We Collect And Process When You Visit Our Website
Web Server Log Information
Our privately-owned web server in the European Union automatically records the IP address and page of website visitors. This log data, essential for security, is stored securely and is regularly refreshed. We do not attempt to identify individuals unless investigating criminal or suspicious activity.
Legal basis for processing: Legitimate interest, Article 6(1)(f) of the GDPR.
Our legitimate interest: Ensuring server security, website continuity, and information security.
Duration and erasure: Data is refreshed regularly and not retained for over one month.
Disclosure: Information may be disclosed for fraud, money laundering, crime detection, and prevention.
Cookies
Cookies, small data files exchanged between our website and visitors' devices, aid in identifying browsing sessions. We use cookies for website functionality and aggregate usage pattern analysis.
Legal basis for processing: Legitimate interest, Article 6(1)(f) of the GDPR.
Our legitimate interest: Enhancing website functionality and understanding usage patterns.
Duration and erasure: Cookie data is routinely expunged 24 hours after a user's last website activity.
Disclosure: Information may be disclosed for fraud, money laundering, crime detection, and prevention.
Information We Collect And Process When You Interact With Our Website
When you complete the contact form on our website, we collect:
- Name
- Telephone Number
- Email Address
- Type of Help Required
- Optional Message
This information, encrypted during transfer and storage, is held securely in our EU-based CRM for two years.
Legal basis for processing: Necessary to perform a contract, Article 6(1)(b) of the GDPR.
Why this data is necessary to perform a contract: Minimum data required for contacting prospective clients.
Duration and erasure: Kept for two years, then removed from our CRM system.
Disclosure: Information may be disclosed for fraud, money laundering, crime detection, and prevention.
Data Gathered And Processed When You Call Our Client Liaison Team
Data Gathered And Processed By Our Client Liaison Team Prior To And Whilst Becoming a Client
Our Client Liaison Team collects data critical to the client onboarding process. Data may include special categories and criminal convictions, collected with the client's oral consent.
Legal basis for processing: Necessary to perform a contract, Article 6(1)(b) of the GDPR.
Our reason that your data is necessary to perform a contract: Enables offering products and services to prospective clients.
Secondary legal basis for processing: Processing is necessary for compliance with a legal obligation, Article 6(1)(c) of the GDPR.
Our legal obligation: Keep clients' instructions for at least five years.
Legal basis for processing special category/criminal data: Consent, Article 6(1)(a) of the GDPR.
Duration and erasure: Kept for two years if no contract, six years if contracted. Digital data deleted, paper files securely shredded.
Disclosure: Information may be disclosed for fraud, money laundering, crime detection, prevention, and regulatory or audit purposes.
If a call results from online marketing, details may be linked to the marketing form for analysis. Call records are maintained for billing and business analysis, without routine attribution to specific individuals.
Data Gathered And Processed When Making a Payment To Us
Our Client Liaison Team handles client payments, entering card details into a secure virtual terminal processed by our merchant bank. We do not retain card details but hold payment-related information for accounting purposes.
Legal basis for processing: Processing is necessary for compliance with a legal obligation, Article 6(1)(c) of the GDPR.
Our legal obligation: Keep clients' instructions for at least six years.
Duration and erasure: Kept for six years, then removed from our Case Management System.
Disclosure: Information may be disclosed for fraud, money laundering, crime detection, and prevention. Accountant retains payment data as required by their regulator.
Data Gathered And Processed By Our Legal Team
Data Gathered And Processed By Our Legal Team In The Performance of Your Matter
Our legal team processes personal data and special category data to provide legal advice and services.
Personal Data Legal basis for processing:
Your consent, Article 6(1)(a) of the GDPR.
Necessary to perform a contract, Article 6(1)(b) of the GDPR.
Processing is necessary for compliance with a legal obligation, Article 6(1)(c) of the GDPR.
Duration and erasure: Kept for six years after the matter is completed, with secure disposal of original documents.
Disclosure: Information may be disclosed for fraud, money laundering, crime detection, and prevention, as well as to essential parties for case representation.
Special Category Data and That Relating to Criminal Offences and Convictions
Consent is sought for processing special category data, which may be essential in various immigration matters.
Storage: Paper copies kept securely, digital data on our Case Management System.
Disclosure: May be disclosed to the Home Office, barristers’ chambers, medical professionals, social services, probation service, interpreters, translators, regulatory bodies, police, and other solicitors.
Retention and Destruction: Digital data deleted after five years, paper files securely shredded. Unreturned original documents disposed of as confidential waste.
Your Rights Regarding Special Category Data and That Relating to Criminal Offences and Convictions
Under GDPR,
you have rights regarding the data we hold. Notably, you can withdraw consent for processing special categories of data.
Children’s Privacy
When processing data related to a child, we seek the consent of the parent or guardian.
Disclosure of Personal Information To Service Providers
We engage third parties for necessary business services, ensuring data protection compliance:
- Telephone Providers: LegalTX [Privacy Policy](http://www.legaltx.co.uk/privacy-policy/)
- Cloud Computing Provider: Amazon AWS [GDPR Compliance](https://aws.amazon.com/compliance/gdpr-center/)
- Case Management System: LEAP [Information Security Policy](https://leap.co.uk/information-security-policy/)
- Email Provider: [Microsoft Privacy Statement](http://www.privacy.microsoft.com/en-gb/privacystatement)
Your Rights In Relation to Your Information
You have rights to access, correct, delete, and restrict the use of your information. You can also request data in a machine-readable format and withdraw consent.
Verifying Your Identity Where You Request Access To Your Information
We are obligated to verify your identity before providing access to your information. This helps prevent identity fraud.
Questions or Complaints
For GDPR-related concerns, contact us on: admin@lawsbureau.co.uk