Privacy Statement
1. Who we are
Rothley Law Limited is authorised and regulated by the Solicitors Regulation Authority,
SRA number 8001853, with its registered office address situated at 22 High View Close, Vantage Park, Leicester, LE4 9LJ (“RLL”).
RLL are a private client law firm.
As a regulated practice, we process personal information in accordance with the Data Protection Act 2018 (“DPA”) and in line with obligations imposed on us under Solicitors Regulation Authority (SRA) Standards and Regulations 2019 (Stars).
RLL is registered with the Information Commissions Office (“ICO”) with the registration number ZB514864. RLL will be provided with, share, obtain and store personal data during the course of our business.
RLL is wholly owned by Rothley Holdings Limited (RHL), an SRA approved owner, a company registered in England and Wales under company registration number 11934639, with its registered office address situated at 22 High View Close, Vantage Park, Leicester,LE4 9LJ. We may on occasion share data with RHL for reporting purposes.
2. Purpose of this privacy statement
RLL is committed to protecting your personal data and privacy. This privacy statement will inform you how we process your personal data and who we may share your personal data with and relates to personal data you may provide us with over the telephone, via email, via third parties, via the Courts or via our website www.rothleylaw.com (“the website”). This statement also sets out how the law protects you and your rights in relation to your personal data.
3. Data Controller
RLL is the Data Controller and becomes responsible for your personal data when it isprovided to us by you, or any other party.
We take our responsibilities for data protection seriously. If you have any questions about this privacy statement, including any requests to exercise your legal rights, please contact our COLP (Compliance Officer for Legal Practice), on colp@rothleylaw.com.
You can also contact the COLP by writing to them at the address set out above.
The ICO, is the UK supervisory authority for data protection issues (www.ico.org.uk) and you can contact them regarding any concerns you may have regarding the processing of your personal data. RLL would request that if you have any concerns about our processing of your personal data you contact us with your concerns in the first instance.
4. The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
RLL collect, process and retain personal information about you to enable us to provide legal advice and conduct legal proceedings and transactions on behalf of our clients.
RLL may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Personal Data such as your name, title, marital status, title, date of birth, gender, family information, and if you have any relationship to a member of our staff.
- Contact Information such as your postal address, previous addresses, email address, and telephone numbers.
- Financial Information such as your bank account details, salary details, mortgage details, national insurance number, pension details, income and expenditure, capital assets, net worth, tax status and payments, and any other relevant information about your finances.
- Identification information such as copies of your passport or driving licence and proof of address information.
- Technical information such as your internet protocol (IP) address, usage data, or other information relating to your visits to our website.
- Communications Information such as your preferences in relation to how we communicate with you.
Where necessary and legally permitted, we may also collect sensitive data, such as diversity and health data and details of offences and related proceedings.
5. Your duty to inform us of changes to your personal data
It is important that we hold up to date, accurate personal information about you as it will help us to deal with your affairs efficiently. Please inform us if your personal information changes during your relationship with us.
We may on occasion have to obtain up to date personal data via online tracing tools and/or third-party tracing agents if we are unable to contact you.
6. Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
7. How is your personal data collected?
Our approach is to handle the minimum personal information necessary in a reasonable and proportionate way in order to preserve the rights and freedoms of data subjects, whilst acting in the best interests of our clients.
We collect, retain and process personal information to enable us to give legal advice, provide legal and related business services and conduct legal proceedings and transactions on behalf of our clients.
Initially we are provided with your personal data by you or by an introducer who introduces you to our firm for legal advice.
Introducers who we may receive data from, include but not limited to, your other professional advisors, the courts, an introducer, another firm which may be a financial services provider or another firm of solicitors.
The introducer is the Data Controller of your personal data and we also become a Data Controller of your personal data when they pass your details to us.
Directly from you – We may also receive some personal data from you via:
- Our website;
- Any of our social media accounts;
- In hard copy by post;
- Over the telephone;
- Via a telephone recording;
- During the course of our dealings with you;
- When you register with us for newsletters, email updates, or other services;
- When you contact us with queries;
- When you complete surveys for research or quality purposes; or
- When you attend in person at one of our offices.
From Third Parties – We may also collect your personal data from other third parties, for example:
- Selected data suppliers;
- Other clients or their representatives;
- Other parties relating to the claim;
- Introducers or other law firms;
- HMRC; or
- Technical data from analytics providers such as Google.
Public Information – We may also collect publicly available information about you, including, directly or indirectly, through electronic data sources, in connection with anti-money laundering or for the preparation or filing of legal documents and forms.
8. How we use your personal data
We will only use your personal data when we have a legitimate reason to do so. Most commonly, we will use your personal data in the following circumstances:
- For the purpose of providing legal services to you;
- To carry out conflict checks to ensure we are able to provide legal services to you;
- For fraud prevention, anti-money laundering and for the prevention or detection of crime;
- To conduct identity checks;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- Where we need to comply with legal or regulatory requirements and obligations;
- To deal with queries and complaints; or
- To monitor quality of our services through audit of cases.
Promotional Communications
We may use your personal data to send you information via email, text or post, regarding other services we offer or legal developments that may interest you but only when you have provided us with permission to do so.
You have a right to opt out of receiving promotional communications at any time. Please email COLP@rothleylaw.com with your request.
Call Recording
Calls may be recorded for training and monitoring purposes and may be shared with our professional advisors and/or regulators.
On what basis do we process your information
The legal grounds for processing your personal data depend upon the nature of our relationship with you and the context of processing and are as follows:
- Processing is necessary for the performance of a contract with you, or to take steps prior to entering into a contract with you. Our retainer is comprised of our engagement letter and our terms and conditions of business which sets out the terms of the contract and the services to be provided to you. If you ask us to provide online training, we will invite you to sign our terms and conditions for the supply of online training services.
- Processing is necessary for the purposes of our legitimate interests or those of our clients in the provision of legal services and use in legal proceedings, except where those interests are overridden by the interests, rights or freedoms of affected individuals. In order to determine this, we shall weigh up a number of factors, including what you were told at the time you provided your data, what your reasonable expectations are, and the nature of the data as well as its impact upon you.
- Processing is necessary for compliance with mandatory legal obligations to which we are subject.
9. Sharing Your Personal Data with Third Parties
We may have to share your personal data to enable us to provide the legal services to you. We shall only share your personal data with the following third parties, insofar as we are permitted to do so:
- Third parties such as the Courts, barristers, defendant solicitors, financial experts.
- Other third parties which may be involved in your matter, such as pension provider, HMRC.
- The Financial Ombudsman Service, Financial Services Compensation Scheme, The Pension Ombudsman or other regulatory body for the purposes of complying with our regulatory obliugations.
- An insurance company which is involved in your claim, such as a provider of legal expenses insurance and other third-party funders.
- The person or organisation which referred you to us, such as an introducer or claims management company.
- A third-party company who we may use to outsource some of our administration tasks to, such as a third-party managed accounts, or an outsourced document collation/postal company, legal-costs draftsperson, typing services.
- External auditors, such as the Solicitors Regulation Authority, the Law Society, Lexcel, financial auditors.
- Online I.D. checking companies, who we may use to verify your identity for antimoney laundering purposes.
- Third-parties you may authorise to act on your behalf.
We conduct due diligence on all third-party providers and will only work with them if we are satisfied that they take the appropriate measures to protect your personal data. We also have contractual obligations in place to ensure they only use your personal data to provide services to you and us.
Information collected from you concerning other people
Where you provide personal information to us about other people, we accept it on the understanding that you have made the other person aware about how we will use and disclose their information.
Children
In matters involving children they will be represented by parents or legal guardians/agents. Where we are acting in matters involving children, we will explain why their personal data is needed and how it will be used.
10. Where will your personal information be processed
There may be occasions where we need to transfer your personal information to countries outside the European Economic Area, (EEA) which do not provide the same level of data protections as in the UK. For example, in relation to legal claims or transactions with an international element, or where we need to instruct overseas agents to assist us in performing our services. In these circumstances, we will take steps to ensure that your personal information is adequately protected by methods offering sufficient assurances and guarantees that the information is given the necessary safeguards to prevent it from accidental or unlawful, disclosure, access alteration or destruction.
11. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know and are required to only process your personal data on our instructions.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so or where we feel it is in your best interests to do so.
12. Data Retention – How long we keep your personal data for
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. By way of example, in relation to anti money laundering regulations and counter terrorist financing where we are required to keep information for minimum periods. It could also include conducting legal work as instructed, or establishing or defending claims which could be made against us, for example for negligence in the performance of our obligations.
In certain circumstances you can ask us to delete your data: see Request erasure below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further statement to you.
13. Your legal rights
Under certain circumstances, you have rights under the Data Protection Act 2018 in relation to your personal data as more particularly set out below:
- Request access to your personal data – this enables you to receive a copy of the personal data we hold about you;
- Request correction of your personal data – this enables you to have any incomplete or inaccurate data we hold about you corrected;
- Request erasure of your personal data – this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Please note we may not always be able to comply with this request but if not, we shall inform you of the specific legal reasons at the time of request;
- Object to processing of your personal data – where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes;
- Request restriction of processing your personal data – this enables you to ask us to suspend the processing of your personal data;
- Request transfer of your personal data to a third party – we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format;
- Right to withdraw marketing consent – you can do this at any time by emailing COLP@rothleylaw.com;
- Right to request a manual decision-making process where an automated decision-making process has been used.
If you wish to exercise any of the rights set out above, please contact us at COLP@rothleylaw.com.
We may ask you to verify your identity if you make a request to exercise any of the rights set out above and ask you to complete a Data Subject Access Request Form. This is a security measure to ensure we do not disclose your personal data to any person who is not entitled to receive it. We may also contact you to request further information in relation to your request.
Depending on the nature and extent of your request, we may be unable to continue acting for you. In this event, you will remain liable for our fees and disbursements incurred before the request was made.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Time limit to respond
We try to respond to all legitimate requests within one month of receipt. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
14. Third-party links
The website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we would encourage you, if you leave our website, to read the privacy policy of any other websites you visit. We do not accept any responsibility for a third-party site or use of your information or their use of cookies.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the website(s) may become inaccessible or not function properly. For more information about the cookies we use, please refer to our Cookie Policy.
Changes to the privacy statement
We may change this privacy policy to reflect changes in how we process your personal data or how changes in the law. Please check this policy regularly for any updates. If there are any key updates, we will inform you.