Client privacy policy
Bolt Burdon Kemp collects, uses and are responsible for certain personal data and information about you. Your privacy is important to us and as a provider of legal services, we handle personal data in accordance with the provisions of the UK General Data Protection Regulations (UK GDPR) and we operate as a ‘data controller’ as defined by the regulations
We treat all information we collect as confidential. We collect your personal information in a way that is lawful, fair and not unreasonably intrusive to your privacy. When you browse our website as a visitor, we don’t collect any personal information.
Why do we collect your information?
Under data protection law, we can only use your personal data if we have a proper reason. Generally, we will collect information from you for such things as:
- providing our services
- billing and verifying your account
- identifying your needs
- improving, maintaining and managing our business operations
- meeting legal requirements.
- For a legitimate interest – this is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests.
We will not use or disclose your information for any other purpose without your consent unless the law requires us to. We do not disclose information to overseas recipients unless the law requires us to do so or it is necessary for the conduct of your matter.
What information do we collect?
We collect personal data as defined by the UK GDPR, including but not limited to
- Name, address and contact details
- Bank details
- National Insurance number and date of birth
We collect your information only to carry out our business and deliver our services to you and as may be required to comply with legal requirements.
How do we collect personal information?
We collect information for service delivery, in ways including but not limited to:
- documents provided to us by you
- emails
- website’s online enquiries
- telephone or text (we may store your phone number)
- when you give us a business card.
- notes from telephone calls and meetings
We collect information from a third party or a publicly available sources (eg Companies House or HM Land registry) only if you have agreed to it or it is reasonable for us to do so.
We try to ensure that your information is accurate and up to date. Please tell us if you believe otherwise.
How do we keep your information secure?
We use generally accepted technology and security to hold and protect your information from unauthorised access, use, modification and disclosure by security mechanisms. This includes physical, network and computer security. We restrict access to our IT systems to people who legitimately need to use it as part of their responsibilities.
How can you access your information?
Please contact us in writing to access your information, with proof of your identity. We’ll reply to your request within one calendar month. Any request will be considered fully and if we are unable to comply, a full explanation will be provided.
Also contact us in writing if you wish us to update or delete your information. We will take the necessary reasonable steps to identify your data and delete any live data we hold, unless we have a legitimate reason to retain this.
How do we use your personal information?
We use your information only for the reasons we tell you when we collect it or as this policy outlines.
Exceptions are where:
- you consent to it being used for another purpose
- your health, safety or welfare or that of the general public is affected
- the law authorises or requires the intended use
- it is reasonably necessary to enforce a criminal law, or a law enforcing a financial penalty, or to protect public revenue
- it directly relates to the original reason for it being collected
- you can assume that we will need to share it with relevant individuals or agencies in accordance with our Terms of Business.
How do we store your information?
We have implemented appropriate technical and organisational measures to keep your personal data confidential and secure from unauthorised access, use and disclosure. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We store your information:
- on a secure computer storage facility
- in printed records.
When you visit our website, we may use cookies to record information about your visit like:
- the type of browser and operating system you use
- your server’s IP address
- the previous site you visited
- the pages you access on our site
- the information you download.
We, our web service provider or digital marketing agency may compile and analyse statistical data we collect to improve our services, but we cannot personally identify you as the source of that data.
How do we retain your information?
We will not keep your personal data for longer than we need it for the purpose for which it was collected or as required by law. We will keep your personal data after we have finished advising or acting for you. We will do so for one of these reasons:
- to respond to any questions, complaints or claims made by you or on your behalf;
- to keep records required by law, our professional regulator or for insurance purposes.
Our electronic systems are designed to hold data indefinitely. We will always hold data at the end of a matter for at least 6 years or other statutory period required but we believe that it is in the best interests of clients and the firm to hold data for longer periods. We have reviewed our use of personal data and we reserve the right to keep data (including personal data)
What about third party providers?
If we have a contract with a third party provider to receive or supply goods, we will take reasonable steps to make sure it complies with our Privacy Policy and relevant laws.
Any concerns?
For further information see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation
Please contact us if you:
- have any questions about this policy or how we use your personal information
- would like to report a breach of this policy.
If you are not satisfied with our handling of your data, you can ask the ICO to consider a complaint. The ICO are the independent body responsible for overseeing data protection in the UK. Please contact the ICO directly to clarify whether you can have your complaint considered. The details are as follows;-
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Normally you would need to refer a complaint within 3 months of your last contact with us. Full details regarding time limits are available from the ICO.