The Policy sets out how Burlingtons Legal LLP stores and uses the personal data which it collects from individuals in whatever capacity and by whatever means. For information specifically relating to the operation of the Burlingtons website www.burlingtonslegal.com ("Site") please see the section entitled Cookies below.
This Policy and any other document(s) referred to in it, sets out how we will treat your personal information, and is intended to help you understand how we deal with any personal information we may obtain from you and how you may access, alter, rectify and / or remove it. Under data protection legislation we, Burlingtons Legal LLP, are the Data Controller and our address is 5 Stratford Place, London, W1C 1AX. We are registered with the Information Commissioner’s Office as a fee payer with registration number Z2620628.
This Policy has been prepared to meet the requirements of all relevant laws and regulations relating to data protection, whether local, national or supranational, including (i) the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (EC Directive) 2003 (S/2003i2426) (ii) all applicable requirements of the General Data Protection Regulation ((EU) 2016/679) ("GDPR") and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK unless and until the GDPR is no longer directly applicable in the UK and then (iii) any successor legislation to the GDPR or the Data Protection Act 2018 and also The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.
Our commitment to the privacy of your data
It is important that the personal data we hold about you is accurate and current. Please advise us if your personal information changes during your relationship with us.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way or improperly altered or disclosed. In addition, we only authorise access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
The purposes for which we may use your personal data
The information we may collect from you includes, but is not limited to personal contact details such as name, title, address, telephone number, email address and your preferences for receiving marketing related information from us.
Where applicable, we may hold copies of documents you provide to us to prove your identity when the law requires us to have this. Identification documents may include your passport and driver's licence. These show details of your full name, address, date of birth and facial image. Data on your passport will also include your place of birth, gender and nationality.
We will only collect the minimum amount of personal data needed to enable us to carry out any legitimate activities of which you are aware.
We will use your personal data to the extent necessary to enable us to carry out our obligations arising from any agreement for the provision of legal services that we enter into with you, to respond to your queries and requests, maintain your file and manage transactions relating to your instructions such as payments to or from Burlingtons. We may need to hold details of your bank account to enable us to process any such payments.
We may from time send newsletters, details of Burlingtons’ events or other materials which we think may be of interest, to people with whom we have a relationship. Such communications may include a marketing element and we consider that it is in our legitimate interest to develop our business in this way since the impact of such communications on the recipients is likely to be minimal and the information supplied will hopefully be of use to our contacts and clients. We will always offer an opt out channel with any such communications. It is your choice whether or not to provide us with personal information. Personal information (or personal data) means any information about an individual which, either on its own or when combined with other data, enables an individual to be identified. It does not include data where the identity has been removed.
There are instances where we would have to comply with the law and deal with your personal data for regulatory, legal and compliance purposes. These may include:
By providing your personal information to us, you agree that we may collect and use all personal information you provide to us in the ways described in this Policy. If you do not agree with the terms of this Policy, please do not provide personal information to us.
Requests concerning your data
The GDPR gives you a number of rights concerning your personal data.
Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. To withdraw your consent, please contact us on firstname.lastname@example.org or write to us at Burlingtons Legal LLP, 5 Stratford Place, London, W1C 1AX. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to unless we have another legitimate basis for doing so in law. You also have the right to:
If you want to contact us with regards to the information we hold about you as above, please do so by emailing us at email@example.com or writing to us at Burlingtons Legal LLP, Stratford Place, London, W1C 1AX. You will not normally have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information you are requesting (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or if you have made a number of separate requests. In this case, we will notify you of the likely timescale and keep you updated.
A “cookie” is a small text file which is created on your computer’s hard disk when you access certain websites. Cookies allow the website to recognise your computer. A cookie can identify the pages that are being viewed and this can assist the website operator to select the pages that the visitor sees.
Some cookies (Session Cookies) only exist whilst visitors are online on a particular occasion. These are temporary cookies that aid a visitor’s journey around the Site and remember the preferences you have selected during that “session”.
Other cookies (Persistent cookies), are not session-based and remain on a visitor’s computer, so that they can be recognised as a previous visitor when they next visit that website
It is not Burlingtons’ normal practice to provide links from the Site to third party websites although we may do so from time to time. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. Burlingtons gives no warranty regarding any third party website. We do not control any third-party website for which we may provide a link and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy notice of every website you visit.
You have the ability to accept or decline cookies by modifying the settings in your browser. For example, in Internet Explorer, you can go to Tools and then Internet Options, where there is the option to change your settings to disable cookies. However, you may not be able to use all the interactive features of a website if the cookies are disabled.
You also have the ability to delete cookies that have been installed in the cookie folder of your browser. To do this you can search for “cookies” in your “Help” function for information on where to find your cookie folder.
Information that you post via social networking (including but not limited to Facebook, Instagram and Twitter) is generally accessible to, and may be collected by, others and may result in unwelcome communications. For your own safety and security you should not provide information about yourself on these areas of our Site or via other social networking applications we may use from time to time.
If you disclose any information via social networking, we do not accept any responsibility or liability for any breach of privacy, loss, damage, effect on your reputation or otherwise whatsoever.
How and where do we store your personal information?
All personal information we collect from you is stored on secure servers and is securely backed up.
The personal information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or professional associates. Such staff may be engaged in, among other things, the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. If your personal information is shared, you can expect a similar degree of protection in respect of your personal information as we require third parties to respect the security of your data and to take appropriate measures to protect your personal information in line with this Policy.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
How long do we keep your personal information?
We will only retain your personal information for as long as necessary for the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, and for any other uses set out in this Policy. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information, whether we can achieve those purposes through other means, and the applicable legal requirements.
We normally retain a client file for a period of seven years after a matter has been completed ("Retention Period") to enable us to comply with legal requirements and so that we can respond to you if you have any questions or require information regarding work which we have carried out for you. You may request that the relevant file be returned to you at any time within the Retention Period. If you have not done so we will destroy any files and related email correspondence at the end of the Retention Period.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Please note that we may need to update this Policy from time to time to reflect changes in the law. Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. We recommend that you check this page regularly to ensure that you have read the most recent version and are happy with any changes.
You have the right to make a complaint at any time to the Information Commissioner's Office, the UK supervisory authority for data protection issues.
Questions, comments and requests regarding this Policy are welcomed and should be sent to firstname.lastname@example.org or in writing to Burlingtons Legal LLP, 5 Stratford Place, London, W1C 1AX.