Privacy & Cookies Policy
We need to tell you about the types of data we process about you, what we do with your data, and why we do it. The purpose of this Notice is to provide you (whether you are a client or other third party) with helpful information in this regard. If you have any questions, or if you want any further information, you can contact us using the details below.
What types of data do we process?
We process personal data about lots of different categories of people, including our clients, people involved in matters we act on for our clients, people we or our staff have relationships with, and other third parties who interact with us (either directly or through our website).
Because of the nature of the services we provide, the types of data we process can be quite varied, but will usually include full names, contact details (including address and job title, email address and telephone number), and associated client information. Depending on the nature of our relationship with you, we may also process information about your business and company affiliations; identification (including copies of your passport); financial affairs; family, lifestyle and social circumstances; education and employment background; the services we provide you or your company; your preferences (including when visiting our offices); your relationship with our staff; the goods or service you or your company provide us; and your use of our website.
In some circumstances we may process special categories of personal data about you, in which case we take particular care to only process such data in accordance with the strict legal parameters. This type of data can include information about your health (including information you provide about your dietary requirements when attending meetings); racial or ethnic origin; religious or political beliefs; trade union membership; sex life or sexual orientation; genetic or biometric data; or philosophical beliefs.
We may obtain such personal data from you directly, from our clients, from third parties involved in matters we act on for our clients, and from other third parties (including publicly available information).
Where you are our client, it will sometimes be necessary for you to provide us with information directly, and in those cases it is your responsibility to ensure that all such information is complete in all material respects and not misleading. The accuracy and appropriateness of our advice may be affected as a consequence of your failure to do so. If any information changes, please let us know so that we can keep it updated on our systems.
Where you are acting as an agent or as a trustee, you agree to advise your principal or the beneficiary of the trust that their personal information will be dealt with on these terms. Unless you inform us otherwise, by disclosing any personal information to us about the principal or the beneficiary, we will assume that you have obtained consent for the use of such information on these terms.
What do we do with your data?
We process personal data for the purpose of providing legal services to our clients and also for our own general business purposes including (without limitation):
- fraud prevention, anti-money laundering, anti-bribery and for the prevention or detection of crime;
- ensuring the safety and security of our people and premises;
- disclosures to our auditors, our own legal and other professional advisors, our insurers and insurance brokers;
- administering our clients’ accounts with us, including providing e-billing services and tracing and collecting any debts;
- managing our business performance, assessing client satisfaction (such as by asking client representatives to participate in surveys), enhancing the client experience, conducting specific tests on our existing or new systems, networks, applications or software, and general improvement of our services;
- advertising, marketing and public relations, including sending you direct marketing communications (insofar as we are permitted by law).
What basis do we have for processing your data?
We will only process your personal data where we have a lawful basis for doing so. In general, our lawful basis will be one or more of the following:
- that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering a contract;
- that the processing is necessary for compliance with our legal obligations;
- that the processing is necessary for the purposes of pursuing our legitimate interests (this includes carrying out the business of providing legal services and pursuing our general business interests);
- that the processing is necessary for the establishment, exercise or defence of legal claims; and where we have your informed consent
In addition, in some circumstances we may process personal data on the basis that you have provided your express consent, for example, through instructing us on a matter (including, in some instances, in respect of special categories of personal data about you – such as, data about your racial or ethnic origin, political opinions, religious beliefs or data concerning your health).
Please note that you have the right to withdraw any such consent, which you can do by getting in touch with us using the contact details below.
If you fail to provide personal information
If you fail to provide certain information when requested, we will not be able to fully perform our legal obligations or, if you are a client or potential client of ours, provide you with legal advice, or we could be prevented from complying with our legal obligations.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated or new purpose, we will notify you and we will explain the legal basis which allows us to do so.
How we use particularly sensitive personal information
Special categories of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We will, if necessary, process special categories of personal information in the following circumstances:
Where we need to carry out our legal obligations or provide legal services in line with our data protection policy.
Do we need your consent?
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations, or for one of the other reasons outlined above.
If the need arises, we will approach you for your consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us although if you do not provide your consent to allow us to process certain particularly sensitive data, we may not be able to fully perform our legal obligations or, if you are a client or potential client of ours, provide you with legal advice, or we could be prevented from complying with our legal obligations.
Automated decision making
Automated decision making takes place when an electronic system uses personal information to make a decision without human intervention, such as to assess whether you have a case which meets our viability criteria. We are allowed to use automated decision making where it is necessary to perform the contract with you or with your explicit consent. You will not be subject to decisions that will have a significant impact on you based solely on automated decision making, unless we have a lawful basis for doing so and we have notified you.
If we make an automated decision based on any particularly sensitive personal information, we must have either your explicit written consent or it must be justified in the public interest. If we do make an automated decision, you have the right to obtain human intervention, to express your point of view, to obtain an explanation for the decision and to contest the decision by contacting us at email@example.com.
Duty to inform
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Who do we share your data with?
In providing services to our clients and in complying with our legal obligations, we may share the personal data that we obtain about you, insofar as we are permitted by law to do so, with the following third parties:
- Members of SDM Legal Limited
- Your data may be referred to JMW Solicitors LLP. If your case is taken on by JMW Solicitors LLP, then, in the event that they are paid for the work they undertake on your behalf, they will pay SDM Legal Limited a referral fee which will be 7% of their professional fees. Any such referral fee will be deducted from JMW Solicitors LLP’s fees and will not be charged to you at all.
- Third parties involved in any matter, including (without limitation) courts, tribunals, counterparties, experts, private investigators, and other third parties involved in a matter;
- Suppliers and service providers used by us in providing services, details of which can be made available on request, including (without limitation) postal services, document storage facilities, front of house teams and IT service providers such as cloud providers of software as a service, data room providers and providers of our IT servers;
- Financial organisations, debt collection, credit reference and tracing agencies;
- Our auditors, our own legal and other professional advisors, our insurers and insurance brokers;
- Government agencies, regulators and other authorities (including (without limitation) the Information Commissioner and Ombudsmen); and
- Our and your trade associations, professional bodies and business associates.
In certain circumstances your personal data may be transferred outside the European Economic Area (EEA) where Data Protection legislation may not offer the same protection as within the EEA. If you would prefer that we did not transfer your personal data outside the EEA please write to the solicitor responsible for your work.
How long do we keep your data?
We keep personal data in accordance with our internal retention procedures, which are determined in accordance with our regulatory obligations and good practice. These retention periods depend on the nature of the information (for example, we apply different retention periods to our staff information as opposed to information on our client files), and are subject to change. In general, we retain client information held on client files for a period of 6 years (commencing with the date of the client file closure) at which point we will delete your personal data from our systems unless we believe in good faith that the law or other regulation requires us to preserve it (for example, in connection with any anticipated litigation).
If you have any questions in this regard, or any concerns about how long we keep your information for, please contact us using the details below.
We may use your contact details to send you marketing materials, provided we are permitted to do so by law. You always have the right to unsubscribe from any marketing. If you do not wish us to process your personal data for marketing purposes or you do not wish to receive marketing e-mails or texts, please contact us firstname.lastname@example.org in writing as soon as possible.
What are your rights?
You have the right to lodge a complaint with the Information Commissioner in respect of our processing of your personal data.
Information can be found at www.ico.org.uk. If you would like to raise your complaint with us in the first instance, please follow the Complaints Procedure on our website (a hard copy is available on request).
You have rights under data protection laws to request from us access to, rectification of, or erasure of your personal data. You also have the right to request the restriction of any processing or to object to our processing of your personal data. Finally, you have the right to data portability. Please use the contact details below to exercise your rights. You can find more information about your rights at www.ico.org.uk. If you wish to exercise your right to obtain the personal data we hold about you, please contact the Data Protection Officer in writing stating what data you require. It will be helpful if you would include the words “Data Protection Act” or “Subject Access Request” in the heading of your written request.
Cookies are small files downloaded on to your computer or device when you access certain websites. Generally Cookies identify you through your IP address and do not collect information about your identity. For more information about Cookies please visit:
www.allaboutcookies.org or www.youronlinechoices.org
Cookies allow us to distinguish you from other users of our website and help us to provide you with a good experience when you browse our website and also allow us to improve our website.
- understanding what brought you to our website and what pages you visited;
- remembering you when you return to our website; and
- providing you with safe restricted access areas.
You can manage Cookies by changing your browser settings to block or delete cookies. To find out how, visit www.allaboutcookies.org. Please note that if you block all cookies you may not be able to access parts of our website.
How can you contact us?
You can get in touch of us in respect of any of the members of SDM Legal Limited, and in relation to any Data Protection queries, by e-mailing us at email@example.com
You can also write to our Data Protection Officer (who has general oversight of our compliance with Data Protection Laws) at SDM Legal Ltd, 1-3-1/2/3 The Barracks, Whitecross Business Park, Lancaster, LA1 4XQ.