DATA PRIVACY NOTICE

Bates Wells & Braithwaite Limited, Solicitors

t/a Bates Wells & Braithwaite

Company registration number: 08321040

Registered in England and Wales

Registered address: 27 Friars Street, Sudbury, Suffolk CO10 2AD

Authorised and regulated by the Solicitors Regulations Authority (SRA) number: SRA591524

and registered with Information Commissioners Office (ICO) under registration number: Z5813095

1. Your Personal Data – what is it?

Personal Data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the Data Controller’s possession, or likely to come into the Data Controller’s possession. The processing (which we consider includes the collection, processing and retention) of Personal Data is governed by the Data Protection Act 1998 and the General Data Protection Regulation (the “GDPR”).

2. Who are we?

Bates Wells & Braithwaite Limited, Solicitors (“BWB”), is the Data Controller (contact details below). This means it decides how your Personal Data is processed and for what purposes.

3. How do we process your personal data?

If you are client or an employee of BWB, or you contract with us to provide a service to us or to our clients or employees or otherwise make contact with us, your Personal Data, which we collect under the terms of that contract or because, in order to perform that contract, your Personal Data is required in accordance with our obligations under the GDPR, where necessary keeping Personal Data up-to-date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting Personal Data from loss, misuse, unauthorised access and disclosure by the training of our staff following the guidance of the ICO, the use of cyber security, procedures and protections and the general protocols, under which we collect, store, process and transfer data under the terms of our contract with you. We have introduced appropriate technical measures, training and protocols to protect that Personal Data which, as far as possible, are practical and proportionate to the risk.

 

We keep a record of all of our telephone calls. We record our telephone calls.  This means we collect a digital recording of the telephone conversation together with the telephone numbers of those involved in the telephone call.

Where you are not currently a client, employee or contractor with BWB, but you wish to receive information from us, our collection, processing, storage, updating and destruction of your Personal Data will be based on your active consent, which we will seek by appropriate means. In this case we will not retain your Personal Data unless there is some other legal requirement to do so following your withdrawal of consent.

We may use your Personal data for the following purposes:-

  • To enable us to contact you, to offer you services from BWB.
  • To carry out marketing initiatives.
  • To register your interest in our services.
  • To inform you of news, events, activities and services that may be of interest to you.

4. What is the legal basis for processing your Personal Data?

  • The contract between us, our contractual obligations under that and requirements to fulfil that contract.
  • In connection with court proceedings and the pursuance of legal claims.
  • Processing necessary for carrying out legal obligations in relation to confirming that we have properly identified you as a client or employee.
  • In the case of Data Subjects who are not clients, employees, or providing contract services to us or to our clients or employees the collection, processing and retention of data will be on the basis of explicit consent from the Data Subject.

5. Sharing your Personal Data

Your Personal Data will be treated as strictly confidential and will only be shared as required under the terms of and performance of our contract with you, and in strict compliance with the GDPR. Where your data has been collected, processed and retained on the basis of your consent, we will only share that data with third parties with your further consent, or in accordance with that explicit consent, to include this permission.

6. How long do we keep your Personal Data?

Personal Data for clients is retained in our archived files for, currently, 25 years, where storage allows this. This is in accordance with our contract with you, and to assist where it is helpful to review or retrieve information. This is not specifically in relation to Personal Data, but as the files are retained generally for this period, they will include Personal Data. We may reduce this period and we will keep it under review to ensure that we only retain Personal Data for so long as is necessary and helpful.

 

Telephone call recordings are kept for a period of three months although in some cases recordings may be kept for longer periods to help with training our staff, as an aide to taking accurate notes of conversations or where we receive a complaint about our service.

In the case of employees, we retain Personal Data for up to 6 years after the employee has left our employment and we may retain it for longer where required by law.

7. Your rights and your personal data

Except where there is an exemption under the GDPR and in particular where we have obtained your Personal Data on the basis of consent rather than under the contract or the fulfilment of the contract we have with you, you have the following rights with respect to your Personal Data:

  • Your right to request a copy of the Personal Data which BWB hold;
  • The right to request BWB corrects any Personal Data if it found to be inaccurate or out of date;
  • The right to request your Personal Data is erased where it is no longer necessary for BWB to retain such data (known as the right to be forgotten);
  • You have the right to withdraw your consent to the retention of your Personal Data at any time, not just when we ask you to renew your consent;
  • Where we collect, process and retain your Personal Data, in particular by automated means, you have the right to request that we, BWB, as the Data Controller, provide you (the Data Subject) with your Personal Data and, where possible, to transmit that data directly to another Data Controller (known as the right to data portability);
  • The right, where there is a dispute in relation to the accuracy or processing of your Personal Data to request a restriction is placed on further processing (known as the right to restrict);
  • The right to object to the further processing of Personal Data in certain circumstances;
  • The right to lodge a complaint with the ICO (Information Commissioners Office).

8. Further processing, sharing of data or changes under the GDPR or subsequent legislation or regulations.

If, in future, if we wish to use your Personal Data for a new purpose, not presently covered by this Data Protection Notice or the requirements under the GDPR or any subsequent legislation or regulations require us to do so we will provide you with a new notice explaining this new use, further intention or requirement to share your Personal Data, explaining these changes and any new use or sharing intended prior to commencing and processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, and, in particular, where your Personal Data has been obtained, processed or retained by virtue of your prior explicit consent, we will seek your prior explicit consent to this new processing, though if the changes have been brought about only by changes in the GDPR requirements, new legislation or regulations, we will seek either just to update you as to the changes or, if the ICO recommend we do so, will seek to acquire consent and authority to any new or further processing in that context.

9. Contact Details

As we have less than 250 employees, are not a Public Authority or body, our core activities as a Data Controller, do not consist of processing operations by virtue of the nature, scope, or their purposes require regular and systematic monitoring of Data Subjects on  a large scale, nor do we process as our core activities or on a large scale special categories of data, racial or ethnic origin; political opinion, religious or philosophical beliefs; trade union membership; biometric data; health data or sex life or sexual orientation data or convictions and offences we are not required, at present under the GDPR to have a designated Data Protection Officer (DPO). However, as we take the requirements of the Data Protection Act 1998, the GDPR and the need for confidentiality of your Personal Data and, indeed, your matters, and information that we hold in general, seriously, we have a designated DPO within the firm, who is Robert Sainsbury. If you wish to exercise any rights, raise any queries or complaints, please, in the first instance, contact our designated DPO, Robert Sainsbury, at, or by the following methods:-

  • Telephone – 01787 880440
  • Email: RobertSainsbury@bwblegal.com
  • By post: Bates Wells & Braithwaite, 27 Friars Street, Sudbury, Suffolk CO10 2AD
  • Or, by attending at the office and asking for an appointment to see him when he is next available.
  • You can contact the Information Commissioner’s Office on 0303 123 1113, or via email: https://ico.org.uk/global/contact-us/orat the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. You will find the ICO website helpful and useful in providing you with confirmation of your rights, the obligations under the GDPR and Data Protection Act 1998 and how to go about exercising those rights.

Last updated: 16/12/2022

Top