DATA PRIVACY NOTICE
DATA PRIVACY NOTICE
Bates Wells & Braithwaite Limited, Solicitors
t/a Bates Wells & Braithwaite
Company registration number: 08321040
Registered in England and Wales
Registered address: 27 Friars Street, Sudbury, Suffolk CO10 2AD
Authorised and regulated by the Solicitors Regulations Authority (SRA) number: SRA591524
and registered with Information Commissioners Office (ICO) under registration number: Z5813095
1. Your Personal Data – what is it?
Personal Data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the Data Controller’s possession, or likely to come into the Data Controller’s possession. The processing (which we consider includes the collection, processing and retention) of Personal Data is governed by the Data Protection Act 1998 and the General Data Protection Regulation (the “GDPR”).
2. Who are we?
Bates Wells & Braithwaite Limited, Solicitors (“BWB”), is the Data Controller (contact details below). This means it decides how your Personal Data is processed and for what purposes.
3. How do we process your personal data?
If you are client or an employee of BWB, or you contract with us to provide a service to us or to our clients or employees or otherwise make contact with us, your Personal Data, which we collect under the terms of that contract or because, in order to perform that contract, your Personal Data is required in accordance with our obligations under the GDPR, where necessary keeping Personal Data up-to-date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting Personal Data from loss, misuse, unauthorised access and disclosure by the training of our staff following the guidance of the ICO, the use of cyber security, procedures and protections and the general protocols, under which we collect, store, process and transfer data under the terms of our contract with you. We have introduced appropriate technical measures, training and protocols to protect that Personal Data which, as far as possible, are practical and proportionate to the risk.
We keep a record of all of our telephone calls. We record our telephone calls. This means we collect a digital recording of the telephone conversation together with the telephone numbers of those involved in the telephone call.
Where you are not currently a client, employee or contractor with BWB, but you wish to receive information from us, our collection, processing, storage, updating and destruction of your Personal Data will be based on your active consent, which we will seek by appropriate means. In this case we will not retain your Personal Data unless there is some other legal requirement to do so following your withdrawal of consent.
We may use your Personal data for the following purposes:-
4. What is the legal basis for processing your Personal Data?
5. Sharing your Personal Data
Your Personal Data will be treated as strictly confidential and will only be shared as required under the terms of and performance of our contract with you, and in strict compliance with the GDPR. Where your data has been collected, processed and retained on the basis of your consent, we will only share that data with third parties with your further consent, or in accordance with that explicit consent, to include this permission.
6. How long do we keep your Personal Data?
Personal Data for clients is retained in our archived files for, currently, 25 years, where storage allows this. This is in accordance with our contract with you, and to assist where it is helpful to review or retrieve information. This is not specifically in relation to Personal Data, but as the files are retained generally for this period, they will include Personal Data. We may reduce this period and we will keep it under review to ensure that we only retain Personal Data for so long as is necessary and helpful.
Telephone call recordings are kept for a period of three months although in some cases recordings may be kept for longer periods to help with training our staff, as an aide to taking accurate notes of conversations or where we receive a complaint about our service.
In the case of employees, we retain Personal Data for up to 6 years after the employee has left our employment and we may retain it for longer where required by law.
7. Your rights and your personal data
Except where there is an exemption under the GDPR and in particular where we have obtained your Personal Data on the basis of consent rather than under the contract or the fulfilment of the contract we have with you, you have the following rights with respect to your Personal Data:
8. Further processing, sharing of data or changes under the GDPR or subsequent legislation or regulations.
If, in future, if we wish to use your Personal Data for a new purpose, not presently covered by this Data Protection Notice or the requirements under the GDPR or any subsequent legislation or regulations require us to do so we will provide you with a new notice explaining this new use, further intention or requirement to share your Personal Data, explaining these changes and any new use or sharing intended prior to commencing and processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, and, in particular, where your Personal Data has been obtained, processed or retained by virtue of your prior explicit consent, we will seek your prior explicit consent to this new processing, though if the changes have been brought about only by changes in the GDPR requirements, new legislation or regulations, we will seek either just to update you as to the changes or, if the ICO recommend we do so, will seek to acquire consent and authority to any new or further processing in that context.
9. Contact Details
As we have less than 250 employees, are not a Public Authority or body, our core activities as a Data Controller, do not consist of processing operations by virtue of the nature, scope, or their purposes require regular and systematic monitoring of Data Subjects on a large scale, nor do we process as our core activities or on a large scale special categories of data, racial or ethnic origin; political opinion, religious or philosophical beliefs; trade union membership; biometric data; health data or sex life or sexual orientation data or convictions and offences we are not required, at present under the GDPR to have a designated Data Protection Officer (DPO). However, as we take the requirements of the Data Protection Act 1998, the GDPR and the need for confidentiality of your Personal Data and, indeed, your matters, and information that we hold in general, seriously, we have a designated DPO within the firm, who is Robert Sainsbury. If you wish to exercise any rights, raise any queries or complaints, please, in the first instance, contact our designated DPO, Robert Sainsbury, at, or by the following methods:-
Last updated: 16/12/2022