Privacy Policy for Clients and Contacts

Pickering & Butters LLP are committed to protecting and keeping confidential all the information you provide to us.

Please read this privacy policy carefully as it contains important information on when and why we collect personal information about you: how we use it, the conditions under which we may disclose it to others and how we keep it secure. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

For clients of this firm, you should read this notice alongside our general Terms of Business which provides further information on confidentiality.

Were we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information.  We encourage you to read the privacy notices on the other websites you visit.

Who we are

Pickering & Butters LLP (“Pickering & Butters”), is a limited liability partnership registered in England and Wales under Registration Number OC342063.  The registered address is 19 Greengate Street, Stafford, ST16 2LU.  A list of members of the LLP is displayed at the Registered Office, together with a list of those non-members who are designated as partners.  The word “partner” is used to refer to a member of the LLP, or an employee or consultant with the equivalent standing and qualifications.

We are authorised and regulated by the Solicitors Regulation Authority – Rugeley ID number 510208 – Stafford ID number 508758.

When we use your personal data we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal data for the purposes of the GDPR. Our use of your personal data is subject to your instructions, the GDPR, other relevant UK and EU legislation and our professional duty of confidentiality.

Children

Our website and services are not aimed specifically at children because in legal work children are generally represented by their parent or guardians.  If you are a child and need further advice or explanation about how we would use your data, please email jan.boulter@pb4law.com

The personal data we collect use and share

The exact information we will request from you will depend on what you have asked us to do or what we are contracted to do for you. 

The table below sets out the personal data we will or may collect in the course of advising and/or acting for you.

Personal data we will collect

Your name, marital status, title, date of birth, gender, address and telephone numbers.

Information to enable us to check and verify your identity, eg your driving licence, utility bills, passport details.

Electronic contact details, eg your email address and mobile phone number.

Information relating to the matter in which you are seeking our advice or representation.

Your financial details so far as relevant to your instructions, eg the source of your funds if you are instructing on a purchase transaction.

Transaction Data, including details about payments to and from you, and other details of services you purchase from us.

Personal data we may collect depending on why you have instructed us

Your National Insurance and tax details.

Your bank and/or building society details.

Details of your professional online presence, eg LinkedIn profile.

Details of your spouse/partner and dependants or other family members, eg if you instruct us on a Family matter or a Will.

Your employment status and details including salary and benefits, eg if you instruct us on a matter related to your employment or in which your employment status or income is relevant.

Details of your pension arrangements, eg if you instruct us on a pension matter or in relation to financial arrangements following breakdown of a relationship.

Your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances (including relevant special category personal data), eg if you instruct us on matter related to your employment or in which your employment records are relevant.

Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs, eg if you instruct us on discrimination claim.

Your trade union membership, eg if you instruct us on discrimination claim or your matter is funded by a trade union.

Personal identifying information, such as your eye colour or your parents’ names, eg if you instruct us to incorporate a company for you.

Your medical records, eg if we are acting for you in a personal injury claim.

We use your personal information primarily to enable us to provide you with a legal service in accordance with your instructions.  We also use your personal information for related purposes including administration of files, updating existing records if you have instructed the firm previously, analysis to help improve the management of the firm, for statutory returns and legal and regulatory compliance.  The information will be held in hard copy and/or electronic format.

If you do not provide personal data we ask for, it may delay or prevent us from providing services to you.

How your personal data is collected

We may obtain personal information by directly interacting with you, such as:

  • meeting with you in our offices, at events or elsewhere,
  • receiving your instructions to provide legal services, and in the performance of those legal services,
  • filling in forms on our website,
  • participating in discussion boards or other social media functions,
  • giving us your business card,
  • corresponding with us by phone, email, letters or otherwise.

We may also collect personal information about you from third parties or publicly available sources, such as:

  • Companies House or HM Land Registry;
  • Court or Tribunal;
  • directly from a third party, eg:
  1. your family members, business colleagues and other contacts,
  2. the ‘otherside’ in any dispute or negotiation for which we’re acting,
  3. client due diligence providers (ID checking);
  • from a third party with your consent, eg:
  1. your bank or building society, or other financial institution or advisor;
  2. consultants and other professionals we may engage in relation to your matter;
  3. your employer and/or trade union, professional body or pension administrators;
  4. your doctors, medical and occupational health professionals;
  • you may provide information relating to some one else – if you have the authority to do so;
  • via our information technology (IT) systems, eg:
  1. case management, document management and time recording systems;
  2. reception logs;
  3. technical systems, such as communications systems, email and instant messaging systems.

You are responsible for ensuring the accuracy of all the personal data you supply to us, and we will not be held liable for any errors unless you have advised us previously of any changes in your personal data.

How and why we use your personal data

Under data protection law, we can only use your personal data if we have a proper reason for doing so, eg:

  • to comply with our legal and regulatory obligations;
  • for our legitimate interests or those of a third party;
  • we need to perform a contract we are about to enter into, or have entered into, with you; or
  • where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The table below explains what we use (process) your personal data for and our reasons for doing so:

What we use your personal data for

1. To provide legal services to you including:-

  • conducting checks to identify our clients and verify their identity
  • screening for financial and other sanctions or embargoes
  • other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, eg rules issued by our professional regulator
  • It may also include seeking advice from third parties, such as legal and non-legal experts, carrying out litigation on your behalf; attending hearings on your behalf, obtaining insurance policies on your behalf preparing documents or to complete transactions

Our reasons:-

For our Legitimate interests to provide legal services, and in order to be able to meet legal and regulatory obligations with regard to Anti Money Laundering, Criminal Finance Act, Solicitors Regulation Authority Code of Conduct and Insurance.

2. Keeping financial records of your transactions and the transactions we make on your behalf.

Our reasons:-

For our Legitimate Interest in ensuring we comply with our Code of Conduct and the Solicitors Accounts Rules

3. Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies.

Our reasons:-

For our Legitimate Interest in ensuring we comply with our Code of Conduct and to be able to provide information to our Insurers

4. Operational reasons, such as improving efficiency, training and quality control.

Our reasons:-

For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service for you at the best price

5. Ensuring the confidentiality of commercially sensitive information.

Our reasons:-

For our legitimate interests, i.e. to protect our intellectual property and other commercially valuable information

6. Statistical analysis to help us manage our practice, eg in relation to our financial performance, client base, work type or other efficiency measures.

Our reasons:-

For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service for you at the best price

7. Updating client records.

Our reasons:-

For our legitimate interests, e.g. making sure that we can keep in touch with our clients about existing and new services and to comply with our legal & regulatory obligations.

8. Statutory returns.

Our reasons:-

For our legitimate interests in being able to comply with our legal and regulatory obligations.

9. Marketing our services to:

  • existing and former clients; or
  • third parties who have previously expressed an interest in our services.

Our reasons:-

For our legitimate interests, i.e. to promote our business to existing and former clients.

 

10. External audits and quality checks, eg for Lexcel, CQS and the audit of our accounts.

Our reasons:-

For our legitimate interests, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards.

11. On occasion we ask other trusted companies to provide typing, costing, telephony or other support work to ensure that work is done promptly.   We always obtain confidentiality agreements with these providers to ensure that they keep the information sent to them securely and confidentially.  All routine typing and costing is done in-house.

Our reasons:-

For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service for you at the best price.

Special Category data

The above table does not apply to special category personal data, this is information relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, or certain types of genetic or biometric data.

During the course of providing you with legal services, we may collect ‘special category’ data about you, particularly if we prepare your Will or LPA, advise you in relation to divorce proceedings, bring an employment or discrimination claim on your behalf, buy or sell a company with large number of employees, deal with a personal injury claim on your behalf, or bring certain types of court claims on your behalf.   

We will only use ‘Special Category’ information:

  • provided we have your explicit consent to use it,
  • where we believe that we need to use that data to protect your vital interests where your are not able to provide us with your explicit consent,
  • where it is necessary for reasons of substantial public interest,
  • where you have previously made that data public knowledge,
  • if we need to use that data to establish, exercise or defend legal claims, or
  • where there is some other legal basis that allows us to use that information.

Criminal Offence Data

We will only use criminal offence data where the law allows us to do so including:

  • for the purpose of legal proceedings
  • to provide legal advice
  • to help establish, exercise or defend legal rights

Promotional communications

We may contact you for the purpose of direct marketing.  This means that we may use your personal data that we have collected in accordance with this privacy policy to send you updates (by email, telephone or post) about legal developments that might be of interest to you and/or information about our services, including exclusive offers, promotions or new services.  The direct marketing communications may be provided to you by social media channels, email or post.  We will never send marketing communications via SMS or call you without your specific consent.

We will always treat your personal data with the utmost respect and will never pass on or sell your details to a third party for marketing purposes.

We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.

You have the right to opt out of receiving promotional communications at any time.  If you wish to do so you must contact us.  (see How to Contact Us).

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

Who we share your personal data with

We will not sell or rent your information to third parties.  We will not share your information with third parties for marketing purposes.

We routinely share personal data with:

  • professional advisers who we instruct on your behalf or refer you to, eg barristers, medical professionals, accountants, tax advisors or other experts;
  • other third parties where necessary to carry out your instructions, eg your mortgage provider or HM Land Registry in the case of a property transaction or Companies House, Court or Tribunal, Banks, Building Societies or other financial institutions, or Estate Agents;
  • provider of identity verification;
  • the insurance company funding a ‘no win no fee’ matter for you, or other insurance companies with whom we arrange policies on your behalf;
  • our insurers and brokers;
  • our Solicitors Accounts Rules auditors, as part of their regulatory checking on behalf on the Solicitors Regulation Authority.  Our regulators, the Solicitors Regulation Authority may also request direct access to our client’s records;
  • external auditors, eg in relation to  Conveyancing Quality Scheme or Lexcel accreditation;
  • our banks;
  • external service suppliers, representatives and agents that we use to make our business more efficient, eg typing services, hosting companies (computer system and website) or reception services;
  • tracing agents e.g to trace beneficiaries of an estate;
  • translation services.

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

There may be some uses of personal data that may require your specific consent.  If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.

Where your personal data is held

Information may be held at our offices, on our secure servers hosted in the United Kingdom,  third party agencies, service providers, representatives and agents as described above (see ‘Who we share your personal data with’).

Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal data when this occurs, see below: ‘Transferring your personal data out of the EEA’.

How long your personal data will be kept

For clients (or a contact person for us, in respect of a client), we keep your personal data after we have finished advising or acting for you for at least a minimum of 7 years.  We will do so for one of these reasons:

  • to respond to any questions or complaints made by you or on your behalf;
  • to show that we treated you fairly;
  • to maintain records according to rules that apply to us;
  • to comply with regulatory obligations to act in your interests;
  • to protect our own legitimate interests;
  • to carry out conflict of interest checks in compliance with our regulatory obligations;
  • to help with your queries in the future.

If after 7 years you wish your file to be destroyed, please contact our Data Protection Officer (DPO) who will assess what can be done to comply with your wishes whilst protecting our legitimate interest. 

This storage is on the clear understanding that we have the right to confidentially destroy the CD after such period as we consider it reasonable that none of the above reasons for storing the file remain.

There will be some data that depending upon the matter will have a longer minimum period and circumstances will need to be discussed with our DPO, with regards to what can be done.

Please be assured, your data is kept securely and after the conclusion of your matter, will not be used for any purposes other than those listed above.

Transferring your personal data out of the EEA

We do not as a rule transfer your information outside the European Economic Area (EEA).  However, it does become necessary for us to share your personal data outside the European Economic Area (EEA) in order to deliver services to you, if for example:

  • you are based outside the EEA;
  • where there is an international dimension to the matter in which we are advising you.

Where your data is being transferred outside the EEA, we will undertake an assessment of the level of protection in light of the circumstances surrounding the transfer.  We will make sure that any transfers are not repetitive and only limited to the minimum amount of information possible.  In certain circumstances we may need to seek your consent unless there is an overriding legal need to transfer the information.

Your rights

You have the following rights, which you can exercise free of charge:

Access

The right to be provided with a copy of your personal data.

A request for access to your personal data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc. – but it does not mean you are entitled to the documents that contain this data.

To be informed

Which is fulfilled by way of this privacy notice and (if applicable) your engagement letter.

Rectification

You are entitled to have personal data rectified if it is inaccurate or incomplete.

Erasure / To be forgotten

You have the right to request the deletion or removal of your personal data where there is no compelling reason for it’s continued processing.  This right only applies in the following specific circumstances:

  • where the personal data is no longer necessary in regards to the purpose for which it was originally collected
  • where consent is relied upon as the lawful basis for holding your data and you withdraw your consent
  • where you object to the processing and there is no overriding legitimate interest for continuing the processing
  • the personal data was unlawfully processed
  • where you object to the processing for direct marketing purposes.

Object

You have the right to object to processing based on legitimate interests; and direct marketing.  This right only applies in the following circumstances:

  • an objection to stop processing personal data for direct marketing purposes is absolute – there are no exemptions or grounds to refuse – we must stop processing in this context
  • you must have an objection on grounds relating to your particular situation
  • we must stop processing your personal data unless:
  1. we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
  2. the processing is for the establishment , exercise or defence of legal claims.

Restriction of processing

You have the right to request the restriction or suppression of your data.  When processing is restricted, we can store the data but not use it.  This right only applies in the following circumstances:

  • where you contest the accuracy of the personal data – we should restrict the processing until we have verified the accuracy of that data
  • where you object to the processing (where it was necessary for the performance of a public interest or purpose of legitimate interests), and we are considering whether our organisation’s legitimate grounds override your right
  • where processing is unlawful and you request restriction
  • if we no longer need the personal data but you require the data to establish exercise or defence a legal claim.

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please :

  • email, call or write to the personal handling your matter or our Data Protection Officer—see below: ‘How to contact us’; and
  • let us have enough information to identify you (eg your full name, address and client or matter reference number);
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
  • let us know what right you want to exercise and the information to which your request relates.

Keeping your personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully.  Data is stored in United Kingdom ISO 27001 data centres and use computer safeguards such as firewalls and data encryption.  Data is replicated to a second UK ISO 27001 compliant data centre to reduce the risk of data loss and continuity loss.

We enforce physical access controls to our buildings and files to keep data safe.  Our internal policies require that users lock or log-off from their computer when it is unattended.

We ensure all staff are trained in data protection and cyber security.  We have regular staff email updates with regard to known scams to be aware of, enabling staff to be informed and diligent in their use of technology.

We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Paper documents are disposed of by shredding or incinerating in a manner that ensures confidentiality.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

How to complain

We hope that our Data Protection Officer can resolve any query or concern you may raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.

Changes to this privacy policy

This privacy policy was published May 2018 and last updated May 2018.

Any changes we make to our policy in the future will be posted on our website and, where appropriate, notified to you by email.  Please check our website frequently to see any updates or changes to our policy.

How to contact us

Please contact us or our Data Protection Officer by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.

Our contact details are shown below:

  • Pickering & Butters LLP
  • 19 Greengate Street, Stafford, ST16 2LU
  • info@pb4law.com
  • 01785 603060

Our Data Protection Officer's contact details are shown below:

  • Jan Boulter
  • Pickering & Butters LLP
  • 19 Greengate Street, Stafford, ST16 2LU
  • jan.boulter@pb4law.com
  • 01785 603060

Do you need extra help?

If you would like this policy in large print please contact us (see ‘How to contact us’ above).