Privacy Policy

We recognise that your privacy is important. We value your trust and confidence and are firmly committed to protecting the privacy of our clients and visitors to our website. We are equally committed to protecting the privacy of the information that it gathers.

This policy, together with our Terms and Conditions, describes our privacy practices. Below you can find detailed information on when and why we process personal information.

As part of our business, we retain and process personal data to enable us to provide legal advice, legal services, and/or to conduct legal proceedings on behalf of our clients. We only process data when we have a lawful reason for doing so. The lawful reason we use to process your personal data may differ for each processing activity. The personal information that we collect so that we can provide you with our legal services is processed under a legitimate interest and where necessary consent. All direct marketing communications will require your consent.

1. Personal information collected by Us

The information collected and processed may include:

i. Any information you give us throughout the conduct of any claim or query with us;
ii. Any personal details you enter and submit on our website and social media accounts such as name, address, email address, etc.
iii. Any personal information we receive from any third party which information we may obtain during the conduct of a case.
iv. Your IP address, referrer, web pages that you visit and any other data stored in website logs.
v. Session information stored in cookies that are used to ensure accurate data is extracted from our systems.
vi. Under no circumstances will we hold credit card details, expiry date and security codes in our database.
vii. In order to improve our service telephone calls may be recorded and/or monitored.
viii. As part of our efforts to protect our premises and the data we store, CCTV monitoring takes place at our premises. We store recorded images for a minimum of 30 days.
ix. When assessing the validity of any claim made by you or in order to assist in substantiating your claim against the third party, we may review any social media presence either publicly or through invitation through sites such as Facebook or Instagram.

2. How we handle the collected information

Any information we collect will be used in accordance with applicable laws for the following purposes:

i. To comply with legal requirements such as the Solicitors Regulatory Authority, General Data Protection Regulation or Data Protection Act 2018.
ii. To send you information about our products and services and might include inviting you to allow us to use your claim as a case study. In such a case, you will be offered the option to opt in and/or out.
iii. To provide our service and may include contacting you by telephone, writing to you or emailing you.
iv. We may use personal information for auditing, research and analysis to operate and improve our technologies and services.
v. We may share aggregated non-personal information with third parties.
vi. When we use third parties to assist us in processing your personal information, we require that they comply with our Privacy Policy and any other appropriate confidentiality and security measures.
vii. We may share information with third parties in limited circumstances, including when complying with legal process, preventing fraud or imminent harm, and ensuring the security of our network and services.
viii. When you send email or other communication to us, we may retain those communications in order to process your enquiries, respond to your requests and improve our services.
ix. All your data you hold with us is backed up at separate physical premises with technical and organisational measures equal to the premises where the original data is held. This is to ensure that your data is not lost or destroyed should the original be destroyed without your instructions unless it is destroyed in line with our data retention policies.

Except as described herein, we do NOT disclose your information to nor share your information with third parties.

3. General Data Protection Regulation and Data Protection Act 2018

We will do our utmost to ensure that its registration requirements pursuant to GDPR and DPA 2018, (including any statutory modification or re-enactment of General Data Protection Regulation or DPA 2018) are fully complied with at all times. As is necessary for the purposes of legitimate interests, we will use your data (Data) in the progression of your matter and we will act as a “data controller” (for the purposes of GDPR and DPA 2018) of your data. Specifically, we will use your data for to progress your claim (for example through Court, Counsel, Arbitrators, National Enforcement Bodies and Solicitor Agents), and any other search or process in the progression of your matter.

We comply at all times with our obligations under GDPR and DPA 2018, including but not limited to, taking appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal or special personal data. When considering what measures are appropriate, we shall have regard to the state of good practice, technical development and the cost of implementing any measures to ensure a level of security appropriate to the harm that might result from such unauthorised or unlawful processing or accidental loss or destruction, and to the nature of the data to be protected. To this extent we have acquired Cyber Essentials Plus accreditation and ISO27001 accreditation. A copy of the relevant ISO27001 accreditation Notice is available by request from our Information Security Manager, Susan Luya.

We will do our utmost to store your data within a Member State of the European Union. However some of your data may be transmitted to a country not providing adequate protection within the meaning of Directive 95/46/EC. If data does leave the EU, we will do our utmost to ensure equivalent levels of protection and security for your data. An example of when and how data under our control may travel outside of the EU is if your data is stored within an Amazon Web Service hosted environment.

You have the right to access any information we hold about you in a common machine readable format free of charge, unless your request is excessive or repetitive. We will process your request without undue delay.

4. Individuals Rights

We endorse and make concerted efforts to comply with the rights of subjects as identified in GDPR and DPA 2018, including:

4.1 the right to be informed;
4.2 the right of access;
4.3 the right to rectification
4.4 the right to erasure
4.5 the right to restrict processing
4.6 the right to data portability
4.7 the right to object
4.8 rights in relation to automated decision making and profiling

Individuals wishing to invoke any of their above rights should contact Susan Luya, the Data Protection Officer. We will make sure we comply with your request with the relevant time period allowed by law, whilst not contravening any other Regulatory body under which we operate.

5. Information security and communication from us to clients

We maintain a strict “no-spam” policy. Your email address will not be sold to any third party.

We will obtain your consent before adding your email address to our mailing list to which we may send emails containing news, announcements, new feature information and other related information. You can at any time unsubscribe to this mailing list by selecting the unsubscribe option within the email.

Because some communication with our clients is necessary to adequately provide our services, clients cannot opt-out of receiving administrative emails relating to their matters.

We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorised access to systems where we store personal data.

Our security measures include:
ISO27001 accreditation
Cyber Essentials Plus
Access Controls
Firewalls
McAfee Antivirus
Online Security
Encryption

In order to ensure the secure transmission of sensitive data, we will use products such as Echosign, an encrypted e-signing solution and Safedrop, an encrypted file sharing solution.

We restrict access to personal information to our employees, contractors and agents who need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

Storage and disposal of your records will be maintained and destroyed in line with our Disposal Policy, a copy of which can be obtained by contacting our Information Security Manager, Susan Luya. If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

6. Complaints Process

We want to give you the best possible service. However, if at any point you become unhappy or concerned about the service we have provided then you should inform us immediately, so that we can do our best to resolve the problem. In the first instance it may be helpful to contact the person who is working on your case to discuss your concerns and we will do our best to resolve any issues at this stage. If you would like to make a formal complaint, then you can request a copy of our complaints process through the person who is dealing with your claim or by emailing info@bottonline.co.uk. Making a complaint will not affect how we handle your case. The Solicitors Regulation Authority can help you if you are concerned about our behaviour. This could be for things like dishonesty, taking or losing your money or treating you unfairly because of your age, a disability or other characteristic. You can raise your concerns with the Solicitors Regulation Authority.

What do to if we cannot resolve your complaint

The Legal Ombudsman can help you if we are unable to resolve your complaint ourselves. They will look at your complaint independently and it will not affect how we handle your case. Before accepting a complaint for investigation, the Legal Ombudsman will check that you have tried to resolve your complaint with us first. If you have, then you must take your complaint to the Legal Ombudsman:
• Within six months of receiving a final response to your complaint
and
• No more than six years from the date of act/omission; or
• No more than three years from when you should reasonably have known there was cause for complaint.

If you would like more information about the Legal Ombudsman, please contact them.

Contact details
Visit: www.legalombudsman.org.uk
Call: 0300 555 0333 between 9am to 5pm.
Email: enquiries@legalombudsman.org.uk
Legal Ombudsman PO Box 6806, Wolverhampton, WV1 9WJ

7. Cookie Policy

Information relating to our Cookie policy can be found here.

8. Policy Modifications

We may change this Privacy Policy from time to time especially when new Regulation or better practices become available to us. When we make changes to this Privacy Policy, the updated version will be posted on this page. We encourage you to visit this page periodically.

9. Contacting us about Privacy

If you have any questions about our privacy statement, the information we have collected from you online, the practices of this website, or your dealings with this website, please contact us by using our online contact form or by emailing the Information Security Manager, Susan Luya at s.luya@bottonline.co.uk .