Below you can find detailed information on when and why we process personal information necessary for the purposes of legitimate interests and conduct of your claims, how we use it and the limited conditions under which we may disclose it to others. We only process data when we have a lawful reason for doing so. The personal information that we collect so that we can provide you with our legal services is processed under a legitimate interest and where necessary consent.
All direct marketing communications will require your consent.
1. Personal information collected by Us
The information collected and processed may include:
i. Any information you give us throughout the conduct of any claim or query with us;
ii. Any personal details you enter and submit on our website and social media accounts such as name, address, email address, etc.
iii. Any personal information we receive from any third party which information we may obtain during the conduct of a case.
iv. Your IP address, referrer, web pages that you visit and any other data stored in website logs.
v. Session information stored in cookies that are used to ensure accurate data is extracted from our systems.
vi. Under no circumstances will we hold credit card details, expiry date and security codes in our database.
vii. In order to improve our service telephone calls may be recorded and/or monitored.
viii. As part of our efforts to protect our premises and the data we store, CCTV monitoring takes place at our premises. We store recorded images for a minimum of 30 days.
ix. When assessing the validity of any claim made by you or in order to assist in substantiating your claim against the third party, we may review any social media presence either publicly or through invitation through sites such as Facebook or Instagram.
2. How we handle the collected client information
Any information we collect will be used in accordance with applicable laws for the following purposes:
i. To comply with legal requirements such as the General Data Protection Regulation.
ii. We can send you information about our products and services with may include inviting you to allow us to use your claim as a case study. In such a case, you will be offered the option to opt in and/or out.
iii. We may use personal information to provide our service.
iv.We may use personal information for auditing, research and analysis to operate and improve our technologies and services.
v. We may share aggregated non-personal information with third parties.
vii. We may share information with third parties in limited circumstances, including when complying with legal process, preventing fraud or imminent harm, and ensuring the security of our network and services.
viii. When you send email or other communication to us, we may retain those communications in order to process your enquiries, respond to your requests and improve our services.
ix. All your data you hold with us is backed up at separate physical premises with technical and organisational measures equal to the premises where the original data is held. This is to ensure that your data is not lost or destroyed should the original be destroyed without your instructions unless it is destroyed in line with our data retention policies.
Except as described herein, we do NOT disclose your information to nor share your information with third parties.
3. General Data Protection Regulation
We will do our utmost to ensure that its registration requirements pursuant to GDPR, (including any statutory modification or re-enactment of General Data Protection Regulation) are fully complied with at all times. As is necessary for the purposes of legitimate interests, we will use your data (Data) in the progression of your matter and will act as a “data controller” (for the purposes of GDPR) of your data. Specifically we will use your data for to progress your claim (for example through Court, Counsel, Arbitrators, National Enforcement Bodies and Solicitor Agents), and any other search or process in the progression of your matter.
We comply at all times with our obligations under GDPR, including but not limited to, taking appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal or special personal data. When considering what measures are appropriate, we shall have regard to the state of good practice, technical development and the cost of implementing any measures to ensure a level of security appropriate to the harm that might result from such unauthorised or unlawful processing or accidental loss or destruction, and to the nature of the data to be protected. To this extent Bott and Co Solicitors Ltd has acquired Cyber Essentials Plus accreditation and ISO27001 accreditation. A copy of the relevant ISO27001 accreditation Notice is available by request from our Information Security Manager, Susan Luya.
We will do our utmost to store your data within a Member State of the European Union. However some of your data may be transmitted to a country not providing adequate protection within the meaning of Directive 95/46/EC. If data does leave the EU, we will do our utmost to ensure equivalent levels of protection and security for your data. Example of when and how data under our control may travel outside of the EU is if your data is stored within Amazon Web Service hosted environment.
You have the right to access any information we hold about you in a common machine readable format free of charge, unless your request is excessive or repetitive. We will process your request without undue delay.
4. Individuals Rights
We endorse and make a concerted effort to comply with the rights of subjects as identified in GDPR, including:
4.1 the right to be informed;
4.2 the right of access;
4.3 the right to rectification
4.4 the right to erasure
4.5 the right to restrict processing
4.6 the right to data portability
4.7 the right to object
4.8 rights in relation to automated decision making and profiling
Individuals wishing to invoke any of their above rights should contact Susan Luya, the Data Protection Officer. We will make sure they comply with your request with the relevant time period allowed by law, whilst not contravening any other Regulatory body under which they operate.
5. Information security and communication from us to clients
We maintain a strict “no-spam” policy. Your email address will not be sold to any third party.
We will obtain your consent before adding your email address to our mailing list to which we may send emails containing news, announcements, new feature information and other related information. You can at any time unsubscribe to this mailing list by selecting the unsubscribe option within the email.
Because some communication with our clients is necessary to adequately provide our services, clients cannot opt-out of receiving administrative emails related to their matters.
We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorised access to systems where we store personal data. Our security measures include:
Cyber Essentials Plus Certified
In order to ensure the secure transmission of sensitive data, we will use products such as Echosign, an encrypted e-signing solution and Safedrop, an encrypted file sharing solution.
We restrict access to personal information to our employees, contractors and agents who need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
When we receive formal written complaints posted using our contact page, it is our policy to contact the complaining user regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that cannot be resolved between us and an individual.
We want to give you the best possible service. However, if at any point you become unhappy or concerned about the service we have provided then you should inform us immediately, so that we can do our best to resolve the problem. In the first instance it may be helpful to contact the person who is working on your case to discuss your concerns and we will do our best to resolve any issues at this stage. If you would like to make a formal complaint, then you can request a copy of our complaints process through the person who is dealing with your claim or by emailing email@example.com. Making a complaint will not affect how we handle your case. The Solicitors Regulation Authority can help you if you are concerned about our behaviour. This could be for things like dishonesty, taking or losing your money or treating you unfairly because of your age, a disability or other characteristic. You can raise your concerns with the Solicitors Regulation Authority.
What do to if we cannot resolve your complaint
The Legal Ombudsman can help you if we are unable to resolve your complaint ourselves. They will look at your complaint independently and it will not affect how we handle your case. Before accepting a complaint for investigation, the Legal Ombudsman will check that you have tried to resolve your complaint with us first. If you have, then you must take your complaint to the Legal Ombudsman:
• Within six months of receiving a final response to your complaint
• No more than six years from the date of act/omission; or
• No more than three years from when you should reasonably have known there was cause for complaint.
If you would like more information about the Legal Ombudsman, please contact them.
Call: 0300 555 0333 between 9am to 5pm.
Legal Ombudsman PO Box 6806, Wolverhampton, WV1 9WJ
7. Third party services we use
8. Cookie Use
What is in a cookie?
A cookie is a simple unique text file stored on your computer or mobile device by a website server. Only that website’s service is able to retrieve or read the contents of the cookie. It will contain some information such as the URL of the website, a unique identifier and some digits and numbers.
What to do if you don’t want cookies to be set
Some people find the concept of cookies intrusive. If you prefer, it is possible to block cookies or even to delete cookies that have already been set; but you need to be aware that you might negatively affect the manner in which this website responds to you and may prevent you from using certain parts of the site.
Should you wish to control the manner in which Cookies are handled on your computer, we suggest consulting the Help section of your browser.
9. Policy Modifications
10. Contacting us about Privacy
If you have any questions about our privacy statement, the information we have collected from you online, the practices of this website, or your dealings with this website, please contact us by using our online contact form.