Privacy Policy

We recognise that your privacy is important. We value your trust and confidence and are firmly committed to protecting the privacy of our clients and visitors to our website. We are equally committed to protecting the privacy of the information that we gather.

This policy, together with our Terms and Conditions, describes our privacy practices. Below you can find detailed information on when and why we process personal information.

Below you can find detailed information on when and why we process personal information necessary for the purposes of legitimate interests and conduct of your claims, how we use it and the limited conditions under which we may disclose it to others. We only process data when we have a lawful reason for doing so. The personal information that we collect so that we can provide you with our legal services is processed under a legitimate interest and where necessary consent.

All direct marketing communications will require your consent.

1. Personal information collected by Us

The information collected and processed may include:

i. Any information you give us throughout the conduct of any claim or query with us;
ii. Any personal details you enter and submit on our website and social media accounts such as name, address, email address, etc.
iii. Any personal information we receive from any third party which information we may obtain during the conduct of a case.
iv. Your IP address, referrer, web pages that you visit and any other data stored in website logs.
v. Session information stored in cookies that are used to ensure accurate data is extracted from our systems.
vi. Under no circumstances will we hold credit card details, expiry date and security codes in our database.
vii. In order to improve our service telephone calls may be recorded and/or monitored.
viii. As part of our efforts to protect our premises and the data we store, CCTV monitoring takes place at our premises. We store recorded images for a minimum of 30 days.
ix. When assessing the validity of any claim made by you or in order to assist in substantiating your claim against the third party, we may review any social media presence either publicly or through invitation through sites such as Facebook or Instagram.

2. How we handle the collected client information

Any information we collect will be used in accordance with applicable laws for the following purposes:
i. To comply with legal requirements such as the General Data Protection Regulation.
ii. We can send you information about our products and services with may include inviting you to allow us to use your claim as a case study. In such a case, you will be offered the option to opt in and/or out.
iii. We may use personal information to provide our service.
iv.We may use personal information for auditing, research and analysis to operate and improve our technologies and services.
v. We may share aggregated non-personal information with third parties.
vi. When we use third parties to assist us in processing your personal information, we require that they comply with our privacy policy and any other appropriate confidentiality and security measures.
vii. We may share information with third parties in limited circumstances, including when complying with legal process, preventing fraud or imminent harm, and ensuring the security of our network and services.
viii. When you send email or other communication to us, we may retain those communications in order to process your enquiries, respond to your requests and improve our services.
ix. All your data you hold with us is backed up at separate physical premises with technical and organisational measures equal to the premises where the original data is held. This is to ensure that your data is not lost or destroyed should the original be destroyed without your instructions unless it is destroyed in line with our data retention policies.
Except as described herein, we do NOT disclose your information to nor share your information with third parties.

3. General Data Protection Regulation

We will do our utmost to ensure that its registration requirements pursuant to GDPR, (including any statutory modification or re-enactment of General Data Protection Regulation) are fully complied with at all times. As is necessary for the purposes of legitimate interests, we will use your data (Data) in the progression of your matter and will act as a “data controller” (for the purposes of GDPR) of your data. Specifically we will use your data for to progress your claim (for example through Court, Counsel, Arbitrators, National Enforcement Bodies and Solicitor Agents), and any other search or process in the progression of your matter.

We comply at all times with our obligations under GDPR, including but not limited to, taking appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal or special personal data. When considering what measures are appropriate, we shall have regard to the state of good practice, technical development and the cost of implementing any measures to ensure a level of security appropriate to the harm that might result from such unauthorised or unlawful processing or accidental loss or destruction, and to the nature of the data to be protected. To this extent Bott and Co Solicitors Ltd has acquired Cyber Essentials Plus accreditation and ISO27001 accreditation. A copy of the relevant ISO27001 accreditation Notice is available by request from our Information Security Manager, Susan Luya.

We will do our utmost to store your data within a Member State of the European Union. However some of your data may be transmitted to a country not providing adequate protection within the meaning of Directive 95/46/EC. If data does leave the EU, we will do our utmost to ensure equivalent levels of protection and security for your data. Example of when and how data under our control may travel outside of the EU is if your data is stored within Amazon Web Service hosted environment.
You have the right to access any information we hold about you in a common machine readable format free of charge, unless your request is excessive or repetitive. We will process your request without undue delay.

4. Individuals Rights

We endorse and make a concerted effort to comply with the rights of subjects as identified in GDPR, including:

4.1 the right to be informed;
4.2 the right of access;
4.3 the right to rectification
4.4 the right to erasure
4.5 the right to restrict processing
4.6 the right to data portability
4.7 the right to object
4.8 rights in relation to automated decision making and profiling

Individuals wishing to invoke any of their above rights should contact Susan Luya, the Data Protection Officer. We will make sure they comply with your request with the relevant time period allowed by law, whilst not contravening any other Regulatory body under which they operate.

5. Information security and communication from us to clients

We maintain a strict “no-spam” policy. Your email address will not be sold to any third party.

We will obtain your consent before adding your email address to our mailing list to which we may send emails containing news, announcements, new feature information and other related information. You can at any time unsubscribe to this mailing list by selecting the unsubscribe option within the email.

Because some communication with our clients is necessary to adequately provide our services, clients cannot opt-out of receiving administrative emails related to their matters.

We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorised access to systems where we store personal data. Our security measures include:

ISO27001 accreditation
Cyber Essentials Plus Certified
Access Controls
McAfee Antivirus
Online Security

In order to ensure the secure transmission of sensitive data, we will use products such as Echosign, an encrypted e-signing solution and Safedrop, an encrypted file sharing solution.

We restrict access to personal information to our employees, contractors and agents who need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

Storage and disposal of your records will be maintained and destroyed in line with our Disposal Policy, a copy of which can be obtained by contacting our Information Security Manager, Susan Luya. If Bott and Co Solicitors Ltd becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

When we receive formal written complaints posted using our contact page, it is our policy to contact the complaining user regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that cannot be resolved between us and an individual.

6.Complaints Process

We want to give you the best possible service. However, if at any point you become unhappy or concerned about the service we have provided then you should inform us immediately, so that we can do our best to resolve the problem. In the first instance it may be helpful to contact the person who is working on your case to discuss your concerns and we will do our best to resolve any issues at this stage. If you would like to make a formal complaint, then you can request a copy of our complaints process through the person who is dealing with your claim or by emailing Making a complaint will not affect how we handle your case. The Solicitors Regulation Authority can help you if you are concerned about our behaviour. This could be for things like dishonesty, taking or losing your money or treating you unfairly because of your age, a disability or other characteristic. You can raise your concerns with the Solicitors Regulation Authority.

What do to if we cannot resolve your complaint

The Legal Ombudsman can help you if we are unable to resolve your complaint ourselves. They will look at your complaint independently and it will not affect how we handle your case. Before accepting a complaint for investigation, the Legal Ombudsman will check that you have tried to resolve your complaint with us first. If you have, then you must take your complaint to the Legal Ombudsman:
• Within six months of receiving a final response to your complaint
• No more than six years from the date of act/omission; or
• No more than three years from when you should reasonably have known there was cause for complaint.

If you would like more information about the Legal Ombudsman, please contact them.

Contact details

Call: 0300 555 0333 between 9am to 5pm.
Legal Ombudsman PO Box 6806, Wolverhampton, WV1 9WJ

7. Third party services we use

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google uses cookies (see below), to help us analyse how users use our site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. This data may be used for the purpose of evaluating your use of our site and reporting on website activity. You can arrange to not be included in this analysis by opting out of Google in the future. To do so, please follow the link to Google Analytics Opt-out Browser Add –on and follow Google’s instructions for your browser:

This site may use Hotjar web analytics service to assist us in providing you with a better experience by analysing user trends. For more information on Hotjar, please visit their Terms of Service and their Hotjar Privacy policy. The service may record mouse clicks, mouse movements, scrolling activity as well as any text you type in this website, except text in password fields. We do not collect personally identifiable information that you do not voluntarily enter in this website. We do not track your browsing habits across other web sites or text inputted in password fields. You may opt-out from having Hotjar collect your information when using our site at any time by visiting their Opt-out page and clicking Disable Hotjar or enabling Do Not Track (DNT) in your browser.

8. Cookie Use

For the purpose of legitimate interests between us it is necessary for this website to use cookies. In fact, most websites you visit will use cookies in order to improve your user experience by enabling that website to ‘remember’ you, either by creating session cookies (for the duration of your visit) or persistent cookies (for repeat visits). This makes the interaction between you and the website faster and easier. If a website does not use cookies, it will think you are a new visitor every time you move to a new page on the site – for example, when you enter your login details and move to another page it will not recognise you and it will not be able to keep you logged in. Cookies are also used to enable help target advertising or marketing messages based on your location and/or browsing habits. Cookies may be “first party cookies” (set by the website you are visiting) or “third party cookies” (set by other websites who run content on the page you are viewing). Third Party cookies assist with collating information to assist with analytics or targeted marketing.

What is in a cookie?

A cookie is a simple unique text file stored on your computer or mobile device by a website server. Only that website’s service is able to retrieve or read the contents of the cookie. It will contain some information such as the URL of the website, a unique identifier and some digits and numbers.

What to do if you don’t want cookies to be set

Some people find the concept of cookies intrusive. If you prefer, it is possible to block cookies or even to delete cookies that have already been set; but you need to be aware that you might negatively affect the manner in which this website responds to you and may prevent you from using certain parts of the site.

Should you wish to control the manner in which Cookies are handled on your computer, we suggest consulting the Help section of your browser.

9. Policy Modifications

We may change this Privacy Policy from time to time especially when new Regulation or better practices become available to us. When we make changes to this Privacy Policy, the updated version will be posted on this page. We encourage you to visit this page periodically.

10. Contacting us about Privacy

If you have any questions about our privacy statement, the information we have collected from you online, the practices of this website, or your dealings with this website, please contact us by using our online contact form.