Legal Risk LLP is a law firm offering legal services to businesses and individuals.
In order to provide our services and manage our business we collect and manage data from clients and others. This is likely to include personal data as we could be dealing with individuals as clients or obtain information relating to individuals within client businesses. We are committed to protecting the privacy rights of individuals.
This Privacy Notice describes the ways in which we collect, manage, store and dispose of data relating to individuals. We may update it from time to time.
Our main office is at 28 Bixteth Street, Liverpool L3 9UH.
Telephone 0345 330 6791
Website address www.legalrisk.co.uk
Our Privacy Officer is Frank Maher, email: [email protected]
The information which we collect may include –
- Home address;
- Telephone numbers;
- Email address;
- Other contact details;
- Documentation confirming your identity, such as a passport or driving licence;
- Your status as a director of a company or member of an LLP;
- Your status as a beneficial owner of a company or LLP;
- Financial information including bank account details;
- Details of your communications with us and attendances upon us;
- Publicly available information and
- Any information which you provide to us.
We may also collect sensitive information, including, where relevant –
- Health data (relating to both physical and mental conditions and any disability); and
- Racial or ethnic origin.
We collect data in order to –
- Incept you or your organisation as a client, including client due diligence checks;
- Provide legal services and respond to requests for legal services;
- Manage our business relationship with you or your organisation, including billing, accounting, collection and support services;
- Provide information relating to our services either in response to specific requests or generally in order to develop our business;
- Process employment applications;
- Bill for our services and obtain payment;
- Respond to complaints;
- Meet our legal and regulatory obligations;
- Make appropriate business development plans to better support our clients’ needs for legal services;
- Prevent, detect and respond to fraud or potential fraud or other illegal activities;
- Improve the functionality of our website and other IT requirements;
- Fulfil purposes ancillary to any of the above.
We may collect and process health data if it is relevant and necessary for the establishment, exercise or defence of legal claims.
We may collect and process data relating to racial or ethnic origin either because it is necessary for the establishment, exercise or defence of legal claims or, subject to explicit consent, in order to respond to requests from our regulators for statistical information.
The following table sets out the information we collect and the legal basis upon which we collect it.
|Purpose for obtaining the information||Legal basis for using the information|
|Providing legal services and responding to requests for legal services||Performance of a contract, including steps taken in anticipation of entering a contract;
In the case of an individual, where appropriate, our legitimate interests in entering into and performing a contract with an organisation with which you are connected.
|Provide information relating to our services either in response to specific requests or generally in order to develop our business||Our legitimate interest in developing our business. We will note the rights of individuals to unsubscribe from mailings and/or manage their preferences in our mailings and requests to unsubscribe may be made by using a link in the email or by contacting our Privacy Officer at the contact details above.|
|Providing legal updates and information in relation to events which we believe may interest you||Our legitimate interest in developing our business. We will note the rights of individuals to unsubscribe from mailings and/or manage their preferences in our mailings and requests to unsubscribe may be made by using a link in the email or by contacting our Privacy Officer at the contact details above.|
|Processing employment applications||Performance of a contract, including steps taken in anticipation of entering a contract, and, in the case of information which we are required to provide for tax or social security purposes, compliance with our legal obligations. We may also seek the explicit consent of applicants for employment to us obtaining further information. We may seek explicit consent to the collection of data relating to racial or ethnic origin for the purposes of complying with requests for information from our regulators.|
|Billing for our services and obtaining payment||Performance of a contract and, in relation to tax and VAT, for complying with our legal obligations|
|Responding to complaints||Compliance with a legal obligation|
|Meeting our legal and regulatory obligations||Compliance with a legal obligation|
|Make appropriate business development plans to better support our clients’ needs for legal services;
|Our legitimate interest in developing our business and improving our ability to assist our clients. We will note the rights of individuals to unsubscribe from mailings and/or manage their preferences in our mailings and requests to unsubscribe may be made by using a link in the email or by contacting our Privacy Officer at the contact details above.|
|Improving the functionality of our website and other IT requirements.||Our legitimate interests in improving the content and performance of our website and use of IT to support our provision of legal services.|
When we rely upon our legitimate interests we will balance any impact on you and your privacy rights and will not use your personal data where the impact on you would override our rights, unless we are otherwise permitted by law to process your personal data, for example, where you consent.
In certain circumstances we are required to collect information from you or individuals within your organisation in order to comply with our legal or regulatory obligations. This may, for example, include information relating to identity and source of funds. We may also be required to collect information from you, individuals within your organisation or from others on your behalf in order to perform a contract with you. If you do not provide us with the information which we require we may be unable to act for you. Where information is required in the context of, for an example, an application for employment, if you do not provide the information we need, we may be unable to offer you employment.
In some limited circumstances we may share data which we collect from you with certain trusted third parties in accordance with contractual arrangements which we have in place or as required by law. These may include –
- Third parties, such as barristers, foreign lawyers, expert witnesses, consultants;
- IT service providers;
- Providers of data services such as email hosting, telephone answering, website hosting and online surveys;
- Our auditors and professional advisers;
- Our insurers;
- Other people in your organisation;
- Regulators and public bodies, including in connection with tax, VAT and compliance with obligations relating to the prevention and reporting of financial crime.
Where we share data with a third party, the data may be stored outside the United Kingdom. Please see our section below on International transfers.
We may use IT applications which are hosted outside the United Kingdom. We only transfer your Personal Data where regulations made under section 17A of the Data Protection Act 2018 provide that the third country in question ensures an adequate level of protection in line with United Kingdom data protection standards, or where there are appropriate safeguards in place to protect your Personal Data.
The data protection legislation provides individuals with whom we are dealing with the following rights. This includes relationships between us and individual clients or others with whom we deal, or induvial within client organisations or third-party organisations. All of those individuals are referred to as ‘you’ below:
Right to be informed
This Privacy Notice is provided to fulfil our obligation to tell individuals how we use their information.
Right of access
Individuals are entitled to ask us for a copy of any personal data which we hold relating to them. This right is known as a ‘Subject Access Request’. If you wish to make a Subject Access Request you should contact our Privacy Officer in writing or by email or verbally. If possible, and to make sure we identify your request as soon as possible, we would ask you to try to include the term ‘Subject access request’ in the heading. Failure to do so does not affect your request, but it means that it will be flagged up at the first opportunity–
28 Bixteth Street
Telephone 0345 330 6792
Email: [email protected]
We will normally send you a copy of the information within one month of your request. However that period may be extended by two further months where necessary, taking into account the complexity and number of the requests. There is usually no charge; in exceptional circumstances we may charge but will discuss this with you if that applies.
Right to rectification
If the information we hold about you is inaccurate you may contact our Privacy Officer using the contact details above. The information will be checked and, where appropriate any inaccuracy rectified.
Right to erasure
In certain circumstances you may be entitled to ask us to erase your personal data. for further information, please contact our Privacy Officer using the contact details above.
Right to data portability
If you wish to move, copy or transfer the electronic personal data that we hold about you to another organisation, please contact our Privacy Officer using the contact details above.
Right to object
You may also object to your data being used for direct marketing.
You may also object to the continued use of your data in any circumstances where we rely upon consent as the legal basis for processing it.
Where we rely upon legitimate interests as the legal basis for processing your personal data, you may object to us continuing to process your personal data but you must give us specific reasons for objecting. We shall consider the reasons you give us but if we consider that there are compelling legitimate grounds for us to continue to process your data we may continue to do so. In that event we shall let you know the reasons for our decision.
Rights related to automated decision making including profiling
You may object to automated decision making, including profiling, by contacting our Privacy Officer using the contact details above.
We will usually retain your information as follows.
|Type of data||Retention period|
|Client files||We will keep these for a minimum of seven years from the conclusion of your instruction in accordance with our policy on document retention.
We need to keep records for this period for regulatory compliance and to ensure our records are adequate for the purposes of obtaining insurance to protect our clients and other parties.
|Health records||We will destroy these securely at the conclusion of the contract: further copies can be obtained if necessary from the original source.|
|Employment applications||3 months from the date of conclusion of the application for non successful applications.
2 years if you become employed by us.
|Human resources||6 years from conclusion of the period of employment. 6 months from conclusion of an application for employment which does not result in a contract of employment.|
|Website data||1 year|
We implement a range of technical and organisational measures to protect your information and ensure confidentiality. We keep these under regular review.
Our website uses the following cookies
These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited.
This is used to monitor user session counts.
We may amend this policy and any changes will take effect immediately and be binding on you. If we make any change which will significantly change our use of your data, we will notify you. Otherwise you should check our policy from time to time to ensure that it meets your expectations.
24 May 2018