Privacy Notice
Introduction
Cordus Law is a law firm offering legal services to businesses and individuals.
In order to provide our services and manage our business we collect and manage data from clients and others. We are committed to protecting the privacy rights of individuals. We comply with all aspects of the UK’s data protection legislative framework which includes the European General Data Protection Regulations [GDPR] and the UKs own legislation, as well as other confidentiality obligations which are applicable to us as solicitors.
This Privacy Notice describes the ways in which we collect, manage, store and dispose of data. We will review and update it from time to time.
Does this Privacy Policy apply to you?
This privacy notice has been written for the following categories of people (referred to in this notice as “you”):
- our clients and people that represent them or who work for them;
- customers of our clients, that our clients have instructed us to act for;
- people who make enquiries about our services;
- people who receive our legal updates, newsletters or invitations to our seminars and events and those who attend such events;
- people who visit our websites or who follow us on our various social media channels;
- people whose personal information is required in order to enable our clients (or their customers) to obtain legal advice or otherwise establish, exercise or defend legal rights;
- people (and their representatives) who are involved in one of our client’s matters including witnesses and the other parties to litigation or on the other side of transactions;
- business contacts of Cordus Law Ltd
- suppliers that we use or that our clients use; and
- our regulators, insurers, auditors, professional advisers and certification bodies.
This privacy notice does not apply to:
- people who currently work for us, have worked for us or who are interested in working for us. We have written a separate privacy notice for this group.
- any services which we provide to a client as a data processor. In such circumstances, our collection and use of personal information is covered by our client’s privacy notice
If you believe that we are processing your personal information, but you are not included in the above list please contact us to discuss this.
This notice covers:-
- the personal information that we collect and use;
- the lawful bases we rely on to collect and use it;
- why we collect and use personal information;
- where we get the personal information from;
- with whom we share personal information;
- when we transfer personal information outside the EEA;
- how long we keep information and how we ensure it is secure; and
- your privacy rights.
Data Controller
Our main office is at;
8 Flemming Court
Whistler Drive
Castleford
West Yorkshire
WF10 5HW
Telephone 01977 602804
Types of personal data that we hold:-
The personal information that we collect includes:
- basic information, such as your name (including name prefix or title), the company you work for, your title or position and your relationship to a person.
- contact information, such as your postal address, email address and phone number(s).
- identification and background information provided by you or collected as part of our client checking processes. This may include date of birth, nationality and previous addresses.
- where you are our client, we will collect information about your circumstances that have led to you wishing to use our services. This may include special category data, such as health where this is relevant to the matter we are working on for you and information about your family members and beneficiaries. We also keep records of your contact with us.
- if you are involved in one of our client’s matters, we will collect information about you that is relevant to the matter. This may include special category data.
- financial information, such as payment-related information and information relevant to funding.
- technical information collected when you visit our website or digital or in relation to materials and communications we send to you electronically, which includes information about the type of device you are using, your IP address and geographic location, your operating system and version, browser type, the content you view and the search terms you enter.
- information you provide to us for the purposes of attending meetings and events we host, including access and dietary requirements.
If we collect or receive your personal information in the context of our provision of legal services we might receive information from third parties such as your relatives, employer, other parties involved in the services we are providing (e.g. other parties in litigation or transactions) or others such as regulators and authorities. The information we collect will be relevant to the legal services that we are providing to our client and may include special categories of data where lawful for us to process it.
The lawful basis for processing personal information
We rely on the following legal bases to process your personal information:
| Performance of a contract | Applicable when we need to collect and use your personal information in order to takes steps to enter into a contract with you or to perform our obligations under a contract with you. |
| Legal obligation | Applicable when we need to collect and use your personal information to comply with applicable laws and regulatory requirements. |
| Legitimate interests | We may collect and use your personal information to further our legitimate business interests. We only do this where we are satisfied that your privacy rights are protected satisfactorily. You have a right to object to any processing of your personal information based on this legal basis (see below). |
| Establishment, exercise or defence of a legal claim | This applies where we need to collect or use personal information to enable us to establish, exercise or defend a legal claim of our own or when we are working on matters for our clients or their customers. |
| Consent | We may (but usually do not) need your consent to use your personal information. You can withdraw your consent by contacting us (see below). |
| Public Interest | Although we are not a public body, we do collect and use some personal information where this is necessary to perform tasks that are in the public interests. |
Why we collect and process personal information
| Why | The legal basis |
|---|---|
| To manage and administer our relationship with our clients and to provide legal and financial advice services to them |
Performance of a contract
Establishment, exercise or defence of a legal claim |
| To manage and administer our relationship with customers of our clients and to provide legal and financial advice services to them |
Legal obligation
Legitimate interests Establishment, exercise or defence of a legal claim |
|
To undertake background checks on potential clients including checking identity and checks undertaken for anti-money laundering, anti-terrorism reasons, to avoid conflicts of interest, financial and reputational checks. We do not undertake any automated decision making, but we use credit reference and fraud prevention agencies who may do so.
Please note that our anti-money laundering and client identity checks may include sharing your identity details with a third-party provider of automated electronic identity verification. |
Legal obligation
Legitimate interests Public interest |
| To assist our clients with obtaining funding and insurance to help them pursue their matters and for sourcing and obtaining financial products |
Legitimate interests
Consent Establishment, exercise or defence of a legal claim |
| To ensure that we provide excellent standards of client service through our own audit, review and quality assurance checks or by those undertaken by our clients, regulators, auditors, professional advisers and certification bodies | Legitimate interests |
| To manage and administrate our relationships with suppliers of good and services to us |
Performance of a contract
Legal obligation Legitimate interests |
| To make and manage client and supplier payments, including collecting payments due to us |
Performance of a contract
Legal obligation Legitimate interests |
| To look into any complaints or queries |
Performance of a contract
Legitimate interests |
| To otherwise carry out the day-to-day operations of our businesses efficiently including managing our financial positions, business capability, planning, communications, corporate governance and audit |
Legal obligation
Legitimate interests Public interest |
| To undertake activities designed to promote and market our services including sending out newsletters, legal updates, holding events and seminars, inviting you to enjoy our hospitality and hosting you, and keeping records of your interests in these activities |
Legitimate interests
Consent (where legally required) |
| To undertake on-line marketing activities including using a variety of digital and social media channels |
Legitimate interests
Consent (where legally required) |
| To provide “added value” services to our clients | Legitimate interests |
| To train and develop our staff and people who work for us |
Performance of a Contact
Legal obligation Legitimate interests |
| To run our corporate social responsibility programmes | Legitimate interests |
| To prevent and respond to actual or potential fraud or illegal activities |
Legal obligation
Public interest |
| To establish, exercise or defend our legal rights or for the purpose of legal proceedings in which we may be involved | Establish, exercise or defend legal rights |
| Processing employment applications |
Performance of a Contract
Legal obligation Consent |
| Billing for our services and obtaining payment |
Performance of a Contract
Legal obligation |
| Responding to complaints | Compliance with a legal obligation |
| Meeting our legal and regulatory obligations | Compliance with a legal obligation |
| Improving the functionality of our website. | Our legitimate interests in improving the content and performance of our website |
Client relationships and marketing activities
We undertake a range of activities designed to provide added value for our clients and business contacts and to build on our already excellent relationships with you.
While we want to keep you fully aware of all of the services we offer, we are keen to ensure that we are not responsible for sending you with unwanted marketing material. We therefore do our best to tailor the information and invites we send out. To do this we store information about your professional and personal interests and communication preferences. We also track your level of engagement with us including via our on-line and digital platforms.
The data protection legislative framework recognises that it is in our legitimate business interests to collect and use personal information for marketing reasons. We do not need your consent to do this lawfully, but we are obliged to inform you that you have a right to object to this. The law also allows us to send marketing communications by electronic means to our existing clients and business contacts without needing consent. Again, you have the right to object to this activity if you wish.
We believe that we can keep information for marketing purposes indefinitely, and keep communicating with you from time to time, until and unless you ask us to stop. When we send you information about the services we offer or invitations to our events, we always include a simple “unsubscribe” option. If you have any difficulty using it or wish to find out more about this activity please contact us.
Where we receive personal data from
The personal information hold comes from a variety of sources.
- You give us your personal information directly, when you engage with us, including via our websites or digital media channels
- We obtain additional information in the course of undertaking checks in order to comply with our statutory and regulatory obligations or where such checks are in our legitimate business interests
- We obtain and generate personal information in the course of providing legal or financial services and assisting you with obtaining funding and insurance
- We obtain contact details and other information from our business contacts
- We collect information from publically available sources such as telephone directories, social media, the internet and news articles, and occasionally buy marketing lists of business contacts
- We collect personal information while monitoring our technology tools and services, including our websites, email and social media communications.
- If you wish to give us personal information about another person, please speak to us to ensure that you are legally entitled to give us the information and for advice on whether you need to inform that person.
Sharing your personal data
In some limited circumstances we may share data which we collect from you with certain trusted third parties in accordance with contractual arrangements which we have in place or as required by law. These may include –
- Suppliers, bound by obligations of confidentiality, who provide goods, services and professional advice to us to help us run our businesses
- Credit reference agencies to help us undertake identity and credit checks
- Third parties engaged in the course of services we provide to clients such as experts, counsel, other professional advisers, funders and insurance providers
- Third parties involved in our clients’ matters such as counterparties in litigation and transactions, their representatives and other advisers, courts and tribunals, government agencies and law enforcement agencies
- Third parties who wish to offer our financial advice clients’ financial products
We may also be required to share personal information with regulatory authorities, government agencies and law enforcement agencies. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
We do not sell, rent or otherwise make personal information commercially available to any third party.
Transfers outside the European Economic Area
We do not send personal data outside the EEA as a matter of course. None of the service providers we use to help us run our businesses are based outside of the EEA.
Transfers of personal data outside the EEA can arise where we are acting for individuals or business clients with interests outside the EEA, such as in the following circumstances:
Where we are acting for individual clients that:
- live outside the EEA
- have assets or relatives based outside the EEA
- work or have worked for businesses that have operations based outside the EEA
- have had accidents outside the EEA
- have a reason to make a claim against a business, individual, trust, estate or organisation based outside the EEA
Where we are we acting for businesses or organisations that:
- have operations or employees / contractors that based outside the EEA
- buy goods or services from businesses or organisations that are based outside the EEA
- are entering into transactions with business, organisations or individuals based outside the EEA
- have potential legal disputes with a business, individual, trust, estate or organisation based outside the EEA.
If we are required to transfer personal data outside of the EEA, we will ensure that we do so in a legally compliant manner and take steps to ensure the information is protected in the same way as if it was being used in the EEA. If you are affected, you should discuss this with the lawyer acting for you who will explain the particular safeguards that we will put in place.
If you choose not to provide your personal data
If you choose not to provide us with certain personal data you should be aware that we may not be able to offer you certain services. For example, we cannot act for you unless we are able to check your identity and run anti-money laundering checks.
Retention periods for personal data
Our policy is to not hold personal information for longer than is necessary. We have established data retention timelines for all of the personal information that we hold based on why we need the information. The timelines take into account any statutory or regulatory obligations we have to keep the information, our ability to defend legal claims, our legitimate business interests, best practice and our current technical capabilities. We delete or destroy personal information securely in accordance with the Data Retention Schedule.
How long will we retain your information?
We will usually retain your information as follows.
| Type of data | Retention period |
|---|---|
| Client files | We need to keep records for a period which varies depending on the nature of a matter but is a minimum of 6 years for regulatory compliance and to ensure our records are adequate for the purposes of obtaining insurance to protect our clients and other parties. |
| Health records (for example, for personal injury claims) | We will destroy these securely at the conclusion of the contract: further copies can be obtained if necessary from the original source. |
| Employment applications | 4 months from the date of conclusion of the application |
| Human resources | 6 years from conclusion of the period of employment |
| Website data | 1 year |
Data Security
We are committed to information security and take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us. This is kept under regular review.
Your rights
The data protection legislation provides you with the following rights.
Right to be informed
This Privacy Notice is provided to fulfil our obligation to tell you how we use your information.
Right of access
You are entitled to ask us for a copy of any personal data which we hold relating to you. This right is known as a ‘Subject Access Request’. If you wish to make a Subject Access Request you should contact our Privacy Officer in writing or by email or verbally –
Shane Hensman
8 Flemming Court
Whistler Drive
Castleford
West Yorkshire
WF10 5HW
Telephone: 01977 602804
Email: shane.hensman@corduslaw.co.uk
We will normally send you a copy of the information within one month of your request. However that period may be extended by two further months where necessary, taking into account the complexity and number of the requests. There is usually no charge; in exceptional circumstances we may charge but will discuss this with you if that applies.
Right to rectification
If the information we hold about you is inaccurate you may contact our Privacy Officer using the contact details above.
Right to erasure
In certain circumstances you may be entitled to ask us to erase your personal data. For further information, please contact our Privacy Officer using the contact details above.
Right to data portability
If you wish to move, copy or transfer the electronic personal data that we hold about you to another organisation, please contact our Privacy Officer using the contact details above.
Right to object
You may also object to your data being used for direct marketing.
You may also object to the continued use of your data in any circumstances where we rely upon consent as the legal basis for processing it.
Where we rely upon legitimate interests as the legal basis for processing your personal data, you may object to us continuing to process your personal data but you must give us specific reasons for objecting. We shall consider the reasons you give us but if we consider that there are compelling legitimate grounds for us to continue to process your data we may continue to do so. In that event we shall let you know the reasons for our decision.
If you wish to exercise your right to object to the use of your data under this section of our Privacy Policy, please contact our Privacy Officer using the contact details above.
Rights related to automated decision making including profiling
You may object to automated decision making, including profiling, by contacting our Privacy Officer using the contact details above.
Complaints
Changes to this Privacy Notice
This privacy notice will be reviewed periodically and updated accordingly.
Cookie Policy
This document outlines how personal information may be collected and used (or not used) on this web site, and outlines responsibilities and liabilities that correspond to such collection and/or use. These terms cover this web site and its content exclusively, and do not include web sites that are linked, or malicious third-parties.
It is our commitment to end users to operate this web site with integrity and honesty – taking the time, effort, and care to protect users and information that may be provided.
Collection of Information
We only collect personal information such as names, addresses, and contact information when it is voluntarily submitted by our users. The information provided is only used to fulfill your specific request, and cannot be used for any other purpose unless permission is given by the individual who provided the information.
Third Parties
We may link to or display content from third parties on our web site. Should a user follow such links they would be leaving this web site and no longer be governed by this privacy policy. This policy and these terms apply only to content existing on this web site.
Cookies and Tracking Technology
This site may use cookies or browser tracking technologies to provide a better overall user experience. This information allows us to continue modifying the site to meet end user browser types, operating systems, and frequency of visits. Personal information cannot be collected by these methods unless expressly provided by the end user. Aggregate cookie and tracking information may be shared with third parties.
What are Cookies?
A “cookie” is a small text file that’s stored on your computer, tablet or phone when you visit a website. Some cookies are deleted when you close down your browser. These are known as session cookies. Others remain on your device until they expire or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you as a returning visitor. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. Alternatively, you can search the internet for other independent information on cookies.
How we use Cookies?
We use cookies (and sometimes other similar technologies) to:
- Monitor your use on our website and gather analytics to help us improve your browsing experience
- Remember your preferences to personalise your visit
- Personalise our website and display information relevant to you
- Help us improve the usability of our website
Cookies in use
| Cookie Name | Cookie Description |
|---|---|
| wordpress_settings | Set by WordPress to identify a specific user and customise their view of the admin interface and main site interface |
| wordpress_logged_in | Set by WordPress – a cookie for a logged in user. It expires when user exits the browser |
| wordpress_test_cookie | Set by WordPress – this session cookie allows us to authenticate logged in administrator users and maintains a manifest of website settings for use across the site. The system will drop a cookie to test the browser being used is able to use cookies |
| wp-settings-time | Set by WordPress to identify a specific user and customise their view of the admin interface and main site interface |
| _gat | Cookies set by Google Analytics and is used to throttle requests and has an expiration of 1-minute |
| _ga | Cookie set by Google Analytics and is used to distinguish users and has an expiration of 2-years |
| _gid | Cookie set by Google Analytics and is used to distinguish users and has an expiration of 24-hours |
| _gac | Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out |
