Privacy Policy

At Leonard Solicitors LLP, we take your privacy very seriously. Our privacy policy terms carefully detail important information about our firm, and how and why we collect, store, use and share your personal data. We also explain your rights in relation to your personal data and how to contact us or authorities in the event you have a complaint.

When using your personal data, we are regulated under the General Data Protection Regulation (GDPR), applying across the European Union (and including the United Kingdom after Britain leaving the EU) and any EU citizen residing worldwide, where we are responsible with personal data as the ‘controller’ for the purposes of GDPR. We use personal data subject to your instruction, our duty of confidentiality, GDPR and other relevant UK and EU legislation.

Key terms

We, us, our Leonard Solicitors LLP
GDPR & Data Protection Liaison Officer Mikey Inglis
Personal data Information relating to an identified or identifiable individual
Special category personal data
  • Personal data revealing racial or ethnic origin, religious beliefs, opinions, or trade union membership
  • Genetic and biometric data
  • Data concerning health, sex, or sexual orientation

 

Personal data we collect about you

Personal data we collect Personal data we may collect depending on your instructions
  • Your name, address and occupation
  • Information to enable us to check and verify your identity, e.g. your date of birth or passport details
  • Electronic contact details, e.g. your home telephone number, email address and mobile phone number
  • Information relating to the matter in which you are or may in the future be seeking our advice or representation
  • Information to enable us to undertake a credit or other financial checks on you
  • Your financial details so far as relevant to your instructions Information about your use of our IT, communication and other systems, and other monitoring information
  • Your National Insurance, tax details and citizenship
  • Your various bank and/or building society details
  • Details of your professional online presence, e.g. Google, Facebook, LinkedIn, Twitter, Instagram profiles, Professional registers and publicly available information
  • Details of your spouse/partner and dependants or other family members
  • Your employment status and details including salary and benefits
  • Your nationality and immigration status and information from related documents, such as your passport or other identification, and immigration information
  • Your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances (including relevant special category personal data)
  • We do not ordinarily collect any Special category personal data such as your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs but on occasion, this may be required if relevant to your instructions and you have been granted legal aid
  • Your trade union membership, if relevant to your instructions
  • Personal identifying information, such as your eye colour or your parents’ names, if relevant to your instructions
  • Your medical records, if relevant to your instructions

 

We may request data to process as a legal obligation in order to enable us to provide our services to you, the data subject. If you do not provide personal data we require, it may delay or prevent us from providing our services to you. It is your obligation to ensure you keep us informed of the accuracy of all relevant data when prompted to confirm your identity.

How we collect your personal data

We collect data subject information from you on initial contact and throughout. However, we also collect information from:

  • Publicly accessible sources such as HMRC and Companies House
  • Directly from a third party
  • Our website when using our online enquiry forms
  • Information technology systems

How and why, we use your personal data

We have a legal obligation to only use your personal data if we have a proper and relevant reason for doing so. These are:

  • Contact details
  • Existing policy details
  • Basic medical information
  • Date of birth

Legitimate interests of using your personal data may extend to business and commercial reasons in processing your information, as long as it is not overridden by your own rights and interests.

The table below explains what personal data we process and reasons of doing so lawfully:

What we use your personal data for Our reasons
To provide legal services to you (including an initial conflict of interest check) For the performance of our agreement with you or to take steps as your request before entering a contract
  • Conducting checks to identify our clients and verify their identity
  • Screening for financial and other sanctions or embargoes
  • Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. by our professional regulator, the SRA and/or Law Society, HMRC, the courts and/or law enforcement agencies
 Compliance with our legal and regulatory obligations
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies such as the SRA, Law Society, HMRC, courts and/or law enforcement agencies Compliance with our legal and regulatory obligations
Ensuring business policies are adhered to, e.g. privacy, data protection, anti-money laundering and counter terrorist financing and policies covering security and internet use In compliance with our contractual obligations, legal and regulatory requirements as well as for our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you
Operational reasons, such as improving efficiency, training and quality control and practical matters such as document storage on or off site To comply with our contractual obligations, legal and regulatory requirements as well as for our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you at the best price
Ensuring the confidentiality of commercially sensitive information To comply with our contractual obligations, legal and regulatory requirements as well as for our legitimate interests or those of a third party, i.e. to protect our intellectual property and other commercially valuable information
Statistical analysis to help us manage our practice For our legitimate interests or those of a third party
Updating client records
  • To comply with our contractual obligations, legal and regulatory obligations
  • For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our clients about existing and new services
Statutory and regulatory returns e.g. to HMRC, SRA and/or our Professional Indemnity Insurers To comply with our contractual obligations, legal and regulatory obligations
Ensuring safe working practices, staff administration and assessments
  • To comply with our legal and regulatory obligations and for the performance of our contract with you or to take steps at your request before entering a contract
  • For our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you
Credit reference checks via external credit reference agencies For our legitimate interests or those of a third party, i.e. for credit control
 

External audits and quality checks
  • To fulfil our contractual obligations and for our legitimate interests or those of a third party, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards
  • To comply with our legal and regulatory obligations

The above does not apply to special category personal data mentioned in the Key Terms. Special category data is only processed with your explicit consent in accordance with the legal requirements relating to the consent and circumstances.

Who we share your personal data with

  • Professional advisers instructed on your behalf or whom we refer to e.g. barristers, medical professionals, accountants or tax advisors
  • Other third parties where necessary to your instructions
  • Audits of our accounts by our accountants
  • External service suppliers that we use to make our firm more efficient

We may disclose and exchange information with law information enforcement agencies and regulators to comply with our legal and regulatory obligations.

If you would like to apply for Legal Aid then we will need to share your personal information with the Legal Aid Agency.

Where your personal data is held

Personal data is held at our offices or by external service suppliers as described above.

Some of these external services may be based out of the European Economic Area, where your personal data is secured under GDPR policy.

How long your personal data is kept

We keep personal data after we have finished advising or acting for you for the following reasons:

  • To keep records required by law
  • To respond to any questions, complaints or claims made by you or on your behalf
  • For evidence of fair treatment
  • We do not retain your personal data longer than what is necessary for the purposes set out in this policy

We destroy, delete or anonymise personal data when it is no longer necessary to retain. Information is normally retained for a minimum of 6 years unless the information is based on a person under the age of 18, where the 6 year period will begin when the person reaches 18.

Transferring your personal data outside of the EEA

In order for us to deliver our services to you, it may be necessary for us to share your personal data outside of the European Economic Area. Reasons for this are as follows:

  • With your and our service providers located outside of the EEA
  • If you are based outside of the EEA
  • Where international dimensions to matters we advise you on

You can exercise your rights in relation to GDPR detailed in the table below:

Your right to… Rights explained
Access, known as a Subject Access Request The right to be provided with a copy of your personal data in accordance with the provisions of the law which you can reference on the ICO website
Rectification The right to require us to correct any mistakes in your personal data. We rely on you to inform us in the first instance of any amendments to your data that are required
To be forgotten The right to require us to delete your personal data in certain situations
Restriction of processing The right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data
Data portability The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations
Withdraw consent At any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent
To object The right to object:

 

at any time to your personal data being processed for direct marketing (including profiling);

in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests if these are superseded by your legitimate interests
All Other Investments and Protection The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

If you would like to exercise any the rights detailed above, please:

  • Email, call or write to our GDPR & General Data Protection Liaison Officer. Details of contact methods are here
  • Provide us with enough information to identify you (your full name, address, and client or matter reference number)
  • Provide proof of your identity and address (driving licence or passport and a recent utility bill)
  • Let us know what right(s) you want to exercise

Keeping your personal data secure

We use appropriate technical and organisation measures to:

  • Prevent personal data from being accidentally lost, used or accessed unlawfully
  • Ensure data processers process your personal data lawfully
  • Have appropriate procedures in place to deal with any suspected data security breach. Data subjects and regulators are notified of any suspected data security breach as legally required to do so.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

How to make a complaint

Please see our complaints policy.

The General Data Protection Regulation gives you the right to log complaints with the Information Commissioner’s Office. You can contact the Information Commissioner with the below details

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

0303 123 1113
www.ico.org.uk/concerns

Changes to our privacy

Our privacy policy is regularly reviewed. Our latest amendment was issued on 11th December 2020. Any changes to our privacy policy will be communicated on our website www.leonardsolicitors.co.uk and/or by contacting you directly via email.