Privacy Notice and Policy
Welcome to the Bird & Co Solicitors LLP's privacy notice.
This privacy notice provides information on how Bird & Co Solicitors LLP collects and processes your personal data when you visit our website and when you use our services.
This notice seeks to provide you with information about how Bird & Co collects your data through your use of its websites. It also applies to data that you provide during the use of our legal services.
Important information and who we are
Bird & Co Solicitors LLP is the controller and responsible for your personal data.
We have not appointed a data protection officer. If you have any questions about this privacy notice or our data protection practices please contact the Designated Person who is the firm’s Compliance Officer for Legal Practice.
Our full details are:
Full name of legal entity: Bird & Co Solicitors LLP
Designated Person: Christopher Milligan (Compliance Officer for Legal Practice)
Email address: firstname.lastname@example.org
Postal address: 15 Castlegate, Grantham, NG31 6SE
The data we collect about you
We may collect, use, store and transfer different kinds of personal data about you as follows:
- Identity Data – including details of your name, gender, marital status and date of birth.
- Contact Data – including your contact addresses, email address and phone numbers.
- Financial Data – including bank account information, payment cards and details of your credit rating.
- Transaction Data – including details of the transactions and services you have engaged us for and payment details, as well as all information provided to enable us to progress your legal matter.
- Technical Data – includes details of you IP (internet protocol address) and other technical data gathered while accessing this website.
- Profile Data - includes the information provided by you while using our services in reply to questionnaire’s and queries as well as details of which services you have used.
- Usage Data – includes details of how you use our website and services.
- Marketing and Communications Data – includes any information you give us regarding your preferences for marketing communications.
We use different methods to collect data from you as follows:
- Directly from you – where you provide us with details directly by corresponding with us or by completing forms through our website and emails.
- Through our website (and in Conveyancing through the InTouch website) – we may automatically collect technical data about you.
- Through publicly available sources and third parties, including:
- Through technical providers such as Google Analytics and Ruler Analytics.
- Through publicly available sources like the Land Registry, Companies House and other search providers.
How we use your personal data
We will only use your personal data for the purpose for which we collected it which include the following:
- To register you as a new client.
- To process and deliver the services you have engaged us for.
- To manage your relationship with us.
- To enable you to participate in a prize draw, competition or complete a survey.
- To improve our website, products/services, marketing or customer relationships.
- To recommend services which may be of interest to you.
- To comply with our legal or regulatory obligations.
The "General Data Protection Regulation" (GDPR) is the primary piece of legislation defining your rights over our processing of your personal information. The GDPR requires us to declare which of six "lawful reasons" we are relying on when we are processing your personal data: we operate on the basis of "consent" when sending newsletters (you won't get sent a newsletter unless you have explicitly opted in to receive one).... and we operate on the basis of "legitimate interest" when communicating with you in other ways (e.g. when responding to your enquiry).
How we share your personal data
We will not share your data with third parties without obtaining your consent, unless we are under a legal or regulatory obligation to do so.
From time to time we may pass personal data such as your name and email address to other services that we use to send out newsletters and other communications (both electronic and print). However, your personal data will remain in the UK (or within a country covered by UK “adequacy regulations”).
Personal data will not be sent to countries outside of the UK (or outside of the countries covered by a UK “adequacy regulation ”) unless such transfer falls under one of the exemptions for restricted transfers set out within Article 49 of the UK GDPR. These are as follows:
1. You have the explicit consent of the person the transferring data is about.
2. You have a contract with the person the transferring data is about, and the restricted transfer is necessary so you can carry out your obligations in that contract or, the restricted transfer is necessary so you can carry out pre-contract steps as requested by that person.
3. The restricted transfer is necessary for you to enter into a contract or to carry out your obligations under a contract and that contract benefits the person the transferring data is about. (In this case the contract is not with that person).
4. The restricted transfer is necessary for important reasons of public interest.
5. The restricted transfer is necessary to establish whether you or someone else has a legal claim or defence, to make a legal claim or to defend a legal claim.
6. The restricted transfer is necessary to protect someone’s vital interests – this may or may not be the person the transferring data is about. (To use this exception the person the transferring data is about must be physically or legally incapable of giving their consent to the restricted transfer).
7. The restricted transfer is from a public register and meets the relevant legal requirements relating to access to that public register.
8. The restricted transfer is a one-off transfer which is necessary to meet your compelling legitimate interests.
We have put in place measures to ensure your data is held securely and to seek to prevent data from being lost or disclosed in an unauthorised way. This includes limiting access to your data only to employees, agents, contractors and third parties who need to have access.
We will notify you if we believe there has been a breach of your data and will notify the appropriate regulator.
Solicitors are under a professional and legal obligation to keep the affairs for the client confidential. This obligation is subject to statutory exceptions including where a solicitor knows or suspects that a transaction on behalf of a client involves money laundering the solicitor may be required to make a money laundering disclosure. If this happens we may not be able to inform you that a disclosure has been made, or of the reason for it, because the law prevents “tipping off ”.
How long will we keep your data
We will retain your personal data for as long as necessary to fulfil our obligations and to complete the services we undertake for you.
We will determine the appropriate retention period for your data based on the nature and sensitivity of the data and our legal obligations.
Where we are instructed to carry out a legal matter for you we will keep your data for at least 6 years as this coincides with the period for contractual liability. In some cases it will be necessary to keep data for longer than this period (such as retention of wills) and this will be assessed on a case by case basis.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data including the right to receive a copy of the personal data we hold about you and the right to make a complaint at any time to the Information Commissioner's Office, the UK supervisory authority for data protection issues (www.ico.org.uk). We would however appreciate you contacting us in the first instance before approaching the ICO.
You also have the right to:
- Request access to your personal data (commonly known as a “data subject access request”)
- Request correction of the date we hold about you.
- Request erasure of your personal data. (We may not always be able to comply with this request for specific legal reasons and will notify you of this, if applicable, at the time of your request).
- Object to processing of your personal data
- Request restriction of processing of your personal data in certain circumstances
- Request the transfer of your personal data to you or a third party
- Withdraw consent at any time to the processing of your personal data. (This is likely to result in us no longer being able to act for you and we will advise if this is the case at the time you withdraw your consent).
Where you wish to exercise any of these rights a request should be addressed to the firm's Compliance Officer for Legal Practice.
We may need further information from you in order to comply with such a request and to ensure that you are entitled to the information being requested.
We will not usually require a fee for complying with these requests. However we may charge a fee if your request is clearly unfounded, repetitive or excessive. In these circumstances we may alternatively refuse to comply with the request.
We will usually respond to a legitimate request within a month but it may sometimes take longer than this and we will keep you updated where there is a delay.
In order to provide you with services and advice we rely on the information and documents supplied by you. You acknowledge that in the event that you do not supply complete documents and/or information the advice we are able to give may be affected and that we cannot be held liable for errors or omissions arising from incomplete information.
Where you have provided us with contact details you are responsible for ensuring that your means of contact are suitably secure and where possible not shared with others. You must keep us updated if these contact details change. We cannot be held liable for information loss arising where you have not informed us of a change in details. It is prudent to ensure you have a secure email password, current malware protection, and that you do not allow access to third parties and/or access such communication services in insecure ways. We cannot be held liable for any damage or loss arising from a failure to apply proper security procedures by you. Where you have access to an online portal in connection with your matter you are also responsible for ensuring that passwords for are kept secure and we exclude liability for loss arising from unauthorised access to such systems.
Our Use of Google Analytics
We use Google Analytics to monitor how our website is being used so we can make improvements. Our use of Google Analytics requires us to pass to Google your IP address (but no other information) - Google uses this information to prepare site usage reports for us, but Google may also share this information with other Google services. In particular, Google may use the data collected to contextualize and personalize the ads of its own advertising network. Related information:
We use Ruler Analytics to help us monitor communications and to improve the services we provide. We use it to record phone conversations and to track how people are using our website. As you interact with our website, we collect technical data about your equipment, browsing actions and patterns. Using the terminology required by GDPR we believe that we have a "legitimate interest" in doing this, however, you can use the cookie controls found in the footer if you want to disable this behaviour. For more information visit Ruler Analytics