Privacy Policy
We make it our business to know about privacy. As a law firm, client confidentiality and privacy has always been mandatory. We value our clients and treat your information with the utmost respect.
This Privacy Policy sets out how we collect and use personal information of our clients and others. It applies to any personal information we collect and use in the course of our services, including but not limited to via this website. It is drafted to comply with applicable data protection laws in the UK, including the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR).
Contacting us
If you have any questions at all about this Privacy Policy, our services or website, or about how we use and process your personal information, please contact us by:
Clare Hancox is the nominated person in charge of privacy at Be Legal Limited and will respond to your enquiries promptly.
Changes to this Privacy Policy
Changes to this Privacy Policy will be posted on this page, so that you will be aware of the information we collect and how we use it at all times. Our terms of engagement will also incorporate these terms. You are asked to read this regularly so that you are satisfied with the privacy conditions under which we provide our services and website.
Our role
Under applicable Data Protection Laws, we will be the “data controller” of the personal information that we collect about you in connection with your use of our services or websites, unless we specifically agree or the context determines otherwise.
When we collect information
We will collect personal information about you in these circumstances:
What information we collect
We may collect the following types of personal information about you
We do not collect or use
How we use your information
We may use your information in a number of ways, including:
We do not:
Lawful basis on which we use your information
We will only ever use your personal information as permitted under applicable Data Protection Law, which means one or more of the following will always apply:
Third parties we work with
From time to time we may retain the services of other carefully selected partners and suppliers to perform functions on our behalf, which may involve sharing your information with them. Examples of these functions would include third parties involved in:
These third parties may be provided with limited access to your personal details in order to fulfil their main function, but we will contractually restrict them from using such information for any other purpose.
In addition, we may disclose your personal information to third parties in the following situations:
Unless otherwise provided by law, all third parties are required to respect the confidentiality of your personal information. They are required to take appropriate security measures to protect your personal information. We do not allow them to use it for their own purposes, but only as we specify and in accordance with our instructions.
Where your information is stored
Your information within our filing systems will be held at our main administrative office in East Sussex. Our website and email server are hosted within the EEA.
Transfers to third countries and safeguards
In the unlikely event that we need to transfer any of your information to other countries or international organisations, we would only do so if they are deemed by Data Protection Laws to have adequate privacy protection or recognised legal mechanisms are in place to ensure adequate protection of your information (e.g. EU Model Contract Clauses or EU-US Privacy Shield or Swiss-US Privacy Shield frameworks). Any international transfers of your personal information will also be subject to binding privacy and confidentiality terms enabling us to ensure compliance with this Privacy Policy. You may request further information on any such international transfers from us at any time.
How we keep your personal information safe
We will safeguard your information in our custody. We have developed and will maintain adequate security procedures to safeguard personal information against loss, theft, copying, and unauthorised disclosure, use or modification. Access to personal information is restricted to authorised individuals and companies who need it to perform their work. We also regularly review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
Retention of records
We will do our best not to keep your personal information for longer than necessary to facilitate your use of the services and website, except as required by law. We will regularly review the information that we hold and delete unnecessary information from our systems. Please note that, as a law firm, we will often need to retain our files for substantial periods in line with statutory limitation periods for legal claims. For example, if we drafted a 5 year contract for you, you will need us to retain our files for the length of the contract and for at least six years after its termination or expiry.
Unless you request otherwise, we may retain information that will make providing our services and website to you more convenient and safer, such as your previous case files, but you have the right to ask us to delete any information or take custody of original documents that we hold for you – see the Your Rights section below.
When your personal information is no longer required, it will be destroyed either by shredding or other approved destruction methods to prevent unauthorised parties from gaining access to the information during and after the process.
Your rights
You have several rights as a data subject as summarised below:
- The information is no longer necessary in relation to the purpose for which it was collected;
- You withdraw your consent on which the processing is based and where there is no other legal ground for the processing;
- You object to the processing and there are no overriding legitimate grounds for the processing;
- The information has been unlawfully processed;
- The information has to be erased for compliance with a legal obligation to which we are subject.
You also have the right to object to automated decision-making, including profiling, but we do not use your information for these purposes.
How to exercise your rights
To exercise any of your other data subject rights, please contact us (see Contacting Us above):
What happens if a data breach occurs
Whilst we try our best to keep your personal information safe, we have an internal investigation procedure in case of data protection security breaches
In the event of data theft, we may suspend access to our servers, emails and online systems and take other urgent steps to prevent further unauthorised access to information.
If we believe that our data has been compromised, we will report the issue to the Information Commissioner's Office (ICO) at www.ico.org.uk.
We will notify you without delay if we believe a data breach is likely to result in a significant risk to your rights and freedoms.
Any notification will describe in clear and plain language the nature of the personal data breach and contain all required information.