Who we are:
We are Brooke Law Group. For the purposes of this notice, the term ‘we’ encompasses all those employed by us to carry out our business, either directly or as external contractors.

Our Contact Details:
If you have any questions about this Privacy Notice, please contact: lynne@brooke.law

 

1.                       Privacy laws
The processing of your personal data is governed by the General Data Protection Regulations (GDPR), enacted in the UK by the Data Protection Act 2018.

 

2.                       The capacities in which we process data
In providing you with our services, we will be acting both as;

a)                        a controller of personal data (as defined by Article 4(7) GDPR) with respect to any processing for which we determine the purpose and means. This includes data that we obtain from you in order to facilitate our provision of legal services and the fulfilment of our contract with you, and;

b)                       a processor of personal data (as defined Article 4(8) GDPR) with respect to the processing of data you share with us in order to fulfil a purpose determined by you.

 

3.                       The purposes of this privacy notice are;
·                   To inform you about our processing of your data as a controller under 2(a) above, in accordance with the ‘transparency’ requirement of Article 13 GDPR, and;

·                   To establish the legal basis and other stipulations upon which we process data as a processor under 2(b) above in accordance with Article 28 GDPR (see Appendix A).

 

4.                       Data Protection Principles
We are committed to complying with Data Protection legislation. This says that the personal information we hold about you must be:

 

1.                        Used lawfully, fairly and in a transparent way.

2.                        Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

3.                        Relevant to the purposes we have told you about and limited only to those purposes at 2 are accurate and kept up to date.

4.                        Kept only as long as necessary for the purposes we have told you about.

5.                        Kept securely.

 

 

5.                       The types of personal data we collect
The personal data we use may include, but is not limited to:

·                   Your name, address and contact details, including email address and mobile telephone numbers;

·                   Data relating to the legal matter in which you have engaged us to act;

·                   Personal preferences and requests relative to our role as data processor;

·                   The terms and conditions of your contract with us for the provision of our services.

 

 

6.                       How we collect the personal data
We may collect this information in a variety of ways. For example, data might be collected through;

·                   Online contact forms;

·                   correspondence with you; or

·                   through interviews and meetings.

We may also obtain personal data indirectly from sources such as public registers or social media.

 

 

7.                       Providing your personal data
We need you to provide your personal data so we can provide legal services to you.

However ifprovidingsomepersonaldatais optional we shall obtain yourconsenttoprocessit.

 

8.                       What we use your personal data for
1.      Fulfilment of contract
·                   Providing our legal services as defined in Terms of Engagement.

 

2.      Other business purposes
·                   As necessary for our own legitimate interests or those of other persons and organisations;

·                   For good governance, accounting, managing and auditing our business operations both internally and by third parties;

·                   For surveys of client experience and quality of our services;

·                   To monitor emails, calls, other communications;

·                   For market research, other surveys and analysis and developing statistics for improving business performance.

3.       To comply with a legal obligation imposed on us

·                   When you exercise your rights under data protection law;

·                   For our compliance with legal and regulatory requirements;

·                   For the establishment and defence of both your and our legal rights;

·                   For activities relating to the prevention, detection and investigation of crime, anti-money laundering, counter terrorism financing and facilitating tax evasion and;

·                   To investigate complaints, legal claims and data protection incidents.

 

9.                       The legal basis for processing
In providing you with legal services, we will process your personal data under Article 6 (1)(b) of the General Data Protection Regulations, on the legal basis that processing is necessary for the performance of a contract for the provision of our services, or in order to take steps at your request prior to entering into a contract.

 

In addition, we may process your personal data on the following legal bases;

 

·                   Legal obligation: the processing is necessary for compliance with a legal obligation – Article 6 (1)(c);

·                   Vital interests: the processing is necessary to protect someone’s life – Article 6 (1)(d);

·                   Public interest: the processing is necessary to perform a task in the public interest – Article 6 (1)(e);

·                   Legitimate interests: the processing is necessary for Brooke Law Group LLP’s legitimate interests or the legitimate interests of a third-party – Article 6 (1)(f).

 

10.                   Sharing of your personal data
Subject to applicable data protection laws, our professional duty of confidentiality and any legal privilege your data may attract, we may share your personal data with;

 

·                   Sub-contractors and other persons who help us to provide services to you;

·                   Our legal and other professional advisors, including our auditors;

·                   Fraud prevention agencies, credit reference agencies, and debt collection agencies;

·                   Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators including the Information Commissioner’s Office;

·                   Courts, to comply with legal requirements, and for the administration of justice;

·                   In an emergency or to otherwise protect your vital interests;

·                   To protect the security or integrity of our business operations;

·                   When we restructure or buy or sell our business or its assets or have a merger or re-organisation;

·                   Payment systems and providers; and

·                   Any other party where we have your consent or as required by law.

 

 

11.                  How long do we keep your data?

Information relating to legal matters will be kept for at least the period stipulated by applicable statutes of limitation. All data will be kept for up to five years from the termination of the contract between us or the date of the last provision of professional services to you by us, whichever is the later.

 

Information may be held for longer periods where any of the following apply;

·                   Retention in case of queries. We will retain your personal data as long as necessary to deal with any outstanding queries you may have;

·                   Retention in case of claims. We will retain your personal data for as long as you might legally bring claims against us; and

·                   Retention in accordance with other legal and regulatory requirements.

·                   We will retain your personal data after you have received services based on legal and regulatory requirements and obligations pertaining at any given time.

 

12.                   Your rights under applicable data protection law
Where applicable Your rights to;

 

·                   be informed about processing of your personal data;

·                   have your personal data corrected if it is inaccurate and to have incomplete personal data completed;

·                   object to the processing of your personal data;

·                   restrict processing of your personal data;

·                   have your personal data erased (the “right to be forgotten”);

·                   request access to your personal data and information about how we process it;

·                   move, copy or transfer your personal data (“data portability”); and

·                   in respect of automated decision-making including profiling.

 

You may exercise these rights by contacting us using the details given at the top of this Notice. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

 

13.                   How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us using the details given at the top of this Notice.

You can also complain to the Information Commissioner’s Office if you are unhappy with how we have used your data;

 

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

Helpline number: 0303 123 1113

__________________________________________________________

Appendix A

Stipulations for acting in the capacity of a data processor
The data we process under 2(b) above will consist of data provided to us by you as its controller, in order that we may provide legal services specified by you. Where such data relates to other data subjects (for example your employees or contractors or other parties of which you are the data controller) we will process it on the understanding of your compliance with the provisions of the GDPR and, in particular, that;

·  You have met the transparency requirements of Article 13 GDPR in respect of informing those data subjects about your sharing of their data with us and our processing of it, and;

·  You have established and documented legal bases for the processing of their data and, in particular, any special category data such as video recordings or other biometric data.

 

Where such legal bases include the consent of the data subject, you have obtained, and documented, informed and freely given consent.

 

In acting as a data processor on your instructions, we confirm that we shall respect the privacy rights and freedoms of those data subjects whose data you share with us. In particular, and in accordance with the requirements of Article 28 GDPR, we shall;

 

·  Only act on your documented instructions, unless required by law to act without such instructions or it is in the vital interests of the data subject to do so;

·  Ensure that people processing the data are subject to a duty of confidence;

·  Take appropriate measures to ensure the security of processing;

·  Only engage a sub-processor with your prior authorisation and under a written contract which contains all of the technical and organisational measures necessary to ensure compliance with these stipulations and any other GDPR requirement relevant in the circumstances;

·  Take appropriate measures to assist you to respond to requests from individuals to exercise their rights under GDPR;

·  Taking into account the nature of processing and the information available, assist you in meeting GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments;

·  Delete or return all personal data to you (at your choice) at the end of the contract, unless the law requires its storage or one of the criteria detailed at Section 8 are met; and

·  Submit to audits and inspections.

 

Contact us

phone
Alternatively, call us on 0203 056 8440