Mortgage & Money Management logo white

Privacy Policy

Home 9 Privacy Policy

Burrows Privacy Notice

Introduction

Welcome to Burrows Solicitors Privacy Notice.  Here at Burrows, we take your privacy very seriously. This Privacy Notice contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and the control you can exercise in relation to it. Please read this notice carefully to understand our practices regarding your personal data and how we will treat it.

The areas covered in this privacy notice:

  1. Who we are?
  2. What information do we collect about you?
  3. How we use your personal data
  4. The basis upon which we use your personal data
  5. Cookies
  6. Who we share your personal data with?
  7. How do we protect your personal data?
  8. Keeping your personal data secure
  9. Which countries we transfer your personal data to
  10. Making a complaint
  11. Updates
  12. Contact us

1. Who we are

Burrows Solicitors (“Burrows”, “we”, “us”, “our” and “ours”) is a firm and is authorised and regulated by the Solicitors Regulation Authority. Our registered office is at 298-300 Preston Road, Harrow, Middlesex HA3 0QB.

We are registered with the Information Commissioner’s Office (ICO), the data protection regulator in the UK, with registration number Z9840454. For the purpose of the data protection legislation and this notice, we are the “data controller”. This means that we are responsible for deciding how we hold and use personal data about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

We have appointed a Data Protection Officer who is responsible for assisting with enquiries in relation to this privacy notice and our treatment of your personal data. If you wish to contact our Data Protection Officer, please use the contact details in paragraph 12 (Contact us).

2. What is personal data

Personal data is defined in the UK GDPR as any information relating to an identified or identifiable natural person.  It can include obvious data like your name but also identification numbers, online identifiers and/or one or more factors specific to the physical,  physiological, genetic, mental, economic, cultural or social identity of that person. 

Special categories of personal data

In certain circumstances we may need to deal with what is known as “special category personal data” about you. This is personal data revealing any of the following: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic or biometric data; information concerning health, sex life or sexual orientation. If we need to process this kind of data about you we will ask for your consent.

3. What information do we collect about you?

We may collect personal data from you during our business, including when forming a client and solicitor relationship, through your use of our website, when you contact or request information from us when you engage our legal or other services or as due to your relationship with one or more of our staff and clients.
The personal data that we process includes:

  • Contact information: your name, position, role, company or organisation, telephone (including a mobile phone number where provided) as well as email and postal address.
  • Information from public sources: e.g. Companies House, LinkedIn and similar professional networks, directories or internet publication
  • Information in connection with investigations or proceedings: where this is necessary to conduct the investigation or proceedings
  • Attendance records: Information you provide to us for the purposes of attending meetings and events, including access and dietary requirements
  • Subscriptions/preferences: when you subscribe to receive legal briefings, updates or newsletters as well as consent preferences to help us identify which materials you are interested in receiving
  • Supplier data: contact details and other information about you or your company or organisation where you provide services to Neves
  • Financial information: such as payment-related information
  • Technical information: such as information from your visits to our website or applications or in relation to materials and communications we send to you electronically
  • Identification and background information: photographic identification provided by you or collected as part of our business acceptance processes and compliance with applicable laws and regulatory requirements

4. How we use your personal data

We use your personal data for:

  • Provision of services: to provide legal advice and services to you and our clients and look at ways to improve our service to you and our clients.
  • Business relationship: to manage and administer our relationship with you, your company or organisation including keeping records about business contacts, services and payments so we can customise our offering for you, develop our relationship and target our marketing and promotional campaigns
  • Website monitoring: to provide and improve our website, including auditing and monitoring its use
  • Premises security: to provide security to our offices and other premises (normally collecting your name and contact details on entry to our buildings)
  • Events: running legal briefings, roundtables and other events;
  • Client surveys and feedback: including events feedback and client listening exercises as well as answering issues and concerns which may arise

5. The basis upon which we use your personal data

Data-protection legislation requires Burrows to have a legal basis for processing your personal data. We will process your personal data for several reasons:

  • Our engagement with you: we will process your personal data so we can carry out our contract with you, or to take any steps you ask us to before entering a contract with you
  • You have given us consent: for example where you share details for particular purposes
  • Compliance with legal or regulatory obligations: we will process your personal data for the purposes of satisfying our legal and regulatory obligations (for example anti-money laundering and mandatory client screening checks or disclosure to law enforcement)
  • Our legitimate business interests or those of a third party: we may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of your personal data (see below for our legitimate business interests)

Legitimate business interests

Burrows  have legitimate business interests in:

  • The provision of legal services
  • Managing our business and relationship with you or your company or organisation
  • Understanding and responding to enquiries and client feedback
  • Understanding how our clients use our services and websites
  • Identifying what you and our clients want and developing our relationship with you, your company or organisation
  • Improving our services and service offerings
  • Enforcing our terms of engagement and website and other terms and conditions
  • Ensuring our systems and premises are secure
  • Developing relationships with business partners

Ensuring debts are paid. 

Children 
As part of working with our clients and dealing with family law matters, we may hold data on children. Generally, they are represented by their parents or guardians who have been requested to provide consent to use a child’s personal data.

Personal data about others
In some cases, you may provide personal data to us about other people (such as your customers, directors, officers, shareholders or beneficial owners). You must ensure that you have given those individuals an appropriate notice that you are providing their information to us and have obtained their consent to that disclosure.

Marketing communications 

We may use your personal data to send you follow up information (by email) that might be of interest to you.
If you are our client we have a legitimate interest in processing your personal data for promotional purposes. This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
You have the right to opt out of receiving promotional communications at any time by:

  • Contacting us (our contact details are set out below)
  • Using the ‘unsubscribe’ link in emails
  • Updating your marketing preferences using the link at the foot of our emails.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

6. Cookies

Our website is currently under construction.  We will use cookies on our website. Cookies are small text files stored on your computer whilst you are visiting a website.  Cookies help make websites work.  They also provide us with aggregated information about how users interact with our site.   We use this information to try and improve your experience on our website and the quality of service we provide.  Cookies help us do this by allowing us to remember personal settings you have chosen at our website.  We do not use cookies in any other way to collect information that identifies you personally.  Most of the cookies we set are automatically deleted from your computer when you leave our website or shortly afterwards.  

You will be able to obtain complete information about the cookies we may set on your browser once we have completed the construction of the website

7. Who we share your personal data with

From time to time we may have to pass on your personal data to other people or organisations to provide our legal services to you. These include:

  • Other law firms, barristers, expert witnesses and arbitrators/mediators
  • In legal proceedings – the court and others required by law or by the rules or order of the court
  • Medical practitioners and specialists
  • Suppliers who support our business including IT and communication suppliers, outsourced business support, marketing and advertising agencies
  • Screening service providers who assist us in complying with legal obligations in relation to the prevention or protection of crime, anti-money laundering, sanctions screening and other required checks

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers relating to ensure they can only use your personal data to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may also need to share some personal data with other parties, such as potential buyers of some or all our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

8. How do we protect your personal data

We generally keep your information as needed to provide our legal services and to deal with claims. This will depend on several factors such as whether you or your company or organisation are an existing client or have interacted with recent client mailings or bulletins or attended recent events. We will retain your information as necessary to comply with legal, accounting or regulatory requirements. Typical retention periods will range from 6 to 16 years.

9. Keeping your personal data secure

We have implemented generally accepted standards of technology and operational security to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by email) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to or by us.

10. Transfer of personal data overseas

Where we transfer your personal information outside the UK or the EU/EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:

  • the country to which we send the personal information may be approved by the European Commission;
  • the recipient may have signed a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal information; or

In other circumstances, the law may permit us to otherwise transfer your personal information outside the UK or the EU/EEA or outside another relevant location (e.g. the location in which your personal information was collected). In all cases, however, any transfer of your personal information will be compliant with applicable data protection law.

11. Your rights

It is important that the personal data we hold about you is accurate and current. Should your personal data change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below.
Under certain circumstances, the data protection legislation gives you the right to:

  • Access: you are entitled to ask us if we are processing your data and, if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and certain other information about it
  • Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected
  • Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims
  • Restriction: you are entitled to ask us to suspend the processing of certain personal data about you, for example, if you want us to establish its accuracy or the reason for processing it
  • Transfer: you may ask us to help you request the transfer of certain of your personal data to another party
  • Objection: where we are processing your personal data based on a legitimate interest (or those of a third party) and you may challenge this. However, we may be entitled to continue processing your information. You also have the right to object where we are processing your personal data for direct marketing purposes
  • Consent: where we are relying on consent to process your personal data you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain legal services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the above rights, please contact us using the contact details below.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

11. Making a complaint

We hope that we can resolve any query or concerns you may have and want to raise with us using the contact details provided below. If you are not satisfied with how we handle any query or concern that you raise with us, you lodge a complaint with the ICO. The ICO can be contacted by the following means:

Website: ico.org.uk/global/contact-us/

Telephone: 0303 123 1113

Postal address: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

12. Updates

This version of our Privacy Notice was last updated in August 2022 and historic versions can be obtained by contacting us. We may update this Privacy Notice at any time by publishing an updated version on our website. So that you know when we make changes to this privacy statement, we will amend the revision date at the top of this document. The new modified or amended Privacy Notice will apply from that revision date. Therefore, we encourage you to review this Privacy Notice periodically to be informed about how we are protecting your information.

13. Contact us

If you have any questions regarding this Privacy Notice or if you would like to speak to us about the way we process your personal data, you may contact our Data Protection Officer using the following methods:

E-mail: jmb@burrows-solicitors.co.uk

Post: 298-300 Preston Road Harrow Middlesex HA3 0QB