- Privacy Statement for when we provide legal advice, or market our legal advice -
- Privacy Statement for Experts -
- Privacy Statement for Recruitment -
Privacy Statement for when we provide legal advice, or market our legal advice
Key points:
- Our use of your data: We typically use personal information in order to carry out work on a legal matter or, if relevant, to supply legal updates.
- Marketing and legal updates: If you’re a client or prospective client, we may send you marketing information, usually in the form of legal updates and seminar invitations. You may ask us to stop sending you newsletters, seminar invitations or marketing information at any time.
- Sharing: We may share personal information with third parties such as service providers, subject to appropriate confidentiality protections. We will never share this information with any other organisation for marketing purposes.
- Security: We respect the security of personal information and treat it in accordance with the law.
- International: We may transfer personal information outside the United Kingdom and, if we do, you can expect a similar degree of protection in respect of your personal information.
1 PURPOSE OF OUR PRIVACY STATEMENT
1.1 Under the General Data Protection Regulation (2016/679) (“the EU GDPR”), the Data Protection Act 2018, the UK legislation known as the “UK GDPR”, and any other legislation that amends, adds to or replaces any of these (together, the data protection laws), we are required to explain to you why we are asking for your personal information, how we intend to use the information we receive and whether we will share this with anyone else.
1.2 This statement applies to:
Clients and Client-related individuals
1.2.1 all individual clients and prospective clients (“Clients”);
1.2.2 all current and former employees, workers and contractors of corporate clients or prospective corporate clients (“Client-related individuals”); and
Matter-related individuals
1.2.3 all other individuals whose personal information we collect in the course of the provision of legal services to Clients and Client-related individuals, such as in relation to any dispute, grievance, investigation, transaction, negotiation or other form of legal advice (excluding Experts, who are covered by a separate privacy policy) (“Matter-related individuals”).
2 WHO ARE WE?
2.1 We are Bevan Brittan LLP; a law firm authorised and regulated by the Solicitors Regulation Authority whose registered address is Bevan Brittan LLP, Kings Orchard, 1 Queen Street, Bristol BS2 0HQ.
2.2 We have appointed IT Governance Europe Limited to act as our EU Representative. If you wish to exercise your rights under the EU GDPR, or have any queries in relation to your rights or general privacy matters, please email our Representative at eurep@itgovernance.eu. Please ensure to include “Bevan Brittan LLP” in any correspondence you send to our Representative.
3 OUR DATA PROTECTION OFFICER
3.1 Our Data Protection Officer is responsible for overseeing what we do with personal information and monitoring our compliance with the data protection laws.
3.2 If you have any concerns or questions about our use of personal data, our Data Protection Officer can be contacted in the following ways:
- by writing to The Data Protection Officer, Bevan Brittan LLP, Kings Orchard, 1 Queen Street, Bristol BS2 0HQ, or
- by emailing privacy@bevanbrittan.com.
4 WHY ARE WE COLLECTING YOUR INFORMATION?
For Clients, Client-related individuals and Matter-related individuals
4.1 Some of the personal information we collect is required for us to provide legal advice and respond to communications arising from this. Without this information, we would be unable to enter into a contract with Clients and act on their instructions, or otherwise respond to issues raised by Client-related individuals or Matter-related individuals in connection with providing legal advice.
4.2 We store a small amount of personal information in our practice management systems which we use to hold details of our contacts generally (to allow for easy and accurate communication), and more specifically for financial and conflict searching purposes (so we can comply with laws and professional regulations in these areas).
In addition to the above, but for Clients and Client-related individuals only
4.3 We will also hold personal information in our marketing database to allow us to provide and offer further services. This is not required by us in order for us to work on legal matters and upon request we will remove personal data from our marketing database at any time. If you would like your personal details to be removed from our marketing database, please email privacy@bevanbrittan.com.
5 TYPES OF PERSONAL INFORMATION WE USE
5.1 We collect personal information in order to achieve the purposes set out in clause 4 above. This includes:
Personal details of any of our instructing contacts
5.1.1 personal details (such as name, gender and date of birth);
5.1.2 contact details (such as your address, telephone number and email address);
5.1.3 personal information such as details of allergies or food preferences; and
5.1.4 payment information (such as bank account details or information about any other payment method).
Personal details relevant to a legal matter
5.1.5 personal details of any person involved in a legal matter (such as name, gender and date of birth);
5.1.6 details of any such person (such as address, telephone number and email address); and
5.1.7 other personal details, including the following special categories of information where this is relevant to a legal matter: race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life and sexual orientation.
In addition to the above, but for Clients and Client-related individuals only
Marketing contact details
5.1.8 details held in our marketing database which include the following standard categories: name, organisation, job title, postal address, email address, phone number and subscriptions to newsletters.
Marketing and survey information
5.1.9 your responses to our surveys;
5.1.10 details of any agreement or objection to receiving marketing information from us.
Office security
5.1.11 images of you captured in our office using CCTV cameras.
6 SOURCE OF YOUR PERSONAL INFORMATION
6.1 The information which we collect about you will be obtained through a variety of sources which may include:
Information provided by Clients, Client-related individuals and Matter-related individuals
6.1.1 from any communication you have with us in relation to any legal matter or potential instruction.
Information provided by Clients and Client-related individuals (only)
6.1.2 in relation to attendance at any of our training or marketing events;
6.1.3 when you sign up for a newsletter; and
6.1.4 when you complete surveys that we use for research purposes.
Information collected automatically about visitors to our offices
6.1.5 CCTV footage when you visit one of our offices.
Information collected from third parties about Clients and Client-related individuals
6.1.6 we may collect information about you from third parties where we carry out identity verification, credit or anti-fraud checks against your name using third party databases.
7 WHAT WE ARE GOING TO DO WITH YOUR INFORMATION
7.1 The information which is provided to us will be used for the following purposes:
For Clients, Client-related individuals and Matter-related individuals
7.1.1 it will be stored and used by us in accordance with this privacy statement and also in accordance with your rights under the data protection laws;
7.1.2 it will be collected and used by us for the purpose of providing our legal services to Clients, and allowing us to liaise with Client-related individuals and Matter-related individuals in connection with this; and
7.1.3 some of the information which we collect will be special category personal data (also called sensitive personal data), such as information about your ethnic background or any disability you may have. We will use this for the purposes of working on legal matter(s).
In addition to the above, the following purposes are also relevant for Clients and Client-related individuals:
7.1.4 it will be used to improve the services you receive from us;
7.1.5 it will be used for our anti-money laundering checks, such as a copy of your passport. We will only process such data for the purposes of preventing money laundering and terrorist financing, or as otherwise permitted by law; and
7.1.6 it will allow us to offer you further information and services which may be useful to you.
7.2 Some of the information which we collect will be special category personal data (also called sensitive personal data), such as information about your ethnic background or any disability you may have. We will use this as needed to provide better services to you (for example when hosting an event to take account of your needs).
8 WHAT IS THE LEGAL BASIS FOR USING YOUR INFORMATION
8.1 In accordance with the data protection laws, we need a "legal basis" for collecting and using personal information. There are a variety of different legal bases for processing personal data which are set out in the data protection laws.
8.2 The lawful bases on which we rely in order to use the information which we collect about you for the purposes set out in this notice include:
8.2.1 using personal information is necessary for us to perform the contract between us and our Clients, in order to take steps at their request prior to entering into the contract, and communicating with Client-related individuals and Matter-related individuals during the performance of the contract; and
8.2.2 using personal information is necessary for us to comply with legal and regulatory obligations to which we are subject, for example our obligations to comply with the requirements of the Money Laundering Regulations 2017 and the Solicitors Regulation Authority Standards and Regulations; and
8.2.3 (for Clients and Client-related individuals, only) using your information within our legitimate interests, namely to hold your data for marketing purposes.
8.3 The lawful basis on which we rely in order to use sensitive personal data / special category personal data which we collect will be that this is needed in order to work on our legal matter for you under the contract. In line with clause 8.2.1, this applies to Clients, Client-related individuals and Matter-related individuals.
8.4 We may also use sensitive personal data of Clients and Client-related individuals for the purposes of their comfort when hosting a marketing event or for facilitating marketing communications with (for example using large type). We will do this only with express consent.
9 SHARING YOUR INFORMATION
Contractors and sub-contractors
9.1 We may share information about you with our contractors and sub-contractors. The contractors and sub-contractors shall be contractually required to ensure that they adhere to the security requirements imposed by the data protection laws.
9.2 Our contractors and sub-contractors will only be able to use the information when completing work on behalf of us. Examples of subcontractors we use regularly are:
9.2.1 Outsourced information technology service providers, notably our IT team;
9.2.2 Outsourced document production services;
9.2.3 Hosted web services, (e.g. Mimecast and HighQ but also others) who may access your information for the purposes of maintenance of their service; and
9.2.4 An email checking facility called Tessian Guardian, which receives limited personal data from the firm, with the aim to stop emails being sent to the wrong place.
9.2.5 Video or group calling platforms, which need email addresses or phone numbers to facilitate the services. It is our policy not to record such calls, in order to minimise the information provided to suppliers of such services.
Regulators and other legal obligations
9.3 We may also be required to share your information with our regulators who are permitted access to this information by law and with other organisations where we have a legal obligation to share the information with them.
Insurers
9.4 We may need to share your information with our insurers in certain circumstances, to ensure protection of the firm and of you.
Auditors
9.5 Bevan Brittan LLP is subject to a number of quality standards, notably ISO 9001, ISO 14001 and ISO 27001, which are regularly audited by external auditors. We will ensure that any auditors access your information solely for the purposes of carrying out the audit in question and that they are subject to the security requirements imposed by the data protection laws.
Other organisations
9.6 We may from time to time share your information with other organisations but only to the extent required to allow them to maintain services provided to us and always subject to appropriate confidentiality provisions.
10 TRANSFERRING YOUR INFORMATION ABROAD
10.1 We may transfer your personal information to countries outside of the UK when it is necessary for the purposes of providing legal services to our clients and/or on the instructions of our clients, in the establishment, exercise or defence of legal claims.
10.2 Where your personal information is transferred outside of the UK we will ensure such a transfer complies with data protection legislation.
11 SECURITY OF YOUR INFORMATION
11.1 The information that you provide will be stored securely on our electronic and hard copy filing systems. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
11.2 We are certified to the ISO27001 standard which requires the firm to:
11.2.1 systematically examine information security risks, taking account of relevant threats, vulnerabilities, likelihood, impacts and apply treatments to mitigate risks;
11.2.2 implement a comprehensive set of information security controls under the framework of a coherent management system; and
11.2.3 monitor, review and improve where necessary to ensure that the specific security objectives are met.
12 CAN WE USE YOUR INFORMATION FOR ANY OTHER PURPOSE?
12.1 In limited circumstances we may use your information for a purpose other than those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.
13 STORING YOUR INFORMATION AND DELETING IT
13.1 We will store personal data obtained in relation to providing our legal advice in accordance with our file destruction policy, subject to the exceptions mentioned below in clause 13.3.
13.2 In addition, we will store some of your personal data including name, job title, organisation, email address in our firm's practice management system for ten years, primarily for conflict checking purposes.
For Clients and Client-related individuals
13.3 We will store personal data obtained in relation to providing our legal advice in accordance with our file destruction policy. For matters closed on or after 1 May 2018 we will store your data for 15 years after the date of file closure unless:
13.3.1 we have a formal written agreement with you to retain a file or category of files for a specified period of time, in which case the agreed period of time will prevail;
13.3.2 we write to you proposing a different date for document and data retention, normally either in the matter engagement or a file closing letter; or
13.3.3 a party to the matter does not have capacity or is a minor, in which case we will hold the file for 25 years.
13.4 This means that we will hold your file for the relevant time period after which we will delete or destroy it. If you wish to retain copies of any documents or data beyond that time period you must contact us before the expiry of the relevant time period. Charges may apply to any extended retention period or if you would like us to provide a copy of your file.
13.5 In addition, we will store some of your personal data including name, job title, organisation, email address:
13.5.1 In our firm's practice management system for fifteen years, primarily for conflict checking purposes
13.5.2 In our marketing database for marketing purposes for a period two years, after which point we will review the data and delete it if we are no longer in contact with you. If we remain in contact with you, we will then retain your information for a further two year period (after which the same review process will take place, and so on). You may ask us to remove your details from our marketing database at any time. In addition whenever we contact you (which will be at least annually), we will provide you with the option to unsubscribe.
14 YOUR RIGHTS
14.1 If you have any questions about our use of your personal data, you are welcome to contact us. You will find our contact details in clause 3.2.
14.2 Under certain circumstances, by law you have the right to:
14.2.1 Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
14.2.2 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
14.2.3 Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
14.2.4 Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes;
14.2.5 Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it; and
14.2.6 Request the transfer of your personal information to another party.
15 RIGHT TO WITHDRAW CONSENT
15.1 In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer using the contact details set out in clause 3.2. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
16 RIGHT TO COMPLAIN TO THE ICO
16.1 You also have the right to complain to the Information Commissioner's Office (the "ICO") if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
17 CHANGES TO THIS PRIVACY STATEMENT
17.1 We may amend this privacy statement at any time so please review it frequently and at least each time you submit personal information to us. Our current privacy statement applies to all information that we have about you for when we provide legal advice, or market our legal advice.
17.2 This privacy statement was last reviewed on 1st February 2024.
Key points:
- Our use of your data: We typically use your personal data for the purposes of conducting litigation and so that we may contact you and make recommendations to our clients and other parties about the experts that may be recommended for use in litigation
- Sharing: We may share your data with third parties such as service providers and counsel, subject to appropriate confidentiality protections.*
- Security: We respect the security of your data and treat it in accordance with the law.
1 PURPOSE OF OUR PRIVACY STATEMENT
1.1 Under the General Data Protection Regulation (2016/679) (“GDPR”), the Data Protection Act 2018, the UK legislation known as the “UK GDPR”, and any other legislation that amends, adds to or replaces any of these (together, the data protection laws), we are required to explain to you why we are asking for your personal information, how we intend to use the information we receive and whether we will share this with anyone else.
2 WHO ARE WE
2.1 We are Bevan Brittan LLP; a law firm authorised and regulated by the Solicitors Regulation Authority whose registered address is Bevan Brittan LLP, Kings Orchard, 1 Queen Street, Bristol BS2 0HQ.
2.2 We have appointed IT Governance Europe Limited to act as our EU Representative. If you wish to exercise your rights under the EU GDPR, or have any queries in relation to your rights or general privacy matters, please email our Representative at eurep@itgovernance.eu. Please ensure to include “Bevan Brittan LLP” in any correspondence you send to our Representative.
3 OUR DATA PROTECTION OFFICER
3.1. Our Data Protection Officer is responsible for overseeing what we do with your information and monitoring our compliance with the data protection laws.
3.2 If you have any concerns or questions about our use of personal data, our Data Protection Officer can be contacted in the following ways:
• by writing to The Data Protection Officer, Bevan Brittan LLP, Kings Orchard, 1 Queen Street, Bristol BS2 0HQ, or
• by emailing privacy@BevanBrittan.com.
4 WHY ARE WE COLLECTING YOUR INFORMATION
4.1 If we instruct you on a matter we will hold your personal information in one or more of our client matter files. We will hold this information pursuant to our contract (or alternatively our client's contract) with you.
4.2 We also hold your information in a database which our lawyers use to facilitate contact with you and when deciding which expert or experts to recommend to our client for work on a legal matter on which we are instructed. This information is retained on the basis that we consider that we have a commercial legitimate interest in holding it. If you would like your personal details to be removed from our expert database for any reason, please email privacy@bevanbrittan.com .
5 TYPES OF PERSONAL INFORMATION WE USE
5.1 We are collecting information about you in order to achieve the purposes set out in clause 4 above. This includes:
Personal details held in our expert database
5.1.1 personal details (such as name, gender and date of birth);
5.1.2 contact details (such as your address, telephone number and email address);
5.1.3 notes and comments regarding work previously done by you for the firm.
Personal details in a legal matter folder
5.1.4 personal details of any person involved in a legal matter (such as name, gender and date of birth);
5.1.5 contact details of any such person (such as your address, telephone number and email address);
5.1.6 other personal details, where this is either relevant to instructing you or to accommodating you appropriately in our offices which may include information regarding personal preferences, any allergies or disabilities.
5.1.7 images of you captured in our office using CCTV cameras.
5.1.8 correspondence and advice in relation to instructions on a matter
6 SOURCE OF YOUR PERSONAL INFORMATION
6.1 The information which we collect about you will be obtained through a variety of sources which may include:
6.1.1 Information provided by you from any communication you have with us in relation to any legal matter or potential instruction;
6.1.2 Information provided by any of our staff who are or have been in contact with you;
6.1.3 Information available from any online or publicly available source.
6.1.4 CCTV footage when you visit one of our offices.
7 WHAT WE ARE GOING TO DO WITH YOUR INFORMATION
7.1 The information which you provide to us will be used for the following purposes:
7.1.1 it will be stored and used by us in accordance with this privacy statement and also in accordance with your rights under data protection laws;
7.1.2 it will be collected and used by us for the purpose of instructing you on a matter;
7.1.3 it will be held in our expert database and used to decide whether or not to recommend an expert to our client. From time to time we may also contact experts within our database to provide our newsletter, legal updates or to give an invitation to an event that we are hosting. If you would like to opt out of receiving such communications you can unsubscribe by following a link within the communication or you can email privacy@bevanbrittan.com at any time.
8 SHARING YOUR INFORMATION
Contractors and sub-contractors
8.1 We may share information about you with our contractors and sub-contractors. The contractors and sub-contractors shall be contractually required to ensure that they adhere to the security requirements imposed by the data protection laws
8.2 Our contractors and sub-contractors will only be able to use the information when completing work on behalf of us. Examples of subcontractors we use regularly are:
8.2.1 Outsourced information technology service providers, notably our IT team;
8.2.2 Outsourced document production services;
8.2.3 Hosted web services, (e.g. Mimecast and HighQ but also others) who may access your information for the purposes of maintenance of their service; and
8.2.4 An email checking facility called Tessian Guardian, which receives limited personal data from the firm, with the aim to stop emails being sent to the wrong place.
8.2.5 Video or group calling platforms, which need email addresses or phone numbers to facilitate the services. It is our policy not to record such calls, in order to minimise the information provided to suppliers of such services.
Regulators and other legal obligations
8.3 We may also be required to share your information with our regulators who are permitted access to this information by law and with other organisations where we have a legal obligation to share the information with them.
Insurers
8.4 We may need to share your information with our insurers in certain circumstances, to ensure protection of the firm and of you.
Auditors
8.5 Bevan Brittan LLP is subject to a number of quality standards, notably ISO 9001, ISO 14001 and ISO 27001, which are regularly audited by external auditors. We will ensure that any auditors access your information solely for the purposes of carrying out the audit in question and that they are subject to the security requirements imposed by the data protection laws.
Other organisations
8.6 We may from time to time share your information with other organisations but only to the extent required to allow them to maintain services provided to us and always subject to appropriate confidentiality provisions
9 SECURITY OF YOUR INFORMATION
9.1 The information that you provide will be stored securely on our electronic and hard copy filing systems. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
9.2 We are certified to the ISO27001 standard which requires the firm to:
9.2.1 systematically examine information security risks, taking account of relevant threats, vulnerabilities, likelihood, impacts and apply treatments to mitigate risks;
9.2.2 implement a comprehensive set of information security controls under the framework of a coherent management system; and
9.2.3 monitor, review and improve where necessary to ensure that the specific security objectives are met.
10 CAN WE USE YOUR INFORMATION FOR ANY OTHER PURPOSE
10.1 In limited circumstances we may use your information for a purpose other than those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.
11 STORING YOUR INFORMATION AND DELETING IT
11.1 We will update our experts' database on a two-year rolling basis by contacting you to ask whether your contact details are accurate.
11.2 You may ask to be removed from our experts database at any time by emailing privacy@bevanbrittan.com or by contacting our Data Protection Officer (details in clause 3.2 above). If you tell us you would like to be removed from the experts database, we will remove your details from the active section of the database, but will retain the minimum personal details necessary in a suppression list to ensure that you are not contacted in future against your wishes.
12 TRANSFERRING YOUR INFORMATION ABROAD
12.1 We may transfer your personal information to countries outside of the UK when it is necessary for the purposes of providing legal services to our clients and/or on the instructions of our clients, in the establishment, exercise or defence of legal claims.
12.2 Where your personal information is transferred outside of the UK we will ensure such a transfer complies with data protection legislation.
13 YOUR RIGHTS
13.1 If you have any questions about our use of your personal data, you are welcome to contact us. You will find our contact details in clause 2. If you notice any errors in your personal data, you have the right to have them corrected.
13.2 Under certain circumstances, by law you have the right to:
13.2.1 Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
13.2.2 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
13.2.3 Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
13.2.4 Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes;
13.2.5 Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
13.2.6 Request the transfer of your personal information to another party.
14 RIGHT TO COMPLAIN TO THE ICO
14.1 You also have the right to complain to the Information Commissioner's Office (the "ICO") if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
15 CHANGES TO THIS PRIVACY STATEMENT
15.1 We may amend this privacy statement at any time so please review it frequently and at least each time you submit personal information to us. Our current privacy statement applies to all information that we have about you and your matters.
15.2 This privacy statement was last reviewed on 1st February 2024.
Privacy Statement for Recruitment
Key points:
- Our use of your data: We typically use your personal information for purposes related to your relationship with Bevan Brittan.
- Sharing: We may share your data with third parties, including third-party service providers.
- Security: We respect the security of your data and treat it in accordance with the law.
- International: We may transfer your personal information outside the UK and, if we do, you can expect a similar degree of protection in respect of your personal information.
1 PURPOSE OF OUR PRIVACY STATEMENT
1.1 Under the General Data Protection Regulation (2016/679) (“EU GDPR”), the Data Protection Act 2018, the UK legislation known as the “UK GDPR”, and any other legislation that amends, adds to or replaces any of these (together, the data protection laws), we are required to explain to you why we are asking for your personal information, how we intend to use the information we receive and whether we will share this with anyone else.
2 WHO ARE WE?
2.1 We are Bevan Brittan LLP; a law firm authorised and regulated by the Solicitors Regulation Authority whose registered address is Bevan Brittan LLP, Kings Orchard, 1 Queen Street, Bristol BS2 0HQ.
2.2 We have appointed IT Governance Europe Limited to act as our EU Representative. If you wish to exercise your rights under the EU GDPR, or have any queries in relation to your rights or general privacy matters, please email our Representative at eurep@itgovernance.eu. Please ensure to include “Bevan Brittan LLP” in any correspondence you send to our Representative.
3 OUR DATA PROTECTION OFFICER
3.1 Our Data Protection Officer is responsible for overseeing what we do with your information and monitoring our compliance with the data protection laws.
3.2 If you have any concerns or questions about our use of personal data, our Data Protection Officer can be contacted in the following ways:
• by writing to The Data Protection Officer, Bevan Brittan LLP, Kings Orchard, 1 Queen Street, Bristol BS2 0HQ, or
• by emailing privacy@BevanBrittan.com.
4 WHAT INFORMATION ARE WE COLLECTING?
4.1 The information we are collecting about you is a combination of information we receive from you or recruitment agencies in written form, information you provide to us verbally, information we may obtain from online searches and checks, and information that is publicly available or available from those who know you from either a work or personal context.
4.2 Some of the information which we receive may be special categories of personal data (also called sensitive personal data), which includes information about your health and racial or ethnic origin.
5 WHAT ARE WE GOING TO DO WITH YOUR INFORMATION
5.1 The information which you provide to us will be used for the following purposes:
5.1.1 it will be stored and used by us in accordance with this privacy statement and also in accordance with your rights under data protection laws;
5.1.2 it will be collected and used by us fairly and openly for the purpose of communicating with you, perhaps hosting you for interview and making a decision regarding whether or not to employ you or use your services.
5.1.3 It will be used by us to comply with legal obligations and in pursuit of legitimate business interests.
5.2 Some of the information which we collect will be special categories of personal data (also called sensitive personal data), such as information about your ethnic background or any disability you may have. You need to be aware that we will use this information only in order to allow us to correspond and perhaps also host you appropriately, taking into account your needs.
6 WHAT IS THE LEGAL BASIS FOR USING YOUR INFORMATION?
6.1 In accordance with the data protection laws, we need a "legal basis" for collecting and using information about you. There are a variety of different legal basis for processing personal data which are set out in the data protection laws.
6.2 The lawful basis on which we rely in order to use the information which we collect about you for the purposes set out in this notice will be we have a legitimate interest in considering your data in order to decide whether or not to employ you or use your services or using your information is necessary for us to comply with a legal obligation to which we are subject (for example requirements from our regulator, the Solicitors Regulation Authority).
7 SHARING YOUR INFORMATION
Contractors and sub-contractors
7.1 We may share information about you with our contractors and sub-contractors. The contractors and sub-contractors shall be contractually required to ensure that they adhere to the security requirements imposed by the data protection laws.
7.2 Our contractors and sub-contractors will only be able to use the information when completing work on behalf of us. Examples of subcontractors we use regularly are:
7.2.1 Recruitment Agencies;
7.2.2 Outsourced information technology service providers, notably our IT team;
7.2.3 Outsourced document production services;
7.2.4 Hosted web services, who may access your information for the purposes of maintenance of their service; and
7.2.5 An email checking facility, which receives limited personal data from the firm, with the aim to stop emails being sent to the wrong place.
7.2.6 Video or group calling platforms, which need email addresses or phone numbers to facilitate the services. Ordinarily it is our policy not to record such calls, in order to minimise the information provided to suppliers of such services. However, in the case of one video-based platform, a recording of your voice and likeness will be retained in order to assess how you answer certain questions as part of the selection process. This recording will be kept in the video-based platform only for so long as it is needed in order to make an assessment on how certain questions were answered, and then it will be deleted.
Regulators and other legal obligations
7.3 We may also be required to share your information with our regulators who are permitted access to this information by law and with other organisations where we have a legal obligation to share the information with them.
Insurers
7.4 We may need to share your information with our insurers in certain circumstances, to ensure protection of the firm and of you.
Other organisations
7.5 We may from time to time share your information with other organisations but only to the extent required to allow them to maintain services provided to us and always subject to appropriate confidentiality provisions.
Internal Departments
7.6 For recruitment purposes we may, as appropriate, share your information with managers within the firm's internal departments, to allow them to consider you for another vacancy.
Occupational Health – note to former employees of Bevan Brittan ONLY
7.7 In summer 2024 Bevan Brittan’s provider of Occupational Health services will change from BUPA to Optima Health. The change requires a transfer of existing records from BUPA to Optima Health. Should any questions arise regarding he change in provider or the transfer of data please direct those to privacy@bevanbrittan.com.
8 SECURITY OF YOUR INFORMATION
8.1 The information that you provide will be stored securely on our electronic and hard copy filing systems. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
8.2 We are certified to the ISO27001 standard which requires the firm to:
8.2.1 systematically examine information security risks, taking account of relevant threats, vulnerabilities, likelihood, impacts and apply treatments to mitigate risks;
8.2.2 implement a comprehensive set of information security controls under the framework of a coherent management system; and
8.2.3 monitor, review and improve where necessary to ensure that the specific security objectives are met.
9 CAN WE USE YOUR INFORMATION FOR ANY OTHER PURPOSE?
9.1 In limited circumstances we may use your information for a purpose other than those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.
10 STORING YOUR INFORMATION AND DELETING IT
10.1 We will hold your information until we have made a decision as to whether or not we will employ you or use your services. Typically your information will be held for a maximum of 13 months, however in some circumstances it may be held for longer e.g. to comply to comply with particular laws, and/or regulations, or where there is a legitimate business requirement to do so (for example in relation to partner recruitment). The exception to the normal retention period mentioned in this clause are the recordings mentioned in clause 7.2.6 (above), which shall only be kept until a decision is made on whether or not your application will be taken forward, after such time the recording shall be deleted; the other parts of your application will be kept in line with this clause.
10.2 If we decide not to employ you or use your services, we will either:
10.2.1 destroy your personal data; or
10.2.1 notify you that, whilst we do not consider you suitable for any currently available positions or work, we would like to pass your details to another team in the business on a speculative basis for consideration, in line with the retention periods mentioned above, at clause 10.1.
11 YOUR RIGHTS
11.1 If you have any questions about our use of your personal data, you are welcome to contact us. You will find our contact details in clause 3.2. If you notice any errors in your personal data, you have the right to have them corrected.
11.2 Under certain circumstances, by law you have the right to:
11.2.1 Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
11.2.2 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
11.2.3 Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
11.2.4 Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
11.2.5 Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
11.2.6 Request the transfer of your personal information to another party.
12 CHANGES TO THIS PRIVACY STATEMENT
12.1 We may amend this privacy statement at any time so please review it frequently and at least each time you submit personal information to us. Our current privacy statement applies to all information that we have about you and your current application.
12.2 This privacy statement was last reviewed on 2nd August 2024.
Other important information