PRIVACY NOTICE

How we use your information

This notice (together with our terms of use and any other documents the terms refer to) set out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This privacy notice does not apply to any third party websites that may have links to our own website. 

This privacy notice is split into four sections: PART A deals with personal information we gather and use from a website visit; PART B deals with personal information on our clients and others related to a client matter and how it is used in respect of the legal services we provide; PART C deals with other individual’s (non client) information; and PART D sets out general provisions relating to information referred to in Parts A to C.

We take your privacy seriously. Please read this privacy notice carefully as it contains important information on how and why Lamb Brooks LLP (‘Lamb Brooks’) collects, stores, uses and shares personal information, your rights in relation to your personal information and how to contact us and supervisory authorities in the event you have a complaint.

When we use your personal data we are subject to and comply with relevant data protection laws including the Data Protection Act 2018 (which implements the UK General Data Protection Regulation (GDPR)). We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to services we offer to individuals and wider operations in the European Economic Area (EEA).

Who we are:

Lamb Brooks is a limited liability partnership authorised and regulated by the Solicitors Regulation Authority under number 559661

Our full details are:

Full name of legal entity:             Lamb Brooks LLP (company number OC363909)

Contact title:                                  Data Protection Partner:

Email address:                               hello@lambbrooks.com (please insert in the subject line ‘GDPR’)

Postal address:                              Victoria House 39 Winchester Street Basingstoke Hampshire RG21 7EQ

Telephone number:                      01256 844888

Key terms

It would be helpful to start by explaining some key terms used in this policy:

We, us, our	Lamb Brooks LLP, together with any trading names, ‘Lamb Brooks’ or ‘Lamb Brooks Solicitors’
Personal data	Any information relating to an identified or identifiable individual (for further information, please see: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/personal-information-what-is-it/what-is-personal-data/what-is-personal-data/)
Special category personal data	Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership. Genetic data. Biometric data (where used for identification purposes). Data concerning physical or mental health, sex life or sexual orientation.
Data subject	The individual who the personal data relates to

PART A

WEBSITE USE

By visiting lambbrooks.com you are accepting and consenting to the practices described in this notice.

Personal data we collect from you

We will collect and process the following data about you:

Personal data you give us - This is information about you that you give us by filling in forms on lambbrooks.com (our site). It includes information you provide when you search for a service, submit an enquiry, use the online livechat facility, use the online payment function, and report a problem with our site. The information you provide may include your name, address, e-mail address and phone number, information in relation to why you have contacted us, and financial and credit card information, as applicable.

Personal data we collect about you - With regard to each of your visits to our site we will automatically collect the following information:

• technical information,
• information about your visit

As this information is collected automatically, please see the Cookies section below.

Information we receive from other sources - This is information we receive about you if:-

• you use any of the social media channels we use
• you use our livechat service which is provided by a third party (Callitech Limited, trading as Moneypenny, or other livechat service provider)

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them - see our Cookie Policy on our website.

Uses made of the personal data

We use information held about you in the following ways:

Personal data you give to us. We will use this information:

• to answer your enquiry
• to provide you with any requested services – where this applies, please see further PART B ‘Client Information’, below
• to provide you with information about other services we offer that are similar to those that you have already purchased or enquired about
• to notify you about changes to our service
• to ensure that content from our site is presented in the most effective manner for you and for your device.

Personal data we collect about you. We will use this information:

• to administer our site and for internal operations, including: troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to improve our site to ensure that content is presented in the most effective manner for you and for your device;
• to allow you to participate in interactive features of our service, when you choose to do so;
• as part of our efforts to keep our site safe and secure;
• to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
• to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.

Personal data we receive from other sources - We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Disclosure of your information

You agree that we have the right to share your personal data with:

• third parties including analytics and search engine providers that assist us in the improvement and optimisation of our site.

We will disclose your personal data to third parties:

• in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
• if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, and other agreements; or to protect the rights, property, or safety of Lamb Brooks, our clients, or others. This includes exchanging information with other companies and organisations, for example, for the purposes of fraud protection.

How long your personal data will be kept

Please see our Cookie Policy for cookie retention information.

Please refer to PART B for client personal data, personal data posted on our website which becomes a client matter and for other individuals’ personal data that we have as part of a client matter (eg. where parents gift deposit monies towards a house purchase).

Please refer to PART C for other individuals’ (non client/matter) personal data – this includes general enquiries (other than via our website) that do not become a client matter, individuals located within organisations who supply goods and services to us, business contacts and referrers).

Any enquires made on this website which do not result in a client matter will be held for up to 12 months, unless you indicate you may contact us at a later date, in which case they will be held for a reasonable time.

PART B

CLIENT PERSONAL DATA

This section covers personal data relating to individuals who are clients in their own capacity, as well as those who represent our client (for example a director of a client company, trustee of a trust, personal representatives, guardians etc) together with any individuals who are integral to assisting our client in a relevant matter such as a guarantor, beneficial owner(s), parents and people linked to clients’ ongoing legal services.

How we collect your personal data

We collect most of this information from you (in person, by telephone, email and/or via our website). However, we may also collect personal data:

• from publicly accessible sources, eg Companies House, HM Land Registry, the Office of Financial Sanctions Implementation, via internet search engines etc;
• via our case management and document management systems
• directly from a third party, eg:
• client due diligence resources (Thirdfort Limited (Company No 10757456) (‘Thirdfort’) or other third party online ID verification services). Dependent upon the type of matter, you may be requested to provide us with your identity documentation via such resources. The authenticity of certain documentation may be checked and where an image/video of your face is provided, biometric verification will clarify whether that is likely to match the identity document.
• where source of funds information is required and you agree, bank statements can also be sent directly from your bank via open banking technology, or you can provide your statements to us via the online services.

More information about how Thirdfort and its third party service providers use and share personal data, the type of information they hold, where it comes from and the legalities of how it is handled can be found via the following address: https://www.thirdfort.com/privacy/

• third parties such as estate agents, accountants, banks, surveyors, medical professionals, courts, regulatory bodies and other advisors and specialists related to your matter
• where you use our webchat service – we will receive the personal data that you provide via Callitech Limited, trading as Moneypenny (or other livechat service provider)
• where we are unable to answer your call – we will receive your name, contact details and message details via Callitech Limited, trading as Moneypenny (or other telephone answering service)
• Law League and Review Solicitors – these are third party websites that we use to collate feedback and where any review that you leave may appear. Your feedback/review will be anonymous unless you voluntarily leave your name or any other personal data
• Google where you leave a review in relation to the services that you have received
• where relevant and where your consent has been obtained, we may also need to obtain: your health records from hospitals and clinics you have attended; employment history from previous employers or HM Revenue & Customs; benefits history from the Department for Work & Pensions; and/or accounting records from your accountant
• from cookies on our website – for more information on our use of cookies, please see our cookies policy
• automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems

The personal data we collect and use and why

Contractual obligations

In order to fulfill our contractual obligations to you, we generally require the following from you, depending upon the services we provide:-

• your name and contact details
• details of the property you are buying or selling (where applicable)
• your bank details (and financial information, so far as relevant to your instructions, the source of funds and source of wealth if you are instructing us on a purchase transaction) information about your matter and circumstances which can include:-
• details of your spouse/partner and dependents or other family members if you instruct us on a family matter or a will
• your employment status and details including salary (payslips) and benefits or employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances if you instruct us on a matter related to your employment, or in which your employment status or income can be relevant such as a personal injury or clinical negligence claim
• details of your pension arrangements, if you instruct us on a pension matter or in relation to financial arrangements following breakdown of a relationship

In addition, if we require special categories of data, also known as sensitive personal data, as well as requiring this information to fulfill our contractual obligations to you, we require this information for the establishment, exercise or defence of legal claims For example, your medical records and any medical reports (where applicable)

 

Statutory / legal obligations

In order to comply with statutory, regulatory or lender’s requirements, depending upon the services we provide, we may require:-

• your name and contact details
• information to check and verify your identity, eg your date of birth
• photographic proof of your identity (eg. passport, driving licence or identity card)
• your bank details (payslips and financial information, in some cases)
• information about your matter and circumstances
• your mortgage account or roll number (where applicable)
• your National Insurance number and tax details (where applicable)
• personal data to enable us to check and verify your identity ( date of birth, passport details, copy passport / driving licence / utility bills, details of the property you are buying or selling, where applicable etc) bank statements and/or other information to verify your source of wealth and funds (such as employment information) in relation to a transaction; and screening for financial and other sanctions and embargoes
• other processing necessary to comply with professional, legal and regulatory obligations that apply to our business under health and safety regulation or rules issued by our professional regulator
• information to enable us to check and verify the identity of anyone contributing monies towards your property purchase or other purchase transaction, in addition to their bank statements and any other information that may be required to corroborate their source of wealth and funds position
• the name, date of birth, National Insurance number and identity documents for the beneficiaries and trustees of a trust
• the name, address, date of birth and identity documents for any beneficial owners of companies, Limited Liability Partnerships (LLPs), partnerships, other corporate or unincorporated organisations and trusts
• gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies, such as our regulator, the Solicitors Regulation Authority (SRA), the Legal Ombudsman or the Information Commissioner’s Office
• updating and enhancing client records

 

Legitimate Interests

A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We may process your personal data where it is necessary for legitimate interests pursued by us as a legal practice seeking to engage with and provide services to prospective and current clients, in order to:-

• deal with any queries you may make via any livechat service or online enquiry form on our website
• deal with any calls that we are unable to take during our core business hours, or longer via any telephone answering service
• deal with any complaints and/or claims you may make against us
• market our services – see the ‘direct marketing’ section below
• enforce legal claims, including debt collection
• prevent fraud, misuse of services or money laundering
• ensure physical security, IT and network security
• ensure the confidentiality of commercially sensitive information
• carry out statistical analysis to help us manage our business, eg in relation to our financial performance, client base, client satisfaction, client conversion rates etc
• location data
• your professional online presence eg. LinkedIn profile
• your contact history
• information from accounts you link to us eg. Facebook
• information about how you use our website, IT, communications and other systems
• external audits and quality checks eg. LawNet Standard / ISO9001 or Conveyancing Quality Scheme (CQS) purposes
• transmit large documents / bundles of documents electronically, via a document cloud (provided security processes and controls are in place)
• operational reasons such as improving efficiency, training and quality control
• updating and enhancing client records to ensure we can keep in touch with our clients about new and existing services

 

Direct Marketing

We may use your personal data to market our similar services via eg. e-newsletters or invites to seminars or social events that we arrange from time to time, unless you advise us that you do not wish to receive any such communications.

We have a legitimate interest in processing your personal data for direct marketing purposes (see above, ‘Legitimate Interests’). This means we do not usually need your consent to send you direct marketing materials. However, where consent is needed, we will ask for this separately and clearly.

We will never sell or share your personal data with other organisations for marketing purposes.

You have the right to opt out of receiving marketing communications at any time. Any communications we do send will allow you to opt-out of receiving any future marketing communications from us, or you may amend your preferences going forward. You can also opt-out or change your preferences at any time by emailing us at enquiries@lambbrooks.com headed ‘unsubscribe’ or ‘change preferences’ confirming what your new preferences are or by post to ‘The Marketing Executive’ Lamb Brooks, Victoria House, 39 Winchester Street, Basingstoke, RG21 7EQ, ensuring you provide your name so we can identify you.

We may use third parties such as MailChimp and Eventbrite to process or administer the data on our behalf, for example, for the purposes of mail merge and sending out event initiations, or Eventbrite to collate enquiries from our website visitors and to provide them to us for actioning - such third parties are not permitted to use the data for their own purposes. Mailchimp’s Privacy Statement and Cookie Statement can be found here: https://mailchimp.com/legal/ Please see Eventbrite’s privacy policy and cookie statement: https://www.eventbrite.co.uk/help/en-gb/articles/460838/eventbrite-privacy-policy/ and Cookie Statement | Eventbrite Help Centre

 We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

How we use your personal data

We use your personal information to:-

• contact you and any relevant third parties, to open your file and to progress your matter
• process payments
• provide the legal services you have requested
• market the firm’s services (unless you opt out of this – see Direct Marketing, above)
• identify and verify your identity and establish the source of funding
• screen for financial or other sanctions and embargoes
• conduct other processing necessary to comply with professional, legal and regulatory obligations that apply to our business eg under health and safety regulation or rules issued by our professional regulator
• process any complaints / claims
• submit forms and applications to courts, tribunals and government bodies on your behalf
• administer, support, improve and develop our business generally and enforce our legal rights

Who has access to your personal data

Members of Lamb Brooks’ staff and its authorised consultants where needed or necessary for carrying out the purposes for which this personal data is provided, as mentioned in this notice. We may also, where necessary, allow access by third parties as mentioned below.

Who we may share your personal data with

We may share your personal data with:-

• in the case of general matters this may include, depending on the matter in question: your accountant, or other professional advisor; our bank; your bank or funders; solicitors acting for the other party to the transaction; or government agencies such as HM Revenue & Customs, the Department for Work and Pensions and Companies House, as applicable
• in the case of litigious matters: barristers; experts; the court or other tribunal; After The Event (ATE) insurer (where applicable); and costs draftsmen (in certain larger cases)
• Thirdfort Ltd (Company No 10757456) (or similar third party online ID verification services) - to verify your identity and/or the authenticity of identity documents you may provide to us. Thirdfort’s privacy notice can be found here: https://www.thirdfort.com/privacy/
• we may also share personal data with external auditors eg. ISO9001/LawNet Quality Standard assessors, our financial auditors, or our regulator, the Solicitors Regulation Authority - to verify our procedures / advice from time to time
• our insurers and any brokers - if there are grounds for a claim against us, or you make a claim against us
• the Legal Ombudsman, SRA, Information Commissioners Office or our insurers– if you make a complaint against us
• the Financial Services Compensation Scheme – if a financial firm such as a bank, insurer, mortgage broker or provider has failed and cannot pay any monies due to you
• law enforcement or other authorities, if required by applicable law or if we are obliged to disclose data under certain laws, by order of court or other competent regulatory body, or permitted to disclose it under applicable data protection laws
• we may need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations
• co-hosts and other attendees at events and promotional activities that we periodically run, if your name appears on the attendee list
• if you are on our mailing list, from time to time we may use the services of Mailchimp or Eventbrite UK Limited in order to send you invitations for any events/seminars that we may be hosting or newsletters that may be of interest. We also use Eventbrite to collate enquiries from our website on the online enquiry form found on our website and to provide them to us for actioning. Eventbrite’s Privacy Policy and cookie statement can be found here: Eventbrite Privacy Policy | Eventbrite Help Centre and here: Cookie Statement | Eventbrite Help Centre
• . Mailchimp’s Privacy Statement and Cookie Statement can be found here: https://mailchimp.com/legal/
• from time to time we may appoint service providers, such as IT, website hosts, physical document storage providers, pagination service providers and other such parties, to provide services to us - we will ensure that any such appointments comply with data protection laws.
• from time to time we may use cloud storage services such as Adobe Document Cloud, Nitro PDF Productivity, Drop Box or other data sharing platform (requested by you or other parties in connection with your matter) in order for third parties pertinent to your matter (such as barristers and experts or in corporate or other transactions the buyer or seller and their professional advisors) to access documents necessary to progress your matter where documents are too large to send by encrypted email – we will ensure that any such cloud storage services used have security processes and controls in place and you are advised of our use of such platforms.
• Nitro’s privacy policy can be found here: https://www.gonitro.com/privacy-policy
• Adobe’s privacy policy can be found here: https://www.adobe.com/uk/privacy/policy.html
• Drop Box’s privacy policy can be found here: https://www.dropbox.com/en_GB/privacy
• Microsoft 365 services’ privacy policy can be found here: https://www.microsoft.com/en-gb/privacy/privacystatement
• from time to time we may use a cloud-based e-signature service such as Adobe Sign, Nitro Sign or other e-signature service for the efficient signing, tracking and managing of the signature process. Other parties in connection with your matter (such as the other side solicitors) may also request signature via such a service - we will ensure that such e-signature services used have security processes and controls in place and you are advised of our use of such platforms.
• On some matters we may utilise BigHand cloud-based solutions to enable fee earners to efficiently dictate remotely via their mobile telephones. The dictations are encrypted during transit from the mobile phones to our systems. BigHand’s privacy notice is here: https://www.bighand.com/en-us/privacy-policy/
• third parties approved by you eg. social media sites you choose to link your account to or third party payment providers
• Callitech Limited, trading as Moneypenny or other livechat service and/or telephone service providers. They will take relevant information from you to pass onto us. Moneypenny’s Privacy Policy can be found here: https://www.moneypenny.com/uk/privacy/

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal information.

Where your personal data is held

We Information may be held at our offices, (temporarily at the homes of our employees whilst homeworking), third party agencies, service providers, representatives and agents as described above (see 'Who we may share your personal data with')

Some of these third parties may be based outside the UK. For more information, including on how we safeguard your personal data when this occurs, see below: 'Transferring your data out of the UK'

How long your personal data will be kept

We will keep your personal data after we have finished advising or acting for you. We will do so for one or more of the following reasons:

• to respond to any questions, complaints or claims made by you or on your behalf;
• to show that we treated you fairly;
• to keep records required by law.

We will not retain your personal data for longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of personal data. The majority of client files are retained for a minimum of 6 years after the matter concludes, but you will be informed of the relevant retention period at the end of your matter.

Transferring your data out of the UK

To deliver services to you, it is sometimes necessary for us to share your personal data to countries outside the UK, eg:

• with your and our service providers located outside the UK;
• if you are based outside the UK;
• where there is a European and/or international dimension to the services we are providing to you;
• where Microsoft 365 services that we utilise store data, it with either be held in the UK, or in the EU.
• we may use organisations such as MailChimp (who are based in the USA) or Eventbrite (who are a global company) for marketing related e-mails, where you have not objected to the marketing of our similar services to you and where you have been added to our mailing list. We will check that any such organisations have security processes and controls in place.
• we use Eventbrite to collate enquires from website visitors on the online enquiry form found on our website and to provide them to us for actioning. We will check that any such organisations have security processes and controls in place.
• we may also use MailChimp (who are based in the USA) for marketing related emails.
• we may use BigHand (who are based in the USA) to dictate correspondence and notes, however all client data is located in and does not leave the EU. BigHand is a global company and can allow for subcontractors globally, where they have relevant data protection safeguards in place.

 

We will only transfer your personal data to a country outside the UK where:

• the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’) further to Article 45 of the UK GDPR;
• there are appropriate safeguards in place (eg. Standard contractual data protection clauses or other prescribed international data transfer agreement published or approved by the relevant data protection regulator), together with enforceable rights and effective legal remedies for data subjects; or
• a specific exception applies under data protection law

 

Further information

If you would like a list of countries benefitting from a UK adequacy decision or for any other information about protection of personal data transferred outside the UK, please contact us (see ‘How to contact us’ below).

PART C

OTHER INDIVIDUALS (NON CLIENT)  PERSONAL DATA

This section deals with personal data we may collect and use relating to individuals located within organisations who supply goods and services to us, business contacts, referrers, people who contact us with a general enquiry (other than via our website) and other parties to a client matter.

How we collect your personal data

We collect most of this information from you. However, we may also collect information:

• from publicly accessible sources, eg websites, directories, advertising materials, search engines and recommendations;
• directly from a third party, eg: our client, your business contacts, parties involved in the client matter, accountants, other professional advisors and service providers.

The personal data we collect and use and why

Category of Data Subject

Type of data

Lawful basis for processing including basis of legitimate interest

Suppliers	Name and contact details	In connection with the provision of services to Lamb Brooks; or Where requested to carry out services relating to a client matter; or To recommend to third parties; or To send information about Lamb Brooks and to invite to Lamb Brooks’ functions or events
Referrers	Name and contact details	Legitimate interest - mutual referral of potential work. To send information about Lamb Brooks and for invites to Lamb Brooks’ functions or events
Business contacts	Name and contact details	Legitimate interest - mutual business benefit To send information about Lamb Brooks and for invites to Lamb Brooks’ functions or events
General Enquiries	Name and contact details Other information you may provide	To respond, and where relevant, to carry out the initial request To recommend third parties, where relevant, to the subject matter of the initial request, and subject to your consent.
Other parties to a client matter	Name and contact details	For other professional advisors related to the client matter - in fulfilling the services to be provided to our client

Who we may share your personal data with

We may share your personal data with, where relevant:

• client(s)
• other service providers
• in the case of client litigious matters: barristers; experts; the court or other tribunal; Before the Event (BTE) or After The Event (ATE) insurer (where applicable); and costs draftsmen (in certain larger cases)
• we may also share personal information with external auditors eg. ISO9001/LawNet Quality Standard assessors, our financial auditors, or our regulator, the Solicitors Regulation Authority - to verify our procedures / advice from time to time
• our insurers - if there are grounds for a claim against us, or you make a claim against us
• the Legal Ombudsman, SRA, Information Commissioners Office or our insurers – if a complaint is made against us
• the Financial Services Compensation Scheme – if a financial firm such as a bank, insurer, mortgage broker or provider has failed and cannot pay any monies due to us or a client
• law enforcement or other authorities, if required by applicable law or if we are obliged to disclose data under certain laws, by order of court or other competent regulatory body, or permitted to disclose it under applicable data protection laws
• we may need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations
• co-hosts and other attendees at events and promotional activities that we periodically run, if your name appears on the attendee list
• if you are on our mailing list, from time to time we may use the services of Mailchimp or Eventbrite UK Limited in order to send you invitations for any events/seminars that we may be hosting. Eventbrite’s Privacy Policy can be found here: Eventbrite Privacy Policy | Eventbrite Help Centre and Mailchimp’s Privacy Statement can be found here: https://mailchimp.com/legal/
• from time to time we may appoint service providers, such as IT, website hosts, physical document storage providers, pagination service providers and other such parties, to provide services to us - we will ensure that any such appointments comply with GDPR
• third parties approved by you eg. social media sites you choose to link your account to
• third parties approved by you eg. social media sites you choose to link your account to or third party payment providers
• Callitech Limited, trading as Moneypenny or other livechat service and/or telephone service providers. They will take relevant information from you to pass onto us. Moneypenny’s Privacy Policy can be found here: https://www.moneypenny.com/uk/privacy/
• we may use BigHand (who are based in the USA) to dictate correspondence and notes, however all client data is located in and does not leave the EU. BigHand is a global company and can allow for subcontractors globally, where they have relevant data protection safeguards in place.

How long your personal data will be kept

Where you make an enquiry which does not result in a client matter (ie where we do not provide you with any advice), we will hold your information for up to 12 months, unless you indicate you may contact us at a later date, in which case it will be held for a reasonable time. If we do provide you with any advice, please see the ‘How long your personal data will be kept’ section in Part B of this notice.

In relation to suppliers, referrers and business contacts, we shall keep the personal information for so long as is necessary for the purposes set out in the table above.

Where services have been provided as part of a client matter, or the personal information relates to the client matter, your relevant personal information may be kept with the client file.

Transferring your personal data out of the UK

We do not routinely share personal information to any organisation located outside of the UK. However, we may use organisations such as MailChimp (who are based in the USA) or Eventbrite (who are a global company) for marketing related e-mails and BigHand who are a global company in relation to remote dictation via mobile telephones. We will check that any such organisations have security processes and controls in place.

PART D

GENERAL

Your rights 

Under GDPR you have a number of important rights, free of charge. In summary, they include the following rights:

• access – the right to be provided with a copy of your personal data
• rectification – the right to require us to correct any mistakes in your personal data (that we hold)
• erasure (also known as the right to be forgotten) – the right to require us to delete your personal data in certain situations
• restriction of processing – the right to restrict processing of your personal data in certain circumstances eg if you contest the accuracy of the data
• data portability - the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party, in certain situations
• to object – the right at any time to object to your personal data:-
• being processed for direct marketing (including profiling) (see direct marketing above); or
• being processed in certain other situations eg. processing carried out for our legitimate interests unless we demonstrate compelling legitimate grounds for the processing which override your interests or for establishing; exercising or defending legal claims; not to be subject to automated individual decision making – the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly affects you
• the right to withdraw consent – if you have provided us with a consent to use your personal data, you have a right to withdraw that consent at any time. Withdrawing your consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals; rights https://ico.org.uk/your-data-matters/

If you would like to exercise any of those rights, please see the ‘How to contact us’ section below, letting us have sufficient information to identify you (eg name, file number and names of any fee earners involved with your matter), proof of your identity and address (eg. a copy of your driving licence or passport and a recent utility or credit card bill) as well as letting us know the information to which your request relates.

Keeping your personal data secure

We have appropriate security measures in place to prevent personal data confidential and secure from unauthorised access, use and disclosure. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We require our business partners, suppliers and other third parties to implement appropriate security measures to protect data from unauthorised access, use and disclosure.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Help us to help you by heeding any cybersecurity/fraud warning notices we send you by post or email, including those referenced beneath our email sign off details.

How to complain

We hope that we can resolve any query or concern you may raise about our use of your information, but you may also contact the Information Commissioner’s Office (the UK data protection regulator) at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information, advice or to make a complaint.

Changes to this privacy notice

This privacy notice was last updated on 14 October 2024.

How to contact us

Please contact us if you have any questions about this privacy notice, or the information we hold about you.

If you wish to contact us, please send an email to enquiries@lambbrooks.com headed ‘GDPR, write to us at ‘GDPR’ Lamb Brooks, Victoria House, 39 Winchester Street, Basingstoke, RG21 7EQ or call 01256 844888

Do you need extra help?

If you would like this notice in another format, please contact us (see ‘How to contact us’ above), and where possible, we will try to help.