Privacy Policy
All information provided by you will be held in accordance with the Data Protection Act 2018.
During the claim process, we will need to collect and process different types of personal information for various purposes such as :-
Contact information including name, address, job title, organisation, date of birth, email address and telephone number;
- Financial information
- Details of spouse/partner and dependents/family members;
- Employment records
- Recruitment information, including CVs, interview notes and assessment material;
- Medical records and health information
We are registered with the Information Commissioner’s Office.
The information contained herein confirms the obligations of BLV Law Limited (“BLV Law”) regarding data protection and your rights as our client (“data subjects”) in respect of your personal data under UK General Data Protection Regulation (GDPR) which sits alongside the Data Protection Act 2018 (DPA 2018).
The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (“a data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or special identity of that natural person.
BLV Law’s obligations concerning the collection, processing, transfer, storage and disposal of your personal data is set out below. BLV Law have implemented procedures and policies for our employees, agents, contractors, or other parties.
Lawful, Fair and Transparent Data Processing
The GDPR seeks to ensure that personal data is processed lawfully, fairly and transparently, without adversely affecting your rights as the data subject.
As a client of BLV Law, under GDPR we are allowed to process your personal data to perform the Contract you have with us.
The Data Protection Principles
The GDPR sets out that all personal date must be:
- Processed lawfully, fairly, and in a transparent manner in relation to the data subject.
- Collected for a specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
- Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
- Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased, or rectified without delay.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes. Or statistical purposes, subject to implementation of the appropriated technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of the data subject.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
Your Rights
The GDPR sets out the following rights applicable to data subjects (please refer to the parts of this policy indicated for further details):
The right to be informed; right of access; right to rectification; right to erasure; right to restrict processing; right to data portability; right to object; rights with respect to automated decision-making and profiling.
Personal data can be obtained from a third party, and you will be informed of its purpose:
- If the personal data is used to communicate with you, when the first communication is made; or
- If the personal data is to be transferred to another party, before that transfer is made; or
- As soon as reasonably possible and in any event not more than one month after the personal data is obtained.
Data Subject Access
You can make Subject Access Requests (“SARs”) at any time to find out more about the personal data which BLV Law holds.
You can make a SAR in writing addressed to the Firms Data Protection Officer.
BLV Law will respond to SARs within one month of receipt. However, we may require a longer period if the SAR is complex and/or numerous requests are made. If such additional time is required, we will tell you.
All SARs received shall be handled by the Firms Data Compliance Manager.
BLV Law does not charge a fee for the handling of a straight forward SAR. However, we reserve the right to charge reasonable fees for additional copies of information and for excessive, repetitive and unfounded SAR’s.
Restriction of Personal Data Processing
You may request that our Firm ceased processing the personal data it holds about you. If you make such a request, our Firm shall retain only the amount of personal data concerning you (if any) that is necessary to ensure that the personal data in question is not processed further.
In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of the applicable restrictions on processing it (unless it is impossible or would require disproportionate effort to do so).
Sharing of Personal Data
During our retainer with you we may share your information with the following entities:
- Courts and Tribunals
- Experts required to advise or provide reports
- Barristers and Barristers Chambers
- Accountants
- Opposing Lawyers and representatives
- Solicitors Regulation Authority
- Legal Ombudsman
- Banks and Lenders
- Mediation and Arbitration service providers
- Government Bodies
- Auditors
- IT support, Infrastructure and System providers
- Employees of the Firm
- Contractors to the Firm working on your matter
- Postal Service Providers including Couriers
- Insurers and their advisor
- Land Registry
Personal Data Collected, Held and Processed
The following data is collected, held and processed by our Firm
Data Ref: | Type of Data | Purpose of Data |
Client Name
|
Your Name | To identify you |
Address
|
Your Address | To send letters to you |
Email Address
|
Your Email Address | To send communication via email |
Date of Birth
|
Your Date of Birth | To identify you |
Passport Number
|
Your Passport details | To identify you and comply with anti-money laundering regulations – where applicable |
Driving Licence Number
|
Your Driving Licence details | To identify you and comply with anti-money laundering regulations – where applicable |
Utility Bill
|
Your Utility Bill(s) | To identify you and comply with anti-money laundering regulations – where applicable |
Collection of your personal information
These may include:
- Direct discussions/correspondence eg:
- Fill out a form on our website, e.g. completing an online form;
- Correspond with us by email or post or telephone;
- Visit our offices;
- Give us feedback (for example by completing a client testimonial form);
- Via our website – we use cookies on our website (please see “Cookies”)
- Give us your business card at an event or meeting
- We you visit our website, information will be collected as set out above.
- From a third party and others such as:
- Your bank or building society, another financial institution or advisor;
- Consultants and other professionals we may engage in relation to your matter;
- Your employer and/or trade union, professional body or pension company;
- Your GP, medical and occupational health professionals
- Online professional social networking services and other sites;
- A company website;
- The Electoral Roll;
- The Land registry;
- Companies House.
Use of personal information
We will only use your personal information when the law allows us to do so.
We comply with the provisions of this privacy notice and in respect of the provision of legal services we are also bound by professional obligations or confidentiality.
“Special categories” of particularly sensitive personal information require higher levels of protection. An example of this is your medical records. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.
We may process special categories of personal information in the following circumstances:
Criminal Convictions and offences data.
Sometimes, we need to process information about criminal convictions or offences where they are relevant to your case. This data will be processed when it is is necessary for legal proceedings, obtaining legal advice or is necessary for the purpose of establishing, exercising or defending legal claims.
Purposes for use of your personal data
Where we receive personal data in connection with the provision of legal services, we process that data for the purposes of the provisions of those services.
We may share your personal data with:
- Our clients;
- Professionals such as barristers, medical professionals, accountants, tax advisors or other experts;
- Third party providers such as after the event insurance providers, medical expert agencies
- Other third parties where necessary to carry out your instructions;
- Defendants/opponents, the Court
- Our banks;
- Providers of business support services such as banking, insurance, litigation support and security, business development and marketing support services;
- Analytics and search engine providers;
We will disclose your personal information to any relevant third party, if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety or our customers, our regulator, or others.
Any other service providers with whom we share information who are approved by us and subject to contractual obligations designed to ensure that those providers comply with data protection legislation.
The EEA
We do not transfer personal data outside the European Economic Area (“EEA”).
Third Party Links/websites
Our website may include links to third party websites, plug-ins and applications. We do not control these third party websites and cannot be responsible for their privacy policies. When you visit other websites we suggest you read the privacy policy of every website you visit.
Protection of your information
We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you any applicable regulator of a suspected data security breach where we are legally required to do so.
This privacy notice may change from time to time so we recommend that you review it periodically. This version of the privacy notice was last updated in January 2022.