Napthens Group Privacy Notice
Who are we?
- When you deal with the Napthens group you trust us with your information. We take privacy seriously and we are committed to protecting your personal data.
- This notice explains when and why we process your personal data, how this data is used, the conditions under which it may be disclosed to others and how it is kept secure.
- This notice may change from time to time so please revisit this page occasionally to ensure that you are happy with any changes.
Type of personal data we process about you
- Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We have grouped these together in this notice as follows:
|Category||Personal data included in this category||Direct||From third parties|
|Banking/billing||Information used to send/receive funds to/from you or that appears on your bills||x||x|
|Behavioural||Your activities, actions and behaviours||x|
|Biographical||Your life experiences and circumstances||x|
|Cardholder||Your payment card details||x|
|Contact||Information that can be used to address, send or otherwise communicate a message to you (email address, postal address, employer name and job title)||x|
|Correspondence||Information contained in our correspondence or other communications with you or about you, about our products, services or business||x||x|
|Geo-location||Information that contains or reveals the location of your electronic device||x|
|Identification||Information contained in a formal identification document or social security or other unique reference relating to you||x||x|
|Insurance||Your insurance applications and any information relating to your insurance claim||x||x|
|Legal||Information relating to legal claims made by you or against you or the claims process||x||x|
|Monitoring||We may record phone calls and retain transcripts of dialogue (livechat conversations) either for our records or for training purposes. If you visit one of our offices your image may be recorded on CCTV for security purposes||x||x|
|Special categories of personal data||Your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, any personal data that relates to your health, sex life, sexual orientation or criminal offences or records or any genetic or biometric data about you||x||x|
How we collect your personal data
Information that you give to us
- You provide information about yourself when you make an enquiry to the Napthens Group or ask us to provide legal services to you, or when entering information via our website, opt-in/consent forms, apps or by communicating with us by phone, post, email, live chat, social media or otherwise. You provide us with your personal information during the course of a matter upon which we are acting for you.
- The information you give to us mainly includes your contact details, identification information, financial or billing information, employment information, details included in any correspondence and information about you in connection with any matter on which we are engaged to advise you, in the course of a transaction or to pursue or defend a case.
Information we receive from other sources
- We may receive information about you from third parties. For example (not an exhaustive list):
|Transactional matter||Law firms, accountants and other professional advisers acting for you where you or our client is a party to or otherwise concerned in the course of, for example
|Litigation, arbitration, mediation and other forms of dispute resolution
|Law firms, counsel, experts and other professional advisers acting for you or our client, or from third parties, where you or our client is a party to or otherwise concerned in the course of, for example:
|From financial institutions||Banks, building societies and finance companies, who are clients of ours or from whom we are given or request information, where you are their customer/debtor.|
|From clients acting in a representative capacity||Personal representatives, attorneys, trustees, deputies and litigation friends who may provide us with information in connection with a matter, whether non-contentious or not, in which we are acting for you or a client.|
|Friends, family members or colleagues who may provide information about you as part of the work we undertake||For example where you are or may be:
|From regulatory bodies||
|From introducers and referrers||
- We may supplement the personal data collected about you with information from publicly available sources, such as information to validate your identity or address, or to perform a credit check.
Information we collect about you automatically
- We may automatically collect information about you that we may observe, detect or create without directly asking you to provide the information to us. In common with most other businesses, this will mainly include information gathered automatically through your use of our website or online services.
How and why we use your personal data
- We will only use your personal information when the law allows us to, most commonly this will be:
- Where we have a legitimate business interest in doing so which is not overridden by your interests
- Where it is necessary for us to perform a contract with you
- Where you have provided consent
- Where required by law
- Where doing so is necessary to protect your vital interests or someone else’s
The table below shows the purposes for which we process your personal data and which basis we rely on, this list is not exhaustive
|Legitimate interest||To assess and improve our service to clients or our clients’ customers (where applicable) through recordings of any calls and live chat sessions|
|To verify the accuracy of the data that we hold about you and to create a better understanding of you as a client and our clients’ customers (where applicable).|
|To create a profile of you based on any preferences you have indicated to enable us to decide what products and services to offer to you for marketing purposes|
|To undertake analysis to inform our business and marketing strategy.|
|To manage and deliver internal projects for business improvement|
|for network and information security purposes to enable us to take steps to protect your personal data against loss or damage, theft or unauthorised access|
|To comply with a request from you in connection with the exercise of your rights (for example, where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request).|
|To assist in the management of queries, complaints or claims.|
|To notify you or your business of changes in the law that might affect you or your business.|
|For the establishment, exercise or defence of our legal rights.|
|Performance of a contract||To enter into and perform the contract we have with you or your business.|
|Consent||Where you have given us your consent (via our opt-in consent process), we will use and process your personal data to send you email communications about events, products and news updates and relevant news and announcements as set out in the Marketing section below. Such communications may include content on relevant legal updates, seminar and event invitations and other news/announcements.
Please note that your information may be used to send you details of our products or services that we have identified as likely to be of interest to you, based on the preferences you have indicated to us.
We will seek separate and specific consent from you in circumstances where we wish to feature your identity in a published case study, press release, advertisement or testimonial or wish to include your image in a photograph or video in connection with public relations or promotional activities.
You have the right to withdraw your consent at any time. Please see ‘Withdrawing your consent’ for further details.
|Where required by law||Where you engage us to provide legal services to you, we will process your personal data and the personal data of third parties in order to comply with our legal obligations, for example under the Civil Procedure Rules or the Family Procedure Rules. We also have a legal obligation to comply with the SRA’s Standards and Regulations.|
|It is also a legal requirement for you to provide us with information to verify your identity in connection with anti-money laundering and criminal financing legislation. We will use that information for the purpose of complying with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (or such other legislation that may replace or supersede these Regulations from time to time) unless we have obtained your consent to use it for any other purpose.|
|To maintain a register of corporate gifts and hospitality to comply with anti-bribery laws.|
|To maintain a record of undertakings where you are either a beneficiary of an undertaking or the person obliged to perform it.|
|To maintain a record of undertakings where Napthens is the giver or receiver of an undertaking.|
|To comply with our other legal and regulatory obligations, e.g. undertaking conflict checks.|
|For the prevention of fraud and other criminal activities.|
|Vital interests||From time to time when representing individuals who may be troubled, in danger, very young or otherwise unable to exercise due care for their own safety, we may in extreme circumstances use information about you or a person connected with you in order to take action to protect you or them.|
Special categories of personal data
- We may process Special Category personal data about you or others associated with you, such as your family. We will only use this kind of information where we have a lawful basis to do so. Most commonly this will where:
- we have your explicit consent;
- it is necessary for us to use this information to protect your vital interests or those of another person where it is not possible to obtain consent;
- it is necessary to do so in connection with the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; or
- in exceptional circumstances, another ground for processing special categories of personal data is met.
Others who may receive or have access to your personal data
- In providing services, operating our business and in comlpying with our legal obligations, we may share the personal data we obtain about you, in sofar as we are pemritted with other memebrs of the Napthens Gropu and the following:
Our suppliers and service providers
- We rely on third parties to provide services to us (such as IT services) who operate as processors of your personal data on our behalf. Where we engage data processors, we ensure they are obliged to treat your information in accordance with the law.
- Our work for you, or a client, may require us to provide information to third parties who will use your information for the purposes of providing services to us or directly to you on our behalf. Such third parties may include, for example, our insurers.
Others involved in your case or matter
- Our work for you, or a client, may require us to provide information to third parties such as law firms, accountants, counsel, expert witnesses, medical professionals and other professional advisers, who will use your information in connection with the matter. They may provide their own services directly to you.
- Where we are engaged by a third party, such as a bank or lender in connection with your contract with them, we may share information with that third party about the progress of the case.
- Any third party to whom we disclose information about you will be under an obligation to keep your information secure and not to use it for any purpose other than that for which it was disclosed unless you agree with them otherwise.
Other ways in which we may share your personal data
- We may transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal data if we are under a duty to disclose or share it to comply with any legal obligation, to detect or report a crime, to protect your vital interests, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and clients. However, we will ensure that your privacy rights continue to be protected.
Where we store your personal data
- All information you provide to us for our use is stored on our secure servers, which are located within the UK and the European Economic Area (EEA).
How long we will keep your personal data for
- If we collect your personal data, the length of time for which we retain it is determined by a number of factors including the type of data, the purpose for which we use it and our regulatory and legal obligations attached to its use.
- We maintain internally a full schedule of types of data and the specified period of time we will retain this for.
- Typically, we retain client and customer data for a minimum of 7 years in case of queries of claims. We consider legal and regulatory requirements when we decide whether to retain personal data for longer than this period.
- The only exceptions to this are where:
- the law requires us to hold your personal data for a longer period or to delete it sooner;
- you exercise your right to have the data erased (where it applies) and it is not necessary for our firm to hold it in connection with any of the reasons permitted or required under the law (see ‘Erasing your personal data or restricting its processing’); or
- in limited cases, the law permits us to keep your personal data indefinitely provided we have certain protections in place.
Client Due Diligence
- As a law firm we are required to comply with the anti-money laundering / counter terrorist financing regulations which means we need to obtain client due dilligence information and documents from you. This may include personal data about you and may be obtained from publically available sources, third party suppliers or from you directly. Our lawful basis for processing this data will generally be that it is necessary to comply with a legal obligation and/or it is in the public interest to do so.
- You have various rights in relation to your personal data under data protection legislation. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal data. You can exercise your rights as an individual by emailing us at the address given at the end of this policy.
Accessing your personal data
- You have the right to ask for a copy of the data that we hold about you. This right always applies. In some circumstances, we may not provide you with a copy of your personal data but we will explain why we are unable to provide the data if an exemption applies.
Correcting and updating your personal data
- You have the right to ask us to correct information we hold that you think is inaccurate or incomplete. This right always applies.
Withdrawing your consent
- Where we rely on your consent as the legal basis for processing your personal data, as set out under ‘How we use your personal data’, you may withdraw your consent at any time by emailing usmailto:DataProtectionqueries@shoosmiths.co.uk (please use ‘Withdrawal of consent’ as the subject heading of your email).
- If you withdraw your consent, our use of your personal data before you withdraw your consent is still lawful.
- If we are relying on your explicit consent to process Special Category personal data this may impact our ability to provide legal or support services to you.
Objecting to our use of your personal data and automated decisions made about you
- Where we rely on our legitimate interests as the legal basis for processing your personal data, you Except for the purposes for which we are satisfied we can continue to process your personal data, we will temporarily stop processing your personal data in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection legislation, we will permanently stop processing your data for those purposes. Otherwise, we will provide you with our justification to continue processing your data.
- You may also contest a decision made about you based on automated decision.
Erasing your personal data or restricting its processing
- In certain circumstances, you may ask for your personal data to be removed from our systems. Provided we do not have any continuing lawful basis to continue processing or holding your personal data, we will make reasonable efforts to comply with your request.
- You may also ask us to restrict processing your personal data where you believe our processing is unlawful, you contest its accuracy, you have objected to its use and our investigation is pending, or you require us to keep it in connection with legal proceedings. We may only process your personal data while its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
- Where you have provided information to us direct, you have the right to ask us to transfer the information you gave us from one organisation to another or give it to you. This only applies where we are relying on your consent or performance of a contract as a legal basis for our processing.
- We may not provide you with a copy of your personal data in certain circumstances, but we will explain why we are unable to provide the data.
Complaining to the UK data protection regulator
- You have the right to complain to the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your personal data. Please visit the ICO’s website (ico.org.uk) for further details. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
If you fail to provide personal data
- Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
Your duty to inform us of changes
- It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
How we keep your data secure
- Once we have received your personal data, we have in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access. You should note that the transmission of information via the internet is not completely secure. Although we will take steps to protect your personal data, we cannot guarantee the security of your data transmitted to our website, and any transmission is at your own risk.
- Where we have given you (or where you have chosen) a password that enables you to access any of our online or electronic resources, you are responsible for keeping this password confidential. We advise you not to share your password with anyone.
- We will only email you about our products and services where we have an appropriate legal basis to do so.
- If you are an individual consumer of legal services, we will email you because you have asked to receive information about our products or services by email, or because you have previously received or shown an interest in our products or services and not objected to us contacting you.
- If you are a business client or prospective business client, we rely on our legitimate interests to send marketing information to you by email. We are keen to only send you information of interest and we will ask you what kinds of information you want to receive from us.
- Whatever our legal basis for sending you information about our products or services by email, you have the right to opt out at any time by clicking on the opt out link in the email or by contacting us as the details given in this privacy notice.
- Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.
- We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.