Includes: home and email addresses and telephone numbers, billing address, delivery address.

Includes: salary, spending habits, claims and payments, credit history, scoring and rating, billing, bank account and payment card details. 

Includes: details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your physical or mental health, medical history, genetic and biometric data.

Includes: allegations, prosecutions and convictions of criminal a criminal nature.

Includes: your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.

Includes: details about payments to and from you and other details of products and services from us.

Includes: details relating to the use of our website, products, and services.

Includes: system usage logs, internet protocol (IP) address, CCTV, networks accessed, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.

• Purpose: Fulfil a contract
• Detail: Access and use of your personal information will vary according to the nature of your specific matter.
• Collection & share: We may share your information when we consult or engage with other professional agencies, experts, sub processors, data controllers or other third parties to perform duties or provide a service to deliver the expectations of your engaged service [including but not limited to; other legal professionals, courts, witnesses, consultants, Experts]
• Categories: Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information.

• Purpose: Fulfil our legal obligations / our legitimate interests.
• Detail: Manage, review, and update documents within your client and matter file. Provide invoices and carry out billing and other related financial functions and debt recovery.
• Categories: Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information.

• Purpose: Our legitimate interests
• Detail: We will add your contact details to our marketing database keep you up to date with legal insights, service and events information related to your service area.  We may also ‘opt you in’ to receive other relevant marketing and promotional materials, you may ‘opt out’ of these.
• Categories: Contact, preferences

• Purpose: Our legitimate interests
• Detail: We may use elements of your matter file for our own business purposes, such as billing, generating management information and reports. We may perform audits, accountancy tasks, compliance, training, and performance reviews. When we do, we ensure that the use of personal information for these purposes are relevant and proportionate.
• Collection: Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information.
   

When we process [collect, use or share] your information we will be transparent with you, unless we have legal or professional obligation not to.

Generally, most of the information generated during the provision of our legal services is retained for a minimum of 6 years from the matter closure date. This is in keeping with our professional indemnity requirement and is the primary limitation period under the Limitation Act 1980. However, depending on the nature of the information and the engaged services, some information may be subject to significantly different retention requirements.

• Purpose: Fulfil our legal obligations / our legitimate interests
• Detail: Manage, review, and update documents within the client matter file
• Categories: Information used will vary depending on the nature of the matter and may include special category and criminal conviction and offence information

• Purpose: Fulfil our legal obligations
• Detail: We may undertake other activities commensurate with a law firm, to the extent required to comply with legal, regulatory, governmental, or other statutory or judicial obligation or requirement, such as complying with a court order or information request.  
• Categories: Information used will vary depending on the nature of the matter and may include special category and criminal conviction and offence information.

• Purpose: Our legitimate interests
• Detail: Your information may be processed when we perform duties conducted during the administration of our management information, these may include reporting, audits, accountancy, compliance, and performance reviews. 
• Categories: Categories of information used will vary depending on the nature of the matter and may include special category and criminal conviction and offence information.

• Detail: We process and monitor email communications, including file attachments, for viruses or malicious software and to operate data loss prevention. Emails are generally retained within the recipient’s inbox for a period of 6 months and then archived ‘beyond reasonable use’. Further processing of emails will be dependent on the nature and purpose of your contact. We use transport layer security (TLS) to encrypt and protect email traffic. Where your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
• Collection: Technical, from the sender.
• Categories: Identity, contact, technical. Plus, any personal information provided by the sender. 

• Detail: We may exchange documents by iManage Secure Send, you will receive a standard Microsoft email with a link to attachments, these are held securely within our systems. Access via the link is limited to the specified recipients and are set to expire at a date selected by the sender. This will be transparent when you access the link. Audit logs and automated notifications contain detail of activities you perform, such as the date and time you open or download the information, this is used for compliance and accountability purposes.
• Collection: Technical, from the sender.
• Categories: Identity, contact, technical. Plus, any personal information provided by the sender. 

• Detail: When you take part in a Teams call or video conference or meeting your images and other personal information, comments and uploaded documents may be visible and accessible to all call participants. When calls are recorded you will be presented with an alert banner. During the call, automated transcripts are available to participants. Depending on the call quality and personal pronunciation, these do not always provide accurate narrative. Attendance records, transcripts, uploaded documents, and recordings are accessible and may be retained by the host and processed in line with the meeting purpose, training, audit, and accountability purposes. This information may be shared with relevant parties. We cannot account for the content and accuracy of information provided by other participants. 
• Collection: From participants, technical.
• Categories: Identity, contact, technical. Plus, any personal information provided by the participants.

• Detail: We use social media tools for our marketing purposes. Where you opt-in to receive our marketing materials, we may share your email and preferences with our contracted social media service agent for this purpose; we may prompt you to ‘follow us’ or participate in ‘threads’ relating to our general services. We do not endorse the use of social media for the purpose of communicating with you about an engaged matter and discourage you from sharing any personal information of this nature on a public platform or within other insecure tools. Where you contact us using these tools or technologies, we cannot guarantee its protection or ongoing security. We cannot account for information posted to our platforms by unrelated third parties.
• Collection: From the poster
• Categories: Identity, contact, technical. Plus, any personal information provided by the sender.

• Detail: If we use other third-party platforms, we will provide you with a notice to inform you and provide relevant privacy information. Where available audit logs and automated notifications contain details of activities you perform, such as the date and time you open or download the information, this is used for compliance and accountability purposes.
• Collect: Direct from you, indirectly from other participants, technical
• Categories: Identity, contact, technical, usage. Plus, any personal information provided by the sender.

• Purpose: Legitimate interests, detection and prevention of crime, vital interests.
• Detail: When we communicate with you or receive communications about you, we review and assess content. Depending on the nature of the information we may have a duty to report, consult, or share with other relevant parties or agencies. We may also use the information for our own reasonable business interests. 
• Categories: Identity, contact, technical, usage. Plus, any personal information provided by the sender.

• Detail: Information you provide is triaged and processed to effectively manage the query. We use consolidated information to review and improve our services.
• Collection: From the visitor.
• Categories: Identity, contact, technical, usage. Plus, any personal information provided by the visitor.

• Detail: Information provided by you is analysed and added to our secure subscriber database. This information is processed to provide you with communications based on upon your preferences or to facilitate events you have registered to attend. We remove your details when you opt-out.
• Collection: From the subscriber
• Categories: Identity, contact, preferences, technical, usage.

• Detail: When applying via our website pages, you will be directed to our third-party online application portal. You will a receive notice and be provided with a link to their privacy notice, you should review this prior to creating your profile. We will receive a copy of this information to progress your application. 
• Collection: From the applicant
• Categories: Identity, career, contact, preferences, technical, usage. Plus, any personal information you provide. 

• Detail: Our trusted third parties may access our website to provide us with technical support during routine or operational performance and maintenance.

• Purpose: Security, monitoring and legitimate interests.
• Detail: Door entry cards issued to staff and visitors grant specific rights-based access within building locations.
• Use: Information may be accessed and used for related purposes such as health and safety, personnel management, and detection and prevention of crime. Where we act as a data processor for other businesses that operate within the building [data controllers], we may share information. 
• Collection: Technical 
• Categories: Identity, usage, activity, technical.

• Purpose: Provide services and account for use.
• Detail: On each visit where you connect to our services, you will be provided with a processing notice, you will be required to accept terms and conditions from your device. When you connect, automation allocates your device with an IP address and generates audit logs that capture details of your activities. 
• Collection: From the device connected, Technical.
• Categories: Technical and usage.

• Purpose: Detection and prevention of crime
• Detail: Each office location benefits from CCTV systems, either operated and managed by us or by a third-party such as a building manager. Relevant signage is provided to alert you of its presence [for example, on approach, in reception areas, within common parts, hallways, stairwells]
• Collection: Systems continually record, and store images, time, and location.
• Monitoring & use: Images are accessible by nominated individuals to view for the purpose of monitoring activities. When an incident occurs or following a disclosure request, information may be reviewed and extracted from the system, and a copy made and retained. We make reasonable efforts to extract specific images and obscure images of individuals not subject to the activity. Information may be used to progress action or evidence activity relating to our stated purpose.
• Sharing: Information may be disclosed with relevant parties.
• Retention: Automated deletion is set in line with the local regulatory retention period; the UK is 31 days. 
• Categories: Images captured will be representative of your activities and footage may reveal sensitive information about you and/or any criminal activities taking place.

We may use our approved third-party tools to deliver materials to you.  We use analytic tools to monitor delivery success, we use this information to improve email services. 

Where you have not contacted us or engaged with our emails, we may contact you periodically to confirm your continued consent.

When you unsubscribe or ‘opt out’ we may add your name to our suppression list to ensure that you do not receive future materials.

From the subscriber.

Identity, contact, preferences, and usage.

For health and safety and to manage logistics of the day, you may be asked to complete an attendance sheet and be provided with a name badge for you to wear throughout the event. 

Where you tell us about any additional requirements, we may use this information to facilitate any reasonable adjustments. 

Photography is likely to take place at our events. You can decline individual photos being taken of you by speaking directly to the photographer or event co-ordinator. Please note that you may appear in group or wide shots with other attendees, it may not always be possible to remove or obscure your image. All photos are stored securely and may be shared on social and media platforms, website and with joint organisers (if applicable).

On occasion, we may run events with co-hosts and guest speakers or at venues who operate their own reception or facilities. We may share relevant attendee information for the purpose of facilitating the event.

We will let you know before you subscribe to the event if co-hosts or guest speakers will be provided with your information for their own legitimate interests such as to send you event materials or obtain your feedback.

Identity, contact, preferences, and usage, any information you provide.

We may use your personal information to take reasonable measures to verify your identity and confirm your authority to make the complaint, enquiry, or request. 

We review information you provide and other relevant personal information that we hold, we may share this with relevant personnel, to the extent required to investigate and manage the query.

We may share your personal information with relevant third-parties or agencies such as the regulator, clients, solicitors, or insurers).

Direct, Indirect, technical.

Identity, contact, technical and any information relevant to your contact.

We utilise a contracted specialist recruitment system to track and manage the selection and recruitment process. This includes to store, send, and receive [email] communications with you and associated parties involved in the recruitment process, securely store your application, test results scores, online interview or video presentation.

We may use contracted services of third-party providers to deliver elements of the recruitment process or conduct assessments on our behalf. When we do, we will inform you in advance and provide you with links to their privacy notice. Unless otherwise stated, relevant information obtained and processed will be shared with us to manage your application.

We are required to retain information of unsuccessful applicants for a period six months. However, with your consent we may add your details to our ‘Talent pool’ and your information may be retained for this purpose for up to two years.

When you update voluntary sections of the application forms, such as equality, diversity and equal opportunities information, your responses are used and shared solely for the purposes and monitoring of equal opportunities statistics. These are not accessible to the hiring manager or recruitment panel.  

From the candidate, recruitment panel and contracted third parties. 

Identity, career, criminal, contact, preferences, technical, usage. Plus, any personal the information you provide.

Our employee privacy notice is available for those who work with us.  Available upon request to HR department or data protection officer.

Your information may be processed when we apply security measures.  We use physical, electronic, and administrative safeguards designed to protect your personal data from loss, misuse, and unauthorised access, use, alteration, or disclosure. We store all personal data you provide to us behind firewalls on servers employing security protections. We continually review and improve our technical systems and tools to maintain resilience, security, and adaptability of our IT Infrastructure.  We achieve and work towards accreditations and information security best practice standards, such as Cyber Essentials Plus, ISO 27001, ISO 9001.

Your information may be processed when we apply physical security measures. We apply high standards of on-site physical security and have technical and organisational measures to protect our offices and physical information and data assets.

Your information may be processed when we carry out risk assessments and reviews. Activities that require the use of personal information undergo risk assessments to ensure they are lawful and comply with our data protection polices; these are regularly reviewed to ensure ongoing suitability.

When we use third parties to perform activities for us, we complete due diligence checks to ensure information remains secure, confidential, and used for the contracted purposes.

Where overseas or cross boarder transfers are required, we ensure appropriate technical or contractual security measures are in place.

We do not make use of automated decision-making tools that fall into a category requiring your notification. If our position changes, we will update this notice and inform you directly where required.

We may disclose your personal information to a prospective seller or buyer or successor in the event that we sell or buy any part of our business group, entity or assets or seek to acquire new businesses, merger, divestiture, restructuring, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, where one of the transferred assets is the personal data we hold.

Other relevant obligation to which we are legally bound such as to comply with court order, legal or regulated request.

Your information may be lawfully processed when our obligations or legal rights outweigh your right to privacy. We take reasonable measures that protect and enforce our legal rights against breach of contract or agreement, detection or prevention of fraud or crime, and to protect people, property, or assets.

We may process and share other, non-personal information without restriction of this notice. However, we will consider our other regulatory or contractual obligations prior to use.