Privacy Notice – General
Privacy Notice – General
We ask that you read this Privacy Notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Who we are
Kenneth Bush Limited (trading as Kenneth Bush Solicitors, sometimes referred to as Kenneth Bush) collects, uses and is responsible for certain personal information about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
The personal information we collect and use
Information collected by us
In the course of acting for you we collect the following personal information but only when you provide it to us:
- Your name, address and telephone number
- Information to enable us to check and verify your identity, eg your date of birth or passport details
- Electronic contact details, eg your email address and mobile phone number
- Information relating to the matter in which you are seeking our advice or representation
- Your financial details so far as relevant to your instructions, eg the source of your funds if you are instructing us on a purchase transaction
- Your national Insurance and Tax details
- Your bank and/or building society details
- Details of your professional online presence, eg LinkedIn profile
- Details of your spouse/partner and dependants or other family members, eg if you instruct us on a family matter or a Will
- Your employment status and details including salary and benefits, eg if you instruct us on a matter related to your employment or in which your employment status or income is relevant (such as a personal injury claim including loss of earnings)
- Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information, eg if you instruct us on a matter where this is relevant, such as family/child care
- Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs, eg if you instruct us on a discrimination claim or you apply for legal aid funding.
- Personal identifying information, eg if you instruct us in relation to a childcare matter
- Photographs of you (eg if dealing with a personal injury claim) or of your property (if dealing with a road traffic accident claim or boundary dispute etc)
- Full family history/family tree (ie in the event of an inheritance claim or child care matter).
Information collected from other sources
We may also obtain personal information from other sources as follows:
- Details of your pension arrangements, eg if you instruct us on a pension matter or in relation to financial arrangements following breakdown of a relationship
- Your full employment records including, where relevant, records relating to sickness and attendance, maternity/paternity, performance, disciplinary, conduct and grievances (including relevant special category personal data) eg if you instruct us on a matter related to your employment or in which your employment records are relevant.
- Your trade union membership, eg if you instruct us on a discrimination claim.
- Your medical records, eg if we are acting for you in a personal injury claim.
- Companies House public record information and internal structure details, including details of directorships and shareholdings you may hold.
- Business staffing records which could include a list of all employees (names and addresses) and terms and conditions of employment, should we be instructed in relation to redundancies.
How we use your personal information
We use your personal information:-
- in order to enable us to provide our service to you in relation to the matter on which you have instructed us
- To comply with our legal and regulatory obligations
- For the performance of our contract with you or to take steps at your request before entering into a contract
- For our legitimate interests or those of a third party
Who we share your personal information with
We share personal data with professional advisers who we instruct on your behalf or refer you to; eg barristers, medical professionals, accountants, tax advisors or other experts; other third parties but only to the extent that it is necessary to carry out your instructions, eg mortgage provider or HM Land Registry in the case of a property transaction or Companies House; credit reference agencies; our insurers or brokers; external auditors, eg in relation to ISO or Lexcel accreditation and the audit of our accounts; our bank. Some of those third party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’.
We will share personal information with law enforcement or other authorities if required by applicable law.
We will not share your personal information with any other third party.
Whether information has to be provided by you, and if so why
The provision of your personal data is required from you to enable us to provide our legal services to you and from time to time to keep you up to date with changes/opportunities which may be of interest to you. We will inform you at the point of collecting information from you, whether and what information you are required to provide to us.
How long your personal information will be kept
- We will hold your information for a minimum period of 6 years (this is the period we are required to retain it within UK Tax law) this will change from case to case and we will notify you of the time limit for which your information will be held at the conclusion of each matter we assist you with.
Reasons we can collect and use your personal information
Under the General Data Protection Regulations we can only collect and use personal information if we can show that it falls within certain special grounds such as consent or what are called legitimate interests.
We rely on the pursuit of our legitimate interests and for the legitimate interests of others in the provision of legal services to you as the lawful basis on which we collect and use your personal data. We may, on occasion, process your data to comply with legal obligations in particular within legal proceedings and/or compliance with law enforcement agencies. We do sometimes process special category personal data eg health records and where we do so we will seek your consent.
Transfer of your information out of the UK/EEA
Under the General Data Protection Regulations we are obliged to tell you about transferring your personal information to relevant third parties outside the European Economic Area (EEA). If that occurs, we will notify you separately and obtain your consent to the same.
Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK/EEA where:
- the UK government or, where the EU GDPR applies, the European Commission has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
- there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
- a specific exception applies under data protection law
These are explained below.
We may transfer your personal data to certain countries, on the basis of an adequacy decision. These include:
- all European Union countries, plus Iceland, Liechtenstein and Norway (collectively known as the ‘EEA’);
- Gibraltar; and
- Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.
The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.
Other countries or international organisations we are likely to transfer personal data to do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.
Transfers with appropriate safeguards
Where there is no adequacy decision, we may transfer your personal data to another country or international organisation if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.
The safeguards will usually include using legally-approved standard data protection contract clauses. The safeguards may instead include legally binding rules and policies that apply to Kenneth Bush (known as binding corporate rules), which have been approved by the UK data protection regulator.
To obtain a copy of the standard data protection contract clauses and further information about relevant safeguards, including our binding corporate rules, please contact us (see ‘How to contact us’ below).
Transfers under an exception
In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, eg:
- you have explicitly consented to the proposed transfer after having been informed of the possible risks;
- the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;
- the transfer is necessary for a contract in your interests, between us and another person; or
- the transfer is necessary to establish, exercise or defend legal claims
We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.
Under the General Data Protection Regulations you have a number of important rights free of charge. In summary, those include rights to:
- fair processing of information and transparency over how we use your use personal information
- access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
- claim compensation for damages caused by our breach of any data protection laws
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual’s rights under the General Data Protection Regulations.
If you would like to exercise any of those rights, please:
- complete a Data subject access request form and email or post this to our Data Privacy Manager (contact details below)
- email, call or write to our Data Privacy Manager (contact details below)
- let us have enough information to identify you; eg name, address, name of person dealing with your matter and file reference
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates, including any account or reference numbers, if you have them
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it or to comply with our legal obligations. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
How to complain
We hope that we or our Data Privacy Manager can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulations also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to this privacy notice
This privacy notice was published on 3rd May 2022
We may change this privacy notice from time to time, when we do we will inform you in writing, as appropriate.
How to contact us
Please contact the person dealing with your matter or our Data Privacy Manager if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us or our Data Privacy Manager, please send an email to firstname.lastname@example.org or write to Julie Easter at Kenneth Bush Limited, 11 New Conduit Street,King’sLynn,Norfolk,PE301DG.