Privacy Notice

Includes: first name, family name, last name, username or similar identifier, marital status, title, date of birth, gender, career.

Includes: home and email addresses and telephone numbers, billing address, delivery address.

Includes: salary, spending habits, claims and payments, credit history, scoring and rating, billing, bank account and payment card details.

Includes: details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your physical or mental health, medical history, genetic and biometric data.

Includes: allegations, prosecutions and convictions of criminal nature.

Includes: your preferences in receiving marketing from us and your communication preferences.

Includes: your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.

Includes: details about payments to and from you and other details of products and services from us.

Includes: details relating to the use of our website, products, and services.

Includes: system usage logs, internet protocol (IP) address, CCTV, networks accessed, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.

• Purpose: Fulfil our legal obligations / our legitimate interests.
• Detail: We are required to conduct regulatory and public interest duties before we act for you (including conflicts, identity, PEP’s, AML and other fraud detection / prevention). We may be obligated to share your information with appropriate official bodies.
• Collection: We may use multiple sources - Direct from you, indirect, research, legal.
• Categories: These include identity, contact, financial, special category and criminal conviction and offence.

• Purpose: Fulfil a contract.
• Detail: Access and use of your personal information will vary according to the nature of your specific matter.
• Collection & share: We may share your information when we consult or engage with other professional agencies, experts, sub-processors, data controllers or other third parties to perform duties or provide a service to deliver the expectations of your engaged service including, but not limited to, other legal professionals, courts, witnesses, consultants, experts.
• Categories: Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information.

• Purpose: Fulfil our legal obligations / our legitimate interests.
• Detail: Manage, review, and update documents within your client and matter file. Provide invoices and carry out billing and other related financial functions and debt recovery.
• Categories: Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information.

• Purpose: Our legitimate interests.
• Detail: We will add your contact details to our marketing database keep you up to date with legal insights, service and events information related to your service area. We may also ‘opt you in’ to receive other relevant marketing and promotional materials, you may ‘opt out’ of these.
• Categories: Contact, preferences.

• Purpose: Fulfil our legal obligations.
• Detail: We may undertake other activities commensurate with a firm offering legal services, to the extent required to comply with legal, regulatory, governmental, or other statutory or judicial obligation or requirement, such as complying with a court order or information request.
• Collection: Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information.

• Purpose: Our legitimate interests.
• Detail: We may use elements of your matter file for our own business purposes, such as billing, generating management information and reports. We may perform audits, accountancy tasks, compliance, training, and performance reviews. When we do, we ensure that the use of personal information for these purposes is relevant and proportionate.
• Collection: Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information.

When we process your information we will be transparent with you, unless we have legal or professional obligation not to.

Generally, most of the information generated during the provision of our legal services is retained for a minimum of 6 years from the matter closure date. This is the primary limitation period under the Limitation Act 1980. However, depending on the nature of the information and the engaged services, some information may be subject to significantly different retention requirements.

• Purpose: Fulfil a contracted service.
• Detail: Access and use of your personal information will vary dependent on the nature of the specific matter.
• Collection & share: We may share your information when we consult or engage with other professional agencies, experts, sub-processors, data controllers or other third parties to perform duties or provide a service to deliver the expectations of the engaged service including, but not limited to, other legal professionals, courts, witnesses, consultants, experts.
• Categories: Information used will vary depending on the nature of the matter and may include special category and criminal conviction and offence information.

• Purpose: Fulfil our legal obligations / our legitimate interests.
• Detail: Manage, review, and update documents within the client matter file.
• Categories: Information used will vary depending on the nature of the matter and may include special category and criminal conviction and offence information.

• Purpose: Fulfil our legal obligations.
• Detail: We may undertake other activities commensurate with a law firm, to the extent required to comply with legal, regulatory, governmental, or other statutory or judicial obligation or requirement, such as complying with a court order or information request.
• Categories: Information used will vary depending on the nature of the matter and may include special category and criminal conviction and offence information.

• Purpose: Our legitimate interests.
• Detail: Your information may be processed when we perform duties conducted during the administration of our management information. These may include reporting, audits, accountancy, compliance, and performance reviews.
• Categories: Categories of information used will vary depending on the nature of the matter and may include special category and criminal conviction and offence information.

• Detail: Tools used for calls include mobile or landline, and platforms such as Microsoft Teams or Zoom. These automatically collect and display your personal information. We may use this information to maintain our records and demonstrate accountability and to help improve the efficiency and effectiveness of our call handling.
• Voicemail: Our automated systems may generate an email, audio file and/or text transcript of the call recording. Automated emails may be sent to the intended recipient to notify them of the message and copy of the information. Other authorised personnel may access and review the contact. Further processing will be dependent on the nature and purpose of your contact.
• Collection: Technical, from the caller.
• Categories: Identity, contact, date / time technical. Plus, any personal information provided by the caller.

• Detail: We process and monitor email communications, including file attachments, for viruses or malicious software and to operate data loss prevention. Emails are generally retained within the recipient’s inbox for a period of 6 months and then archived ‘beyond reasonable use’. Further processing of emails will be dependent on the nature and purpose of your contact. You should be aware that any emails we send or receive may not be protected in transit.
• Collection: Technical, from the sender.
• Categories: Identity, contact, technical. Plus, any personal information provided by the sender.

• Detail: When you take part in a Teams call, Zoom call or video conference or meeting, your images and other personal information, comments and uploaded documents may be visible and accessible to all call participants. When calls are recorded you will be presented with an alert banner. During the call, automated transcripts may be available to participants. Depending on the call quality and personal pronunciation, these do not always provide accurate narrative. Attendance records, transcripts, uploaded documents, and recordings are accessible and may be retained by the host and processed in line with the meeting purpose, training, audit, and accountability purposes. This information may be shared with relevant parties. We cannot account for the content and accuracy of information provided by other participants.
• Collection: From participants, technical.
• Categories: Identity, contact, technical. Plus, any personal information provided by the participants.

• Detail: Deliveries received by post may be scanned and shared electronically with the intended recipient. Unless originals are required, all physical copies are usually securely destroyed. Royal Mail standard or recorded delivery is used for routine outgoing post. Other third-party courier services may be used for secure delivery or courier services. Although we undertake reasonable due diligence, we cannot guarantee against loss or destruction. We may track deliveries during transit and receipt and retain an audit log for accountability.
• Collection: From the sender.
• Categories: Identity, contact, technical. Plus, any personal information provided by the sender.

• Detail: We use social media tools for our marketing purposes. Where you opt-in to receive our marketing materials, we may share your email and preferences with our contracted social media service agent for this purpose; we may prompt you to ‘follow us’ or participate in ‘threads’ relating to our general services. We do not endorse the use of social media for the purpose of communicating with you about an engaged matter and discourage you from sharing any personal information of this nature on a public platform or within other insecure tools. Where you contact us using these tools or technologies, we cannot guarantee its protection or ongoing security. We cannot account for information posted to our platforms by unrelated third parties.
• Collection: From the poster.
• Categories: Identity, contact, technical. Plus, any personal information provided by the sender.

• Detail: If we use other third-party platforms, we will provide you with a notice to inform you and provide relevant privacy information. Where available audit logs and automated notifications contain details of activities you perform, such as the date and time you open or download the information, this is used for compliance and accountability purposes.
• Collect: Direct from you, indirectly from other participants, technical.
• Categories: Identity, contact, technical, usage. Plus, any personal information provided by the sender.

• Purpose: Legitimate interests, detection and prevention of crime, vital interests.
• Detail: When we communicate with you or receive communications about you, we review and assess content. Depending on the nature of the information we may have a duty to report, consult, or share with other relevant parties or agencies. We may also use the information for our own reasonable business interests.
• Categories: Identity, contact, technical, usage. Plus, any personal information provided by the sender.

• Purpose: Health & safety and maintaining security.
• Detail: Our reception services may ask you to ‘sign in’ and wear an ID badge. This is to facilitate your visit, ensure your safety and to manage our security. If you inform us about any additional requirements relating to your visit, we may use this to make reasonable provisions for you. On occasion, there may be a requirement to complete an individual risk assessment, implement reasonable adjustments or to investigate an accident or manage an incident. Your information may be processed and shared with relevant third parties such as a fire marshal, building manager, HR, or the Health and Safety Executive.
• Retention: Information may be retained for six months; a longer retention will be applied in the event of any incidents or accidents or claims.
• Collection: Direct from you.
• Categories: Identity, contact, special category.

• Purpose: Provide services and account for use.
• Detail: On each visit where you connect to our services (where and when these may be available), you will be provided with a processing notice. You may be required to accept terms and conditions from your device. When you connect, automation allocates your device with an IP address and generates audit logs that capture details of your activities.
• Collection: From the device connected, Technical.
• Categories: Technical and usage.

• Purpose: Detection and prevention of crime
• Detail: We may have CCTV systems, either operated and managed by us or by a third-party.
• Collection: Systems may record intermittently or continually, and store images, time, and location.
• Monitoring & use: Images are accessible by nominated individuals to view for the purpose of monitoring activities. When an incident occurs or following a disclosure request, information may be reviewed and extracted from the system, and a copy made and retained. We make reasonable efforts to extract specific images and obscure images of individuals not subject to the activity. Information may be used to progress action or evidence activity relating to our stated purpose.
• Sharing: Information may be disclosed with relevant parties.
• Retention: Automated deletion is set in line with the local regulatory retention period; the UK is 31 days.
• Categories: Images captured will be representative of your activities and footage may reveal sensitive information about you and/or any criminal activities taking place.

When you agree to receive promotional materials by subscribing via our website or sign up for an event. Subscription information is stored within our secure marketing database. We may use software to review and categorise your preferences and identify relevant materials to provide.

We may use our approved third-party tools to deliver materials to you. We use analytic tools to monitor delivery success, we use this information to improve email services.

Where you have not contacted us or engaged with our emails, we may contact you periodically to confirm your continued consent.

When you unsubscribe or ‘opt out’ we may add your name to our suppression list to ensure that you do not receive future materials.

Our trusted third parties may access our database to provide us with technical support during routine or operational performance and maintenance. You can change your preferences or unsubscribe ‘Opt-out’ at any time by following the embedded links within the footers of our direct marketing emails, or you can let us know by email to data@westonlegal.ltd.

From the subscriber. You can change your preferences or unsubscribe ‘Opt-out’ at any time by following the embedded links within the footers of our direct marketing emails, or you can let us know by email to data@westonlegal.ltd.

Identity, contact, preferences, and usage. You can change your preferences or unsubscribe ‘Opt-out’ at any time by following the embedded links within the footers of our direct marketing emails, or you can let us know by email to data@westonlegal.ltd.

A member of the team will review and triage your complaint or request made via data@westonlegal.ltd.

We may use your personal information to take reasonable measures to verify your identity and confirm your authority to make the complaint, enquiry, or request.

We review information you provide and other relevant personal information that we hold, we may share this with relevant personnel, to the extent required to investigate and manage the query.

We may share your personal information with relevant third-parties or agencies such as the regulator, clients, solicitors, or insurers).

We may make changes or update your information and implement appropriate actions to achieve the required outcome.

Direct, Indirect, Technical.

Identity, contact, technical and any information relevant to your contact.

When applying for a position through any method, you will receive a notice and be provided with a link to this privacy notice.

We will communicate with you by phone, Teams, Zoom and/or email. Information is collected usually by email which is used to store, send, and receive email communications with you and associated parties involved in the recruitment process, securely store your application, test results scores, online interview or video presentation.

We may use contracted services of third-party providers to deliver elements of the recruitment process or conduct assessments on our behalf. When we do, we will inform you in advance and provide you with links to their privacy notice. Unless otherwise stated, relevant information obtained and processed will be shared with us to manage your application.

We are required to retain information of unsuccessful applicants for a period six months. However, with your consent we may add your details to our ‘Talent pool’ and your information may be retained for this purpose for up to two years.

Information of successful applicants is further processed and may be shared with relevant parties to obtain references, manage health questionnaires, conduct conflict of interest, PEP’s, DBS, and other background checks.

When you update voluntary sections of the application forms, such as equality, diversity and equal opportunities information, your responses are used and shared solely for the purposes and monitoring of equal opportunities statistics. These are not accessible to the hiring manager or recruitment panel.

From the candidate, recruitment panel and contracted third parties.

Identity, career, criminal, contact, preferences, technical, usage. Plus, any personal the information you provide.

Our employee privacy notice is available for those who work with us. Available upon request to our compliance manager at data@westonlegal.ltd.

Deliver our IT services, apply security and monitoring practices, improvements and testing, maintenance.

Your information may be processed when we apply security measures. We use physical, electronic, and administrative safeguards designed to protect your personal data from loss, misuse, and unauthorised access, use, alteration, or disclosure. We store all personal data you provide to us behind firewalls on servers employing security protections. We continually review and improve our technical systems and tools to maintain resilience, security, and adaptability of our IT Infrastructure.

Your information may be processed when we apply physical security measures. We apply high standards of on-site physical security and have technical and organisational measures to protect our working space and physical information and data assets.

Your information may be processed when we carry out risk assessments and reviews. Activities that require the use of personal information undergo risk assessments to ensure they are lawful and comply with our data protection polices; these are regularly reviewed to ensure ongoing suitability.

Our people may process, access and review your information for duties consistent with their position and responsibilities, such as delivering a client service and performance management. Bespoke training is a mandatory requirement for all of those who have access to personal information. We restrict access to personnel and service providers who have a legitimate ‘need to know’. There are contractual obligations of confidentiality and data protection.

When we use third parties to perform activities for us, we complete due diligence checks to ensure information remains secure, confidential, and used for the contracted purposes.

We do not make use of automated decision-making tools that fall into a category requiring your notification. If our position changes, we will update this notice and inform you directly where required.

Your information may be processed when we produce management information such as budgets, client satisfaction, performance reviews or resource management.

We may disclose your personal information to a prospective seller or buyer or successor in the event that we sell or buy any part of our business group, entity or assets or seek to acquire new businesses, merger, divestiture, restructuring, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, where one of the transferred assets is the personal data we hold.

Other relevant obligations to which we are legally bound such as to comply with court order, legal or regulated request.

Your information may be lawfully processed when our obligations or legal rights outweigh your right to privacy. We take reasonable measures that protect and enforce our legal rights against breach of contract or agreement, detection or prevention of fraud or crime, and to protect people, property, or assets.

We may process and share other, non-personal information without restriction of this notice. However, we will consider our other regulatory or contractual obligations prior to use.

https://ico.org.uk/for-the-public/how-to-make-a-data-protection-complaint/

https://ico.org.uk/for-the-public/your-right-to-be-informed-if-your-personal-data-is-being-used/

https://ico.org.uk/for-the-public/getting-copies-of-your-information-subject-access-request/

https://ico.org.uk/for-the-public/your-right-to-get-your-data-corrected/

https://ico.org.uk/for-the-public/your-right-to-get-your-data-deleted/

https://ico.org.uk/for-the-public/your-right-to-limit-how-organisations-use-your-data/

https://ico.org.uk/for-the-public/your-right-to-data-portability/

https://ico.org.uk/for-the-public/the-right-to-object-to-the-use-of-your-data/

https://ico.org.uk/for-the-public/your-rights-relating-to-decisions-being-made-about-you-without-human-involvement/