×

This notice (together with our terms of use and any other documents the terms refer to) set out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

This privacy notice is split into four sections: PART A deals with personal information we gather and use from a website visit; PART B deals with personal information on our clients and others related to a client matter and how it is used in respect of the legal services we provide; PART C deals with other individual’s (non client) information; and PART D sets out general provisions relating to information referred to in Parts A to C.

We take your privacy seriously. Please read this privacy notice carefully as it contains important information on how and why Lamb Brooks LLP (‘Lamb Brooks’) collects, stores, uses and shares personal information, your rights in relation to your personal information and how to contact us and supervisory authorities in the event you have a complaint.

When we use your personal data we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal data for the purposes of the GDPR. Our use of your personal data is subject to your instructions, the GDPR, other relevant UK and EU legislation and our professional duty of confidentiality.

 

Who We Are

Our full details are:

Full name of legal entity: Lamb Brooks LLP (company number OC363909)

Contact title: Data Protection Partner:

Email address: enquiries@lambbrooks.com headed ‘GDPR,

Postal address: Victoria House 39 Winchester Street Basingstoke Hampshire RG21 7EQ

Telephone number: 01256 844888

 

PART A

WEBSITE USE

By visiting lambbrooks.com you are accepting and consenting to the practices described in this notice.

Information we collect from you

We will collect and process the following data about you:

Information you give us – This is information about you that you give us by filling in forms on lambbrooks.com (our site). It includes information you provide when you search for a service, submit an enquiry, use the online livechat facility, use the online payment function, and report a problem with our site. The information you provide may include your name, address, e-mail address and phone number, information in relation to why you have contacted us, and financial and credit card information, as applicable.

Information we collect about you – With regard to each of your visits to our site we will automatically collect the following information:

  • technical information,
  • information about your visit

As this information is collected automatically, please see the Cookies section below.

Information we receive from other sources – This is information we receive about you if:-

  • you use any of the social media channels we use
  • you use our livechat service which is provided by a third party (Callitech Limited, trading as Moneypenny, or other livechat service provider)

 

 

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them – see our Cookie Policy.

Uses made of the information

We use information held about you in the following ways:

Information you give to us. We will use this information:

  • to provide you with information about other services we offer that are similar to those that you have already purchased or enquired about
  • to notify you about changes to our service
  • to ensure that content from our site is presented in the most effective manner for you and for your computer.

Information we collect about you. We will use this information:

  • to administer our site and for internal operations, including: troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
  • to allow you to participate in interactive features of our service, when you choose to do so;
  • as part of our efforts to keep our site safe and secure;
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
  • to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.

Information we receive from other sources – We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Disclosure of your information

You agree that we have the right to share your personal information with:

  • third parties including analytics and search engine providers that assist us in the improvement and optimisation of our site.

We will disclose your personal information to third parties:

  • in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, and other agreements; or to protect the rights, property, or safety of Lamb Brooks, our clients, or others. This includes exchanging information with other companies and organisations, for example, for the purposes of fraud protection.

How long your personal information will be kept

Please see our Cookie Policy for cookie retention information.

Please refer to PART B for client information, information posted on our website which becomes a client matter and for other individuals’ information that we have as part of a client matter (eg. where parents gift deposit monies towards a house purchase).

Please refer to PART C for other individuals’ (non client/matter) information – this includes general enquiries (other than via our website) that do not become a client matter, individuals located within organisations who supply goods and services to us, business contacts and referrers).

Any enquires made on this website which do not result in a client matter will be held for up to 12 months, unless you indicate you may contact us at a later date, in which case they will be held for a reasonable time.

 

PART B

Client Information

This section covers personal information relating to individuals who are clients in their own capacity, as well as those who represent our client (for example a director of a client company, trustee of a trust, personal representatives, guardians etc) together with any individuals who are integral to assisting our client in a relevant matter such as a guarantor, beneficial owner(s), parents and people linked to clients’ ongoing legal services.

How we collect your personal information

We collect most of this information from you (in person, by telephone, email and/or via our website). However, we may also collect information:

    • from publicly accessible sources, eg Companies House, HM Land Registry, the Office of Financial Sanctions Implementation, via internet search engines etc;
    • via our case management and document management systems
    • directly from a third party, eg:
    • client due diligence resources (TransUnion (formerly Callcredit) or other third party online ID verification services) – the information obtained can include the names of others living in the same household from electoral role information. More information about how TransUnion and other third party online ID verifiers use and share personal information, the type of information they hold, where it comes from and the legalities of how it is handled can be found at the following address: https://www.callcredit.co.uk/legal-information/bureau-privacy-notice
    • third parties such as estate agents, accountants, banks, surveyors, medical professionals, courts, regulatory bodies and other advisors and specialists related to your matter
  • where you use our webchat service – we will receive the information that you provide via Callitech Limited, trading as Moneypenny (or other livechat service provider)
  • where we are unable to answer your call – we will receive your name, contact details and message details via Callitech Limited, trading as Moneypenny (or other telephone answering service)

 

  • Law League and Review Solicitors – these are third party websites that we use to collate feedback and where any review that you leave may appear. Your feedback/review will be anonymous unless you voluntarily leave your name or any other personal information
  • where relevant and where your consent has been obtained, we may also need to obtain: your health records from hospitals and clinics you have attended; employment history from previous employers or HM Revenue & Customs; benefits history from the Department for Work & Pensions; and/or accounting records from your accountant
  • from cookies on our website – for more information on our use of cookies, please see our cookies policy
  • automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems

The personal information we collect and use and why

Contractual obligations

In order to fulfill our contractual obligations to you, we generally require the following from you, depending upon the services we provide:-

  • your name and contact details
  • your bank details (and financial information, so far as relevant to your instructions, eg. the source of funds if you are instructing us on a purchase transaction )
  • information about your matter and circumstances which can include:-
  • details of your spouse/partner and dependants or other family members eg. if you instruct us on a family matter or a will)
  • your employment status and details including salary (payslips) and benefits or employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances eg. if you instruct us on a matter related to your employment, or in which your employment status or income can be relevant such as a personal injury or clinical negligence claim
  • details of your pension arrangements, eg. if you instruct us on a pension matter or in relation to financial arrangements following breakdown of a relationship
  • In addition, if we require the following special categories of data, also known as sensitive personal data, as well as requiring this information to fulfill our contractual obligations to you, we require this information for the establishment, exercise or defence of legal claims
  • your racial or ethnic origin, general and sexual orientation, religious or similar beliefs, or trade union membership
  • your medical records and any medical reports (where applicable)

Statutory / legal obligations

In order to comply with statutory, regulatory or lender’s requirements, depending upon the services we provide, we may require:-

  • your name and contact details
  • your bank details (payslips and financial information, in some cases)
  • information about your matter and circumstances
  • your mortgage account or roll number (where applicable)
  • your National Insurance number and tax details (where applicable)
  • information to enable us to check and verify your identity (eg. data of birth, passport details etc). bank statements and screening for financial and other sanctions and embargoes
  • other processing necessary to comply with professional, legal and regulatory obligations that apply to our business eg. under health and safety regulation or rules issued by our professional regulator
  • information to enable us to check and verify the identity of anyone contributing monies towards your property purchase, in addition to their bank statements
  • the name, date of birth, National Insurance number and identity documents for the beneficiaries and trustees of a trust
  • the name, address, date of birth and identity documents for any beneficial owners of companies, Limited Liability Partnerships (LLPs) and trusts
  • gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies, such as our regulator, the Solicitors Regulation Authority (SRA) , the Legal Ombudsman or the Information Commissioner’s Office
  • updating and enhancing client records

 

Legitimate Interests

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We may process your personal data where it is necessary for legitimate interests pursued by us as a legal practice seeking to engage with and provide services to prospective and current clients, in order to:-

  • deal with any queries you may make via any livechat service on our website
  • deal with any calls that we are unable to take during our core business hours, or longer via any telephone answering service
  • market our services – see the ‘direct marketing’ section below
  • enforce legal claims, including debt collection
  • prevent fraud, misuse of services or money laundering
  • ensure physical security, IT and network security
  • carry out statistical analysis to help us manage our business, eg in relation to our financial performance, client base, client satisfaction, client conversion rates etc
  • location data
  • your professional online presence eg. LinkedIn profile
  • your contact history
  • information from accounts you link to us eg. Facebook
  • information about how you use our website, IT, communications and other systems
  • external audits and quality checks eg. LawNet Standard / ISO9001 or Conveyancing Quality Scheme (CQS) purposes
  • transmit large documents / bundles of documents electronically, via a document cloud (provided security processes and controls are in place)
  • operational reasons such as improving efficiency, training and quality control
  • updating and enhancing client records to ensure we can keep in touch with our clients about new and existing services

 

 

Direct Marketing

We may use your personal information to market our similar services via eg. e-newsletters or invites to seminars or social events that we arrange from time to time, unless you advise us that you do not wish to receive any such communications.

We have a legitimate interest in processing your personal data for direct marketing purposes (see above, ‘Legitimate Interests’). This means we do not usually need your consent to send you direct marketing materials. However, where consent is needed, we will ask for this separately and clearly.

We will never sell or share your personal information with other organisations for marketing purposes.

You have the right to opt out of receiving marketing communications at any time. Any communications we do send will allow you to opt-out of receiving any future marketing communications from us, or you may amend your preferences going forward. You can also opt-out or change your preferences at any time by emailing us at enquiries@lambbrooks.com headed ‘unsubscribe’ or ‘change preferences’ confirming what your new preferences are or by post to ‘Head of Marketing’ Lamb Brooks, Victoria House, 39 Winchester Street, Basingstoke, RG21 7EQ, ensuring you provide your name so we can identify you.

We may use third parties such as MailChimp to process or administer the data on our behalf, for example, for the purposes of mail merge and sending out event initiations – such third parties are not permitted to use the data for their own purposes.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

How we use your personal information

  • We use your personal information to:-
  • contact you and any relevant third parties to progress your matter
  • process payments
  • provide the legal services you have requested
  • market the firm’s services (unless you opt out of this – see Direct Marketing, above)
  • identify and verify your identity and establish the source of funding
  • screen for financial or other sanctions and embargoes
  • conduct other processing necessary to comply with professional, legal and regulatory obligations that apply to our business eg under health and safety regulation or rules issued by our professional regulator
  • process any complaints / claims
  • submit forms and applications to courts, tribunals and government bodies on your behalf
  • administer, support, improve and develop our business generally and enforce our legal rights

 

Who has access to your personal information

Members of Lamb Brooks staff and its authorised consultants where needed or necessary for carrying out the purposes for which this personal information is provided, as mentioned in this notice. We may also, where necessary, allow access by third parties as mentioned below.

Who we may share your personal information with

We may share your personal information with:-

  • in the case of general matters this may include, depending of the matter in question: your accountant, or other professional advisor; our bank; your bank or funders; solicitors acting for the other party to the transaction; or government agencies such as HM Revenue & Customs, the Department for Work and Pensions and Companies House, as applicable
  • in the case of litigious matters: barristers; experts; the court or other tribunal; After The Event (ATE) insurer (where applicable); and costs draftsmen (in certain larger cases)
  • TransUnion (formerly Callcredit) (or similar third party online ID verification services) – to verify your identity
  • we may also share personal information with external auditors eg. ISO9001/LawNet Quality Standard assessors, our financial auditors, or our regulator, the Solicitors Regulation Authority – to verify our procedures / advice from time to time
  • our insurers and any brokers – if there are grounds for a claim against us, or you make a claim against us
  • the Legal Ombudsman, SRA or Information Commissioners Office – if you make a complaint against us
  • law enforcement or other authorities, if required by applicable law or if we are obliged to disclose data under certain laws, by order of court or other competent regulatory body, or permitted to disclose it under applicable data protection laws
  • we may need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations
  • co-hosts and other attendees at events and promotional activities that we periodically run, if your name appears on the attendee list
  • from time to time we may appoint service providers, such as IT, website hosts, physical document storage providers, pagination service providers and other such parties, to provide services to us – we will ensure that any such appointments comply with GDPR
  • from time to time we may use cloud storage services such as Adobe Document Cloud in order for third parties pertinent to your matter (such as barristers and experts) to access documents necessary to progress your matter where documents are too large to send by encrypted email – we will ensure that any such cloud storage services used have security processes and controls in place.
  • third parties approved by you eg. social media sites you choose to link your account to or third party payment providers
  • Callitech Limited, trading as Moneypenny or other livechat service and/or telephone service providers. They will take relevant information from you to pass onto us

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal information.

 

Where your personal data is held

Information may be held at our offices, third party agencies, service providers, representatives and agents as described above (see ‘Who we may share your personal information with’)

Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal data when this occurs, see below: ‘Transferring your data out of the European Economic Area (EEA)

How long your personal information will be kept

 

  • We will keep your personal information after we have finished advising or acting for you. We will do so for one or more of the following reasons:
  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to show that we treated you fairly;
  • to keep records required by law.

 

We will not retain your personal information for longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of personal information. The majority of client files are retained for a minimum of 6 years after the matter concludes, but you will be informed of the relevant retention period at the end of your matter.

Transferring your data out of the European Economic Area (EEA)

To deliver services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA), eg:

  • with your and our service providers located outside the EEA;
  • if you are based outside the EEA;
  • where there is an international dimension to the services we are providing to you.

 

These transfers are subject to special rules under European and UK data protection law.

We do not routinely share personal information to any organisation located outside of the EEA. These non-EEA countries do not generally have the same data protection laws as the United Kingdom and EEA. Where the matter requires us to do so, we will either only do so if:

  • the organisation or country is declared adequate by the EU commission as having sufficient data protection laws or sufficient safeguards (for example, the EU-US Privacy Shield); or
  • where there are other safeguards in place such as the use of the EU standard clauses; or
  • where we need to, and having sought your consent.

We may also use organisations such as MailChimp (who are based in the USA) for marketing related e-mails. We will check that any such organisations have security processes and controls in place.

For more information please contact us, where relevant.

 

 

PART C

OTHER INDIVIDUALS (NON CLIENT) INFORMATION

This section deals with personal information we may collect and use relating to individuals located within organisations who supply goods and services to us, business contacts, referrers, people who contact us with a general enquiry (other than via our website) and other parties to a client matter.

How we collect your personal information

We collect most of this information from you. However, we may also collect information:

  • from publicly accessible sources, eg websites, directories, advertising materials, search engines and recommendations;
  • directly from a third party, eg: our client, your business contacts, parties involved in the client matter, accountants, other professional advisors and service providers.

Category of Data Subject Type of Data Lawful basis for processing including basis of legitimate interest
Suppliers Name and contact details In connection with the provision of services to Lamb Brooks; or where requested to carry out services relating to a client matter; or to recommend third parties; or to send information about Lamb Brooks and to invite to Lamb Brooks' functions or events
Referrers Name and contact details Legitimate interest - mutual referral of potential work. To send information about Lamb Brooks and to invite to Lamb Brooks' functions or events
Business Contacts Name and contact details Legitimate interest - mutual referral of potential work. To send information about Lamb Brooks and to invite to Lamb Brooks' functions or events
General Enquiries Name and contact details. Other information you may provide To respond, and where relevant, to carry out the initial request. To recommend third parties where relevant to the subject matter of the initial request, and subject to your consent
Other Parties to a Client Matter Name and contact details For other professional advisors related to the client matter - in fulfilling the services to be provided by our client

Who we may share your personal information with

We may share your personal information with, where relevant:

  • client(s)
  • other service providers
  • in the case of client litigious matters: barristers; experts; the court or other tribunal; After The Event (ATE) insurer (where applicable); and costs draftsmen (in certain larger cases)
  • we may also share personal information with external auditors eg. ISO9001/LawNet Quality Standard assessors, our financial auditors, or our regulator, the Solicitors Regulation Authority – to verify our procedures / advice from time to time
  • our insurers – if there are grounds for a claim against us, or you make a claim against us
  • the Legal Ombudsman, SRA or Information Commissioners Office – if a complaint is made against us
  • law enforcement or other authorities, if required by applicable law or if we are obliged to disclose data under certain laws, by order of court or other competent regulatory body, or permitted to disclose it under applicable data protection laws
  • we may need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations
  • co-hosts and other attendees at events and promotional activities that we periodically run, if your name appears on the attendee list
  • from time to time we may appoint service providers, such as IT, website hosts, physical document storage providers, pagination service providers and other such parties, to provide services to us – we will ensure that any such appointments comply with GDPR
  • third parties approved by you eg. social media sites you choose to link your account to

 

How long your personal information will be kept

Where you make an enquiry which does not result in a client matter (ie where we do not provide you with any advice), we will hold your information for up to 12 months, unless you indicate you may contact us at a later date, in which case it will be held for a reasonable time. If we do provide you with any advice, please see the ‘How long your personal information will be kept’ section in Part B of this notice.

In relation to suppliers, referrers and business contacts, we shall keep the personal information for so long as is necessary for the purposes set out in the table above.

Where services have been provided as part of a client matter, or the personal information relates to the client matter, your relevant personal information may be kept with the client file.

 

Transferring your data out of the European Economic Area (EEA)

We do not routinely share personal information to any organisation located outside of the EEA. However, we may use organisations such as MailChimp (who are based in the USA) for marketing related e-mails. We will check that any such organisations have security processes and controls in place.

 

PART D GENERAL

Your rights

Under GDPR you have a number of important rights, free of charge. In summary, they include the following rights:

  • access – the right to be provided with a copy of your personal data
  • rectification – the right to require us to correct any mistakes in your personal data (that we hold)
  • to be forgotten – the right to require us to delete your personal data in certain situations
  • restriction of processing – the right to restrict processing of your personal data in certain circumstances eg if you contest the accuracy of the data
  • data portability – the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party, in certain situations
  • to object – the right at any time to object to your personal data:-
  • being processed for direct marketing (including profiling) (see direct marketing above); or
  • object to our continued processing of your personal information in certain other situations eg. statistical and survey purposes

 

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual’s rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please see the ‘How to contact us section below, letting us have sufficient information to identify you (eg name, file number and names of any fee earners involved with your matter), proof of your identity and address (eg. a copy of your driving licence or passport and a recent utility or credit card bill) as well as letting us know the information to which your request relates.

 

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Help us to help you by heeding any cybersecurity/fraud warning notices we send you by post or email, including those referenced beneath our email sign off details.

 

How to complain

We hope that we can resolve any query or concern you may raise about our use of your information, but you may also contact the Information Commissioner’s Office at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information, advice or to make a complaint.

 

Changes to this privacy notice

This privacy notice was published on 23 May 2018 and last updated on 22 May 2019.

 

How to contact us

Please contact us if you have any questions about this privacy notice, or the information we hold about you.

If you wish to contact us, please send an email to enquiries@lambbrooks.com headed ‘GDPR, write to us at ‘GDPR’ Lamb Brooks, Victoria House, 39 Winchester Street, Basingstoke, RG21 7EQ or call 01256 844888

 

Do you need extra help?

If you would like this notice in another format, please contact us (see ‘How to contact us’ above), and where possible, we will try to help.