Privacy notice in relation to website use

When we use your personal data we are regulated under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.  We are responsible as ‘controller’ of that personal data. Our use of your personal data is subject to your instructions, the GDPR, other relevant UK and EU legislation and our professional duty of confidentiality.

Introduction

Bridge McFarland LLP is committed to protecting and respecting your privacy. This privacy notice is designed to provide information about our practices concerning the collection, use and disclosure of your personal information in the course of providing legal services, carrying out marketing and recruitment activities. Please read this privacy notice carefully as it contains important information on how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us in the event you wish to exercise these rights and how to contact us or supervisory authorities in the event you have a complaint.

Who are we?

Bridge McFarland LLP (“we”), are the Data Controller for the purposes of data protection law in relation to any personal information we hold about you.  We are a limited liability partnership registered in England and Wales with partnership number OC419565. Our registered office is at Sibthorp House, 351-355 High Street, Lincoln, LN5 7BN. We are regulated by the Solicitors Regulation Authority (under number 657877) and are registered with the Information Commissioner’s Office (under number ZA517223).
Please read this notice carefully and should you have any questions please contact our Data Protection Officer, Natalie Thomas at info@bmcf.co.uk, 01522 518888, Sibthorp House, 351-355 High Street, Lincoln, LN5 7BN.  Please ensure that you let us have your full name, address and matter reference number; proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and let us know what right your query relates to.

Who does this privacy notice apply to?

This privacy notice applies to everyone whose personal information we collect and process (excluding our current or former staff). This includes individuals in the categories below or who work for any of the following:
• our clients;
• other solicitors and law firms;
• barristers and chambers;
• people who are involved in court or other legal proceedings (including but not limited to legal claims, inquests, tribunals, arbitrations and mediations). This includes claimants, defendants, witnesses, experts and service providers related to such legal proceedings;
• people who are involved in contracts and transactions we are working on, such as other businesses or individuals our clients are contracting with;
• our regulators, insurers, auditors, professional advisers and certification/accreditation bodies;
• prospective employees, consultants and partners; and
• people whose details we process in connection with our marketing activities.

What personal information do we collect?

In the course of our business, we will need to collect and process various types of personal information for various purposes. Given the nature of our business and the services we provide, it is impractical to list all the categories of personal information that may be collected and processed. We will however only process and collect personal information where we have a legal basis to do so.
We most commonly collect and process the following kinds of personal data about you:
• contact information for individuals including full name, job title, organisation, date of birth, address, email address and telephone number. We may collect additional information to enable the identity of individuals to be verified;
• financial information, including bank account and payment card details;
• details of your spouse/partner and dependants or other family members, e.g. if you instruct us on a family matter or a Will
• employment records, including details relating to salary, professional membership/registration, SRA checks, references, proof of eligibility to work in the UK, security checks, photos, pension arrangements;
• recruitment information, including CVs, interview notes and assessment material;
• information about individuals employed by or associated with our clients, advisers or the organisations involved in a matter on which we are instructed;
• medical records and health information as necessary for the provision of our services where the services we provide involve or relate to medical matters;
• criminal convictions and offences data may be processed if necessary, for the legal matter we are advising on;
• special category personal data may be processed if necessary for the legal matter we are advising on, this includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data processed for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation
• marketing and communications data, including your marketing preferences and interests and any feedback you provide to us (for example, by completing a survey).

What information do we collect through our website and how is it collected?

A number of facilities on our website invite you to provide us with personal information, for example, the vacancy application facility in the “Careers” section of our website and our “Contact us” option.
We will also collect information about your visits to and use of our website including information about your computer such as your IP address, geographical location, browser type, referral source, length of visit and number of page views.
We use cookies on our website.  Cookies are text files which are downloaded to your computer (or other electronic device) in order to collect visitor information. This includes whether the user has logged onto the site successfully and whether the computer and/or user have visited the site previously. You can set your browser not to accept cookies however some features of our website may not function as result.
Our website utilises Google Analytics which is an analytic web service supplied by Google. This uses cookies to help us to analyse how users navigate through our site. The information produced by the cookie about your use of the website (including your IP address) is sent to and stored by Google on servers in the USA. Google will use this information for assessing your use of our website, to collect data on your website activity and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties when required by law or where such third parties process the information of Google’s behalf. Google will however not associate your IP address with any other data held by Google.

How do we collect your personal information?

We use different methods to collect personal information from and about you including:
Direct interactions: you may voluntarily provide us with your personal information, for instance when you:
• fill out a form on our website, e.g. completing an online form sign up to our marketing list;
• correspond with us by email or post;
• speak to us in person or on the phone;
• visit our offices;
• give us feedback (for example, by completing a survey);
• via our website—we use cookies on our website (see above)
• give us your business card at an event or meeting; or
• register for one of our online learning tools, webinars, events and/or conferences.

Automated technologies or interactions: as you interact with our website, we will automatically collect information about your browsing activities and your equipment. As set out above.

From a third party with your consent, e.g.:
• your bank or building society, another financial institution or advisor;
• consultants and other professionals we may engage in relation to your matter;
• your employer and/or trade union, professional body or pension administrators;
• your doctors, medical and occupational health professionals.

Publicly available sources: we may collect personal information available publicly from the publicly accessible and online sources such as:
• online professional social networking services and applications;
• a company website;
• the Electoral Roll
• the Land Registry; and
• Companies House.

Third party sources: we may collect personal information from the following third party sources:
• credit reference agencies (CRA’s)
The CRA this Firm currently uses is Infotrack. Each CRA has produced its own privacy notice. The notice developed by Infortrack explains how they use and share personal information, the type of information they hold, where it comes from and the legalities of how it is handled.  The notice can be found at the following address: Privacy Policy (infotrack.co.uk)

There may be matters where we use an alternative CRA, for example in a conveyancing transaction which has the assistance of a client onboarding system.  You will be informed if that is the case.

• client due diligence providers;

• Court records of debt judgments and bankruptcies;
From a third party with your consent: we may collect data from a third party but where your consent is required:
• your bank or building society, another financial institution or advisor;
• consultants and other professionals we may engage in relation to your matter;
• your employer and/or trade union, professional body or pension administrators;
• your doctors, medical and occupational health professionals;
Via our information technology (IT) systems, e.g.:
• case management, document management and time recording systems;

How do we use your personal information?

Legal basis on which we will use your personal data
We will only use your personal information when the law allows us to do so, i.e. where we have a lawful basis for processing. Most commonly, we will use your personal information in the following circumstances:
• Where we need to perform the contract we are about to enter into or have entered into with you, or take any steps you ask us to before entering into a contract with you.
• Where it is necessary to do so in order to comply with any legal and regulatory obligations we have, such as under money laundering laws.
• On the basis of consent:
o Where we rely on your consent for processing this will be brought to your attention when the information is collected from you.
o You have the right to withdraw consent at any time, see the Your Rights section below for further information about how you may withdraw your consent.
o We do not rely on or require your consent for the majority of our processing.
• Where the processing is necessary for our legitimate interests in:
o providing legal services;
o ensuring regulatory compliance and maintaining accreditations;
o providing our clients with the best service;
o promoting our services;
o receiving feedback; and
o improving our services and identifying ways to grow our business.
and/or for the legitimate purposes of our clients or other third parties in receiving those services. We will only rely on this lawful basis where we consider that your interests and fundamental rights do not override such interests.

When processing your personal information we comply with the provisions of this privacy notice and, in respect of the provision of legal services we are also bound by professional obligations of confidentiality.
How we use particularly sensitive personal information
“Special categories” of particularly sensitive personal information require higher levels of protection. An example of this is your medical records.  We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.

We may process special categories of personal information in the following circumstances:
1. In limited circumstances, with your explicit written consent.
2. Where processing is necessary for the establishment, exercise or defence of legal claims
3. Where it is needed in the public interest.
Criminal convictions and offences data
In some cases we need to process information about criminal convictions or offences where they are relevant to the legal advice being sought. We process this data on the basis that it is necessary for legal proceedings, obtaining legal advice or is otherwise necessary for the purpose of establishing, exercising or defending legal claims.

Purposes for which we use your personal data

We may process your information for the following purposes:

Legal services
Where we receive personal data in connection with the provision of legal services, we process that data for the purposes of the provision of those services. This includes:
(a) Providing legal services, such as:
• managing court or other legal proceedings (including, but not limited to, legal claims, inquests, tribunals, arbitrations and mediations);
• providing legal advice;
• providing wills and probate services including contacting beneficiaries;
• advising on and negotiating legal contracts and transactions

When we hold and use personal information in the course of providing legal services to a client, that client is also entitled to access that personal information. They may in turn use that information in accordance with their own privacy notice or equivalent.
(b)  Complying with our legal obligations or making disclosures to government, regulatory or other public bodies where in our reasonable opinion the disclosure is appropriate and permitted by law. This includes:
• performing checks of our clients and others as we are required to do by law or which are good practice, such as anti-money laundering and anti-terrorism checks. In undertaking such checks we may ask individuals to provide information and use publicly available information;
• disclosures required by law or court order;
• disclosures to the police, tax authorities, the National Crime Agency or other public or government authorities where in our reasonable opinion the disclosure is required in relation to any criminal investigation or prosecution; and
• disclosures to our regulators, ombudsman or other government, public or regulatory authority, including any data protection supervisory authority or regulator of legal services, where in our reasonable opinion the disclosure is required or permitted by law.
(c)  Providing access to our files for audit, review or other quality assurance checks, by our clients, regulators, auditors, professional advisers and certification/accreditation bodies.
(d)  Processing required in connection with the day to day operation of our business such as billing and payments, complaints handling and internal record keeping. For this we may use third party service providers such as IT service providers.
(e)  Processing required in connection with any actual or proposed reorganisation, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business or assets.

Who we share your personal data with

We may share your personal data with:
• our clients;
• professional advisors who we instruct on your behalf or refer you to, e.g. barristers, medical professionals, accountants, tax advisors or other experts;
• third party providers where necessary to carry out your instructions such as after the event insurance providers, medical expert agencies, disbursement loan funding providers;
• other third parties where necessary to carry out your instructions, e.g. your mortgage provider or HM Land Registry in the case of a property transaction or Companies House;
• defendants / opponents, the Court and any other party necessary to enable us to carry out your instructions;
• fraud prevention agencies, credit reference agencies and debt collection agencies;
• external auditors, e.g. in relation to Lexcel or other accreditations held by the Firm or individual solicitor and the audit of our accounts;
• our banks;
• event venues, webinar hosts and training providers to provide you with access to our events and training;
• providers of business support services including technology, banking, insurance, litigation support and security, business development and marketing support services;
• analytics and search engine providers that assist us in the improvement and optimisation of our site;
• survey or quality assurance providers in order to receive feedback and improve our services;
• external service suppliers, representatives and agents that we use to make our business more efficient
• third parties for the purposes of applications for recognition or accreditations, e.g. Legal 500.  Your name will not be provided or case details published without your consent;
• the Government’s Track & Trace scheme.

Additionally, we will disclose your personal information to the relevant third party:
• in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
• if we are acquired by a third party, in which case personal data about you held by us will be one of the transferred assets; and
• if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of our customers, our regulator, or others.

In providing Wills and probate services we will process information about beneficiaries under an obligation of professional confidentiality to the testator. Upon the death of the testator, we will contact beneficiaries and share with them the data relevant to their entitlement.
Any other service providers with whom we share information are approved by us and subject to contractual obligations designed to ensure that those providers comply with data protection legislation.  We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers relating to ensure they can only use your personal data to provide services to us and to you.

Marketing

We process personal information in connection with marketing or communications purposes, including so that we can:
• send you invitations to our online learning tools, webinars, events, and/or conferences as and when we think they might interest you;
• register and manage your attendance at one of our webinars, events or conferences;
• if you are a speaker at one of our events, promote your participation via platforms such as Twitter, LinkedIn, our website and in our marketing communications (NB: external platforms may continue to store and use your personal information after the event has ended);
• share with you news and offers about our products and services;
• email you with legal updates and newsletters relevant to sectors and specialisms that you are interested in;
• ask you for feedback (for instance, in a survey) about our client or visitor services, and to manage, review and act on the feedback;
• manage any changes to your marketing preferences or comply with any unsubscribe requests; and
• monitor our website usage and improve our services.

Recruitment

We process personal information in connection with our recruitment practices for the following purposes:
• recruiting new employees, consultants and partners;
• verifying immigration status and/or eligibility to work in the UK;
• undertaking pre-employment checks; and
• obtaining references.

Transferring personal information outside the EEA

We may transfer personal data outside the European Economic Area (“EEA”) where adequate protection measures are in place in compliance with data protection laws. For example, this may be in relation to an international legal claim or transaction, or where we are sharing information with third party service providers who operate outside the EEA. We transfer personal information outside the EEA where it is necessary to do so for the establishment, exercise or defence of legal claims.

Third party links

Our website may include links to third-party websites, plug-ins and applications, for example when you click the link to register for on one of our webinars, you will be taken to the third party website of our webinar provider. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

How can you change your marketing preferences?

We would like to use your personal data to contact you with information relating to our services and any upcoming events that may be of interest to you. We would like to contact you by post, telephone or email. If you agree to being contacted in this way, please advise us how you would like to opt in: Post, Email, Phone,  Text (SMS).

How long we keep hold of your information?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, for example:

• to respond to any questions, complaints or claims made by you or on your behalf;
• to show that we treated you fairly;
• to keep records required by law or regulation.

Details of retention periods for different aspects of your personal information are available on request. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

After this period, we will securely destroy your personal information in accordance with applicable laws and regulations.

How is your information kept secure?

We are strongly committed to data security and we take reasonable appropriate steps to protect the personal information we hold from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic and managerial procedures to safeguard and secure that information.

What are your rights in respect of your data?

If we process your personal data, you have the following rights. You can exercise these rights at any time by emailing us or by using the other contact details given in this privacy notice.

Access: The right to be provided with a copy of your personal data
Rectification: The right to require us to correct any mistakes in your personal data
To be forgotten: The right to require us to delete your personal data – in certain situations where there is no compelling reason for its continued processing
Restriction of processing: The right to require us to restrict processing of your personal data – in certain circumstances, e.g. if you contest the accuracy of the data
Data portability: The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object: The right to object:
– at any time to your personal data being processed for direct marketing;
– in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision-making: The right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you

For further information on any of these rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of those rights please email, call or write to our Data Protection Officer, Natalie Thomas at info@bmcf.co.uk, 01522 518888, Sibthorp House, 351-355 High Street, Lincoln, LN5 7BN.  Please ensure that you let us have your full name, address and matter reference number; proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and let us know what right you want to exercise and the information to which your request relates.

Protection of your information

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Will there be changes to this notice?

This privacy notice may change from time to time so we recommend that you review it periodically. This version of the privacy notice was last updated on 4th October 2021.