Customer Privacy Notice
What this privacy notice covers
Minster Law Ltd (referred to in this document as “we”, “us” or “our”) takes privacy very seriously. This privacy notice explains our practices including your choice regarding the collection, use and disclosure of your personal data. You will need to provide data to us before you are formally our customer and throughout the provision of our legal service to you. This notice applies to all data that we collect about you. Please read this notice carefully and contact us if you have any questions using the details provided in the contact and feedback section below.
This privacy notice sets out:
- personal data we collect about you
- why we collect your personal data
- when we collect your data and how long we keep it for
- what we do with your data
- how we and other organisations will keep your personal data safe
- the rights and choices you have when it comes to your personal data
We are the Data Controller of the personal data we process and therefore are responsible for ensuring our systems, processes, suppliers and employees comply with data protection laws in relation to the data we handle.
We have a Data Protection Officer, who oversees compliance with data protection laws and this privacy notice, and provides guidance and advice as required. You can contact our Data Protection Officer by emailing firstname.lastname@example.org or by writing to our registered office in the contact and feedback section below.
Personal data we collect about you
- We collect your personal details including name, date of birth, address, telephone and email address details, so that we may keep you informed and send you information about the service that we are providing to you. We need your personal data to progress your claim.
- We collect data about the circumstances of your claim, for example, we will collect accident, injury and insurance details for a personal injury claim.
- Special category data: some information is ‘special’ and needs more protection due to its sensitivity. It’s often information you would not want many to know and is very personal to you, such as health/injuries or criminal conviction data. We will only use special category data about you or others for the specific purpose that you provide it and to provide the services described in our welcome pack.
- Website usage data is collected using cookies. Please see our separate cookies policy for more information on this topic. This can be found on our website at: minsterlaw.co.uk
- We only collect personal data that we need from you to provide and oversee this service to you and will not collect any unnecessary data.
- Shared email addresses: If you provide us with an email address, we may send special category data to this address. Please make sure that the email address you provide is not shared with anyone else or if shared, ensure that you trust them to have access to special category data.
Why we collect your personal data
- We collect data about you if you instruct us, or look to instruct us to provide legal services to you or to another individual for whom you act on behalf of. If you do not provide us with the data we request, we may not be able to fulfil your instructions and this may prevent us from supplying products or services to you.
- We will collect identity information from you, where relevant, to ensure that we avoid any conflict of interest developing between our customers in the future.
- We do not sell your data
- We will not pass on your data to be used to contact you about other products or services, unless we have notified you of this beforehand.
When we collect your data and how long we keep it for
- We collect personal data from you before you are formally our customer so that we can identify and assess whether we are able to act for you.
- We collect additional data and where appropriate additional consent to process your data, throughout the course of the legal service we offer to you.
- We are legally required to keep documentation to meet our regulatory and statutory obligations for a period of 7 years from the conclusion of the claim. If the claim is on behalf of a child, the data will be held for a period of 10 years from the child’s 18th birthday. In some cases, we may be required to retain documents for a longer period of time but you will be informed should this be the case. Full details of our retention periods can be obtained by request.
- We may wish to use your personal data for a new purpose, not covered by this Privacy Notice, we will provide you with a new Privacy Notice explaining this and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
What we do with your data
We will use your data to
- assess whether we are able to act for you
- provide legal services, advice and support to you
- manage those services we provide to you
- contact and communicate with you
- maintain internal record keeping and analysis
- measure and gain feedback on customer experience, through customer experience surveys for example
- measure and record usage in our customer portal to improve our online services
- train and manage the employment of our employees who deliver those services
- help investigate any worries or complaints you have about your services.
During the course of your claim, it may be necessary to instruct suppliers to provide specialist services in order to progress your claim. This will involve sending them your personal data for the agreed purpose only.
In order to provide the legal service, you have contracted us to do we may share data with some of the following organisations, subject to, where appropriate your specific consent to process this data:
- Medical agencies to arrange medical appointments.
- General practitioners and hospitals regarding your medical history.
- Medical experts to provide medical evidence.
- Vehicle hire companies to arrange an alternative vehicle, if appropriate.
- Third party insurers or their representative regarding details of your claim.
- Defendants (the accused person), if they are not represented, regarding details of your claim.
- Courts, barrister/counsel and their representatives to support litigation activities.
- Organisations that support mediation processes and services between insurers and ourselves.
- Your insurer.
- Agencies to verify driver and insurance details e.g. the Driver and Vehicle Licensing Agency, the Motor Insurance Database and the Motor Insurance Bureau Services
- Law enforcement agencies for information relating to the accidents and criminal proceedings.
- Specialists including, for example, engineers that assess car damage and Forensic Accountants for accounts assessment.
- Rehabilitation providers to assess, provide treatment and records.
- The Coroner’s office to support the determination of cause of death.
- Agencies that support the collection of witness statements.
- Employers where, with your consent, we may need evidence to support determination of losses.
- The Health and Safety Executive to establish accident circumstances.
- Banking/financial services to support payment transactions.
- Repair organisations to gather information on and in some circumstances, recover costs for repair.
- Litigation friend/authorised persons, where our customer needs support to run their case.
- Organisations that use CCTV to support evidence gathering.
- Recognised external agencies to facilitate the collection of customer feedback surveys
- Recognised software to measure and record usage in our customer portal to improve our online service
In addition, we may need to share your data to meet our regulatory and legal obligations, with the following organisations:
- Regulatory authorities such as the Solicitors Regulation Authority or the Financial Conduct Authority.
- Serious Organised Crime Agency (SOCA) where criminal activity is suspected.
- National Crime Agency where fraudulent activity is suspected.
- Office of Financial Sanctions Implementation (OFSI) where our systems indicate that we have a customer that matches against a government list of individuals with frozen assets.
- We need to provide reports on customers that could potentially be involved in money laundering activities.
We process data to support our commercial obligations such as:
- Auditing of adult and child claim files by those organisations that have recommended our services to you (usually your insurer) or the organisation who has provided your Legal Expense Insurance, to test our processes and assess our service levels. Please note that should the audit need to include a review of special category data for example, medical reports, then your consent will be obtained prior to this audit.
- We will also share the progress of your claim with your Legal Expense Insurance provider and or those organisations that have recommended our services to you to ensure we meet reporting requirements with them. Please note that should they need any special category data for example, medical reports, then your consent will be obtained prior to us sharing the data with them.
We gain specific consent from you to involve you in:
- Public relation activities where we wish to promote our service/ business.
- Market research activities where we wish to gain your opinion in conducting new product development for example.
We will contact you at any point that these activities are planned to gain your consent. Should you agree to be involved in these activities you can withdraw your consent at any point. You can also decide not to be involved.
We share data to protect someone’s life:
- By passing data to relevant authorities where we believe our customer is in danger.
How we and other organisations will keep your personal data safe
We endeavour to keep all data safe by taking all reasonable precautions to protect data from misuse, loss and unauthorized access, modification or disclosure. Examples of our security are as follows:
- Encryption, meaning that information is hidden so that it cannot be read by anybody who does not have the special key (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’.
- We carefully control access to systems and networks only allowing authorised people to view your personal information.
- We train our staff on how to handle personal and special category information and how and when to report when something goes wrong.
- We regularly test our systems and network to ensure they are safe and secure.
- We work hard to ensure that our systems are up to date with the latest security enhancements.
- We use anti-virus software to protect our systems and data.
- We operate from secure premises.
- We operate a clear desk policy which ensures that all data is securely stored when not in use.
- We have robust contracts with our suppliers to ensure they operate to the same high standards that we do.
- We review all contracts of business regularly, and ensure that our key suppliers apply the same levels of protection, security and confidentiality we apply. From time to time we may need to process some of your data using third party processors located in countries outside of the European Economic Area (EEA), for example, for the purposes of data hosting, analytics, credit searches and fraud prevention. If your data is processed outside of the EEA, we will take all necessary steps to ensure it is adequately protected. This includes ensuring there is an agreement in place with the third parties which provides the same level of protection as required by the data protection regulations in the UK and EEA.
The rights and choices you have when it comes to your personal data
You have a number of legal rights over the personal information held by us. These include the right to:
- access your personal information held in our records, whether electronically or manually;
- correct or update any personal information that you think is incorrect; to object to further processing;
- ask us to delete your personal information. We will only be able to accommodate this request where it is no longer necessary for the purpose(s) for which it was provided or where we no longer have a lawful basis to process your personal information;
- receive the personal information we hold about you in a portable format
- receive information regarding decisions made through any automated means; and
- ask us to stop processing your personal information in certain circumstances.
If you wish to exercise these rights please contact email@example.com for more details on how to do this.
Further information can also be found on the Information Commissioner’s Office website (www.ico.org.uk)
Contact and Feedback
If you have any queries or wish to raise a complaint on how we have handled your personal data, please contact our Data Protection Officer at:
Data Protection Officer, Minster Law Ltd, Kingfisher House, Calder Park, Wakefield, WF2 7UA.
Or you can us at firstname.lastname@example.org
If at any time you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (www.ico.org.uk).
Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
Special Category Data
Sensitive personal data such as information about an individual’s
- ethnic origin
- trade union membership
- biometrics (where used for ID purposes)
- sex life or
- sexual orientation.
Means obtaining, recording or holding the information or data, or carrying out any operation or set of operations on the information or data, including
- organisation, adaptation or alteration of the information or data
- retrieval, consultation or use of the information or data
- disclosure of the information or data by transmission, dissemination or otherwise making available
- alignment, combination, blocking, erasure or destruction of the information or data
The person at Minster Law who
- is the first point of contact for supervisory authorities, customers and colleagues whose data is processed
- monitors compliance with data protection laws, including managing internal data protection activities, advising on data protection impact assessments; training staff and conduct internal audits.
- Organisations that we work with under agreement/contract to support the work on your claim.
- Conducting your claim or service, whilst meeting our regulatory and statutory obligations.
- A limitation period is the period of time within which a party to a contract must bring a claim. The date is the end of this period.