What is this?
- When you deal with Borneo Martell Turner Coulston you will provide us with your information and we may also receive information about you from third parties. You trust us with that information and we are committed to protecting it.
- The term ‘personal data’ is used to refer to your information.
- The purpose of this policy is to explain what personal data we may collect about you and why, how the data is used, how we keep it secure and the circumstances in which we can disclose your data to others.
- Please re-visit this page from time to time as this policy may change and our website will be updated accordingly.
Who are we?
- Borneo Martell Turner Coulston is a trading name of Borneo Martell Turner Coulston LLP.
- You may find that the Firm’s name is abbreviated to ‘BMTC Law’ or ‘BMTC’ from time to time for ease of use in our website and email addresses.
- Borneo Martell Turner Coulston LLP is a limited liability partnership incorporated in England and Wales with registered number OC327261 and its registered office is 29 Billing Road, Northampton, NN1 5DQ. Borneo Martell Turner Coulston (the Firm) is a “controller” under the General Data Protection Regulation and the Data Protection Act 2018 when you engage it to provide services to you. The Firm is registered with the Information Commissioner under registration number Z6419083.
Whose data do we hold?
We may hold data about the following people:
- Suppliers and service providers
- Advisers, consultants and other professional experts
- Complainants and enquirers
How we your collect personal data?
- We will collect information about you from third parties and from you that is relevant to the matter that we are dealing with for example where you are the beneficiary of an estate, are buying a property. In particular we may collect the following information from you which is defined as ‘personal data’.
- Personal details (e.g. contract details and identification information)
- Family, lifestyles and social circumstances
- Goods and services
- Financial details (e.g. payment card details or information used in receiving money from you or sending it to you)
- Education and employment information
- Insurance information
- Business Activities of the person whose details we are processing
- We only use the information that we receive about for the purposes of the legal services that we are instructed to provide for you.
We may also collect information that is referred to as being in a ‘special’ category’. This could include:
- Physical or mental health details
- Racial or ethnic origin
- Religious or other beliefs of a similar nature
- Political opinions
- Offences and alleged offences
- Criminal proceedings, outcomes and sentences
- Trade Union membership
- Sexual life
In most cases where we provide legal services to you we are obliged by law to obtain verification of your identity. If you are unable or unwilling to provide such documents to us when we request it from you, it will mean that we cannot comply with the Money Laundering Regulations and we will therefore be unable to act for your business or you.
Basis for processing
The basis on which we process your personal data is one or more of the following:
- It is necessary for the performance of our contract with you such as;
- Where we have supplied and/or are continuing to supply legal services to you;
- Where you are taking initial advice from us in contemplation of instructing us to act for you.
- It is necessary for us to comply with a legal obligation. This includes: –
- to the Court for example in accordance with the Civil Procedure Rules;
- our compliance with the Solicitors Regulation Authority Code of Conduct;
- verifying your identity and carrying out such other obligations in accordance with the Money Laundering Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 or such other legislation as from time to time in force;
- to record information regarding gifts and hospitality so as to ensure compliance with the anti-bribery laws;
- to record on our central register any Undertakings that the Firm gives or receives in connection with a matter on which we are providing you with legal services.
- It is in our legitimate interests to do so. This includes but is not limited to the following: –
- to comply with Anti-Money Laundering Regulations and other legislation to prevent fraud or other criminal activities;
- carrying out conflict checks to ensure that we are permitted to provide services to you;
- to enter into and perform the contract we have with your business;
- to identify what if any legal information and/or services might be of interest to you for marketing purposes;
- to assist in dealing with queries you may have about our services or charges, complaints or claims;
- to notify you or your business of changes in the law; and
- to enable the Firm to exercise or defend its legal rights.
- You have given us your consent (this can be withdrawn at any time by advising our data protection officer).
- It’s in the vital interests of individual. This is because sometimes we act in matters where a person is very young, in danger, in need of emergency medical care or otherwise vulnerable. In such situations they may be incapable of consenting to the processing of their data but the processing of it is required as a matter of life or death.
Where we will store your personal data?
All information you provide to us for our use is stored on our secure servers which are located within the UK. If the arrangements for the storage of your data change we will update this Notice accordingly.
How and why will we use your data?
We may use your information for the following purposes:
- Provision of legal services including advising and acting on behalf of clients
- Promotion of our goods and services
- Provision of education and training to customers and clients
- Maintaining accounts and records
- Supporting and managing staff
Who will we share your information with?
Under our Code of Conduct there are very strict rules about who we can share your information with and this will normally be limited to other people who will assist with your matter. However, we may need to share your information not just with you but with third parties. Where necessary we share information with the following:
- Your family, associates or representatives
- Current, past or prospective employers
- Educators and examining bodies
- Ombudsman and regulatory authorities
- Recruitment and employment agencies
- Debt collection and tracing agencies if you do not pay our bills
- Financial organisations
- Credit reference agencies
- Courts and tribunals
- Central government
- Our suppliers and service providers
- When you instruct us to act for you, we may need to provide information to third parties. This will be for the purposes of providing services to us or directly to you on our behalf such as insurers or Counsel.
- When we use third party service providers, we only disclose to them any personal data that is necessary for them to provide their services and we have an agreement in place that requires them to keep your data secure and not to use it other than in accordance with our specific instructions.
- Others involved in your case or matter
- When we provide legal services to you, we may need to provide information to third parties such as law firms, insurers, translators, accountants, counsel, expert witnesses, medical professionals and other professional advisers. In such cases, it will be because they need to use your information in connection with your case or matter and they provide their own services directly to you.
- If you have instructed us in relation to a property transaction, we are often jointly instructed by your bank or lender in connection with your mortgage/loan contract with them. In such cases, we will share information with that third party about the progress of your matter.
- In such cases, any third party to whom we disclose information about you will also be under an obligation to keep your information secure. Unless you expressly consent to them, such third parties are not permitted to use your data for any purpose other than that for which it was disclosed.
- Credit/debit card payment processors
- If you make an online card payment, this information will be handled using encrypted technology and is compliant with the Payment Card Industry Data Security Standards (PCI-DSS). Where you make a payment to us by credit or debit card, we will use the payment card information only for the purpose of processing that specific transaction.
- We keep card receipts only for the purposes of retaining a record of payments received. However, this is abbreviated information only which would not be sufficient for further payments to be taken from your card.
- When you pay for any services over the telephone, your credit/debit card payment is processed by a third party payment processor (currently WorldPay), who specialise in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us using the details at the end of this policy.
- Other ways in which we may share your personal data
- We may transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal data in the circumstances outlined above under the heading ‘Basis for Processing’
How long will we keep your information for?
- Where we have provided legal services to you we will normally keep your information throughout the period of time that we do work for you and afterwards for a period of six years as we are required to do by law and also by the regulations that apply to us.
- In some cases (for example where we have prepared a will for you) we may retain your information for a longer period and we will advise you of this at the time,
- More information is set out in our data retention policy which is available on request from the data protection officer
- Transfers to third countries
- We may from time to time transfer your personal data to a country outside of the EEA.
- We do not transfer your personal data outside the UK for the purposes of storing it.
- Normally this will be necessary for the performance of your contract with us or for the exercise or defence of legal claims on your behalf.
- Sometimes we may transfer for other reasons and we will ensure that appropriate safeguards are in place at all times.
- We shall ensure that all the information that you provide to us is kept secure using appropriate technical and organisational measures.
- In the event of a personal data breach we have in place procedures to ensure that the effects of such a breach are minimised and shall liaise with the ICO and with you as appropriate.
- More information is available from the data protection officer.
What rights do you have?
You have the following rights under the GDPR;
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
- Right to object
- Rights concerning automated decision-making and profiling
Right of access
- You have a right to see the information we hold about you. However, if the data concerns other individuals or we have another lawful reason to withhold that data, we are not required to provide it to you.
- To access this you need to provide a request in writing to our data protection officer, together with proof of identity
- We will usually process your request free of charge and within 30 days however we reserve the right to charge a reasonable administration fee and to extend the period of time by a further two months if the request is manifestly unfounded or vexatious and/or is very complex;
- Full details are available in our data subject access policy which is available on request from the data protection officer.
Right to rectification
It is important that your data is accurate and therefore if you change your name, contact details or you believe that any of the data that we hold about you is out of date, please contact us.
Right of erasure
- You have a right to ask us to erase your personal data in certain cases (details may be found in Article 17 of the GDPR)
- We will deal with your request free of charge and within 30 days but reserve the right to refuse to erase information that we are required to retain by law or regulation, or that is required to defend legal claims.
- To exercise your right to erasure please contact our data protection officer.
Withdrawing your consent
- As stated above, we will process your data where you have consented for us to do so. You consent to us processing your data when you sign our Terms of Business or if you have signed an ‘Opt In’ form from us.
- You are entitled to withdraw your consent at any time and if you wish to do so please contact the Firm’s data protection officer. However, please note that if you withdraw your consent it will impact on our ability to provide you with legal services.
- If you withdraw your consent, the use of your personal data before we receive your withdrawal of consent is still lawful.
Who can you complain to?
- If you are unhappy about how are using your information or how we have responded to your request then initially you should contact the Firm’s data protection officer Sharon Hundal.
- If your complaint remains unresolved then you can contact the Information Commissioner’s Office. For more information, please visit www.ico.org.uk
- Important information about security and links to other websites
Security measures we put in place to protect your personal data
- The transmission of information via the internet is not completely secure.
- We will do our best to protect your personal data. However, where you input data and transmit that via our website we cannot guarantee its security. Therefore any transmission is at your own risk.
Links to other websites
- Our website does contain links to other websites run by other organisations. Our Privacy Notice does not apply to those other websites and we are not responsible for their policies and practices. Please ensure that you read their privacy notices and satisfy yourselves about their policy and the security if your personal data.
- If you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
Use of ‘cookies’
Marketing and other communications
Generally, we provide updates and information about our services, this firm and the law on our website. However, if have indicated to us that you consent to receiving emails from us with such information by completing an “opt-in” consent we may contact you for those purposes from time to time. We will not share your information with third parties so that they can market directly to you.
This policy is dated May 2018 and will be reviewed annually.