Under the EU General Data Protection Regulations (GDPR), we are required to update our engagement letters with clients and provide certain details regarding the Firm and collection and use of your personal data. This is set out in more detail below.
We have also set out below details about data we collect from this website and the privacy of all visitors.
Buss Murton Law LLP’s registered office is Wallside House, 12 Mount Ephraim Road, Tunbridge Wells, Kent, TN1 1EE.
Our Data Protection Controller is Alex Smith and he can be contacted at email@example.com.
What are your rights?
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Controller in writing.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
How will we collect your personal data?
We need to know certain personal data in order to provide you with the services you require under our terms of business/Engagement Letter we have with you. If we do not have this information then we will be unable to provide the services necessary to fulfil the contract between us. We will not collect any personal data from you that is not necessary to fulfil the contract between us.
How will we use your personal data?
We will only use your personal information when the law allows us to do so. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract we have entered into with you;
- Where we need to comply with a legal obligation; and
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal information in the following situations, which are likely to be rare:
- Where we need to protect your interests (or someone else’s interests); or
- Where it is needed in the public interest or for official purposes.
We may also use aggregate information and statistics for the purposes of monitoring website usage in order to help us to develop our website and our services. These statistics will be anonymous and will not include information that can be used to identify you.
How long will we keep your information?
We will only retain your personal information for as long as necessary, and for at least 6 years, to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Once your transaction has concluded we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Controller at firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you consent to marketing, any information we use for this purpose will be kept with us until you notify us that you no longer wish to receive this information.
We may have to share your personal data with third party service providers where it is necessary for the performance of the data controllers’ tasks or where you give us your prior consent.
Examples of third parties we may need to share your data with are: IT services, auditors/assessors, credit/debit card merchants for processing payments, tracing agents in the event of non-payment of legal fees and counsels and/or experts if applicable during the course of your transaction.
We require third parties to respect the security of your data and to treat it in accordance with the law.
We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
Cookies and other information-gathering technologies
There are two main types of cookie:
- session cookies – these are deleted when the user’s finish browsing a website and are not stored on their computers longer than this.
- persistent cookies – these are stored on the user’s computer after they have finished using a website so that the website provider can remember their preferences the next time they use it.
Cookies can be set by the website the user has browsed, i.e. the website displayed in the uniform resource locator (URL) window. These are called first party cookies. Third party cookies are set by a website other than the one they are browsing.
The cookies that we use relate only to the analytics of our site and therefore no information is stored. The cookies that we use do not restrict or disable any access to our site.
How do we protect your information
We have put in place the following security procedures and technical and organisational measures to safeguard your personal information:
We do not store or process any personal information on our website.
To maintain security of the website we have a strict password allocation policy and any enquiries that come via the website are sent by email. These emails are directed to the marketing department and the user accepts that by using the enquiry facility they are consenting for their contact details to be submitted. These details are not stored anywhere on the site.
Our website is maintained by Neuroweb and the security measures are provided by GoDaddy.
We will use all reasonable efforts to safeguard your personal information. However, you should be aware that the use of the Internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Each visitor has the right of access to personal data they have submitted through this website.
If you have any enquiries about the accuracy of personal data previously submitted, or requests to have information removed, these should be directed to the Data Protection Controller at email@example.com.
By continuing to use this website and by providing any personal data (including sensitive personal data) to us via this website or email addresses provided on this website, visitors are consenting to our use of your personal data as set out in this Privacy Notice. Please do not send us any personal data if you do not want that information to be used by us in this manner.