Lichfield Reynolds LLP is a law firm in the UK offering a broad range of legal services to national and international organisations and institutions, small and medium-sized businesses, and private individuals.

Specifically, we act as a “Data Controller” in respect of the information gathered and processed by us. A Data Controller determines the purposes of which, and the manner in which, any personal data is processed.

In order that you are reliably informed about how we operate, we have developed this Privacy Notice, which describes the ways in which we collect, manage, process, store, and share information about you. The Privacy Notice also provides you with information about your data privacy rights.

Your personal information contains certain information about you as an individual which identifies who you are, such as name, address, telephone number, date of birth, etc. Sometimes the information we collect is sensitive in nature, such as health information or your religious beliefs. Such sensitive information is given added protection.

Please also note all the personal information we receive from you is also treated with the strictest of confidentiality.

We may process your personal information (where we have received this directly from you or from another source) if:

• You are a client or prospective client
• You use our website or other services we may provide through our website
• You are an individual within any third party we engage with such as our suppliers or other service providers such as marketing agencies
• A client has provided us with your information
• You have been referred to us from a third party or we have collected information about you from another third party.

As an essential part of our business, we collect and manage client information. In doing so, we observe applicable data protection laws and are committed to protecting and respecting clients’ privacy, rights, and personal information.

The personal information that we collect about you is to manage and administer your engagement with us as a client or prospective client and provide our services. We collect personal information, which includes your name, address, contact details, NI number, passport/driving license details, financial information (including bank details, details of any benefits, tax and tax residency, savings and loan information, and expenditure), and details of dependents and spouse.

We may also collect, store, and use more sensitive special category personal information that may include marital, civil partnership, or relationship status; details of your partner, civil partner, or spouse; physical or mental health details; religious and other beliefs; and racial or ethnic origin.

We collect this in a number of different ways. For example, you may provide this personal information to us directly, online, over the telephone, or when corresponding with us by email or letter.

We use this personal information to set you up as a client, open a file, provide our advice and services, and administer and manage our relationship with you. Our approach is to identify your legal needs and use our expertise to respond to your requirements throughout our relationship with you.

In a little bit more detail, our reasons for using your information include:

• Carrying out regulatory and compliance checks in order to set you up as a client, including checks to verify your identity, fraud and credit checks
• Enable business development including sending legal updates, publications and details to events
• Administer and manage usage of our website
• Making and receiving payments to and from you in accordance with your instructions
• Communicating with you via email, telephone and in writing about the work we are doing for you
• Recording telephone conversations or meetings for regulatory, monitoring and quality purposes and to administer and improve our services to you
• Carrying out client satisfaction surveys
• Carrying out our compliance obligations (other than those referred to above)
• Processing and responding to any complaints
• Bringing or defending legal proceedings
• Ensuring that our colleagues are trained and competent in their duties

In restricted circumstances, for testing purposes, we fully test our systems and services to ensure that they will work as expected and will not cause loss or damage to data. Wherever we can, we use anonymous data. Only in very limited circumstances will we use personal data, and on these occasions, the data will be protected in a secure and closed environment and deleted as soon as the testing is completed.  We also use and share information which does not identify you (‘anonymised data’) to improve our services and those of others. For example, if you have contacted us about a potential claim, which we ultimately conclude that we cannot assist with, then we may share a limited amount of effectively anonymised data about your case with public bodies for the purpose of improving patient safety.

If you fill in a form on our website or contact us via other means such as email, telephone, or post, we will collect the information you provide when you contact us, such as your name and contact details. We will use this personal information to:

• Send you the information you have requested, for example, about our products and services
• Respond to your enquiry.

When you visit our website, we will also collect your personal information via cookies. We use both essential and non-essential cookies on our website, which collect information such as your browsing patterns and information about the device you are using. We may use this information to inform our marketing and future business strategies. Full details of how we use cookies can be found in our cookie policy.

As part of our business dealings, we engage with third-party service providers and their workforce to enter into agreements or other services and products. If you are an individual within such third-party service providers, we will process your personal information as set out in this privacy notice.

Our client may give us personal information about you as part of asking us to provide advice to them. This may include your name, address, contact details, NI number, passport/driving license details, financial information (including bank details, details of any benefits, tax and tax residency, savings and loan information, and expenditure), details of dependents and spouse. We may also collect, store, and use more sensitive special category personal information that may include marital, civil partnership, or relationship status; details of your partner, civil partner, or spouse; physical or mental health details; religious and other beliefs; and racial or ethnic origin.

We will use this personal information in order to carry out our compliance checks or to give advice to our client or to trustees where you are a beneficiary.

If a member of Lichfield Reynolds LLP or any other third party has obtained your consent, we may contact you in relation to our services or any other matter that you have consented to. We will be using your personal data for this purpose on the basis of your consent.

We use the data collected from you for the specific purposes listed in the table below. Please note that this table also explains the legal basis for processing your data linked to each processing purpose and in what circumstances your data will be shared with a third-party organisation.

We may share your personal information with trusted third parties from time to time. These third parties are our processors who will only process your personal information in accordance with our instructions. We will not, however, share your personal information with a third party for marketing purposes unless we have your consent to do this. We do not sell any personal information to any third party so that they can send you their marketing material.

We have set out below the third parties we may share your personal information with. If we do this, we will put in place a contract with them which controls how your personal information may be used and which requires that your personal information be treated in accordance with data protection laws.

We may record our telephone conversation with you; therefore, any information captured via this medium will automatically be processed for managing and developing our contract with you, regulatory, training, and monitoring purposes.

Where we have said that your personal information is used in order to comply with statutory requirements, carry out a contract with you, or to take steps to enter into that contract, we will need you to provide the personal information requested. If you don’t provide the personal information we need when we ask for it, we may not be able to respond to you, enter into a contract with you, meet our obligations under the contract, or comply with our legal obligations. If you have any concerns about whether you need to provide your personal information, please contact our Data Protection Officer Nicholas Rykes.

It may sometimes be necessary to transfer personal information outside the UK. We will only transfer your personal information overseas where, e.g., our third-party service providers, who we share personal information with (as set out above), are based outside the UK, have support services located outside the UK, or host personal information outside the UK. We only transfer your personal information outside the UK where we are sure that your personal information is protected to the same standard as it would be protected in the UK. If you would like further information on the safeguards we have in place for transfers of your personal information outside the UK, please contact Nicholas Ryles.

We will only use your personal information for the purposes set out above unless another purpose we want to use it for is compatible with those original purposes. If we change the purpose for which we are using your personal information, we will contact you and explain how the new purpose is compatible with the original purpose. If we would like to use your personal information for an unrelated purpose, we will notify you, and we will explain the legal basis which allows us to do this.

We will generally retain personal information for a period of seven years after the termination of our business relationship with you. For example, if you become a client of our firm, your information will typically be held for seven years after your case has closed. Equally, if you enquire whether we might be able to support your claim, but you do not ultimately become a client of our firm, your information will be held for no longer than seven years after your enquiry was made.

To request additional information about our firm’s retention periods, please contact us.

At the end of the retention period, we will delete, anonymise, or put the personal data beyond use. 

We are striving to become a more digital business while retaining our human approach. We believe that embracing technology has the potential to enhance the overall experience of clients. We use certain tools that draw on artificial intelligence—such as spell-check and anti-virus software—to work efficiently and safely. These tools may process some personal data; however, our expert staff review the output from the technology, wherever appropriate. However, we do not use your personal information to make automated decisions about you.

We use your personal information to carry out client satisfaction surveys on the basis of our legitimate interests in order to receive feedback as a business and improve our services that we provide to clients.

In any case, you can, of course, opt out of receiving our marketing by contacting our Data Protection Officer Nicholas Ryles and where we send you marketing material via email, an option to unsubscribe will be given in each email.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. These measures include:

• Protecting against potential breaches of confidentiality
• Ensuring all IT facilities are protected against damage, loss or misuse
• Increasing awareness and understanding of the requirements of information security, and the responsibility of our colleagues to protect the confidentiality and integrity of the information that they handle
• Ensuring the optimum security of our website.

In addition, we limit access to your personal information to those employees, agents, contractors, and other third parties (see above) who have a business need-to-know.

We have put procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Our security procedures mean that we may occasionally request proof of identity before we are able to disclose personal information to you.

You have the following rights under data privacy laws:

Right to be informed

This privacy notice together with our cookie policy together fulfil our obligation to tell you about the ways in which we use your personal information.

Right to access

You have the right to ask us what personal information we hold about you (Subject Access Request) and to have a copy of that personal information from us (along with certain other details).

Should you wish to make an individual rights request under UK GDPR, please email our Data Protection Officer Nicholas Ryles.

Alternatively, you can write to us at:
7 – 9 Commerce Street, Longton, Stoke on Trent, Staffordshire ST3 1TU

Right to rectification

If any of the personal information that we hold about you is inaccurate, you have the right to ask us to correct any errors in your personal information.

Right to be forgotten

You have the right to ask us to delete your personal information where: (i) we don’t need your personal information anymore; (ii) you withdraw your consent to our use of your personal information and we have no other legal basis to keep your personal information; (iii) you have asked us to review and explain our legitimate interests to you and we don’t actually have a valid legitimate interest to do what we are doing; (iv) our use of your personal information is illegal; (v) we have to delete your personal information to comply with our legal obligations.

Right to object

You have the right to ask us to review and explain our legitimate interests to you where we are collecting, storing, and using your personal information on a legitimate interests basis, including where we are collecting, storing, and using for profiling or by automated means. You have the right to object to our legitimate interests and that collection, storage, and use unless we can demonstrate compelling legitimate grounds.

You also have the right to object to us sending you marketing communications.

Right to restrict processing

You have the right to ask us to restrict our use of your personal information where:

• You don’t think the personal information we have about you is correct, so that we can check if it is correct
• What we are doing with your personal information is illegal but you would rather we stop using your personal information rather than delete it
• We don’t need your personal information anymore, but you need us to keep it so that you can exercise any legal rights
• You have asked us to review and explain our legitimate interests to you so that we can check whether we actually have a valid legitimate interest to do what we are doing.

If any of these circumstances apply, then please contact us.

Right to data portability

The right to ask us to provide you with a copy of the personal information you have provided to us, in a structured, commonly used and machine-readable format and the right to transfer that personal information to another entity where: (i) we are using your personal information on the basis of your consent or on the basis that it is necessary to perform a contract with you; and (ii) the use we are making of your personal information is carried out by automated means. If you would like to move, copy, or transfer the electronic personal information that we hold about you to another organisation, please contact us.

Right to withdraw consent

Where we are using your personal information based on your consent, you have the right to withdraw that consent at any time by contacting our Data Protection Officer Nichola Ryles.

Right to make a complaint

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), (the UK regulator for data protection issues, who may be contacted at Wycliffe House, Water Lane, Wilmslow SK9 5AF or ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO and so, if you are happy to do so, please contact us in the first instance and we will try to resolve your issue.

What personal information do we collect if you visit us and how do we use it?

If you visit one of our offices there are CCTV cameras to capture images.  Lichfield Reynolds LLP operates our offices and is the Controller of the personal information collected via CCTV. It may share images with us for the purposes of security, employee safety and in certain circumstances, to verify information (such as when you visited our site or to establish facts in relation to health and safety incidents).

There are notices at our offices informing visitors that CCTV cameras are recording. We restrict access to the CCTV images to authorised staff and we keep the personal information obtained for only a limited period of time.

Questions and comments regarding this Privacy Notice are welcome, and should be sent to our Data Protection Officer Nicholas Ryles.

Alternatively, you can write to our Data Protection Officer at:
7 – 9 Commerce Street, Longton, Stoke on Trent, Staffordshire ST3 1TU

Should you wish to make an individual rights request under UK GDPR, please contact the Data Protection Officer using the details provided above.