We are committed to protecting your privacy and security. This privacy notice explains how and why
we use your personal information, when we may reveal it to others and how we keep it secure.
This privacy notice covers the following:
- Who we are
- Information we collect, how we use it, and how long we keep it for
- Who has access to your information
- Cross-border transfers
- Security precautions
- Call recording
- COVID-19 contact tracing
- Cookies and online analysis
- Your rights
- Getting in touch about your rights
- Complaints about how we handle your information
- Our information and how to contact us
- Changes to this privacy notice
We, Clarke Willmott LLP, are a firm of solicitors trading under the name Clarke Willmott.
We are registered with the Information Commissioner’s Office, which is the UK regulator for data protection.
You can contact our Data Protection Officer by emailing email@example.com or writing to the Data Protection Officer, Clarke Willmott LLP, at 1 Georges Square, Bath Street, Bristol BS1 6BA (please mark your envelope ‘Data protection’).
We will only collect information about you if we have a lawful reason to do so. Lawful reasons include performing our contract (where you are our client), where we have a ‘legitimate interest’ (for example, if you are referred to in a matter on which we are advising), and where you have given your permission for us to use your personal information in a particular way (for example, marketing or training updates).
We may collect personal information about you for the following reasons.
2.1 Providing legal services
We use information about you to provide legal services to our client (this, of course, may also be you). You may have given us this information, it may have been provided by someone else as part of their involvement in the matter, or it may come from an external source or database such as HM Land Registry or Companies House.
The information that we hold and process about you will depend on the type of matter we are dealing with. It might simply be your name, address and email address, or may include other personal information such as your date of birth, sensitive personal information such as medical information (for example, if we are dealing with a personal-injury case) or financial details (for example, if we are dealing with a trust or will).
We may also have to ask for information about your personal and financial circumstances to assess your ability to pay amounts due which we are instructed to collect or unpaid bills owed to us. This may be necessary to meet our responsibilities under court rules, other regulations and legislation and best-practice guidance issued by industry or professional organisations, or to follow our clients’ policies or processes.
We normally keep original papers for seven years after we have finished work on a matter, after which we will securely destroy them. If we have any electronic copies of your information, we will keep them for 15 years after we have finished work on a matter.
We keep our original paper documents and electronic copies for a longer period if:
- we are advising on a will or grant of probate (21 years);
- the matter involves a child under 18 (seven years from the child reaching age 18); or
- our client tells us to keep our papers for a longer period (up to 15 years). We will meet these requests only if we have a lawful reason to do so.
If you are signing or witnessing a will using video conferencing, we will keep that recording with the original will (for 102 years).
2.2 Checking your identity
In some circumstances the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 say that we have to collect proof of identity of our client and certain other people related to them. If we ask you for information for this purpose, we will only use the proof of identity and other personal information you give us as part of this process to prevent money laundering or financing terrorism, unless you later agree to us using it in a different way. We will hold this information for five years after the business relationship with our client ends.
2.3 Client support
As part of our ongoing support to clients, if we have provided legal services to you we may use your information to update you on changes to the law that relate to the specific matter on which we advised you.
If you do not want to receive this information, please contact firstname.lastname@example.org or write to the Business Development Team at 1 Georges Square, Bath Street, Bristol BS1 6BA.
If you have given us permission to do so, we will send you information promoting us and our services. This includes keeping you up to date with news on topics you have opted to receive.
We will not share your information for marketing purposes outside Clarke Willmott.
You can decide not to receive marketing communications or change how we contact you at any time. If you want to do so, please contact email@example.com or write to our Business Development Team at 1 Georges Square, Bath Street, Bristol BS1 6BA.
If you ask us to not send you marketing emails, we will continue to hold enough information about you to maintain a record of your preference not to receive emails.
We tell other clients and potential clients, in general terms (without revealing personal information), about the services we provide. Sometimes they ask for more details on specific examples. If we would like to give these people information specifically about you or the work we carry out for you, we will ask for your permission.
If you provided information by filling in the general enquiries form on our website, we will use that information to respond to your enquiry and to record and monitor enquiries.
2.5 Automated decision-making and profiling
Automated decision-making is where a decision is made about you by a computer system without any human involvement. Profiling is the automated processing of personal information to assess certain things about you. We do not use any automated decision-making systems and we do not profile individuals.
We will hold any information you have provided on a recruitment application form for recruitment purposes only. We will not pass that information to anyone else without your consent. If your application is unsuccessful, we will hold the information you give us for 12 months, after which time we will delete it.
We also use the information you give us for related purposes, such as:
- meeting our legal and regulatory obligations;
- keeping records;
- analysing operational and financial systems; and
- training and quality control.
3.1 Our client
Our professional obligations mean that we have to share your information with our client if we collect it during the course of a matter we are advising them on.
If we are working with you and another person or organisation on the same matter, (for example, we are acting for your mortgage lender as well as you), or with you on behalf of a another person or organisation (for example, processing an insurance claim on behalf of an insurer), we may share information you give us with the other parties involved in the matter.
3.2 Third-party experts and suppliers
When providing our legal services we may need to share your information with:
- other professional advisers, such as barristers or experts, who we may instruct to advise on our clients’ behalf or who are representing the other side in the case or transaction;
- the court, in matters relating to legal action; or
- companies or people who carry out typing, photocopying, archiving or other non-legal tasks on our files, or who provide support such as finding missing people or serving court proceedings. All of our suppliers have entered into contracts with us that include terms which protect the information that they hold or process on our behalf.
3.3 Regulatory purposes and outsourcing
We may need to reveal information about you in other situations to other people, such as:
- our auditors, the Solicitors Regulation Authority and other professional organisations, for audit, quality-control and other purposes;
- our insurers, whether or not you have made a claim against us;
- our legal advisers; and
- regulatory or tax authorities.
Like many businesses, we also outsource some of our computer systems to specialist providers. All of our specialist providers have entered into contracts with us that include terms which protect the information that they hold or process on our behalf.
In the normal course of doing business, we will not transfer any of your information outside the EEA. However, if we need to use business-support services, experts or lawyers in other countries, we make sure that appropriate protection is in place to transfer your information securely.
We use a variety of physical and technical measures to keep your information available, safe from loss and accurate, and to prevent unauthorised access to it.
We store electronic data and databases on secure computer systems and control who has access to information (using both physical and electronic means). We use ‘the cloud’, which means that we store client information on servers which we do not own and which are not kept in our offices. We access these servers through secure connections. All of our cloud computing suppliers meet strict requirements for security and confidentiality.
Our staff receive data protection training and we have a set of detailed data protection policies which they must follow when handling personal information.
Our debt recovery team may record phone calls for the following purposes.
- To monitor data protection and caller identification.
- To help with handling complaints.
- To make sure legal processes are followed.
- To improve our service.
Recordings are kept for six months.
You can ask us not to record your call. We keep notes of phone calls in line with the timescales set out in section 2.1 above.
We have closed-circuit television (CCTV) at our office locations. We operate CCTV only for the purpose of the security of our staff, visitors and premises and we have signs which clearly show it is in operation. We keep the images for one month, after which we wipe them.
In all but our Taunton office, CCTV systems are managed and maintained by the building managing agents. In most offices it is accessed by staff the managing agent has a contract with, but in Bristol the system is maintained by the managing agent but operated by a security team we provide.
In our Taunton office the CCTV system is managed, maintained and operated by us. It is in a secure room in our offices and the system is operated by only two members of staff we have chosen for this role.
All operators who have access to any images that cover our offices have the relevant licences to view CCTV images.
As you will know, contact tracing is an important part of the Government’s measures to control the spread of COVID-19 in the UK.
If you visit our premises, the NHS Track and Trace Service may ask us for your name, address, postcode and phone numbers, and details of contact between you and any member of our staff, or visitors to our premises. However, we will only provide this information if you give us permission. Further details are set out in our Test & Trace letter and form we give you when (or before) you visit our offices.
You do not need to give your permission to us sending information about you to the Test and Trace service. And if you give your permission you can withdraw it at any time before we pass on the information. You can do this by contacting us using one of the contact methods shown in section 11.
There is more information on the NHS Test and Trace service here.
If you have downloaded the NHS COVID-19 app, you may prefer to use this to check in to our premises. Each of our offices has a QR code that our staff can direct you to. If you use the app, we will not ask you to fill in our Test & Trace form, and we will not keep your details for contact tracing purposes.
Cookies are small text files that websites put on your computer so the site can remember who you are. They contain a unique, anonymous identifier, which is usually a string of letters or numbers.
We use analytical cookies in the form of Google Analytics and Google Tag Manager. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by making sure that users are finding what they are looking for easily. For more information, please view the Google Analytics cookie information page.
These non-essential cookies do not identify any person and are used only to track user experience so we can make improvements. If you are using our website, you can click ‘accept’ to agree to us using cookies.
You can find more information about allowing and disabling cookies at www.allaboutcookies.org.
You have the following legal rights.
- The right to ask us to confirm whether we hold your personal information and, if we do, to get a copy of the information we hold. This is known as a ‘subject access request’. Exemptions, including legal privilege, could mean you may not be entitled to receive all the information we hold on you. We will tell you if there is any information we have not provided and the reason for doing this.
- The right to have your information erased, although this may not apply if we need to continue to hold or use it for a lawful reason.
- The right to move your information to another organisation in an electronically readable form.
- The right to have inaccurate information corrected.
- The right to object to your information being used for marketing.
Please keep in mind that there are exceptions to the rights above and, although we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you would like more information on your rights or want to enforce them, please contact our Data Protection Officer by email at firstname.lastname@example.org or write to them at 1 Georges Square, Bath Street, Bristol BS1 6BA.
If you believe that we have broken your data protection or privacy rights, you can complain to us direct by contacting our Data Protection Officer using the details set out above.
If you are not happy with our response, or you want to contact the UK Information Commissioner’s Office, which regulates and enforces data protection law in the UK, you can find details about how to do this at www.ico.org.uk.
If you are unhappy about any other aspect of our service, you should follow our complaints procedure.
We are a limited liability partnership incorporated in England and Wales. Our registered number is OC344818 and our registered office is at Clarke Willmott LLP, 1 Georges Square, Bath Street, Bristol BS1 6BA. A limited liability partnership (an LLP) is a form of company.
For the purposes of anything within this privacy notice, please write to us at Clarke Willmott LLP, 1 Georges Square, Bath Street,
We’ll amend this privacy notice from time to time to make sure it is up to date and accurately reflects how and why we use your personal information. The current version of our privacy notice will always be posted on our website.
Last updated June 2021