Privacy Policy

Minster Law Ltd (referred to in this document as “we”, “us” or “our”) is committed to protecting your privacy.  This privacy outlines how we collect, use, and safeguard your personal data, as well as your rights and choices. This notice applies to all data that we collect about you. Please read this notice carefully and contact us if you have any questions using the details provided in the contact and feedback section below.

This privacy notice sets out:

• personal data we collect about you
• why we collect your personal data
• when we collect your data and how long we keep it for
• what we do with your data
• how we and other organisations will keep your personal data safe
• the rights and choices you have when it comes to your personal data

As the Data Controller, we are responsible for ensuring that our systems, processes, suppliers, and employees comply with applicable data protection laws when handling personal data.

We have appointed a Data Protection Officer (DPO) to oversee our compliance with these laws and this privacy notice. The DPO also provides guidance and support on data protection matters.

If you have any questions or concerns, you can contact our Data Protection Officer:

• Email: [email protected]
• Post: Please refer to the contact and feedback section below for our registered office address.

• We collect your personal details including name, date of birth, address, telephone and email address details, to keep you informed and provide updates about the services we are providing to you. This information is essential for us to progress your claim effectively.
• We collect information about the circumstances of your claim, for example, accident details, injury descriptions, and insurance details for a personal injury claim. This helps us understand your situation and provide the appropriate support.
• Special category data refers to sensitive personal information that requires more protection due to its sensitivity. This includes health or injury or criminal conviction information. This information is highly personal to you and is not typically shared widely. We will only use special category data for the specific purpose you provide it for, and to provide the services described in our welcome pack.
• Website usage data, we collect data about how you use our website through Cookies. This information helps us improve your experience and understand usage patterns. For more details, please refer to our Cookies Policy which is available on our website at: www.minsterlaw.co.uk
• We only collect personal data which is necessary to provide and manage our services to you and will not collect any unnecessary data.
• Shared email addresses: If you provide an email address that is shared with others, please be aware that we may send communications containing special category data to this address. To protect your privacy, ensure the email address is either private or only shared with individuals you trust to access this type of data.

We collect your personal data to:

• Provide legal services: If you instruct us or look to instruct us to act on your behalf or on behalf or someone else, we need your data to assess and fulfil your instructions. Without this information we may be unable to deliver our services to you.
• Prevent Conflict of Interest: where relevant, we collect identity information to ensure that we avoid any conflict of interest between our customers in the future.
• Protect your privacy: We do not sell your data
• Respect your preferences: We will not share your data for marketing purposes unless we have informed you and gained your informed consent.

We collect and retain your data as follows:

• Before you become a customer: We collect personal data to assess whether we can act for you.
• During the claim journey: We collect additional data and where appropriate additional consent to process your data, throughout the course of the legal services we are providing for you

Retention Periods:
For most claims, we retain your data for 7 years from the conclusion of the claim in order to meet our legal and regulatory obligations.
For claims involving children, the data will be retained until 10 years after the child’s 18th birthday.
In some cases, we may be required to retain documents for a longer period of time. If this applies to you, we will inform you of the reasons for the extended retention period.
Full details of our retention periods can be obtained by request.

New purposes: If we intend to use your data for a purpose not covered by this Privacy Notice, we will issue a new Privacy Notice and seek your consent where necessary.

We will use your data to

• Assess whether we are able to act for you
• Provide legal services, advice and support to you
• Manage and oversee the services we provide
• Contact and communicate with you throughout your claim
• Maintain internal record keeping and analysis
• Measure and improve customer services and experiences, through surveys and online reviews for example
• Train and manage our colleagues who deliver services to you
• Investigate any worries or complaints you have about your services.

During the course of your claim, we may need to instruct specialist suppliers to support the progression of your claim. Where this is necessary, we will share your personal data with them only for the agreed purpose and ensure it is handled securely and appropriately. If this data includes any special category data, we will obtain your consent prior to this data being shared.

To provide legal services

To deliver the legal services you have contracted us to provide, we may need to share your personal data with trusted organisations. This will always be done for a specific, agreed purpose and where appropriate with your explicit informed consent. These organisations may include:

• Medical agencies -to arrange medical appointments.
• GPs and hospitals – to obtain relevant medical history.
• Medical experts – to provide medical evidence.
• Vehicle hire companies – to arrange an alternative vehicle, if appropriate.
• Third party insurers or their representatives – to manage details of your claim.
• Unrepresented Defendants (the accused person) – to share details of your claim.
• Courts, barrister/counsel and their representatives – to support litigation activities.
• Mediation service providers – to support dispute resolution between insurers and ourselves.
• Your insurer.
• Verification Agencies – to verify driver and insurance details, such as DVLA, Motor Insurance Database and Motor Insurers’ Bureau.
• Law enforcement agencies – for accident or criminal investigation purposes.
• Specialist experts – such as engineers or Forensic Accountants.
• Rehabilitation providers – to assess and provide treatment and records.
• The coroner’s office – to support investigations into cause of death.
• Witness statement Agencies – that collect witness statements.
• Your employer – with your consent, to verify any loss of earnings and support determination of losses.
• The Health and Safety Executive – to establish accident circumstances.
• Banking/financial services – to support payment transactions.
• Repair organisations – to assess damage and recover repaid costs for your vehicle.
• Litigation friend/authorised persons – to provide you with support to manage the claim
• CCTV Operators – to support evidence gathering.
• External survey providers – to facilitate the collection of customer feedback surveys.
• E-signature providers – to facilitate secure document signing.
• Call overflow service providers – to ensure we provide timely and effective telephony services to you.
• Telephony Partners – to support call monitoring and recording.

We ensure that all organisations we work with handle your data securely and in accordance with data protection laws.

 

Legal and Regulatory Obligations

In certain circumstances, we are legally required to share your personal data with regulatory bodies and enforcement agencies. These may include:

• Regulatory authorities – such as the Solicitors Regulation Authority (SRA), Financial Conduct Authority (FCA) or the Information Commissioners Office (ICO), to meet our professional and compliance obligations.
• Serious Organised Crime Agency (SOCA) – where criminal activity is suspected.
• National Crime Agency (NCA) – where fraudulent activity is suspected.
• Office of Financial Sanctions Implementation (OFSI) – if our systems identify a match with individuals or entities subject to financial sanctions (e.g. frozen assets).
• Anti-money laundering reporting – We are required to report customers who could potentially be involved in money laundering activities.
• Law Enforcement Agencies – to support investigations into fraudulent activities.

We only share data with these organisations when necessary and in accordance with applicable laws and regulations.

 

Commercial and Contractual Obligations

To meet our commercial and contractual obligations, we may share your personal data with specific organisations, such as your insurer or Legal Expenses Insurance Provider to:

• Assess our service levels and ensure compliance with agreed processes.
• Share the progress of your claim to ensure we meet reporting requirements with them.

If the auditing activities or the updates include special category data (e.g. medical records) then your consent will be obtained prior to us sharing the data with them.

Informed Consent

We will gain specific consent from you to involve you in:

• Public relations – where we may identify you in promotional activities to promote our services or business.
• Market research – where we may seek your views to support initiatives such as new product developments.

We will always contact you before these activities take place to request your consent. You are free to decline participation, and if you do consent, you may withdraw it at any time.

Sharing Data to Protect Life

In exceptional circumstances, we may share your personal data with relevant authorities if we believe you are in danger. This is done solely to protect your life or wellbeing.

 

Automated Decision-making and Profiling

Some of the personal data you provide may be subject to automated decision-making to support our business processes. For example:

• Information about your claim may be automatically assessed to estimate its value and determine the most appropriate legal procedure.

We may also use your data to create digital profiles that help us improve our services and decision-making. Any data used for profiling will be anonymised before analysis.

You have the right to:

• Request that any decisions made through automated processing are reviewed by a member of our Legal Services Team.
• Object to your personal data being used for profiling purposes.

We use Artificial Intelligence (AI) technologies to support and enhance our business operations, including risk assessment, compliance monitoring, and decision-making processes.

You have the right to:

• Access your personal data.
• Rectify inaccurate data.
• Erase data where appropriate.
• Restrict or object to processing.
• Request data portability.

To exercise your rights or raise concerns about AI processing, please contact [email protected] for more details on how to do this.

Further information can also be found on the Information Commissioner’s Office website (www.ico.org.uk)

We endeavour to keep all data safe by taking all reasonable precautions to protect data from misuse, loss and unauthorised access, modification or disclosure. Examples of our security are as follows:

• Encryption, meaning that information is hidden so that it cannot be read by anybody who does not have the special key (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’.
• We carefully control access to systems and networks only allowing authorised people to view your personal information.
• We train our staff on how to handle personal and special category information and how and when to report when something goes wrong.
• We regularly test our systems and network to ensure they are safe and secure.
• We work hard to ensure that our systems are up to date with the latest security enhancements.
• We use anti-virus software to protect our systems and data.
• We operate via a secure network.
• We operate a clear desk policy which ensures that all data is securely stored when not in use.
• We have robust contracts with our suppliers to ensure they operate to the same high standards that we do.
• We review all contracts of business regularly and ensure that our key suppliers apply the same levels of protection, security and confidentiality we apply.

From time to time, we may need to process some of your data using third party processors located in countries outside of the European Economic Area (EEA), for example, for the purposes of data hosting, analytics, credit searches and fraud prevention. If your data is processed outside of the EEA, we will take all necessary steps to ensure it is adequately protected. This includes ensuring there is an agreement in place with the third parties which provides the same level of protection as required by the data protection regulations in the UK and EEA.

Use of Artificial Intelligence (AI)

Where we use Artificial Intelligence (AI) technologies to support our operations, such as risk analysis, compliance monitoring, or fraud prevention, we apply the same high standards of data protection and security.

AI systems are subject to regular testing and oversight to ensure they operate securely, fairly, and in line with data protection principles.

We ensure that any AI-driven processing is transparent, accountable, and includes appropriate safeguards to prevent misuse or bias. Where AI is used to make decisions that may have a legal or significant impact, we provide mechanisms for human review and intervention.

We do not use shared-platform AI models which may retain your data or use it to further train their model. All data is retained within our own AI models and not accessible by anyone outside our organisation.

You have a number of legal rights over the personal information held by us. These include the right to:

• Access your personal information held in our records, whether electronically or manually.
• Correct or update any personal information that you think is incorrect,
• To object to further processing.
• Ask us to delete your personal information. We will only be able to accommodate this request where it is no longer necessary for the purpose(s) for which it was provided or where we no longer have a lawful basis to process your personal information.
• Receive the personal information we hold about you in a portable format.
• Receive information regarding decisions made through any automated means; and
• Ask us to stop processing your personal information in certain circumstances.

Where we use Artificial Intelligence (AI) or other automated systems to support decision-making, you have the right to understand how these decisions are made and to challenge them if they have a legal or significant impact on you. We are committed to ensuring transparency and fairness in all automated processes.

If you wish to exercise these rights, please contact [email protected] for more details on how to do this.

Further information can also be found on the Information Commissioner’s Office website (www.ico.org.uk)

If you have any queries or wish to raise a complaint on how we have handled your personal data, please contact our Data Protection Officer at:

Data Protection Officer, Minster Law Ltd, Kingfisher House, Calder Park, Wakefield, WF2 7UA.

Or you can email us at data.protection@minsterlaw.co.uk

If at any time you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (www.ico.org.uk).

Personal Data

Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

Special Category Data

Sensitive personal data such as information about an individual’s

• race
• ethnic origin
• politics
• religion
• trade union membership
• genetics
• biometrics (where used for ID purposes)
• health
• sex life or
• sexual orientation.

Processing

Means obtaining, recording or holding the information or data, or carrying out any operation or set of operations on the information or data, including

• organisation, adaptation or alteration of the information or data
• retrieval, consultation or use of the information or data
• disclosure of the information or data by transmission, dissemination or otherwise making available
• alignment, combination, blocking, erasure or destruction of the information or data

Data Controller

Means the person or organisation which alone, or jointly with others determines the purposes and means of the processing of personal data.

Data Protection Officer

The person at Minster Law who

• is the first point of contact for supervisory authorities, customers and colleagues whose data is processed
• monitors compliance with data protection laws, including managing internal data protection activities, advising on data protection impact assessments; training staff and conduct internal audits.

Automated Decision-making

Means the process of making a decision without any human involvement, either using factual or inferred data, or digitally created profiles.

Profiling

Means any form of automated processing of personal data that uses the data to evaluate and analyse personal aspects relating to that individual, to inform decisions made about them or others. This can include the use of algorithms to classify individuals into groups or sectors.

Artificial Intelligence Refers to the ability of machines or computer systems to perform tasks that typically require human intelligence. These tasks include things like:

• Understanding language (like chatbots or voice assistants)
• Recognising images or patterns (such as facial recognition)
• Making decisions (like credit scoring or fraud detection)
• Learning from data (through machine learning algorithms)

Supplier

• Organisations that we work with under agreement/contract to support the work on your claim.

Legal Services

• Conducting your claim or service, whilst meeting our regulatory and statutory obligations.

Limitation Date

• A limitation period is the period of time within which a party to a contract must bring a claim. The date is the end of this period.