Customer Privacy Notice
What this privacy notice covers
Minster Law Ltd (referred to in this document as “we”, “us” or “our”) takes privacy very seriously. This Privacy Notice explains our practices including your choice regarding the collection, use and disclosure of your personal data. You will need to provide data to us before you are formally our customer and throughout the provision of our legal service to you. This Notice applies to all data that we collect about you. Please read this Notice carefully and contact us if you have any questions using the details provided in the contact and feedback section below.
This Privacy Notice sets out;
- personal data we collect about you
- why we collect your personal data
- when we collect your data and how long we keep it for
- what we do with your data
- how we and other organisations will keep your personal data safe
- the rights and choices you have when it comes to your personal data
We are the Data Controller of the personal data we process and therefore are responsible for ensuring our systems, processes, suppliers and employees comply with Data Protection laws in relation to the data we handle.
We have a Data Protection Officer, who oversees compliance with Data Protection laws and this Privacy Notice, and provides guidance and advice as required. You can contact our Data Protection Officer by emailing firstname.lastname@example.org or by writing to our registered office the details for which are provided in the contact and feedback section below.
Personal data we collect about you
- We collect your personal details including name, date of birth, address, telephone and email address details, so that we may keep you informed and send you information about the service that we are providing to you. We need your personal data to progress your claim.
- We collect data about the circumstances of your claim, for example, we will collect accident, injury and insurance details for a personal injury claim.
- Special Category Data: some information is ‘special’ and needs more protection due to its sensitivity. It’s often information you would not want many to know and is very personal to you, such as health/injuries or criminal conviction data. We will only use special category data about you or others for the specific purpose that you provide it and to provide the services described in our welcome pack.
- Website usage data is collected using cookies. Please see our separate cookies policy for more information on this topic. This can be found on our website at: www.minsterlaw.co.uk
- We only collect personal data that we need from you to provide and oversee this service to you and will not collect any unnecessary data.
- Shared email addresses: If you provide us with an email address, we may send special category data to this address. Please make sure that the email address you provide is not shared with anyone else or if shared, ensure that you trust them to have access to special category data.
Why we collect your personal data
- We collect data about you if you instruct us, or look to instruct us to provide legal services to you or to another individual for whom you act on behalf of. If you do not provide us with the data we request, we may not be able to fulfil your instructions and this may prevent us from supplying products or services to you.
- We will only work with individuals who properly identify themselves if anyone fails to do this it could lead to a conflict of interest developing between our customers in the future.
- We do not sell your data or pass on your data to be used to contact you about other products or services, unless we have notified you of this beforehand.
When we collect your data and how long we keep it for
- We collect personal data from you before you are formally our customer so that we can identify and assess whether we are able to act for you.
- We collect additional data and where appropriate additional consent to process your data, throughout the course of the legal service we offer to you.
- We are legally required to keep documentation to meet our regulatory and statutory obligations for a minimum period of 7 years from the limitation date (the date you are legally allowed to make a claim) on Personal Injury claims, and 7 years from claim conclusion for all our other claims. In some cases, we may be required to retain documents for a longer period of time but you will be informed should this be the case. Full details of our retention periods can be obtained by request.
- We may wish to use your personal data for a new purpose, not covered by this Privacy Notice, we will provide you with a new Privacy Notice explaining this and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
What we do with your data
In general terms we will use your data to
- assess whether we are able to act for you
- provide legal services, advice and support to you
- manage those services we provide to you
- contact and communicate with you; using your preferred contact method. We will send special category data using your preferred contact method. This method can be updated at any time.
- maintain internal record keeping and analysis
- measure and gain feedback on customer experience, through customer experience surveys for example
- train and manage the employment of our employees who deliver those services
- help investigate any worries or complaints you have about your services.
During the course of your claim, it may be necessary to instruct suppliers to provide specialist services in order to progress your claim. This will involve sending them your personal data for the agreed purpose only.
In order to provide the legal service you have contracted us to do we may share data with some of the following organisations, subject to, where appropriate your specific consent to process this data:
- Medical Agencies to arrange medical appointments.
- General Practitioners and hospitals regarding your medical history.
- Medical Experts to provide medical evidence.
- Vehicle hire companies to arrange an alternative vehicle, if appropriate.
- Third party insurers or their representative regarding details of your claim.
- Defendants (the accused person), if they are not represented, regarding details of your claim.
- Courts, Barrister/Counsel and their representatives to support litigation activities.
- Organisations that support mediation processes and services between insurers and ourselves.
- Your insurer.
- Agencies to verify driver and insurance details e.g. the Driver and Vehicle Licensing Agency and the Motor Insurance Database.
- Law enforcement agencies for information relating to the accidents and criminal proceedings.
- Specialists including, for example, engineers that assess car damage and Forensic Accountants for accounts assessment.
- Rehabilitation providers to assess, provide treatment and records.
- The Coroner’s office to support the determination of cause of death.
- Agencies that support the collection of witness statements.
- Employers where, with your consent, we may need evidence to support determination of losses.
- The Health and Safety Executive to establish accident circumstances.
- Banking/Financial Services to support payment transactions.
- Repair organisations to gather information on and in some circumstances, recover costs for repair.
- Litigation Friend/authorised persons, where our customer needs support to run their case.
- Organisations that use CCTV to support evidence gathering.
In addition we may need to share your data to meet our regulatory and legal obligations, with the following organisations:
- Regulatory authorities such as the Solicitors Regulation Authority or the Financial Conduct Authority.
- Serious Organised Crime Agency (SOCA) where criminal activity is suspected.
- National Crime Agency where fraudulent activity is suspected.
- Office of Financial Sanctions Implementation (OFSI) where our systems indicate that we have a customer that matches against a government list of individuals with frozen assets.
- We need to provide reports on customers that could potentially be involved in money laundering activities.
We process data to support our commercial obligations such as:
- Auditing of Adult and Child claim files by those organisations that have recommended our services to you (usually your insurer), to test our processes and assess our service levels. Please note that should the audit need to include a review of special category data for example, medical reports, then your consent will be obtained prior to this audit.
We gain specific consent from you to involve you in:
- Public relation activities where we wish to promote our service/ business.
- Market research activities where we wish to gain your opinion in conducting new product development for example.
We will contact you at any point that these activities are planned to gain your consent. Should you agree to be involved in these activities you can withdraw your consent at any point. You can also decide not to be involved.
We share data to protect someone’s life:
- By passing data to relevant authorities where we believe our customer is in danger.
Decisions as to whether rehabilitation is to be instructed for injuries sustained through a road traffic accident are automated, based on the circumstances of the accident. We can explain to you why rehabilitation may or may not be instructed, upfront so that you are aware of how the decision is made.
You have the right to question decisions made about you automatically, unless it’s required for any contract you have entered into, required by law, or you’ve consented to it.
How we and other organisations will keep your personal data safe
We endeavour to keep all data safe by taking all reasonable precautions to protect data from misuse, loss and unauthorised access, modification or disclosure. Examples of our security are as follows:
- Encryption, meaning that information is hidden so that it cannot be read by anybody who does not have the special key (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’.
- We carefully control access to systems and networks only allowing authorised people to view your personal information.
- We train our staff on how to handle personal and special category information and how and when to report when something goes wrong.
- We regularly test our systems and network to ensure they are safe and secure.
- We work hard to ensure that our systems are up to date with the latest security enhancements.
- We use anti-virus software to protect our systems and data.
- We operate from secure premises.
- We operate a clear desk policy which ensures that all data is securely stored when not in use.
- We have robust contracts with our suppliers to ensure they operate to the same high standards that we do.
- We review all contracts of business regularly, and continually ensure that our suppliers apply the same levels of protection, security and confidentiality we apply. From time to time we may need to process some of your data using third party processors located in countries outside of the European Economic Area (EEA), for example, for the purposes of data hosting, analytics, credit searches and fraud prevention. If your data is processed outside of the EEA, we will take all necessary steps to ensure it is adequately protected. This includes ensuring there is an agreement in place with the third parties which provides the same level of protection as required by the data protection regulations in the UK and EEA.
The rights and choices you have when it comes to your personal data
The Data Protection law gives you a number of rights to control what personal information is used and how it is used by us. The following summarises your rights in relation to this. For more detailed information please visit the Information Commissioner’s Office website (www.ico.org.uk)
Right to be informed
This document informs you of your right to fair processing of information and provides transparency over how we use your personal data.
Right of Access
You also have the right to ask for all the information we have about you and the services you receive from us. This is called a Subject Access Request. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you within 30 calendar days. We will do this free of charge.
However, we can’t let you see any parts of your record which contain
- confidential information about other people; or
- data that a professional thinks will cause serious harm to your or someone else’s physical or mental wellbeing; or
- if we think that giving you the information may stop us from preventing or detecting a crime.
This applies to personal information that is in both paper and electronic records. If you ask us, we’ll also let others see your records, (except if one of the points above applies), using the most secure method possible.
If you can’t ask for your records in writing, we’ll make sure there are other ways that you can. If you have any queries about access to your information please contact email@example.com for more details.
More information about subject access can be found on the Information Commissioners website (www.ico.org.uk).
If you wish to exercise this right with any suppliers that we have instructed during your claim, you will need to write to them directly as they may control and process your data in their own right. Please contact firstname.lastname@example.org for more details on how to do this.
You can ask to change information you think is inaccurate
You have the right to request your data to be updated where you believe it to be incorrect. We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
You can ask to delete information (right to be forgotten)
In some circumstances you can ask for your personal information to be deleted, for example
- where your personal information is no longer needed for the reason why it was collected in the first place
- where you have removed your consent for us to use your information (where there is no other legal reason us to use it)
- where there is no legal reason for the use of your information.
Where your personal information has been shared with others, we’ll do what we can to make sure those using your personal information comply with your request for erasure, but again you may need to contact them separately to exercise this right.
Please note that we can’t delete your information where:
- we’re required to keep it by law
- we require it to meet our regulatory and statutory obligations
- it is necessary for defending any future legal claims.
You can ask to limit what we use your personal data for
You have the right to ask us to restrict what we use your personal information for
- where you have identified inaccurate information, and have told us of it
- where we have no legal reason to use that information, but you want us to restrict what we use it for rather than erase the information altogether.
When information is restricted it can’t be used other than to securely store the data and with your consent to handle legal claims and protect others. Where restriction of use has been granted, we’ll inform you before we carry on using your personal information.
You have the right to withdraw your consent to us processing your personal data at any time.
Contact and Feedback
If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated.
If at any time you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (www.ico.org.uk).
To exercise all relevant rights or for queries regarding complaints, in the first instance please contact our Data Protection Officer in writing to:
Data Protection Officer, Minster Law Ltd, Kingfisher House, Calder Park, Wakefield, WF2 7UA.
You can also email us at email@example.com.
Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
Special Category Data
Sensitive personal data such as information about an individual’s
- ethnic origin
- trade union membership
- biometrics (where used for ID purposes)
- sex life or
- sexual orientation.
Means obtaining, recording or holding the information or data, or carrying out any operation or set of operations on the information or data, including
- organisation, adaptation or alteration of the information or data
- retrieval, consultation or use of the information or data
- disclosure of the information or data by transmission, dissemination or otherwise making available
- alignment, combination, blocking, erasure or destruction of the information or data
The person at Minster Law who
- is the first point of contact for supervisory authorities, customers and colleagues whose data is processed
- monitors compliance with data protection laws, including managing internal data protection activities, advising on data protection impact assessments; training staff and conduct internal audits.
Organisations that we work with under agreement/contract to support the work on your claim.
Conducting your claim or service, whilst meeting our regulatory and statutory obligations.
A limitation period is the period of time within which a party to a contract must bring a claim. The date is the end of this period.