Privacy Policy

1. Overview & Introduction

1.1. Judge & Priestley LLP is a limited liability partnership registered in England and Wales, registration number OC312733; are authorised and regulated by the SRA number 420714. We are also authorised and regulated by the FCA for our consumer debt recovery activities, number 783748. We are subject to the Solicitor’s Code of Conduct, Credit Services Association Code of Practice and are registered with the Information Commissioners Office Data Protection Register under number Z7422031

1.2. Whenever you see the words ‘us’, ‘we’, ‘our’ in this notice, these words refer to Judge & Priestley LLP.

1.3. Your privacy is important to us, we respect the privacy of all the personal information we process and are committed to protecting your data.

1.4. We have appointed a Data Protection Officer, Carmen Abela, who is our Compliance Officer. Contact details are provided at the end of this document.

1.5. In collecting this information we can operate in different capacities; we may act as data processors, joint-controllers or controllers. This notice sets out relevant information how we may collect and use your personal data, about how and why we use the data we process, and about the rights you have over your data.

1.6. Our Privacy Policy tells you how we may process the personal data that you provide to us so that you can make an informed choice when using our services. It also outlines how we will process your information as a result of providing our services to a third party.

1.7. We may need to process a small amount of your information prior to you having the opportunity to read this privacy policy in full. If this is the case, and following review of the policy you do not want your information to be processed please contact us and ask for your information to be deleted. This is explained below in section ‘12. Your rights over your information’.

2. The Data We Collect About You

2.1. Personal data, or personal information, means any information about an individual from which that individual can be identified. We only collect data from you that will allow us to provide a service/legal service to our clients. The services we provide can be grouped as follows:

• Traditional civil legal services (conveyancing, wills & probate, family law, etc…)
• Debt Recovery
• Claims dispute resolution

2.2. Depending on your relationship with us, we may collect, use, store and transfer different kinds of personal data. Examples of the types of data will be processing are:

• Name
• Address (current and historical)
• Date of Birth
• Email address
• Telephone numbers
• County Court Judgement information
• Land Registry Searches
• Debit/credit card details
• Bank account information
• Correspondence from the data subject (letter & Email)
• Documented conversations with customers, clients & third parties
• Contracts/Credit Agreements
• Statements of Accounts
• Statements of Means (incomings, outgoings assets & liabilities)
• Details regarding any physical or mental health or conditions (Special Categories. See paragraph 2.4)
• Detail regarding any prison sentences the data subject may be serving.
• Trace reports

2.3. We have grouped these as follows:

Group	Examples
Contact Data	includes name, email address, telephone number;
Other Identifiers	national insurance number; vehicle registration, make and model; job title and role;
Location	historical addresses, areas of residence;
Claims Data	balances, products, contract dates, instructions;
Communications Data	includes emails, notes of conversations, call recordings, letters/correspondence, etc;
Financial Data	Payment amounts, receipts, income & expenditure data, account information, other data relating to your ability to replay;
Technical Data	includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;
Usage Data	includes information about your use of our service, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); elements you viewed or words you searched for; page response times; download errors; length of visits; interaction information (such as scrolling, clicks, and mouse-overs);

2.4. Certain categories of data are considered Sensitive and are subject to additional safeguards. These are known as Special Categories of Personal Data. The special categories of data which we may process directly or indirectly relate to personal data containing reference to:

• race,
• ethnic origin,
• political opinion,
• religious or philosophical beliefs,
• trade union membership,
• genetics,
• biometrics,
• health or condition (physical or mental),
• sex life or sexual orientation

2.5. If this information is disclosed to us we will only process special category of personal data when it is necessary and relevant for us to do so and we will always request your explicit consent.

2.6. If you provide this information to us in writing, we will consider this as providing explicit consent and will record the information if we feel it is necessary and relevant. We will also, however, attempt to contact you to inform you this information is being recorded.

2.7. You have the right to withdraw your consent to record this information at any time and if you do, we will delete the special category data from our records.

2.8. The lists set out above are not exhaustive, and there may be other personal data which we process in the context of our relationship with you.  We will update this Notice from time to time to reflect any notable changes in the categories of data which are processed.

3. Where your personal data may come from

3.1. The personal data which we process will be collected from a number of sources including (but not limited to) the following:

• our clients
• claimants
• insurers or their insureds
• defendants
• 3rd parties
• third party data providers/search systems
• witnesses
• counsel
• insurance industry databases
• experts
• other solicitors
• law enforcement agencies
• insurance companies
• social media
• loss adjusters and claims investigators
• intermediaries (claims management suppliers etc)
• industry regulators, including but not limited to the SRA, FCA, PRA and ICO
• fraud prevention agencies and organisations

4. How we may use your personal data

4.1. We will use your personal data only when legally permitted. We may use your data in a variety of ways that enables us to provide legal advice and/or to conduct legal proceedings on behalf of our clients and/or to assist in the prevention of fraud; where it is necessary for our legitimate interests (or those of our clients or a third party) and your interests and fundamental rights do not override those interests; or where we need to comply with a legal or regulatory obligation.

4.2. The Data Protection laws provide six lawful reasons that any company may process your data. In order to simplify we have provided these reasons below, along with an explanation of the circumstances in which it should be used:

Lawful Basis	Explanation
Consent	You have agreed to let us process your information
Performance of a contract	We need to process this information so we may fulfil out contractual obligations to you (or potential obligations, e.g. providing a quote or carrying out enquiries)
Legal Obligation	We are legally required to process your data in this way
Vital Interests	We need to process your data to save your life, and we cannot obtain your consent to do so.
Public Task	We process your information as it is in the public interest to do so. (We do not process any information in this way.)
Legitimate Interests	We process your data due to the real interests of a third party. These interests are balanced against your rights & freedoms to ensure the interests are legitimate.

4.3. We have set out below, in a table format, a description of the ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate:

Purpose/Activity	Type of Data	The lawful basis for processing
To provide legal services	ContactCommunicationsOther IdentifierLocationClaimsFinancial	Performance of a contract with you
Prevention of financial crime (eg: counter fraud, anti-money laundering, etc…)	ContactCommunicationsOther IdentifierLocationClaimsFinancial	Necessary for compliance with a legal obligation
To manage our relationship with you	ContactCommunicationsOther IdentifierLocationClaimsFinancial	d)   Necessary for the legitimate interest (of both our clients and us)
Debt recovery	ContactCommunicationsOther IdentifierClaimsLocationFinancial	Necessary for our legitimate interests in the provision of a legal service to our clients
Claims dispute management	ContactCommunicationsOther IdentifierLocationClaimsFinancial	Necessary for our legitimate interests in the provision of a legal service to our clients
Marketing subscriptions to individuals	Contact	Consent has been provided by the data subject
Miscellaneous business purposes including, but not limited to:RecruitmentEmploymentBusiness to Business Marketing subscriptionWebsite content and user management	ContactCommunicationsOther IdentifierLocationClaimsFinancialUsageTechnical	Necessary for the legitimate interests to manage and develop our business.

4.4. Where ‘legal services’ above includes (but not limited to) the following:

• insurance based legal services
• legal advice
• claims handling services
• advising on and negotiating legal contracts
• training and legal updates
• day to day operations of our business
• managing court or legal proceedings including prospective legal proceedings
• Engaging with law enforcement agencies and regulatory bodies

5. Sharing your personal data

5.1. We may share your personal information with other organisations as required in order to provide our legal services. These may include the following:

• other solicitors
• tracing agencies/location services
• Professional Indemnity and other relevant insurers
• professional advisers
• cost draftsmen
• witnesses
• Lexcel and other quality accreditation providers
• Mediators
• document processors
• printers
• translation services
• High court enforcement officers
• confidential waste disposal
• IT systems or software providers
• document archiving providers
• IT support service providers
• Experts
• fraud prevention agencies
• government organisations
• regulators (including SRA, FCA, ICO, PRA)
• Legal Ombudsman or Financial Services Ombudsman
• external legal service providers, including but not limited to Counsel, Loss Adjusters, or Claims investigators

5.2. We require all third parties to respect the confidentiality and security of your data and to treat it in accordance with the data protection laws. We do not allow our third-party service providers to use your data for their own purposes and only permit them to process your personal data for specified purposes and by our instructions.

6. Change of Purpose

6.1. We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent in compliance with the above rules, where this is required or permitted by law, for example for the purpose of the detection and prevention of crime.

7. If you fail to provide personal data

7.1. Where we need to collect personal data by law or under the terms of a contract for legal services we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel our contractual relationship with you, but we will notify you if this is the case at the time.

8. Automatic Decision Making

8.1. At times, solely for the purposes of our debt recovery activity, we use the personal data we hold on you to conduct profiling and automated decisions, for example, to predict how likely you are able to pay back your outstanding balance or how best to engage with you.

8.2. The data protection legislation stipulates that where profiling or automated decision making produces a legal effect or similarly significantly affects you, we need to make you aware of your right to object. We do not believe that the profiling and decision-making that we conduct has either a legal effect or similarly significant impact on you but we will keep such processes and controls under review and update this notice accordingly.

8.3. If you have any further questions regarding any of the above information please contact our Data Protection Officer. Details are provided in section 12.

9. International transfers

9.1. We do not currently transfer information outside of the European Economic Area.

10. Data Security

10.1. We take information security extremely seriously and have put in place appropriate security measure to prevent or reduce the risk that your personal data is accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Also, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

10.2. We hold an ISO27001:2013 accreditation which confirms our ability to demonstrate the security of our information assets using various controls and measures.

10.3. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

11. Data Retention

11.1. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements.

11.2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

11.3. We apply, in most cases a two phase approach to retention:

• Phase 1: Restricting access (soft copy)/ archiving (hard copy)
• Full Deletion

11.4. When deleting your information, all data that relates to you and can be used to identify you as in individual will be removed.

11.5. The table below provides an overview of our retention periods:

Type of matter	Restrict access/ Archiving timeframe (years from closure)	Deletion timeframe (full years from closure)	Hard copy deletion timeframe (full years from closure)
Employment	3	6	6
Probate	3	16	16
Wills	3	6	6
Trusts	3	16	16
Family including divorce, separation, custody and contact, injunctions, child protection and court of protection	3	6	6
Business, including company/partnership formation, insolvency, trademark/copyright/patent	3	6	6
Property sale	3	6	6
Property purchase and mortgage	3	15	12
Leasehold and tenancy	3	12	12
Personal injury	3	6	6
General litigation	3	6	6
Private client non-litigation advice, e.g. employment, pensions, powers of attorney, change of name, personal insolvency, housing disrepair	3	6	6
Undefended Debt Collection Cases	3	6	6
Cases Closed as ‘Write Off – Charging Order’	3	n/a	n/a
Enquiries/Quotations only	n/a	1	1
Website enquiries	n/a	30 days	n/a

11.6. Please note information will be deleted in the January following the retention expiry.

11.7. Information provided through our website enquiry form will be retained for 30 days, after which time it will be deleted.

11.8. If we carry out an enquiry or quotation following your contact with us (either via our website, email, telephone or in person) and you have decided not to use our services, this information will be kept for a year prior to being deleted unless you ask for it to be deleted sooner.

12. Your rights over your information

12.1. By law, you can ask us what information we hold about you, request to have access to it, and you can ask us to correct it if it is inaccurate. In those cases where we process your information for contractual reasons, you can ask us to give you a copy of the information in a format that you can take elsewhere for your own purposes.

12.2. If you believe we are not using your information lawfully, you can ask us to stop using it for a period. In some circumstances, you may have the right to ask us to erase your personal data.

12.3. To submit a request you can contact the person dealing with your case. Alternatively you can submit a request by email, post or telephone by using the contact information provided below:

Data Protection Officer
Name	Carmen Abela
Department	Compliance
Email	[email protected]
Telephone	02082907334
Address	Justin House,6 West Street,Bromley,BR1 1JN