Privacy Policy and Notice

Who we are

Bratby Law is a trading name of Bratby Law Ltd, an English company, number 12539220.

Our registered office at Level 18, 40 Bank Street, Canary Wharf, London, E14 5NR. 

Contact: Rob Bratby,  +44 77 3831 2629, [email protected], https://bratby.law.

Summary

We take privacy and client confidentiality very seriously. 

As well as our obligations under the Data Protection Act 2018 and retained UK GDPR we have a professional duty to keep our clients’ information (even if it is not personal data) confidential, safe and secure.

We are a virtual organisation that makes extensive use of cloud computing. 

We have documented and implemented an information and data security policy in line with guidance from the Solicitor Regulation Authority, the Law Society, the Information Commissioner’s Office and the National Cyber Security Centre and are Cyber Essentials certified. We regularly review and update our information and data security policy.

What personal data we collect

In general

We collect personal data and information:

  • from our clients, suppliers, partners and their employees, advisors, customers, suppliers and/or partners;
  • from users of our web-site, blog and/or newsletter subscribers;
  • from attendees at events and conferences;
  • from internet searches and data sources;
  • from credit rating and anti-money laundering agencies;
  • from government and/or government agencies;
  • in the course of providing services and or billing for our services;
  • when we meet and/or interact with others; and/or
  • in the course of marketing, selling and/or providing customer service and care.

Cookies / Analytics

We use google analytics to understand who visits our site and how it is used.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if you had visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Why we collect data and information

We collect and process personal data and information:

  • to provide or receive services under contracts with our clients and suppliers;
  • for the legitimate purpose of running our business and providing legal advice to our clients, including: 
    • sales, marketing, due diligence and risk assessment, conflict checking, service delivery, customer care and/or billing and collections; 
    • interviewing and employing or retaining staff and/or consultants; 
    • obtaining and managing our insurance and insurance claims, 
    • accounts and audits; and/or 
    • litigation;
  • to comply with our legal obligations including those imposed by the Solicitors Regulation Authority, anti-money laundering compliance, company law, tax and accounting compliance and other legal obligations including the prevention of crime; and/or
  • where no other justification applies and we have your explicit consent to so do. Where we seek your consent we will clearly specify what you are consenting to, and you may withdraw your consent at any time by contacting us.

We do not consider that the processing of your personal data on the basis of our legitimate interests as described above is likely to result in any unwarranted prejudicial effect on your rights and freedoms or your own legitimate interests, and we regularly review our systems and processes to ensure that remains the case.

What we do with your data and information 

We use, process and/or disclose personal data and information:

  • to provide or receive services under contracts with our clients and suppliers;
  • for the legitimate purpose of running our business and providing legal advice to our clients, including: 
    • sales, marketing, due diligence and risk assessment, conflict checking, service delivery, customer care and/or billing and collections; 
    • interviewing and employing or retaining staff and/or consultants; 
    • obtaining and managing our insurance and insurance claims, 
    • accounts and audits; and/or 
    • litigation; and/or
  • to comply with our legal obligations including those imposed by the Solicitors Regulation Authority, anti-money laundering compliance, company law, tax and accounting compliance and other legal obligations including the prevention of crime.

Who we share your data and information with

We use third party cloud-based service providers as our data processors, in each case subject to contracts. Key suppliers include:

  • Microsoft: for email and document creation, editing and storage;
  • Apple: for end-user devices and document storage;
  • Xero: for financial and accounting information;
  • Starling Bank: as our bankers;
  • Godaddy: for our domain and word-press hosting;
  • Smartsearch: for our anti-money laundering compliance checks; and
  • Adobe: for pdf document processing and storage.

The privacy notice for each of these data processors is available on their respective websites, including the circumstances in which data may be transferred outside the UK and/or EEA and the protections that are in place to ensure that any data transferred is given equivalent protection to the UK.  

We do not undertake any automated decision making or profiling.

How long we retain your data

We retain information for the minimum period we are required to keep information, after which we will delete information. In practice, this means that we will retain information relating to each of our clients for a period equal to the length of our relevant active retainer with that client plus six years and a day, unless we are required to retain the information for a longer period as a result of a client instructions, legal or regulatory obligation, and/or a potential or actual dispute. 

Your data protection rights

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information. 
  • Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances. 
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances. 
  • Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at [email protected], +447738312629 If you wish to make a request.

You can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Contact information

Complaints should be made to [email protected]. They will be dealt with in accordance with our written complaints procedure, which is available on request. 

If this does not resolve your concern, then you may complain to the Information Commissioner’s Office: 0303 123 1113, https://ico.org.uk/make-a-complaint/.