Privacy Policy and Notice

Who we are

Bratby Law is a trading name of Bratby Law Ltd, an English company (number 12539220) with our registered office at Level 18, 40 Bank Street, Canary Wharf, London, E14 5NR. 

Contact: Rob Bratby,  +44 77 3831 2629, rob@bratby.law, https://bratby.law.

Summary

We take privacy and client confidentiality very seriously. 

As well as our obligations under the Data Protection Act 2018 we have a professional duty to keep our clients’ information (even if it is not personal data) confidential, safe and secure.

We are a virtual organisation that makes extensive use of cloud computing. 

We have documented and implemented an information and data security policy in line with guidance from the Solicitor Regulation Authority, the Law Society, the Information Commissioner’s Office and the National Cyber Security Centre and [will be] [are] Cyber Essentials certified. We regularly review and update our information and data security policy.

What personal data we collect

In general

We collect personal data and information:

  • from our clients, suppliers, partners and their employees, advisors, customers, suppliers and/or partners;
  • from users of our web-site, blog and/or newsletter subscribers;
  • from attendees at events and conferences;
  • from internet searches and data sources;
  • from credit rating agencies;
  • from government and/or government agencies;
  • in the course of providing services and or billing for our services;
  • when we meet and/or interact with others;
  • from our customers, suppliers and/or partners; and/or
  • in the course of marketing, selling or providing customer service and care.

Comments on website

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media uploaded to website

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms on website

If you fill out a contact form, or subscribe to a newsletter we collect the information you provide to us.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We use google analytics to understand who visits our site and how it is used.

Why we collect data and information

We collect and process personal data and information:

  • to provide or receive services under contracts with our clients and suppliers;
  • for the legitimate purpose of running our business and providing legal advice to our clients, including: 
    • sales, marketing, due diligence and risk assessment, conflict checking, service delivery, customer care and/or billing and collections; 
    • interviewing and employing or retaining staff and/or consultants; 
    • obtaining and managing our insurance and insurance claims, 
    • accounts and audits; and/or 
    • litigation;
  • to comply with our legal obligations including those imposed by the Solicitor Regulation Authority, anti-money laundering compliance, company law, tax and accounting compliance and other legal obligations including the prevention of crime; and/or
  • where no other justification applies and we have your explicit consent to so do. Where we seek your consent we will clearly specify what you are consenting to, and you may withdraw your consent at any time by contacting us.

We do not consider that the processing of your personal data on the basis of our legitimate interests as described above is likely to result in any unwarranted prejudicial effect on your rights and freedoms or your own legitimate interests, and we regularly review our systems and processes to ensure that remains the case.

What we do with your data and information 

We use, process and/or disclose personal data and information:

  • to provide or receive services under contracts with our clients and suppliers;
  • for the legitimate purpose of running our business and providing legal advice to our clients, including: 
    • sales, marketing, due diligence and risk assessment, conflict checking, service delivery, customer care and/or billing and collections; 
    • interviewing and employing or retaining staff and/or consultants; 
    • obtaining and managing our insurance and insurance claims, 
    • accounts and audits; and/or 
    • litigation;
  • to comply with our legal obligations including those imposed by the Solicitor Regulation Authority, anti-money laundering compliance, company law, tax and accounting compliance and other legal obligations including the prevention of crime.

Who we share your data and information with

We use third party cloud-based service providers as our data processors, in each case subject to contracts. Key suppliers include:

  • Microsoft: for email and document creation, editing and storage;
  • Apple: for end-user devices and document storage;
  • Xero: for financial and accounting information;
  • Starling Bank: as our bankers;
  • Godaddy: for our domain and word-press hosting; and
  • Kdan Mobile: for pdf document processing and storage.

The privacy notice for each of these data processors is available on their respective websites, including the circumstances in which data may be transferred outside the UK and/or EEA and the protections that are in place to ensure that any data transferred is given equivalent protection to the UK.  

We do not undertake any automated decision making or profiling.

How long we retain your data

We retain information for the minimum period we are required to keep information, after which we will delete information. In practice, this means that we will retain information relating to each of our clients for a period equal to the length of our relevant active retainer with that client plus six years and a day, unless we are required to retain the information for a longer period as a result of a client instructions, legal or regulatory obligation, and/or a potential or actual dispute.  

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your data protection rights

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information. 
  • Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances. 
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances. 
  • Your right to object to processing – You have the the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at rob@bratby.law, 07738312629 If you wish to make a request.

Further, if you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Contact information

Complaints should be made to rob@bratby.law. They will be dealt with in accordance with our written complaints procedure, which is available on request. 

If this does not resolve your concern, then you may complain to the Information Commissioner’s Office: 0303 123 1113, https://ico.org.uk/make-a-complaint/.