Co-Counsel are committed to protecting and respecting your privacy.
For the purpose of the data protection laws (including the Data Protection Act 2018, the General Data Protection Regulation (EU) 2016/679 as retained under UK law (UK GDPR) and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended), the data controller is Co-Counsel.
- Information we collect about you
We collect and process the following personal data:
Identity and Contact Data, including your name, address, email address, telephone number, date of birth, marital status, passport number, employment details, job title and other personal data relevant to our services.
Financial Data, including your bank account and other data necessary for processing payments and fraud prevention, including credit/debit card details and other related billing information.
Business Information, including information provided in the course of the client relationship between you and us, or otherwise voluntarily provided by you.
Profile Data, including your preferences in receiving marketing information from us and your communication preferences.
Technical Data, including information collected during your visits to our website(s), the Internet Protocol (IP) address, login data, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
- How we collect your information
We use different methods to collect data from and about you including:
Direct interactions: you may give us your Identity and Contact Data, Financial Data, Business Information and Profile Data when you interact with us including:
- to seek legal advice from us;
- to provide services to us;
- to correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us (including in conversation with our lawyers, consultants and staff);
- to sign up to receive updates or newsletters from us;
- to sign up to or attend any seminars or other events we run.
Third parties: we may receive information about you or your organisation from third parties as set out below:
- from analytics providers (such as Google);
- by making enquiries from organisations with whom you have dealings;
- from third party sources such as government agencies, credit reporting agencies, information service providers or from publicly available records.
- How we use your information
We use your personal data for the following purposes:
To perform a contract with you. This includes:
- to register you as a new client;
- to register you as a new provider of services to us;
- to provide and administer legal services to you;
- to communicate with you to manage our relationship;
- to process payments, billing and collect money owed to us.
To conduct our business and pursue our legitimate interests. This includes:
- to administer and manage our relationship with you, including accounting, auditing, record keeping, taking other steps linked to the performance of our business relationship;
- to analyse and improve our services and communications and to monitor compliance with our policies and standards;
- to protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
- for insurance purposes;
- to update you on the latest developments and other information about our services.
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.
To comply with our legal obligations. This includes for purposes required by law. As a regulated law firm, we are required by the Solicitors’ Regulatory Authority (“SRA”) to carry out certain compliance checks on our clients for the purposes of anti-money laundering. We also carry out other checks and screening including financial and credit checks, checks for terrorist financing and for fraud and crime prevention and detection, and to comply with trade sanctions and embargo laws. We also process personal data to notify you of changes to our terms and to maintain our records.
We may process your personal data for more than one of the purposes listed in this section above, depending on the circumstances in which we are using your data.
- Special categories of personal data
In the course of our client services, we may represent you in legal matters that require us to collect and use “special categories” of personal information relating to you (this may include information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life and sexual orientation or details of criminal offences, or genetic or biometric data). For example, some of these types of data may be necessary for us to provide legal advice in employment matters, such as disputes involving alleged discrimination or the impact that your physical or mental health, your having committed a criminal offence or being a member of a trade union has on your work.
We only process special categories of personal information in the course of client services and we do so to assist you to establish, exercise or defend legal claims, to assess your working capacity or fulfil the rights and obligations of applicable employment or social security laws.
- If you fail to provide personal data that we need
Where we need to collect personal data by law, or in order to process your instructions or perform a contract we have with you, and you do not provide that data, we may not be able to carry out your instructions or perform the contract. In these circumstances, we may have to cancel our engagement with you. We will notify you if this is the case at the time
- Opting out of marketing
If you are a client, we would like to use your personal data to communicate with you about future services or updates we think may be of interest. If you do not want us to contact you in this way, you can opt out of these communications at any time by following the opt-out links on any message or by emailing firstname.lastname@example.org.
If you opt out of receiving these types of messages, we will still contact you as necessary to provide legal services to you.
- Disclosure of your information
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information to our trusted partners and suppliers as follows:
- third parties who we may instruct in relation to our provision of legal services, such as other lawyers, barristers, consultants, mediators or experts;
- organisations who provide services to us for money laundering and terrorist financing checks, credit risk reduction and other fraud and crime prevention purposes;
- third parties who provide us with IT services and data storage and back up.
Processing of personal information by these third parties is only carried out under our instruction and for the purposes set out in this policy. We make sure that our third party suppliers always store personal data securely, delete it when no longer needed and never use it for any other purposes.
We may also disclose your personal information in the following circumstances:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if Co-Counsel or substantially all of its assets are acquired by a third party, in which case personal data held by it about its clients will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety of Co-Counsel, our clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- Where we store your personal data
We store your personal data in the UK and EEA and, except as set out below, do not transfer it outside of the UK and EEA.
As part of the legal services we are providing, we may occasionally need to share your personal information with third parties we have instructed (e.g. other lawyers) outside the UK or EEA and in countries that have not been deemed by the UK government or European Commission to provide an adequate level of protection for personal data. We will only share your personal data in this way where it is necessary for the services we are providing, or necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal information.
- Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Your rights
You have various rights in respect of the personal information we hold about you – these are set out in more detail below. If you wish to exercise any of these rights, please email email@example.com. Please note that you will need to provide us with evidence of your identity.
Access: You can ask us to give you a copy of the personal information that we hold about you.
Correct: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
Erase: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
Object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Restrict: You can ask us to restrict our use of your personal information in the following circumstances: a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) if you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Transfer: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
Opt out of marketing: You can opt out of receiving marketing communications from us at any time.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- How long we keep your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for us to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled.
If you want to learn more about our specific retention periods for your personal data, please email firstname.lastname@example.org.
Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.
- Third party websites
Our website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
- Changes to this policy
Any changes we may make to this policy in the future will be posted on our website.
- Further information
Questions, comments and requests regarding this policy are welcomed and should be addressed to Anjanette Pavell at email@example.com.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues:
ICO website: https://www.ico.org.uk; helpline number: 0303 123 1113.
We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Dated: August 2022