Introduction
We are committed to protecting and respecting your privacy.
Everyone has rights with regard to the way in which their personal information is handled. During the course of our activities we will collect, store and process personal information about our clients, suppliers and other third parties, and we recognise that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations.
This policy sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.
For the purpose of UK data protection laws, the data controller is BPE Solicitors LLP of St James House, St James Square, Cheltenham, Gloucestershire, GL50 3PR.
Data protection principles
When processing your information, we will comply with the six enforceable principles of good practice. These provide that your personal information must be:
- processed lawfully, fairly and in a transparent manner,
- processed for specified, explicit and legitimate purposes,
- adequate, relevant and limited to what is necessary,
- accurate and kept up-to-date,
- kept for no longer than is necessary, and
- processed in a manner than ensures appropriate security.
Information you give to us
We may collect, use, store and transfer different kinds of personal information about you, including:
- Identity Data, such as your name, marital status, title, date of birth, gender, job title and your employer,
- Contact Data, such as your home and work addresses, personal and work email addresses and personal and work telephone numbers,
- Document Data, such as copies of your passport, driving licence, utility bills, etc,
- Medical Data, including your physical and mental medical history, details of any medical conditions, your dietary preferences and details of any food allergies,
- Third Party Data, namely Identity Data, Contact Data, Document Data and Medical Data relating to your family members, business colleagues and other contacts,
- Financial Data, such as bank account, salary and payment card details, and details of any payments you make to us or we make to you,
- Transaction Data, including details about the legal and other services we may provide to you,
- Technical Data, including IP addresses, your log-in data, browser type and version, time-zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website,
- Profile Data, such as your username, password, purchases or orders made by you, your interests, preferences, feedback and survey responses, and
- Marketing Data, such as your preferences in receiving marketing from us and our third parties, and your communication preferences.
‘Special category’ data
Information relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, criminal convictions, sex life or sexual orientation, or certain types of genetic or biometric data is known as ‘special category’ data.
During the course of providing you with legal services, we may collect ‘special category’ data about you, particularly if we prepare your will, advise you in relation to divorce proceedings, bring an employment or discrimination claim on your behalf, buy or sell a company with large number of employees, or bring certain types of court claims on your behalf.
How we collect your personal information
We may obtain personal information by directly interacting with you, such as:
- meeting with you in our offices, at events or elsewhere,
- receiving your instructions to provide legal services, and in the performance of those legal services,
- logging onto the wi-fi network in our offices,
- filling in forms on our website,
- participating in discussion boards or other social media functions on our website,
- giving us your business card,
- entering a competition, promotion or survey organised by us, or otherwise providing us with feedback,
- subscribing to our services or publications, or otherwise requesting marketing material to be sent to you, or
- corresponding with us by phone, video call, email, letters or otherwise.
We may obtain personal information via automated technology when you interact with our website by using cookies, server logs and other similar technologies.
We may also collect personal information about you from third parties or publicly-available sources, such as:
- your family members, your business colleagues and other contacts,
- the ‘other side’ in any dispute or negotiation for which we’re acting on your behalf,
- official bodies such as Companies House, HM Land Registry, the Office of the Public Guardian, the Court of Protection, the Probate Court and the General Register Office,
- your professional advisers and business networks with which both you and we are connected,
- analytics providers (such as Google),
- advertising networks,
- providers of technical, payment and delivery services, and
- by conducting searches of publicly-available databases or social media sites, such as Legl, Beauhurst, Facebook, Twitter, LinkedIn and the electoral register.
How we use your personal information
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- you have given us consent,
- we need to perform a contract we are about to enter into, or have entered into, with you (including carrying out agreed legal services that we agree to provide to you),
- where it is necessary for our or a third party’s legitimate interests, and your interests and rights do not override those interests, or
- where we need to comply with a legal or regulatory obligation.
We will only use ‘special category’ information:
- provided we have your explicit consent to use it,
- where we believe that we need to use that data to protect your vital interests where you are not able to provide us with your explicit consent,
- where it is necessary for reasons of substantial public interest,
- where you have previously made that data public knowledge,
- if we need to use that data to establish, exercise or defend legal claims, or
- where there is some other legal basis that allows us to use that information.
Purposes for which we will use your personal information
We may use your personal information for a number of different purposes. For each purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as follows:
Purposes for which we will use the information you give to us |
Legal basis |
To register you as a new client and verify your identity |
It will be necessary for the performance of the contract between you and us, and necessary for us to comply with a legal obligation to which we are subject under the Proceeds of Crime and Anti-Money Laundering legislation |
To process your instructions and, if accepted, to provide the legal services to you (including managing payments, fees and charges) |
It will be necessary for the performance of the contract between you and us |
Where you are acting as a representative of a company or organisation, then to register that company or organisation as a new client |
It will be necessary for us to comply with a legal obligation to which we are subject under the Proceeds of Crime and Anti-Money Laundering legislation, and it will be necessary for our legitimate business interests, namely with a view to performing legal services |
Where you are acting as a representative of a company or organisation, to process your instructions and, if accepted, to provide the legal services to that company or organisation (including managing payments, fees and charges) |
It will be necessary for our legitimate business interests, namely with a view to performing legal services |
To obtain further information about you, any company or organisation you represent, and the matter that is the subject of the legal services we have agreed to provide |
It will be necessary for our legitimate business interests to ensure we are fully aware of all issues relating to the matter that is the subject of the legal services we have agreed to provide |
To collect and recover money owed to us |
It will be necessary for our legitimate business interests, namely to ensure we receive payment for legal services that we have provided |
To notify you about changes to our terms of business or this privacy policy |
It will be necessary for our legitimate business interests, namely to ensure you are aware of our current terms and conditions |
To administer our website , to apply online security processes and for internal operations, including troubleshooting, data analysis, remote email access, cyber-security, testing, research, statistical and survey purposes, to allow you to participate in interactive features of our service, when you choose to do so, to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you and to make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them |
It will be necessary for our legitimate business interests to ensure you receive the best experience possible and that appropriate cyber-security measures are applied when accessing and using our website or otherwise communicating with us electronically. We will comply with our cookie policy when processing this information |
To enable you to participate in a prize draw, competition or complete a survey |
It will be necessary for our legitimate business interests, namely to study how clients, prospective clients, referrers and other third parties use our services, to develop them and help grow our business |
To enable us to generate and provide you with access codes and/or passwords to log onto the wi-fi network in our offices |
It will be necessary for our legitimate business interests, namely to keep a record of who logs onto our wi-fi network because we may, in certain circumstances, be liable for the transmission of unlawful material via that network |
To provide you with information about special offers and other services we provide. |
Where you have previously received marketing communications from us, then it will be necessary for our legitimate business interests, namely to ensure you continue to receive communications that you have previously agreed to receive unless you decide to ‘opt out’ of receiving those communications Where you specifically ask us to provide you with certain marketing communications, then it will be necessary for our legitimate business interests, namely to ensure we provide you with the communications that you have requested In all other cases, we will only do this if you give us your consent |
To invite you to corporate events, such as seminars, workshops, charity golf days and corporate hospitality and thereafter to manage your attendance at the event in questions to include managing information on your dietary preferences if the event is catered |
It will be necessary for our legitimate business interests to ensure you are aware of the latest legal developments in relation to the legal services we have provided to you, or are providing to you, or otherwise to develop our relationship with you outside of the working environment Where you would not normally have a reasonable expectation of receiving such invites from us, we will only send you invites if you agree Where the information collected relates to any dietary preference which may be considered to be 'special category data', for example by indicating a particular religious or philosophical view, or a medical issue or allergy, we will only process this information with your explicit consent. |
We will only use your personal information for the purpose(s) for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
What if you cannot or will not provide us with your personal information
It is a statutory requirement for you to provide us with certain information, namely sufficient information to verify your identity. If you do not provide us with that information, we will be unable to accept your instructions and provide you with legal services.
It is also a contractual requirement for you to provide us with certain information. If you do not provide us with that information, we may be unable to accept your instructions and/or provide you with the full range of our legal services and advice.
Cookie policy
Version last updated: 13/07/23
The BPE Solicitors LLP website (the ‘Site’) uses cookies to distinguish different users of our Site. This assists in providing you and other users with a positive experience when browsing the Site and allows for improvements to be made.
What are cookies?
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies enhance your experience, for example allowing the Site to “remember” your past actions or preferences over time which means that you do not need to keep re-entering them whenever you revisit the Site from another website.
This means that the following information is automatically collected when you visit the Site:
- The internet domain name and IP address from where you access the Site;
- The type of browser software and operating system used to access the Site;
- The date and time of access to the Site
- If you link to the Site from another website, the address of that website; and
- The pages you enter, visit and exit the Site from.
Please visit our to see the full details of the information that we may collect from you and the purposes for which any personal information is used if at all.
How to delete cookies
Users of the Site can set their devices to to see what cookies are set, block or accept certain cookies, accept all cookies, notify when a cookie is issued or not to receive any cookies. If you wish to restrict or block cookies this can be done through the browser settings. The “Help” function within your browser will assist you with this further.
You may wish to visit https://ico.org.uk/your-data-matters/online/cookies/ which contains comprehensive information on how to control cookies on a wide range of browsers. Further information can also be found on how to delete cookies and on cookies generally.
Please note that restricting cookies may result in users not being able to take full advantage of all of the features or services available on the Site, and certain parts of the Site may not be accessible.
What cookies does the Site use?
The cookies used on this Site have been categorised based on the broad categories found in the ICO UK Cookie Guide. This Site uses the following cookies:
- Strictly necessary cookies: these are required for the operation of the Site and cannot be switched off in our systems. They include, for example cookies enabling the logging into secure areas of the Site.
- Analytical or performance cookies: these are required for the recognition of Site visitors and for counting the number of visitors and to see how visitors move around the Site when using it. This assists in improving the way the Site works, such as ensuring that users can easily find what they are looking for.
- Functionality cookies: these are used to recognise when users return to our Site. This enables the personalisation of content such as remembering user’s names and choice of language.
- Targeting Cookies: these are cookies which record the user’s visit to the Site, the pages users have visited, and the links users have followed. This information will be used to make the Site more relevant.
Cooke Title |
Purpose |
More information |
_GRECAPTCHA |
Description: Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks. Duration: 5 months 27 days |
|
ASP.NET_SessionId |
Description: Issued by Microsoft's ASP.NET Application, this cookie stores session data during a user's website visit. Duration: session |
|
_ga_* |
Description: Google Analytics sets this cookie to store and count page views. Duration: 1 year 1 month 4 days |
|
_ga |
Description: Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. Duration: 1 year 1 month 4 days |
|
_hjSessionUser_* |
Description: Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site. Duration: 1 year |
|
_hjFirstSeen |
Description: Hotjar sets this cookie to identify a new user’s first session. It stores the true/false value, indicating whether it was the first time Hotjar saw this user. Duration: 30 minutes |
|
_hjIncludedInSessionSample_2667635 |
Description: Set to determine if a user is included in the data sampling defined by your BPE’s daily session limit. Duration: 2 minutes |
|
_hjSession_* |
Description: Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site. Duration: 30 minutes |
|
_hjAbsoluteSessionInProgress |
Description: Hotjar sets this cookie to detect a user's first pageview session, which is a True/False flag set by the cookie. Duration: 30 minutes |
|
_gid |
Description: Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously. Duration: 1 day |
|
_gat_UA-* |
Description: Google Analytics sets this cookie for user behaviour tracking. Duration: 1 minute |
|
_gat_gtag_UA_* |
Description: Google Analytics sets this cookie to store a unique user ID. Duration: 1 minute |
|
__RequestVerificationToken |
Description: This cookie is set by web application built in ASP.NET MVC Technologies. This is an anti-forgery cookie used for preventing cross site request forgery attacks. Duration: session |
|
This Site will also use Google Analytics cookies. Google Analytics is a third-party web analysis service provided by Google LLC, which utilises performance cookies and targeting cookies. Information generated by these cookies about user’s use of the Site (including the IP address) will be transmitted to and stored by Google LLC on servers in the United States. Google will use the information collected for the purpose of evaluating users use of the Site on our behalf, compiling reports on website activity, and providing other services relating to activity and internet usage to us. Google will not associate users IP addresses with any other data held by Google. Users may refuse the use of cookies by selecting the appropriate setting on their browser as highlighted above. Users can also prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the relevant plug in to create an opt-out cookie preventing further processing of user’s data. For more information about Google Analytics cookies, please see Google’s help pages and privacy policy. If such cookies are prevented, we cannot guarantee how the Site will perform.
You can choose which analytical, functionality and targeting cookies we can set by clicking on the button(s):
Strictly essential cookies OFF
Analytical or performance cookies OFF
Functionality cookies OFF
Targeting cookies OFF
As highlighted above, the blocking of cookies may impact the accessibility of certain parts of the Site.
Except for essential cookies, all cookies will expire after 1 year, 1 month and 4 days.
Contact Us
To request a copy of the cookie information we hold, exercise any information rights explained in this policy or have any concerns or complaints about our use of your cookie information, please contact bpe@bpe.co.uk.
If a complaint cannot be satisfactorily resolved, you may contact the ICO at www.ico.org.uk or by telephoning 0303 123 1113 if the complaint relates to the way we have handled your personal data.
Disclosure of your information
We may share your personal information with the parties set out below:
- any other parties in relation to your legal matter to the extent we reasonably consider that it is appropriate or in your best interests for us to do so (including your professional advisers, the ‘other side’ and their professional advisers, witnesses, professional experts and foreign attorneys who assist us with providing specialist non-UK legal advice),
- institutions within the British legal system, such as courts and tribunals and the personnel working with them,
- official bodies such as Companies House, HM Land Registry, the Office of the Public Guardian and the General Register Office,
- HM Revenue & Customs, the Information Commissioner’s Office, the Solicitors Regulatory Authority, the Law Society, the Legal Ombudsman, the Legal Services Board, the National Crime Agency, the Serious Fraud Office and any other regulators and other authorities who require reporting of processing activities in certain circumstances,
- credit-reference and fraud prevention agencies,
- identification verification services, such as, The Justice Platform trading as Legl
- where you are referred to us by a third party, such as Settify, we may provide them with certain information about you and your transaction,
- Certainty - The National Will Register, in circumstances where we provide you with will-writing services or otherwise store a copy of your will,
- professional advisers and business networks with which we are connected,
- our outsourced IT services provider, TaylorMade, together with providers of wi-fi, IT, mailing list and system administration services to our business, including Ubiquiti, Altido, Egress, Mimecast, Dropbox, One Drive, Google Drive and other online cloud and data-room providers,
- other contractors providing computer software and support services for us to use in connection with our compliance procedures and administration of your instructions, including, The Justice Platform Ltd, trading as Legl,
- our professional advisers (including solicitors, bankers, auditors and insurers),
- our quality assurance assessors,
- business partners, suppliers and sub-contractors to the extent we consider it reasonably necessary for us to perform our services,
- analytics and search engine providers that assist us in the improvement and optimisation of our website,
- caterers and hospitality staff, event organisers, training providers and other parties we collaborate with for the purposes of organising and staging our corporate events, and
- third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this policy.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
Where we store your personal information
All information you provide to us is stored on our secure servers in the United Kingdom, or on secure cloud-based services in a country within the European Economic Area.
We will take all steps reasonably necessary to ensure that your data is treated securely, including taking the following safeguards:
- Entry controls. Access to our offices is secured by means of electronic entry controls. The main building reception is staffed at all times, and our office reception is staff during normal working hours.
- Secure lockable desks and cupboards. Desks and cupboards are kept locked when not in use if they hold confidential information of any kind.
- Methods of disposal.Paper documents are disposed of by shredding in a manner that ensures confidentiality.
- Off-site storage.We use a third-party off-site storage facility for archived files. Access to the facility is secured.
- Our internal policies require that users lock or log-off from their computer when it is unattended.
- Firewalls and encryption. We apply industry-standard firewall protection and encryption technology.
- Training. We ensure our employees are trained in the importance of data security.
- Compliant agreements. Where we grant third parties access to your data, we will enter into a contract with them that complies with applicable data protection rules to ensure they process your data securely.
- Electronic access.All data stored electronically is password-protected. Where we have provided an authorised user with a password, that user is responsible for keeping this password confidential and is not permitted to share the password with anyone.
- Payment details.Where appropriate, we will send payment and banking details by secure messaging system to reduce the risk of those emails being unlawfully intercepted.
- Overseas transfers. Whenever we transfer your personal information outside the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring that we apply appropriate safeguards (either by transferring data only to recipients in the European Economic Area, to recipients in countries determined by the United Kingdom to have adequate or equivalent levels of data protection, or by using specific contracts approved by the UK Information Commissioner).
Some of the data that we collect from you may be transferred to third parties (for example, to Dropbox and other cloud providers, and any foreign lawyers or attorneys that we use to provide advice on non-UK legal matters) who will store the data at a destination outside the United Kingdom. We will let you know when we engage any foreign lawyers or associates. If you are concerned about the levels of data security in those countries, please let us know and we will endeavour to advise what steps will be taken to protect your data when stored overseas.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long we will store your personal information
The length of time that we will store your data will depend on the ‘legal basis’ for why we are using that data, as follows:
Legal basis |
Length of time |
Where we use/store your data because it is necessary for the performance of the contract between you and us |
We will use/store your data for as long as it is necessary for the performance of the contract between you and us |
Where we use/store your data because it is necessary for us to comply with a legal obligation to which we are subject |
We will use/store your data for as long as it is necessary for us to comply with our legal obligations |
Where we use/store your data because it is necessary for our legitimate business interests |
We will use/store your data for as long as it is necessary for our legitimate business interests, or such earlier time as you ask us to stop. However, if we can demonstrate the reason why we are using/storing your data is more important than your interests, rights and freedoms, then we will be allowed to continue to use/store your data for as long as it is necessary for our legitimate business interests |
Where we use/store your data because you have given us your specific, informed and unambiguous consent |
We will use/store your data until you ask us to stop |
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitive of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Further details relating to periods of retention, methods of destruction and receiving a copy of your file from us prior to destruction are set out in our standard terms of business.
Your rights
You have various legal rights in relation to the information you give us, or which we collect about you, as follows:
- You have a right to access the informationwe hold about you free-of-charge, together with various information about why and how we are using your information, to whom we may have disclosed that information, from where we originally obtained the information and for how long we will use your information.
- You have the right to ask us to rectify any informationwe hold about you that is inaccurate or incomplete.
- You have the right to ask us to erase the informationwe hold about you (the ‘right to be forgotten’). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
- You have the right to ask us to stop using your informationwhere: (i) the information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to use the information; or (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information, or use your information for the purpose of legal proceedings or for protecting the rights of any other person.
- You have the right to ask us to transmit the informationwe hold about you to another person or company in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.
- Where we use/store your information because it is necessary for our legitimate business interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which is more important than your interests, rights and freedoms.
- Where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consentat any time.
- You have the right to object to us using/storing your information for direct marketing purposes.
If you wish to exercise any of your legal rights, please contact our Data Protection Officer, Christine Jackson, by writing to the address at the top of this policy, or by emailing us at dataprivacy@bpe.co.uk.
You also have the right, at any time, to lodge a complaint with the Information Commissioner’s Office if you believe we are not complying with the laws and regulations relating to the use/storage of the information you give us, or that we collect about you.
Opting out of receiving marketing communications
You can ask us to stop sending you marketing communications at any time by contacting our Data Protection Officer, Christine Jackson, by writing to the address at the top of this policy, or by emailing us at dataprivacy@bpe.co.uk.
Automated decision-making
We do not use automated decision-making processes.
Third party links
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Recording telephone calls
Telephone calls made to and by the firm’s Residential Conveyancing department are recorded for monitoring purposes, to keep a record of instructions, to ascertain compliance with regulatory practices and to demonstrate standards are being achieved, in each case to the extent they are relevant to the firm’s business. The recordings are stored on the firm’s servers in the United Kingdom.
Identifying you as a client of the firm
If you are a business client, we may identify you as a client of the firm in our marketing material or in legal directories, although we will never publicly disclose any confidential information about your legal matters without having obtained your prior consent. If you do not agree to us identifying you as a customer of the firm, please notify our Data Protection Officer, Christine Jackson, by writing to the address at the top of this policy, or by emailing us at dataprivacy@bpe.co.uk
If you are an individual client, we will also ask for your consent before identifying you as a client of the firm.
Changes to our policy
Any changes we make to our policy in the future will be posted on our website and, where appropriate, notified to you by email or via social media. Please check our website frequently to see any updates or changes to our policy.
Contact
Questions, comments and requests regarding this policy are welcomed and should be addressed to our Data Protection Officer, Christine Jackson, by writing to the address at the top of this policy, or by emailing us at dataprivacy@bpe.co.uk.