Introduction
We are committed to protecting your privacy and will comply with data protection laws to safeguard your personal data. This privacy notice explains how we will use and share your personal information, your privacy rights, and legal protections in place.
We may update our privacy notice due to business needs, industry standards, or the law. We’ll post any updates on our website.
Scope
This privacy notice applies to individuals whose personal information we collect and process. This includes current, former, or prospective:
- Clients, customers, or principals
- Suppliers of goods, services, or both
- Advisers or consultants
- Auditors or certification/accreditation providers
- Regulators
- Professional associations or other professional bodies
- Government organisations
- Charitable organisations
- Experts or witnesses
- Opponents
- People involved in legal proceedings
- Counterparties to any arrangement or contract
- Advisers or representatives of any of the above
- People we contact for marketing purposes or whose details we otherwise process in connection with our marketing
- Natural persons who work at or represent any of the above
Who we are
Flint Bishop is a data controller. This means we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
We may also function as a processor in limited circumstances, which means that we will process personal data on behalf of someone else, like our clients. Where we are acting as a processor, we have duties to the data controller and are bound to take instructions from the data controller in relation to the management of personal data.
Our contact details
Flint Bishop Limited
Pinnacle Building
2 Prospect Place
Pride Park
Derby
DE24 8HG
Tel: 01332340211
Email:
What personal information we collect and use
Personal data is any information that relates to you and that identifies you either directly from the information or indirectly by reference to other information that we have access to. It does not include data where the identity has been removed (anonymous data).
Categories of personal data that we collect include:
- Contact information such as your name, postal address, email addresses and telephone number.
- Identity information such as marital status, employment status, title, date of birth and gender.
- Biographical information such as job title, employer, photograph and video or audio content including you.
- Marketing information and communications preferences, feedback, and survey responses.
- Billing and financial information such as bank account details, card details, income, asset lists, credit history, County Court judgment details, and information relating to payments and transactions.
- Technical data including information which we automatically capture when you visit our website such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Services information which can include information about how you use our website, online platforms, software applications and services.
- Special categories of data such as race and ethnicity, trade union membership, information about political opinions or religious beliefs, or information about your health and genetic and biometric data.
- Information relating to children or regarding criminal matters.
Where we get personal information from
We collect personal data directly from you:
- When you make enquiries about our services
- When you use our legal services
- Where you provide services or goods to us
- When you register to receive news, services, or provide communication preferences
- When you use our website or interact with us online
- When you apply for a job with us
- If you attend one of our offices or events
We may obtain personal information from third parties, such as:
- Our clients when we handle personal data on their behalf.
- Third parties and suppliers we deal with as part of our service delivery or any other trading/commercial activities or affairs.
- Electronic identification platforms and credit reference agencies such as Creditsafe, Legl and Equifax.
- Intermediaries, agents, or representatives.
- Regulatory bodies such as the SRA and Information Commissioner’s Office.
- Public registries such Companies House, Intellectual Property Office, Disclosure and Barring Service, Land Registry, Electoral Register.
- Professional networks such as LinkedIn.
- Websites.
- Social media.
- Analytics providers such as Google (based outside the EU).
- Advertising networks.
- Search information providers.
- When you use our apps, website, or online platforms, we may gather information about your devices, how you browse. You can learn more in our cookies policy.
Our lawful basis for processing your personal information
We will only use your personal data in the following circumstances:
- Where we have your consent
- To perform a contract with you
- To comply with a legal obligation
- When there is a legitimate business interest, and it is fair and reasonable to do so
Examples of legitimate business interests include:
- Researching, developing, producing, or improving products or services
- Receiving goods or services
- Human resource or other operational management
- Goodwill or reputation protection
- Business running, improvement, growing or protection
- Business or asset protection such as security measures
- Protection or wellbeing of staff and other natural persons
- Compliance with legal, regulatory, professional and industry standards
- Supporting and dealing with enquiries or complaints
- Establishing and maintaining business opportunities and relationships
- Promoting and/or providing legal services and other products and goods
We will only process special category data where the processing is necessary for the purposes set out in this notice to carry out our legal obligations or exercise specific rights. The lawful basis for this is legitimate interest and the interests of us representing you.
Purposes for processing your personal data
We’ll only use your personal data for the purposes set out in this notice. If we need to use your personal data for something not specified in this notice, we’ll tell you why and the legal reason behind it.
We will use your personal data for various purposes:
- To promote or provide goods, training, consultation services, claims handling services, debt recovery services, legal advice, representation, or other legal services of any kind.
- For matter related purposes, such as responding to enquiries, resolving complaints or disputes, performing identity and verification checks, carrying out conflict of interest checks, billing, and payments, and to keep records.
- To manage and administer general business activities.
- For research, development, training, monitoring, or business improvement purposes.
- Monitoring our systems and processes to identify, record, and prevent fraudulent, criminal, and/or otherwise illegal activity.
- To verify identity, assess credit risk and comply with our general regulatory and statutory obligations.
- To respond to or in any way be involved in any investigation, enquiry, audit, review or request from a government entity, regulatory body, professional auditors, insurers, finance providers, or any of our clients, customers, or principals.
- To maintain security and manage access to our offices, systems, and our websites.
- To provide news and information services including email briefings and newsletters, to give access to online tools and competitions, and to invite you to events that we organise.
- To collect insights into how you interact with our services so that we can personalise our communications with you and improve our websites and services (including by seeking and obtaining your feedback) and develop new ones.
- To deal with your application for employment with us and maintain contact with past employees.
- Sharing personal data in connection with acquisitions and transfers of our business.
- To manage our supply chain including identifying and maintaining contact with service providers.
- To provide access to online or offline networks, platforms, or facilities of ours, or any of our clients, customers, or principals.
Who we share information with
In some circumstances, we may share your personal information with the following third parties where it is necessary;
We may also share your personal information with the third parties described below.
- Employees and agents of any client, customer, or principal of ours.
- Outsourcing service providers e.g. secretarial support businesses.
- Legal specialists including barristers, mediators, arbitrators, consultants, or experts engaged in a matter.
- Opponents or counterparties of any client, customer, or principal of ours.
- Our professional indemnity insurers and other insurers.
- Electronic identification platforms and credit reference agencies such as Creditsafe, Legl and Equifax, and their processors.
- Government, law enforcement, regulatory authorities, emergency services, and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
- Providers of services or goods acting as processors or joint controllers based in the United Kingdom or in the EEA (European Economic Area) who provide services or products to us.
- Anyone with a dispute against us or any of our clients, customers, or principals.
- Companies or entities with the same ultimate majority beneficial ownership as us.
- Businesses in connection with acquisitions or transfers of our business.
- External auditors.
- Our professional advisers.
- Government, law enforcement, regulatory authorities, emergency services, and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
- Suppliers of services (for example software service providers) based in the United Kingdom or in the EEA (European Economic Area) who provide services or products to us.
- Companies or entities with the same ultimate majority beneficial ownership as us.
- Businesses in connection with acquisitions or transfers of our business.
As part of our onboarding process, we use various platforms for the purpose of verifying identity, to assess credit risk and to prevent fraud and money laundering, and to trace contact details. For further information on how these organisations may process your personal data, please refer to their privacy policies.
https://legl.com/privacy-policy
https://www.equifax.co.uk/privacy-hub/crain
International transfers
We will not transfer your personal information outside the United Kingdom or the EEA (European Economic Area) unless the recipient and the purpose of processing is within the scope of this notice and under the following circumstances:
- where the transfer is to a country or other territory as assessed as having an adequate level of protection for personal information;
- on the basis that the transfer is compliant with the GDPR and other applicable laws;
- the transfer is permitted by applicable laws; or
- you explicitly consent to the transfer.
How long we keep information
We do not keep your personal information for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any legal, regulatory, or reporting obligations, or to assert or defend against legal claims.
Further information about our retention periods can be found in our records retention schedule, which is available on request.
How we protect your information
We are committed to maintaining high standards of confidentiality in relation to the information provided to us in the course of our business.
We have appropriate security measures in place to protect your personal information against any unauthorised or unlawful processing and against any accidental loss, destruction, or damage.
Our security measures are compliant with the ISO 27001 and Cyber Essentials, which are widely recognised as an indication of best practice in information security management.
If we share your personal information, we will make sure it’s managed properly and protected. We have strict contracts with service providers to ensure they keep your data safe. We only let others handle your data if we are sure they adopt the same standards of security and will treat your personal information in accordance with data protection laws.
Your data protection rights
Under data protection law, you have rights including:
- Your right of access - You have the right to ask us for copies of your personal data.
- Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.
To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
Marketing
We may contact you with news and developments if you have contacted us for legal services or bought services or agreed to get emails or texts.
We will also ask for your express consent before we share your personal data for marketing purposes.
You can ask us to stop sending you marketing messages by following the opt-out links on any marketing message sent to you or by contacting us at any time. You can also stop getting marketing emails or messages from us by emailing us at .
How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113