Introduction

We are committed to protecting your privacy and will comply with data protection laws to safeguard your personal data. In this notice, we will tell you how we will use and share your personal information, your privacy rights, and the legal protections in place.

When we mention “Flint Bishop”, “we”, “us” or “our” in this privacy notice, we are referring to the relevant business responsible for processing your data. 

We may update our privacy notice due to business needs, industry standards, or the law. We’ll post any updates on our website.

Who we are

Flint Bishop LLP is a national law firm with a head office in Derby. Our registration number is .

We will act as the data controller in relation to personal information used in our business for our own commercial purposes and provision of the services. We’re the data controller when we decide why and how personal data is used.

We may also act as processor in limited circumstances, which means that we will process personal data on behalf of someone else, like our clients. Where we are acting as a processor, we have duties to the data controller and are bound to take instructions from the data controller in relation to the management of personal data.

Who does this privacy notice apply to

This privacy notice applies to everyone whose personal information we collect and process, except for our current or former employees who have their own separate privacy notice.

This includes current, former, or prospective:

  • Clients, customers, or principals
  • Suppliers of goods, services or both
  • Advisers or consultants
  • Auditors or certification/accreditation providers
  • Regulators
  • Professional associations or other professional bodies
  • Government organisations
  • Charitable organisations
  • Experts or witnesses
  • Opponents
  • People involved in legal proceedings
  • Counterparties to any arrangement or contract
  • Advisers or representatives of any of the above
  • People we contact for marketing or whose details we otherwise process in connection with our marketing
  • Natural persons who work at or represent any of the above

Type of personal data that we collect about you

Personal data is any information that relates to you and that identifies you either directly from information or indirectly by reference to other information that we have access to. It does not include data where the identity has been removed (anonymous data).

Categories of personal data that we collect include:

  • Contact information such as your name, postal address, email addresses and telephone number.
  • Identity information such as marital status, employment status, title, date of birth and gender.
  • Biographical information such as job title, employer, photograph and video or audio content including you.
  • Marketing information and communications preferences, feedback, and survey responses.
  • Billing and financial information such as bank account details, card details, income, asset lists, credit history, country court judgment details, and information relating to payments and transactions.
  • Technical Data including information which we automatically capture when you visit our website such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Services information which can include information about how you use our website, online platforms, software applications and services.
  • Special categories of data such as race and ethnicity, trade union membership, information about political opinions or religious beliefs, or information about your health and genetic and biometric data.
  • Information relating to children or regarding criminal matters.

Information we collect from you

We collect personal data directly from you as follows:

  • When you make enquiries about our services
  • When you use our legal services
  • Where you provide services or goods to us
  • When you register to receive news services or provide communication preferences
  • When you use our website or interact with us online
  • When you apply for a job with us
  • If you attend one of our offices or events

Personal information we collect from third parties

We may obtain personal information from any of the following:

  • Our clients when we handle personal data on their behalf.
  • Third parties and suppliers we deal with as part of our service delivery or any other trading/commercial activities or affairs.
  • Electronic identification platforms and credit reference agencies such as Credit Safe, Legl and Equifax.
  • Intermediaries, agents, or representatives.
  • Regulatory bodies such as the SRA and Information Commissioner’s Office.
  • Public registries such Companies House, Intellectual Property Office, Disclosure and Barring Service, Land Registry, Electoral Register.
  • Professional networks such as LinkedIn.
  • Websites.
  • Social media.
  • Analytics providers such as Google (based outside the EU).
  • Advertising networks.
  • Search information providers.
  • When you use our apps, website, or online platforms, we may gather information about your devices, how you browse. You can learn more in our cookies

Our lawful basis for the use of your personal data

We will only use your personal data in the following circumstances:

  • Where we have your consent
  • To perform a contract with you
  • To comply with a legal obligation
  • When there is a legitimate business interest, and it is fair and reasonable to do so

Examples of legitimate business interests include:

  • Researching, developing, producing, or improving products or services
  • Receiving goods or services
  • Human resource or other operational management
  • Goodwill or reputation protection
  • Business running, improvement, growing or protection
  • Business or asset protection such as security measures
  • Protection or wellbeing of staff and other natural persons
  • Compliance with legal, regulatory, professional and industry standards
  • Supporting and dealing with enquiries or complaints
  • Establishing and maintaining business opportunities and relationships
  • Promoting and/or providing legal services and other product and goods

We will only process special category data where the processing is necessary for the purposes set out in this notice to carry out our legal obligations or exercise specific rights. The lawful basis for this is legitimate interest and the interests of us representing you.

Purposes for processing your personal data

We’ll only use your personal data for the purposes set out in this notice. If we need to use your personal data for something not specified in this notice, we’ll tell you why and the legal reason behind it.

We will use your personal data for various purposes:

  • To promote or provide goods, training, consultation services, claims handling services, debt recovery services, legal advice, representation, or other legal services of any kind.
  • For matter related purposes, such as responding to enquiries, resolving complaints or disputes, performing identity and verification checks, carrying out conflict of interest checks, billing and payments, and to keep records.
  • To manage and administer general business activities.
  • For research, development, training, monitoring, or business improvement purposes.
  • Monitoring our systems and processes to identify, record, and prevent fraudulent, criminal and/or otherwise illegal activity.
  • To verify identity, assess credit risk and comply with our general regulatory and statutory obligations.
  • To respond to or in any way be involved in any investigation, enquiry, audit, review or request from a government entity, regulatory body, professional auditors, insurers, finance providers, or any of our clients, customers, or principals.
  • To maintain security and manage access to our offices, systems, and our websites.
  • To provide news and information services including email briefings and newsletters, to give access to online tools and competitions, and to invite you to events that we organise.
  • To collect insights into how you interact with our services so that we can personalise our communications with you and improve our websites and services (including by seeking and obtaining your feedback) and develop new ones.
  • To deal with your application for employment with us and maintain contact with past employees.
  • Sharing personal data in connection with acquisitions and transfers of our business.
  • To manage our supply chain including identifying and maintaining contact with service providers.
  • To provide access to online or offline networks, platforms, or facilities of ours, or any of our clients, customers, or principals.

Sharing and transferring your personal data

We will not share your personal information with third parties except where it is necessary.

As part of our client onboarding process, we may disclose your personal data to client identification platforms including Legl and Equifax. Equifax keep a record of that information and provide it (and the fact that a search was made) to its other customers for the purpose of verifying identity, to assess credit risk and to prevent fraud and money laundering, and to locate debtors. For further information on how they process your personal data, please refer to their privacy policies.

https://legl.com/privacy-policy  

https://www.equifax.co.uk/privacy-hub/crain

We may also share your personal information with the third parties described below.

  • Employees and agents of any client, customer, or principal of ours.
  • Third parties that we outsource services to , such as postal services or secretarial support businesses.
  • Legal specialists including barristers, mediators, arbitrators, consultants, or experts engaged in a matter.
  • Opponents or counterparties of any client, customer, or principal of ours.
  • Government, law enforcement, regulatory authorities, emergency services, and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
  • Providers of services or goods acting as processors or joint controllers based in the United Kingdom or in the EEA (European Economic Area) who provide services or products to us.
  • Anyone with a dispute against us or any of our clients, customers, or principals.
  • Companies or entities with the same ultimate majority beneficial ownership as us.
  • Businesses in connection with acquisitions or transfers of our business.

International transfers

We will not transfer your personal data outside the UK unless the recipient and the purpose of processing is within the scope of this notice.  

We will only transfer your personal data outside of the EEA under the following circumstances:

  • where the transfer is to a country or other territory as assessed as having an adequate level of protection for personal data;
  • on the basis that the transfer is compliant with the GDPR and other applicable laws;
  • the transfer is permitted by applicable laws; or
  • you explicitly consent to the transfer.

How we protect your personal information

We have appropriate security measures in place to protect your personal information against any unauthorised or unlawful processing and against any accidental loss, destruction, or damage.  

Our information security policies, controls, and processes are compliant with the ISO 27001 security standard. ISO 27001 is an international information security standard which is widely recognised as an indication of best practice in information security and information risk management.

We require our supply chain to adopt the same standards of security and to treat your personal information in accordance with data protection laws.

How long will you use my personal data for?

We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any legal, regulatory, or reporting obligations, or to assert or defend against legal claims. Further information about our retention periods can be found in our Retention and Destruction Schedule.

Your rights as a data subject

You have rights regarding your personal data. More information on these rights can be obtained from the website of the Information Commissioner’s Office (ICO), the UK’s data protection authority, at: individual rights

Should you wish to exercise any of your rights, or if you have any issues or concerns about how we have handled your data, please contact our Compliance team who provide support to our Data Protection Officer, by email at or by post Pinnacle Building, 2 Prospect Place, Pride Park, Derby, DE24 8HG, United Kingdom. If we can’t resolve your concerns, you can complain to the ICO. You can find their contact details here: https://ico.org.uk/concerns/

Marketing

We may contact you with news and developments if you have contacted us for legal services or bought services or agreed to get emails or texts.

We will also ask for your express consent before we share your personal data with any company outside Flint Bishop LLP for marketing purposes.

You can ask us to stop sending you marketing messages by following the opt-out links on any marketing message sent to you or by contacting us at any time. You can also stop getting marketing emails or messages from us by emailing us at .