Privacy Statement

Download as a PDF

Introduction

Plexus Legal LLP is a limited liability partnership with registration number OC416421 and Plexus North LLP is a limited liability partnership with registration number OC423092. Both entities were incorporated in England & Wales and have their registered office address at Joseph’s Well, Hanover Walk, Leeds, LS3 1AB. Plexus Legal LLP is authorised and regulated and by the Solicitors Regulation Authority and Plexus North LLP is authorised and regulated by the Law Society of Scotland as a firm of solicitors.

Together and separately these entities are referred to as “Plexus”.

Plexus takes data protection very seriously and will look at minimisation opportunities and ways to limit the processing of your data where feasible. You will appreciate that as a firm of solicitors, confidentiality is at the very core of our business.

What information do we obtain from you?

Essentially we will require such information as is necessary to enable us to provide legal services to you or your insurer either on your behalf or under the insurer’s rights to pursue claims where they have indemnified you.  The type of information will include personal data and is likely to include special category personal data – for example medical information (previously referred to as sensitive personal data) and may be held by us in a paper or electronic format.

The legal basis for processing (handling/holding) your personal data

The legal basis for processing your personal data depends on the circumstances. The basis may be:

1.  you have given your consent to the processing of your personal data; or
2.  the processing is necessary to perform a contract you have entered into. For instance, where you have entered into a contract of insurance with an insurer where the insurer indemnifies you against a claim, the insurer will invariably be entitled under the policy contract to take action to either defend a claim made or recover the loss suffered from a third party and you are likely contractually obliged to co-operate in such proceedings;
3.  the processing is necessary for the compliance with a legal obligation to which we are subject;
4.  the processing may be necessary for the purposes of the legitimate interests pursued by your insurer, your employer or us. In these circumstances the legitimate interests could be the interest an insurer or employer has in defending or making a claim where they have indemnified you against a loss and the event giving rise to the claim/loss.  The legitimate interests of a firm of solicitors may be to undertake legal action for or on behalf of its clients, i.e. the right to practice law.

What do we do with the information we do obtain from you?

Our use of your personal data is subject to your instructions, the General Data Protection Regulation (GDPR) and the Data Protection Act, 2018, any replacement legislation in force in the United Kingdom from time-to-time (the data protection legislation) and our duty of confidentiality owed as regulated solicitors.

We use the information you provide primarily to provide legal services to you, but we may also use it for other purposes including:

• obtaining satisfaction of our invoices using a third-party service provider;
• updating and enhancing client records;
• analysis to help us manage our Firm;
• detection and the prevention of crime; this service may be undertaken by a third-party provider for us on a strictly confidential basis;
• sharing your personal data with third parties such as expert witnesses, barristers and your insurer;
• the development and/or maintenance of a data base to be used as a crime screening tool and/or the development of a mathematical algorithm to try and prevent or reduce the incidence of crime and in particular fraud; this function may be undertaken for us by a 3rd party provider on a strictly confidential basis. If your data is used in such a database, you will appreciate that such data may not be destroyed within the parameters of our normal data retention policy and may be retained indefinitely thereon.  No sensitive personal data will be used or retained during this exercise.
• call recording – your information will be kept confidential at all times but may be used in the monitoring of telephone conversations to ensure service level standards are maintained and to aid dispute resolution in the event of a complaint. Your information may also be used for training purposes. We will ensure that you cannot be identified from the training material which is used;
• external auditing, the management of complaints and training; these aspects may be undertaken by a third party, but it will be on a strictly confidential basis and we will ensure that access to your data is controlled;
• internal file auditing;
• legal and regulatory compliance;
• contacting you for the purpose of investigating opportunities for further processing or consent.

If you no longer want to receive information from us

If you no longer wish us to communicate with you please email marketing@plexuslaw.co.uk or alternatively you can either write to our Compliance Manager with the subject heading “No more contact” at Josephs Well, Hanover Walk, Leeds, LS3 1AB or telephone our Compliance Manager on 0113 468 1857.

Transfer of information abroad

We will not transfer your personal data abroad without your explicit prior consent.

Security

We have robust information security management systems in place to protect your personal data. All electronic data transfers to Plexus Law are encrypted and all IT systems containing our clients’ data have rigorously audited technical controls to ensure confidentiality and integrity of all information is maintained at all times. In addition, we are Cyber Essentials accredited and are Lexcel accredited, the former demonstrating how seriously we take data security and the latter accreditation is accepted as requiring an enhanced level of regulatory compliance by the Law Society of England & Wales.

CCTV

We operate CCTV inside the main entrances to our premises in Leeds, which may record visitors to our office and their activities. We display notices to make it clear that these areas are subject to surveillance. We will only release footage where there is a legal obligation, to protect the vital interests of a data subject or another person. Processing is necessary for the purposes of our legitimate interests and may be overridden by the interests or fundamental rights and freedoms of data subjects especially where the data subject is a child. We use this information as necessary for our legitimate interests in administering your visit, ensuring site security and the safety of visitors and staff.

CCTV recordings are kept for a period of 48 hours only before they are recorded over.

Cookies

Cookies are text files placed on your computer to collect standard internet and visitor behaviour information. The information is used to track visitor use of our website and for statistics compiled on website activity.  For more information visit: www.allaboutcookies.org .

Telephone calls

We do record our telephone calls from time-to-time to ensure service levels, for training and aid resolving complaints/disputes.

Data Protection Officer

Our Data Protection Officer is Rob Gray our General Counsel and Company Secretary and he can be contacted by email at rob.gray@plexuslaw.co.uk or you can write to him at Plexus Law, 3^rd Floor, Peninsular House, 30-36 Monument Street, London, EC3R 8NB.

Retention of Personal Data

We have a Data Retention & Destruction Policy and in terms of that policy we destroy archived data after 7 years but reserve the right to do so earlier if we deem it appropriate. However, we also reserve the right in certain circumstances to hold your data for longer than 7 years, but in such event, it will not be accessible except in a secure retrieval process prescribed in our policies and procedures.  In the event of us retaining your personal data for more than 7 years, we also reserve the right to securely delete some of your personal data that we do not regard as necessary to retain (minimisation) in the circumstances.

Data Protection Regulator and Complaints Handling

You may complain about our conduct in relation to data protection matters to the regulator of data protection in the UK, The Information Commissioner, by writing to them at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or telephoning them on 0303  123 1113.

Contacts, Subject Access Requests, Correction or Deletion of Data

If you have any questions about our Privacy Statement or want to exercise your rights under the data protection legislation to see a copy of the information that we hold about you, or think that information we hold about you may need to be corrected, want to delete all or any part of it or object to the processing on legitimate grounds, please contact us with the subject heading “Data Privacy” to regulatory&complianceinbox@plexuslaw.co.uk or send a signed letter addressed to our Compliance Manager at Josephs Well, Hanover Walk, Leeds, LS3 1AB.

Revisions to this Statement

We may change this Statement from time-to-time by updating this page.

Date: May 2019