To download as a PDF please click here.
Plexus Legal LLP is a limited liability partnership with registration number OC416421 and Plexus North LLP is a limited liability partnership with registration number OC423092. Both entities were incorporated in England & Wales and have their registered office address at Joseph’s Well, Hanover Walk, Leeds, LS3 1AB. Plexus Legal LLP is authorised and regulated and by the Solicitors Regulation Authority and Plexus North LLP is authorised and regulated by the Law Society of Scotland as a firm of solicitors.
Together and separately these entities are referred to as “Plexus”.
Plexus takes data protection very seriously and will look at minimisation opportunities and ways to limit the processing of your data where feasible. You will appreciate that as a firm of solicitors, confidentiality is at the very core of our business.
What information do we obtain from you?
Essentially we will require such information as is necessary to enable us to provide legal services to you, your employer, your or your employer’s insurer (collectively, “our client”) in order to pursue claims where they have indemnified our client. We will also require such information as is necessary to enable us to provide legal services to our client where you have brought a claim against them. The type of information will include personal data and is likely to include special category personal data – for example medical information (previously referred to as sensitive personal data) and may be held by us in a paper or electronic format.
The legal basis for processing (handling/holding) your personal data
The legal basis for processing your personal data depends on the circumstances. The basis may be:
- the processing is necessary to perform a contract you or your employer have entered into. For instance, where you/your employer has entered into a contract of insurance with an insurer where the insurer indemnifies you/your employer against a claim, the insurer will invariably be entitled under the policy contract to take action to either defend a claim made or recover the loss suffered from a third party and you and/or your employer are likely contractually to be obliged to co-operate in such proceedings; and/or
- the processing is necessary for the compliance with a legal obligation to which we and/or or our client are subject. An example of this is that we may run checks on you in order to comply with the financial sanctions and/or anti-money laundering legislation; and/or
- the processing may be necessary for the purposes of the legitimate interests pursued by your employer and/or the insurer (collectively “our client”) or us. In these circumstances the legitimate interests could be investigating and defending third party claims made against our client. The legitimate interests of a firm of solicitors may be to undertake legal action for or on behalf of its clients, i.e. the right to practice law; and/or
- you have given your consent to the processing of your personal data.
What do we do with the information we do obtain from you?
Our use of your personal data is subject to your instructions, the General Data Protection Regulation (GDPR) and the Data Protection Act, 2018, any replacement legislation in force in the United Kingdom from time-to-time (the data protection legislation) and our duty of confidentiality owed as regulated solicitors.
We use the information you provide primarily to provide legal services to you or our client, but we may also use it for other purposes including:
- obtaining satisfaction of our invoices using a third-party service provider;
- updating and enhancing client and third-party records;
- analysis to help us manage our Firm;
- detection and the prevention of crime; this service may be undertaken by a third-party provider for us on a strictly confidential basis;
- sharing your personal data with third parties such as expert witnesses, barristers and your insurer or employer;
- the development and/or maintenance of a data base to be used as a crime screening tool and/or the development of a mathematical algorithm to try and prevent or reduce the incidence of crime and in particular fraud; this function may be undertaken for us by a 3rd party provider on a strictly confidential basis. If your data is used in such a database, you will appreciate that such data may not be destroyed within the parameters of our normal data retention policy and may be retained indefinitely thereon. No sensitive personal data will be used or retained during this exercise;
- In the case of third-party claims, passing your information to the Claims Underwriting Exchange Register and (where appropriate) the Motor Insurance Anti-Fraud and Theft Register, both run by the Motor Insurers Bureau. Insurers may search these databases when you apply for insurance, in the event of any incident or claim, or at time of renewal to validate your claims history or that of any other person or property likely to be involved in the policy or claim.
- in order to prevent and detect fraud, we may also share information about you with other organisations including the Police, conduct searches about you using publicly available databases check and/or share your details with fraud prevention and detection agencies.
- call recording – your information will be kept confidential at all times but may be used in the monitoring of telephone conversations to ensure service level standards are maintained and to aid dispute resolution in the event of a complaint. Your information may also be used for training purposes. We will ensure that you cannot be identified from the training material which is used;
- external auditing, the management of complaints and training; these aspects may be undertaken by a third party, but it will be on a strictly confidential basis and we will ensure that access to your data is controlled;
- internal file auditing;
- legal and regulatory compliance (e.g. financial sanctions and anti-money laundering checks);
- contacting you for the purpose of investigating opportunities for further processing or consent.
If you no longer want to receive information from us
If you no longer wish us to communicate with you please email firstname.lastname@example.org or alternatively you can either write to our Compliance Manager with the subject heading “No more contact” at Josephs Well, Hanover Walk, Leeds, LS3 1AB or telephone our Compliance Manager on 0113 468 1857.
Transfer of information abroad
We will not transfer your personal data abroad without your explicit prior consent.
We have robust information security management systems in place to protect your personal data. All electronic data transfers to Plexus Law are encrypted and all IT systems containing our clients’ data have rigorously audited technical controls to ensure confidentiality and integrity of all information is maintained at all times. In addition, we are Cyber Essentials accredited and are Lexcel accredited, the former demonstrating how seriously we take data security and the latter accreditation is accepted as requiring an enhanced level of regulatory compliance by the Law Society of England & Wales.
We operate CCTV inside the main entrances to our premises in Leeds, which may record visitors to our office and their activities. We display notices to make it clear that these areas are subject to surveillance. We will only release footage where there is a legal obligation, to protect the vital interests of a data subject or another person. Processing is necessary for the purposes of our legitimate interests and may be overridden by the interests or fundamental rights and freedoms of data subjects especially where the data subject is a child. We use this information as necessary for our legitimate interests in administering your visit, ensuring site security and the safety of visitors and staff.
CCTV recordings are kept for a period of 48 hours only before they are recorded over.
Cookies are text files placed on your computer to collect standard internet and visitor behaviour information. The information is used to track visitor use of our website and for statistics compiled on website activity. For more information visit: www.allaboutcookies.org.
We do record our telephone calls from time-to-time to ensure service levels, for training and aid resolving complaints/disputes.
Data Protection Officer
Our Data Protection Officer is Rob Gray our General Counsel and Company Secretary and he can be contacted by email at email@example.com or you can write to him at Plexus Law, 3rd Floor, Peninsular House, 30-36 Monument Street, London, EC3R 8NB.
Retention of Personal Data
We have a Data Retention & Destruction Policy and in terms of that policy we destroy archived data after 7 years but reserve the right to do so earlier if we deem it appropriate. However, we also reserve the right in certain circumstances to hold your data for longer than 7 years, but in such event, it will not be accessible except in a secure retrieval process prescribed in our policies and procedures. In the event of us retaining your personal data for more than 7 years, we also reserve the right to securely delete some of your personal data that we do not regard as necessary to retain (minimisation) in the circumstances.
Data Protection Regulator and Complaints Handling
You may complain about our conduct in relation to data protection matters to the regulator of data protection in the UK, The Information Commissioner, by writing to them at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or telephoning them on 0303 123 1113.
Contacts, Subject Access Requests, Correction or Deletion of Data
If you have any questions about our Privacy Statement or want to exercise your rights under the data protection legislation to see a copy of the information that we hold about you, or think that information we hold about you may need to be corrected, want to delete all or any part of it or object to the processing on legitimate grounds, please contact us with the subject heading “Data Privacy” to firstname.lastname@example.org or send a signed letter addressed to our Compliance Manager at Josephs Well, Hanover Walk, Leeds, LS3 1AB.
Revisions to this Statement
We may change this Statement from time-to-time by updating this page.
Date: February 2020