Lu Oliphant LLP of 10 Bloomsbury Way, London WC2A 1SL is registered with the United Kingdom’s Information Commissioner as a controller of personal data under for the purpose of Data Protection laws under ICO registration number Z3036484.
We are committed to protecting and respecting your privacy.
This privacy notice sets out the basis for which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following in order to understand our practices regarding your personal data and how we will treat it.
Lu Oliphant does not sell or rent user information to anyone.
Information that Lu Oliphant may collect about you
All client data will be held by us in our manual and electronic filing systems.
This may include:
contact details (including names, postal addresses, email addresses and telephone numbers);
ID documents and other records.
How your personal information may be collected
Your personal information may be collected directly from you during the process of setting you up as a client of ours or during the course of taking instructions from you or providing you with legal advice. We may also collect information from third parties, including background check agencies, credit reference agencies and other online sources.
How we will use your personal information
We will only use your information when it is fair and lawful to do so. Most commonly, we will use your personal information in the following circumstances:
1. Where we need to perform the contract that we have entered into with you;
2. Where we need to comply with a legal obligation;
3. Where it is necessary for our legitimate interests (or those of a third party), namely to provide you with advice and assistance or in facilitating and enabling the management of all matters relating to our business, but only where your interests and fundamental rights do not override those interests;
4. Where you have expressly given your consent and that consent has not subsequently been withdrawn by you.
We may also use your personal information in the following circumstances, which are likely to be rare:
5. Where we need to protect your interests (or someone’s interests).
6. Where it is needed in the public interest.
Examples of situations where we will process your personal data are as follows:
to fulfil our contract with you;
to provide you with our services;
creating a client account for you;
making payments to and on your behalf;
to prevent fraud and to satisfy our legal obligations under The Money Laundering Regulations 2017 and other financial crime legislation;
to provide you with information about our services;
to invite you to events or seminars that may be of interest to you;
to provide you with updates about the law and other topics that may be of interest to you;
for marketing and advertising purposes; and
the enforcement of legal claims including debt collection including via out-of-court procedures.
Failure to provide personal information
Failure to provide certain information when requested may result in us being unable to perform both our legal obligations and our contractual duties to you, such as making payments to and on your behalf.
Sensitive Personal Information
We may also collect, store and use in the exercise or defence of legal claims where relevant the below “special categories” of more sensitive personal information:
Information about health, including sickness records, medical conditions and other records;
Information about race or ethnicity, religious beliefs, trade union membership, sexual orientation and political opinion;
Information about criminal convictions and offences.
We will only process these ‘special categories of personal data’ to the extent necessary for the establishment, exercise or defence of legal claims (which might include employment or discrimination litigation, for example); or with your explicit written consent which you can withdraw at any time.
Disclosure of your information
We may share your personal information with third parties, where this is reasonably necessary, for the purposes set out in this Policy. Third parties may include other lawyers, advisers and expert witnesses (including barristers, mediators and foreign lawyers), third-party service providers (including contractors and agents), regulatory bodies (such as the SRA) and law enforcement agencies.
Data may also be disclosed if we are under a duty to share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of business and other agreements from time to time; or to protect the rights, property or safety of members of staff of Lu Oliphant LLP, our clients or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
International transfer and storage of data
The personal information you provide to the Firm will be transferred and stored outside of the EEA for the purposes of carrying out administration and other functions necessary to provide our legal services to you. Any personal information transferred will receive an adequate level of protection as required by Data Protection laws. Third parties will only process your personal information on our instructions and in the agreement that the information is kept secure and confidential.
Where any transfer is made to a third party supplier (for example to someone that we have outsourced an administrative function to) outside of the EEA and the European Commission has not made an adequacy decision in relation to the laws of that country, we will ensure that appropriate safeguards are in place prior to any transfer of your data. Those safeguards are likely to consist of either the use of standard data protection clauses adopted or approved by the European Commission or transfer to a US based recipient which is a member of the EU-US Privacy Shield self-certification arrangement or an equivalent regime.
Where any transfer is made to another lawyer, adviser or expert witness outside of the EEA we will usually only do this on the basis that the transfer is necessary for the performance of our contract with you.
Under certain circumstances, you have the right to:
- Access your information
You are entitled to request access to the information we hold about you (known as a ‘data subject access request’). You are entitled to receive a copy of the personal information we hold about you and to check that it is being lawfully processed.
- Correct your information
If the information we hold for you is incomplete or incorrect, you have the right to request a correction.
- Request erasure
Where there are no reasons for continuing the processing of your personal information, you are able to request the removal or deletion of the personal information.
- Object to processing
Where the firm relies on legitimate interest for the processing of your personal information, or for the purposes of direct marketing, you have the right to object to the processing.
- Request the restriction of processing
You are entitled to request for a suspension for the processing of your personal information, for example, if you are awaiting the reasons for the processing of the information or require us to establish its accuracy.
- Transfer your personal information
You are able to request the transfer of your personal information to another party.
The accuracy of your information is important to us. If you would like to update, review, verify, correct or request erasure of your personal information, object to the processing of your personal data or request that we transfer a copy of your personal information to another party, please contact:
No fee usually required
These rights are available to you at no cost; however, we may charge a reasonable fee where a request is deemed to be excessive or unfounded. In such circumstances, we may otherwise refuse to comply with the request.
How long your personal data may be kept
Our retention period is based on statutory authority and will be held for a minimum of six years, which may be extended dependant on the nature of your relationship with the firm. Personal information may be retained for as long as necessary to comply with our legal obligations, or in order to protect your or another person’s vital interests.
We understand the importance of protecting your privacy and we will ensure your data is safeguarded and held securely in accordance with our obligations under the Data Protection laws. Appropriate technical and organisational measures have been implemented to ensure personal information is protected and to prevent your personal data from being lost, used, accessed in an unauthorised way, altered or disclosed. Details of these measures are available upon request. We also limit access to your personal information to those employees, contractors and other third parties who have a business need to know. This access will be granted on a confidential basis and processing of the information will only take place subject to our instruction.
The firm has in place procedures to deal with any potential data security breaches, and data subjects and any applicable regulators will be notified where we are legally required to do so.
If you consider that our processing of your personal information infringes the Data Protection laws, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
By email at firstname.lastname@example.org
or write to us at FAO of Risk and Compliance Officer, Lu Oliphant LLP, 10 Bloomsbury Way, London WC2A 2SL.
We reserve the right to revise this policy or any part of it from time to time and will create a new policy notice where any substantial updates are made. We may also notify you through other means about the processing of your information.