Privacy Policy

Privacy

At PCB Byrne LLP we take your privacy seriously.

This Privacy Notice explains how and why we collect, hold, use, disclose and otherwise process personal data relating to you. It sets out the categories of personal data we process, the purposes for which such data is used, and the legal bases on which we rely. The Notice also explains your rights under applicable data protection legislation, how to contact us regarding the processing of your personal data, how to raise a complaint with us, and how to contact the Information Commissioner's Office if you remain dissatisfied with the way in which your personal data has been handled. We would encourage you to read the information below.

Who are we

PCB Byrne LLP is a registered company (OC322793) and our registered office address is 4th Floor, 33 Gutter Lane, London, EC2V 8AS. It is a registered data controller (ICO registration number Z1158597) and regulated by the Solicitors Regulation Authority (SRA no. 447019).

What personal data or information do we collect

We may collect personal data about clients, prospective clients, job applicants, our current and former employees, suppliers, and external experts. The personal information we collect may include any of the following: 

• Identity and contact information, such as your name, date of birth, email address, postal address, telephone number, and information required for identity verification and anti-money laundering checks, including proof of address and photographic identification (for example, passport or driving licence details).
• Financial and transaction information, including bank or building society account details, payment card information, and records of payments made to or received from you or third parties.
• Technical and usage information, including information about how you access and use our website, systems and online services, and IP address.
• Marketing and communications information, including your preferences regarding the receipt of marketing communications from us and, where relevant, dietary requirements, accessibility needs and other information provided in connection with events hosted by or attended with us.
• Employment information, including employment history, qualifications, attendance and sickness records, disciplinary information, remuneration details and other employment-related records.
• Information relating to the provision of our services, including information provided by you, on your behalf, by third parties, or generated by us in the course of providing legal or professional services.
• Special category personal data, including information relating to health and other categories of personal data that are afforded additional protection under applicable data protection legislation.
• Criminal offence data, including information relating to criminal convictions, offences, allegations, investigations and related proceedings where permitted or required by law.

How do we collect data or information from you

We collect personal data from a variety of sources, including:

• Directly from you, through correspondence and interactions by email, instant messaging services, post, telephone, online forms and in-person meetings.
• From third parties, where you have authorised us to do so or where it is otherwise lawful and necessary for the provision of our services. This may include banks, building societies and other financial institutions, professional advisers and consultants, employers, accountants, pension administrators, trade unions, healthcare professionals and other relevant organisations or individuals.
• Through the systems and technologies we use to operate our business, including case and document management systems, time recording systems, website analytics tools, and monitoring of our IT infrastructure, computer networks and electronic communications systems. For further information about our use of cookies and online technologies, please see the section entitled "Cookies”.

How we use your personal data 

We collect your personal data or information to operate the firm effectively and provide you with a high-quality service. We may use your information:

• To deliver legal services in performance of our terms of engagement with you or to answer enquiries that you make prior to any formal instruction;
• To avoid any conflict of interest;
• To process a job application, fulfil our obligations as an employer, provide benefits to you as an employee
• In the case of special category data, where it is necessary for the purpose of obtaining legal advice, for the establishment, exercise or defence of legal claims or proceedings, or where we need to do so as an employer.
• To comply with legal, regulatory and quality standard obligations set out by the Solicitors Regulatory Authority and/or Lexcel;
• For our legitimate business interests. A legitimate interest is when we have a business or commercial reason to use your personal data, as long as this is not overridden by your own rights and interests.)
• Where it is necessary for the purpose of one of the ‘recognised legitimate interests’ listed in Annex 1 to the UK GDPR (e.g. protecting you from harm).
• We believe that all of these purposes are justified on the basis of our legitimate interests in running and promoting the firm, our contractual requirements to deliver the agreed legal services to you, and our legal obligations, both as an LLP and responsible employer.

Who we will share your personal data with 

• Professional advisers, consultants and experts engaged in connection with your matter, such as barristers, counsel, financial experts, medical experts and other specialist advisers.Brookland Computer Services – hosted IT platform;
• Providers of information technology, document management, reprographics, cloud hosting and other business support services.
• Our own professional advisers, including auditors, accountants, bankers, insurers and legal advisers.

Where we share personal data with third parties, we take appropriate steps to ensure that they maintain suitable technical and organisational measures to protect your personal data and process it in accordance with applicable data protection laws. We do not sell, rent or otherwise disclose personal data to third parties for their own marketing purposes.

Keeping your personal data secure

We take the security of your personal data seriously and implement appropriate technical and organisational measures designed to protect it against unauthorised or unlawful processing, accidental loss, destruction or damage.

While we take reasonable steps to safeguard personal data transmitted to us, no method of transmission over the internet or electronic storage can be guaranteed to be completely secure. Email communications, in particular, may be vulnerable to interception, corruption, delay, loss or unauthorised access. If you would prefer us not to communicate with you by email, please let us know and we will discuss alternative methods of communication where appropriate.

Our security measures include access controls, encryption technologies where appropriate, staff training, and policies and procedures designed to promote the secure handling of personal data. We regularly review these measures to ensure they remain effective and appropriate to the nature of the personal data we process.

We have established procedures for identifying, investigating and responding to actual or suspected personal data breaches. Where required by applicable law, we will notify affected individuals and the relevant supervisory authority of a personal data breach.

Transferring your personal data outside of the United Kingdom

In the course of providing our services, it may be necessary for us to transfer or make your personal data accessible outside the United Kingdom. This may occur, for example:

• where you, a third party involved in your matter, or one of our service providers is located outside the UK;
• where the legal matter on which we are advising or representing you has an international element; or
• where access to personal data from another jurisdiction is necessary for the provision of our services or the operation of our business.

Where we transfer personal data outside the UK, we will ensure that an appropriate level of protection is afforded to that data in accordance with applicable UK data protection legislation. This may include transferring personal data:

• to a country, territory, sector or international organisation that is the subject of UK adequacy regulations;
• under approved contractual safeguards, such as the UK International Data Transfer Agreement (IDTA) or other approved transfer mechanisms; or
• where a permitted exception under UK data protection law applies.

We take appropriate steps to ensure that any international transfer of personal data is carried out securely and that your rights and freedoms remain protected.

If you would like further information about the safeguards we apply when transferring personal data outside the UK, please contact our Data Protection Manager, Nick Ractliff (nractliff@pcb-byrne.com).

Retention and Storage of Personal Data 

We retain personal data in accordance with our records retention policy and any applicable contractual, legal, regulatory and professional obligations. In most cases, we retain personal data relating to client matters for a period of six years following the conclusion of the matter. However, retention periods may vary depending on the nature of the information, the purpose for which it was collected, applicable legal or regulatory requirements, relevant limitation periods, and our legitimate business needs.

When personal data is no longer required for the purposes for which it was collected and retained, we will securely delete, destroy or anonymise it in accordance with our retention and disposal procedures.

Your rights to access personal data 

If you believe that any personal data we hold about you is inaccurate or incomplete, please contact us so that we can review and, where appropriate, correct or update our records.

• Right of access – the right to request a copy of the personal data we hold about you (see “Your rights to access personal data” above).
• Right to rectification – the right to request that we correct or complete any inaccurate or incomplete personal data we hold about you.
• Right to erasure – in certain circumstances, the right to request that we delete personal data we hold about you.
• Right to restriction of processing – in certain circumstances, the right to request that we limit the way we use your personal data.
• Right to data portability – the right to request that we transfer your personal data to another organisation, where this right applies.
• Right to object – the right to object to certain types of processing, including processing based on legitimate interests and processing for direct marketing purposes.
• Rights in relation to automated decision-making – the right not to be subject to a decision based solely on automated processing, including profiling, where such a decision produces legal or similarly significant effects on you.

If you would like to exercise any of your rights, please: 

• Contact by post  Data Protection Lead, PCB Byrne LLP, 4th Floor, 33 Gutter Lane, London, EC2V 8AS or by email, datacontroller@pcbbyrne.com
• Kindly provide us with enough information to identify you (ie. your full name, address and matter number);
• Provide us with proof of your identity and address (eg. a copy of your driving licence or passport and a recent utility or credit card bill);
• Inform us which right you wish to exercise; and
• Let us know the information to which your request relates, including any applicable matter number(s), if you have them

Cookies 

We use cookies and similar technologies to distinguish you from other users of our website. This helps us to provide you with a better browsing experience and allows us to analyse how the website is used, including the number of visitors, how visitors arrive at the site, and which pages are viewed.

If you believe that we have not complied with applicable data protection law in relation to the way we have handled your personal data (or personal data relating to someone you are acting on behalf of), you may contact us to make a data protection complaint.

We operate an internal complaints process for data protection concerns. Please submit your complaint to our dedicated email address: datacontroller@pcbbyrne.com.

We will acknowledge receipt of your complaint without undue delay and, in any event, within 30 days. We will investigate your complaint and provide you with an update on the expected timeframe for our response. If our investigation takes longer than initially anticipated, we will keep you informed of progress. Once our investigation is complete, we will provide you with a written outcome explaining our findings and any action taken.