LEXLEYTON WEBSITE PRIVACY NOTICE

LexLeyton respects your privacy and is committed to protecting your personal data. This notice explains how we look after your personal data and also tells you about your privacy rights and how the law protects you.

This notice is provided in a layered format so that you can click through to the specific areas set out below. Please also use the Glossary to understand the meaning of some of the terms used in this privacy notice.

 

PURPOSE OF THIS PRIVACY NOTICE

This notice is intended to reflect the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK-GDPR) and the Data Protection Act 2018 (DPA 2018) and offers you the information required by Article 13 of the UK-GDPR.  It is specific to  how LexLeyton collects and processes your personal data as a client, visitor to our website, a third party to a legal dispute, or if you fill out an enquiry form requesting information on the services that we offer, or about a position at our company. 

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy notice supplements other notices and privacy notices and is not intended to override them.

 

CONTROLLER

LexLeyton is the trading name for Leyton UK Partners LLP and Leyton Legal (Scotland) LLP.

For the purposes of this notice the entities responsible for your personal data as data controllers are:

  • Leyton UK Partners LLP, a limited liability partnership registered in England and Wales (OC388386). Registered office: Harmsworth House, 13-15 Bouverie Street, London, England, EC4Y 8DP. Authorised and regulated by the Solicitors Regulation Authority under SRA number 619453; and
  • Leyton Legal (Scotland) LLP, a limited liability partnership registered in Scotland (SO305978). Registered office 8th Floor, Lomond House, 9 George Square, Glasgow, G2 1DY. Authorised and regulated by the Law Society of Scotland under practice number 53122. A list of members of each LLP may be inspected at their respective registered offices.

LexLeyton is part of a group of entities, which together, are owned by THÉSÉE S.A.S, a company based in the EU, and are referred to as the “Leyton Group”. When we mention “Company”, “we”, “us” or “our” in this privacy notice, we are referring to LexLeyton only.  Where we refer to “you” or “your”, we are referring to you as our client or third party to a legal dispute, a visitor to our website, or an applicant to one of our job vacancies, depending on the context.

We have appointed a data protection officer (DPO) based in the UK and the Leyton Group benefits from a committee of professionals that work across the group to harmonise information handling practices.  If you have any questions about this notice or our data protection practices please contact the UK DPO:

Legal Entity

LexLeyton

ICO Registration

ZA496047

Address

Harmsworth House, 13-15 Bouverie Street, London, EC4Y 8DP

DPO Email

dpm@lexleyton.com

Telephone

0207 3871 6333

 

You have the right to make a complaint at any time if you have concerns about how we manage your data to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). However, we would welcome the chance to fully investigate and deal with your concerns directly before you approach the ICO, so please do contact us in the first instance so that we can do our best to address any concerns that you may have.

The type of personal data, our reasons for processing personal data and the manner in which we process personal data will all depend on whether you are a client, a job applicant, or simply a visitor to our website. More detail on this can be find below.

 

CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES

We keep our privacy notice under regular review. This version was last updated in May 2021. Historic versions can be obtained by contacting us.

It is important that the personal data we hold about you is accurate and current. If you are a client, a job applicant or if you receive updates and newsletters from us, please keep us informed if your personal data changes during your relationship with us.

 

FROM WHERE DO WE COLLECT PERSONAL DATA?

We collect personal data in two main ways:

  • Directly from the you
    • Personal data that we receive directly from you (e.g. where we meet, where you contact us proactively; usually by phone/ email, and/or where we contact you; whether by phone or email or any other form of communication);
  • Indirectly from someone else
    • Personal data that we receive from other sources; such as from other Leyton Group businesses, LinkedIn, customer relationship management systems such as Salesforce, or Deudil or
    • Personal data that we collect automatically.

 

IN WHICH CONTEXTS DO WE COLLECT AND PROCESS INFORMATION

The four main contexts in which we collect and process personal data, are the following:

  • Providing legal services to our clients, including where personal data relating to third parties are collected;
  • Filling vacancies within the firm;
  • Dealing with our employees, suppliers, partners and contractors;
  • Online, including subscriptions to our newsletters and other promotional materials.

Information regarding the processing of Personal Data of our employees, suppliers, partners and contractors, can be found in separate Privacy Notices, including our Employee Privacy Standard, which sets out how our employees should deal with Personal Data of our clients and third parties.

 

WHY DO WE PROCESS YOUR PERSONAL DATA?

We process your personal data for a number of reasons, some of which are listed below:

  • it is necessary for the performance of a contract with you (e.g. to provide legal services);
  • you have provided us with your consent to use your personal information (e.g.. in the course of subscribing to our newsletters);
  • we are required by law to do so; or
  • it is necessary to pursue our legitimate interests in a way that is reasonably expected as part of running our business, which is not detrimental to you and would have minimal impact on your privacy.

The table below, describes the above in more detail, while providing more information about data transfers and retention periods within the different contexts of our processing.

OUR WEBSITE

PURPOSE

When you visit our website, we process information relating to your online engagement with our website and downloadable material published by us. We use this to ensure that our marketing communications to you are relevant, timely and in accordance with your marketing preferences. We process this data so that we are able to measure the effectiveness of our content and how visitors use our websites and Services. Processing this data allows as to learn what pages of our websites are most attractive to our visitors and which parts of our websites are the most interesting.

We also have a contact page on our website in order to make it easier for visitors to use our website to contact us.

LAWFUL BASIS

The lawful basis upon which we rely when we process your personal data in the context of our website is that of our legitimate interest. It is in our legitimate interest to create an informative website which is easy to navigate so that we provide a good customer experience when they are visiting our website. 

Where you contact us via our contact page on our website, we rely on the provision of your consent.

LEGITIMATE INTEREST

The legitimate interest we have identified in this regard is to create a website which is informative, easy to navigate and which addresses relevant legal issues which will be well received by visitors to our website.

CATEGORIES OF PERSONAL DATA

Technical data such as your IP address, browser type and version, location, type of device, and plug-in types and versions of the devices you use to access our website. We process this type of data to improve our website, products/ services, for marketing purposes and to cultivate customer relationships and experiences.

When you contact us via our contact page, we will process contact data in the form of name, surname and email address in this regard. 

RECIPIENTS

Equinix is the host of our website and so data will be received on their server, which is outside the UK but still subject to the GDPR.

Other recipients include IT services providers, marketing technology platforms and suppliers, including companies engaged to market on our behalf such as Leyton UK Limited, website management companies and analytical companies, third party market researchers and Google Analytics.

DETAILS OF TRANSFERS

Leyton Maroc, a member of the Leyton Group, provides IT services and administration to LexLeyton and is situated outside of the EU. Its data centres are certified ISO 270001, SOC 2 PART II and benefits from automatic alerts which prevent intrusions as well as malware protection, firewall and SSL inspection, anti-spyware, application control, antivirus.  Where we share your personal data within the Leyton Group for business administration or any other reason, we do so pursuant to group level data sharing agreements.

RETENTION PERIODS

The retention periods for this type of data will depend on the data being processed and for which purpose. We retain and delete data in accordance with our Data Retention and Destruction Policy.

SOURCE OF PEPRSONAL DATA

The technical data are collected directly from the device of the Data Subject, whilst the contact data collected from our website is obtained directly from the Data Subject.

MARKETING

PURPOSE OF PROCESSING

We process certain personal data for the purpose of promoting our services including through email communications. 

We process personal data concerning pitches for the purpose of investigating the success of any joint-pitch, marketing or referral activity work undertaken with a third party company in order to assess the performance of the commercial arrangement so that the parties to the arrangement can monitor the performance and remunerate associated staff members accordingly. In this regard, we anticipate having to share this information with Leyton UK Limited, an associated company, which provides, inter alia, marketing and prospecting services to LexLeyton.

The overall purpose for processing the above data is to promote our business appropriate, effectively and efficiently.

We also send newsletters and inform our clients of breaking news and useful insights.

LAWFUL BASIS

The lawful basis upon which we rely when marketing our services and processing this data, is our legitimate interest.            

When we send newsletters or communications to our mailing list, we do so on the basis of the consent of the Data Subject.

LEGITIMATE INTEREST

It is in our legitimate interest, as well as third party’s legitimate interests to process personal data to ensure that we provide the right Services in the best way, to grow our business and to increase our client base.

CATEGORIES OF PERSONAL DATA

Pitch-data, specifically information about ad-campaigns and interactions with certain websites

Contact data of lists of attendees of events, contact data for contact persons at a client or a potential client, interests of visitors to our websites/ clients/ potential clients and past involvement in our promotional activities.

RECIPIENTS

·       Equinix is the host of our website and so data will be received on their server which is outside the UK but is still subject to the GDPR.

·       Other recipients include IT services providers; marketing technology platforms and suppliers, including companies engaged to market on our behalf such as Leyton UK Limited, website management companies and analytical companies, third party market researchers, Google Analytics, and

·       referrers such as Leyton UK Limited, third party email marketing providers, post office and DX postal providers and entities within the Leyton Group

DETAILS OF TRANSFERS

Leyton Maroc, a member of the Leyton Group, provides IT services and administration to LexLeyton and is situated outside of the EU. Its data centres are certified ISO 270001, SOC 2 PART II and benefits from automatic alerts which prevent intrusions as well as malware protection, firewall and SSL inspection, anti-spyware, application control, antivirus.  Where we share your personal data within the Leyton Group for marketing purposes or any other reason, we do so pursuant to group level data sharing agreements.

Where we need to consult with third parties who have acted as referrers, we will ensure that we have the necessary agreements in place, with standard contractual clauses, which provide appropriate technical and organisational security measures.

In particular, we may transfer personal data collected for this purpose to our associated businesses within the Leyton Group situated in other areas of the world.

RETENTION PERIODS

The retention periods for this type of data will depend on the data being processed and for which purpose. We retain and delete data in accordance with our Data Retention and Destruction Policy.

SOURCE OF PERSONAL DATA

Data processed in this context are often collected indirectly, from third party referrers and external marketing providers. However, where we process personal data for the purpose of sending out newsletters and other communications to our mailing list, we will have obtained that personal data directly from the Data Subject.

BUSINESS ADMINISTRATION

PURPOSE OF PROCESSING

In this context, we process Personal data  in order to comply with our legal obligations (including those imposed by the Solicitor’s Regulatory Authority or Law Society of Scotland or other relevant legal services regulator), Know Your Client obligations, Anti-Money Laundering obligations, Anti-Bribery or similar obligations including but without limitation maintaining regulatory insurance.

Processing also occurs to enforce our legal rights to protect rights of third parties.

We also process personal data for internal training and administration purposes and in connection with a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets.

We further process Personal Data by means of storage with restricted access on a platform client relationship management system shared with Leyton UK Ltd for the purpose of maintaining accurate records about you, avoiding duplicate approaches and to manage our business relationship with you. Finally, we process personal data using a Case Management System with a server based outside of the UK/EEA.  This CMS is provided by a third party supplier with whom we have Data Sharing and Data Processing agreements in place with appropriate operational and security measures to protect the Personal Data processed using that system.

LAWFUL BASIS

In terms of the purposes outlined above we rely on the lawful bases of legal obligation and legitimate interest.

LEGITIMATE INTEREST

It is in our legitimate interest to process data for internal training and administration purposes so that we have an accurate and comprehensive record of business dealings and client consultations. It is also in our legitimate interest to ensure that personal data is not excessively processed, and in certain circumstances, it will be in our legitimate interest to process certain personal data for the purposes of a business transaction.

CATEGORIES OF PERSONAL DATA

Data processed for this purpose includes, identity data such as: date of birth, payment details, tax residence information, copies of photo identifications such as your driving licence and/or passport/identity card, information about nationality/citizenship/place of birth, your national identification number and identity verification documents in order to comply with our legal and regulatory obligations.

RECIPIENTS

We might share this data with professional advisers such as lawyers and accountants and experts and suppliers and/or governmental or regulatory authorities and third party outsourced business administration services providers including Leyton UK Ltd (which provides business administration, marketing and other support services).

DETAILS OF TRANSFERS

Leyton Maroc, a member of the Leyton Group, provides IT services and administration to LexLeyton and is situated outside of the EU. Its data centres are certified ISO 270001, SOC 2 PART II and benefits from automatic alerts which prevent intrusions as well as malware protection, firewall and SSL inspection, anti-spyware, application control, antivirus.  Where we share your personal data within the Leyton Group for business administration or any other reason, we do so pursuant to group level data sharing agreements.

Where we need to consult with third parties who are advising the business on the transaction or where we need to share this data with supervisory authorities, we will have the necessary agreements in place to ensure appropriate technical and organisational security measures.

RETENTION PERIODS

The retention periods for this type of data will depend on the data being processed and for which purpose. We retain and delete data in accordance with our Data Retention and Destruction Policy.

SOURCE OF PERSONAL DATA

We collect this data directly from the Data Subject most of the time.

LEGAL ASSISTANCE

PURPOSE OF PROCESSING

We process the majority of the personal data we collect for the purpose of providing employment-law related Services to our clients.

In the course of providing legal advice, the LexLeyton entity providing that advice will be the Controller of your Personal Data. If the matter is worked on by both entities, these entities will act as independent Controllers.

In this context, we process data for various purposes; to perform in terms of the contract we have with you, to carry out Anti-Money Laundering and Know Your Client checks in accordance with our legal and regulatory obligations, to store details so that we can contact our clients in relation to our relevant activities, and so that we can keep records of our conversations and meetings, so that we can provide targeted services to you.

We may also process incidental Personal Data where your name is mentioned as part of the process of carrying out our services, which may include opinion data about you from witnesses to events. Where relevant, we may also hold additional information about you that someone in your organisation has chosen to disclose to us.

LAWFUL BASIS

We rely on two lawful bases in order to process personal data when we are advising clients and in the course of dealing with a matter that we’ve been instructed on. These are legitimate interest and legal obligation.

Where we process special category data, we have an extra lawful basis upon which to do this, depending on the context of the processing, we will rely on one of the lawful bases mentioned in Article 9(1) of the GDPR.

LEGITIMATE INTEREST

It is in our legitimate interests as well as our clients’ legitimate interest, for us to process personal data in order to obtain all the facts and circumstances of a case so that our legal advice can be targeted and applicable to each legal dispute.

We process personal data in the form of keeping records of our clients so that we can invoice them and comply with out tax obligations.

We store personal data (and update them when necessary) on our case management system so that we can contact our clients in relation to our relevant activities.

We keep records of our conversations and meetings, so that we can provide targeted services to you based on accurate information.

We will process personal data for internal training and administration purposes, to enforce our legal rights, to protect the rights of third parties and to accommodate business transactions such as mergers, acquisitions, or a sale of all or a portion of our assets. 

CATEGORIES OF DATA SUBJECTS AND PERSONAL DATA

We will process personal data of your employees and workers, to include names, contact details, dates of birth, information about nationality/ citizenship/ place of birth, national identification number and verification documents, their employment status, occupation, pay details, payroll data, bank details, pension details, tax details, terms and conditions of employment, passport, driving licence, grievances, disciplinary information, performance details, attendance records, health information, gender, CCTV footage, social media messages, and their protected characteristics (if they have any) which will constitute special data;

 

We will also process the personal data of other third parties instructed either by you or through us or who become involved with us providing the Services, to include counterparties and their staff, advisers of our clients and their staff, our client’s professional experts and their staff, Court officials, witnesses, and barristers of both sides of the legal matter listed below.

Where we collect and process special category personal data or personal data relating to criminal convictions, we will process it in accordance with the GDPR and Data Protection Act of 2018 and will issue you with a separate and more specific Privacy Notice.

RECIPIENTS

·       Alternative dispute experts such as adjudicators or arbitrators.

·       Any of the offices operated by us.

·       Case Management software services including LEAP

·       Companies House and other similar registration organisations.

·       Counsel and their clerks.

·       Costs lawyers.

·       Couriers.

·       Court(s)

·       Document management services.

·       Document review platforms.

·       Experts (for example foreign lawyers, tax or medical advisors, accountants, valuers).

·       HMRC and other tax authorities.

·       Insurers.

·       Mediators.

·       Medical experts.

·       Opposing party.

·       Opposing party solicitor(s) or counsel.

·       Post office.

·       Process Servers.

·       Regulators.

·       Suppliers.

·       Telephone response management companies

·       Third party funders.

·       Third party outsourced IT and document storage providers other than Leyton UK Ltd and Leyton Maroc (which hosts and supports IT systems and provides related and document storage and other support services) where we have an appropriate processing agreement (or similar protections) in place.

·       Transcribers.

·       Translators.

·       Tribunals.

·       Witnesses

DETAILS OF TRANSFERS

Leyton Maroc, a member of the Leyton Group, provides IT services and administration to LexLeyton and is situated outside of the EU. Its data centres are certified ISO 270001, SOC 2 PART II and benefits from automatic alerts which prevent intrusions as well as malware protection, firewall and SSL inspection, anti-spyware, application control, antivirus.  Where we share your personal data within the Leyton Group for the provision of legal services or any other reason, we do so pursuant to group level data sharing agreements.

When we transfer personal data to the recipients mentioned above, we will ensure that the appropriate agreements are in place that address the obligations for appropriate organisational and technical security measures.

RETENTION PERIODS

The retention periods for this type of data will depend on the data being processed and for which purpose. We retain and delete data in accordance with our Data Retention and Destruction Policy.

SOURCE OF PERSONAL DATA

The personal data processed in this context will be collected both directly and indirectly. For example, where the client/ prospective clients shares personal data about an individual in the course of seeking legal advice, we will be collecting data indirectly.

HUMAN RESOURCES (INCLUDING JOB APPLICANTS)

PURPOSE OF PROCESSING

We process data for the purposes of human resources administration, to assess the suitability, eligibility and / or fitness to work of employees and prospective employees, for health and safety reasons and the to audit the application and enforcement of our policies.

LAWFUL BASIS

There is certain personal data which we will need to process in order to comply with our legal obligations. For example, the right to work.

Where we process data during the recruitment process, we process this data because it is in our legitimate interest to do so.

LEGITIMATE INTEREST

The legitimate interest we have identified is to appropriately grow and effectively manage our business.

CATEGORIES OF PERSONAL DATA

We will process personal data such as name, address, contact details, education and employment history; background checks (financial and criminal), ID and right to work status; information relating to next of kin/dependants.

Financial information including bank details and other identifiers (e.g. National Insurance numbers). In particular, we expect to share this information with Leyton UK Ltd, which provides inter alia HR, and support services to LexLeyton.

We will also process personal data consisting of subjective opinions from referees and objective facts contained in CVs and academic qualifications

RECIPIENTS

Personal data may be transferred to service providers to include Leyton UK Ltd an associated company which provides inter alia, HR and business support services; and stored within our information systems, within third party information and software applications and services and systems which have been procured to support the operation of the HR services function.

When information is shared with service providers, it is limited to that which is required for providing the service and will be adequately protected.

DETAILS OF TRANSFERS

Leyton Maroc, a member of the Leyton Group, provides IT services and administration to LexLeyton and is situated outside of the EU. Its data centres are certified ISO 270001, SOC 2 PART II and benefits from automatic alerts which prevent intrusions as well as malware protection, firewall and SSL inspection, anti-spyware, application control, antivirus.  Where we share your personal data within the Leyton Group for the purposes of HR administration or any other reason, we do so pursuant to group level data sharing agreements.

RETENTION PERIODS

The retention periods for this type of data will depend on the data being processed and for which purpose. We retain and delete data in accordance with our Data Retention and Destruction Policy.

SOURCE OF PERSONAL DATA

Much of the personal data collected for this purpose is collected directly from the Data Subject. However, we will often turn to referees in order to assess the suitability of a candidate for a position within the business.

DISTRIBUTION OF USEFUL LEGAL GUIDANCE

PURPOSE OF PROCESSNG DESCRIPTION & PURPOSE

When you sign up for a seminar, webinar or an event, or where you have requested to receive our newsletters, we will need to process your contact details in order to liaise and share information concerning the seminar, webinar or event with you as well as to deliver the newsletter or update.

To ensure that we are maximising our value to you, we may process data relating to your preferences so that we know what content would be of most value to you.

LAWFUL BASIS

We rely on our legitimate interest as well as your legitimate interest as the lawful basis upon which to process this type of personal data.

LEGITIMATE INTEREST

It is in our legitimate interest to build mutually beneficial relationships with our clients and to showcase our knowledge so that we can grow our business and client base. It is in your legitimate interest to sign up to seminars, webinars and events in order to learn more about the law as it relates to issues you are faced with and to get first-hand evidence of our knowledge base and skillset.

CATEGORIES OF DATA

We process personal data such as contact data (e.g. name, surname and email address) as well as data relating to your preferences.

RECIPIENTS

Employees of LexLeyton will be the recipients of personal data processed for this purpose. Our associated business, Leyton UK Ltd, provides us with a wide range of support services, including marketing, and for this reason, its employees will receive your personal data in this context too. 

If we believe you may be benefit from a service offered by our associated business or a business within the Leyton Group, we will share the data we collected during registration with those entities for your benefit.

DETAILS OF TRANSFERS

Leyton Maroc, a member of the Leyton Group, provides IT services and administration to LexLeyton and is situated outside of the EU. Its data centres are certified ISO 270001, SOC 2 PART II and benefits from automatic alerts which prevent intrusions as well as malware protection, firewall and SSL inspection, anti-spyware, application control, antivirus.  Where we share your personal data within the Leyton Group for the distribution of legal advice or guidance, or any other reason, we do so pursuant to group level data sharing agreements.

RETENTION PERIOD

The retention periods for this type of data will depend on the data being processed and for which purpose. We retain and delete data in accordance with our Data Retention and Destruction Policy.

SOURCE OF PERSONAL DATA

This type of data will usually come from the Data Subject themselves, as they would have needed to sign up for the newsletter or seminar.

SOCIAL PLUG-INS

These plug-ins make it possible for you, as the visitor of our website, to post content from our website to the social network’s website.

The plug-ins we use are Google (USA), Twitter (USA) and LinkedIn (Ireland). When you click on the plug-in, the social network provider will process the information relating to your visit to our website.

Importantly, we are not the controller of the data collected in this regard and therefore the respective social media providers will need to be contacted for more information on how they process your personal data, their retention periods, and who they transfer personal data to.

We have added these social plug-ins to our website so that content from our website can be shared easily on those platforms in order to get a wider reach for our business and marketing purposes. 

COOKIES AND SIMILAR TECHNOLOGIES

We use Cookies and similar technologies to help improve the performance of our website. For example, to ensure that our website remembers you based on your last visit, present tailored options to you, to measure web traffic and track user journeys. You can set your browser to reject Cookies or you can turn Cookies off, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookies policy.

The list above is illustrative and not exhaustive.

 

INTERNATIONAL PROCESSING

We may also share your personal information with third parties who may be based outside of the UK / EEA in circumstances where it is otherwise lawful to share your data.  Where we transfer personal data outside of the UK and EEA, we will only do so pursuant to a data sharing agreement which ensures personal data as adequately protected in the international territory as we would expect it to be protected in the UK and EEA.

Where we procure the goods or services of providers based outside of the EEA, we scrutinise their IT infrastructure to ensure that any personal data transferred to them in the course of our transactions is adequately protected.  Such providers are required to enter into contractual terms which oblige them to take appropriate operational and technical measures to secure the personal data we transfer to them from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data and client confidential information.

 

DATA SHARING

As noted above, LexLeyton is part of a group of companies. We share data between the companies within the Group when there is a lawful basis to do so. Generally, we will rely on our legitimate interests but we ensure that we have completed a legitimate interest assessment and do not share data if it appears that your rights and freedoms are unfairly infringed upon. Specifically, we share data with Leyton UK Ltd for the purposes of marketing, IT support, human resource and finance services.

We may also share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or otherwise to comply with the law.

We do not sell any personally identifiable information provided to us to any unrelated third party, but, as set out above, we may share it with related entities or with unrelated third parties in connection with our own marketing activities, or as may be legally required.

 

EMAIL MARKETING

We use your name and email address to send you marketing communications via email, whether either:

  • You have consented to receiving such marketing communications; or where
  • We have another lawful basis to do so.

Our marketing may include both personalised/ tailored and non-personalised email marketing.

Where we are sending you personalised email marketing, we may use information that we have noted from your interactions with our website to decide what sort of personalised marketing communications to send to you, whilst also assessing your needs whilst we provide services to you.

Please note that you may withdraw your consent or request to have your details suppressed from our marketing lists, at any time. To do so, please email dpm@lexleyton.co.uk.

 

REFERALS

In your Engagement Letter, we inform you that we may communicate with a referrer the fact that you have instructed us to provide you with legal advice. We also communicate the nature and extent of our agreement to provide services to you so that our partners can investigate the success of any joint-pitch work and so that our partner can measures it’s performance under the terms of any related marketing and prospecting agreement.

In particular, we anticipate having to communicate this information to Leyton UK Limited, which provides marketing and prospecting services.

 

CALL RECORDING

Please note that we record all calls coming into and going out of our offices. We do this for training and monitoring purposes. In particular, for the latter reason, we believe that call recording is the most accurate method of collecting information about a matter. Recording calls will ensure that we obtain all the information needed and will allows us to retain accurate accounts of instructions provided. We also need to record calls so that we ensure that rules, regulations and policies are adhered to. Our lawful basis for call recording is both our and our client’s legitimate interests.

 

SECURITY

We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach.

 

HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?

We will ordinarily process your data throughout the course of our interactions and will then generally retain it for an appropriate amount of time after we have parted ways, depending on local law requirements and our legitimate business and risk-management needs. The periods of time for which we retain your data will vary depending on the type of data in question and any overarching legal, regulatory or risk-management requirements to retain it for certain minimum periods. We may, for example, be required to retain certain data for the purposes of tax reporting or responding to tax queries. In other instances, there may be some other legal, regulatory or risk-management requirements to retain data, including where certain data might be relevant to any potential litigation (bearing in mind relevant limitation periods).

In determining the appropriate retention period for various types of personal data, in addition to ensuring that we comply with our legal, regulatory and risk-management obligations, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we need to process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

A copy of our Data Retention and Destruction Policy may be obtained by sending an email request to our Data Protection Officer at dpm@LexLeyton.co.uk

 

YOU LEGAL RIGHTS

Under certain circumstances, you have rights in terms of the data protection laws in relation to the processing of your personal data. These rights are explained below.

RIGHT TO OBJECT

This right enables you to object to us processing your personal data where we do so for one of the following four reasons: (i) our legitimate interests; (ii) to enable us to perform a task in the public interest or exercise official authority; (iii) to send you direct marketing materials; and (iv) for scientific, historical, research, or statistical purposes.

The “legitimate interests” and “direct marketing” categories above are the ones most likely to apply. If your objection relates to us processing your personal data because we deem it necessary for our legitimate interests, we must act on your objection by ceasing the activity in question unless:

  • we can show that we have compelling legitimate grounds for processing which overrides your interests; or
  • we are processing your data for the establishment, exercise or defence of a legal claim.

If your objection relates to direct marketing, we must act on your objection by ceasing this activity.

RIGHT TO WITHDRAW CONSENT

Where we have obtained your consent to process your personal data for certain activities, you may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition. To withdraw your consent please contact our Data Protection Officer at dpm@LexLeyton.co.uk

RIGHT OF ACCESS

You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is “manifestly unfounded or excessive”. If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so. Should you wish to make a request in line with your rights as an individual please send it in writing to dpm@LexLeyton.co.uk

RIGHT TO ERASURE

You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria:

  • the data are no longer necessary for the purpose for which we originally collected and/or processed them;
  • where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;
  • the data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR);
  • it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or
  • if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.

We would only be entitled to refuse to comply with your request for erasure for one of the following reasons:

  • to exercise the right of freedom of expression and information;
  • to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
  • for public health reasons in the public interest;
  • for archival, research or statistical purposes; or
  • to exercise or defend a legal claim.

When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data. Please note however, that it is virtually impossible to guarantee the permanent and irretrievable deletion of electronic data. In addition, sometimes we may be obliged by law or regulation, or need for risk-management reasons, to retain the ability to access certain elements of personal data.

RIGHT TO RESTRICT PROCESSING

You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either: (i) one of the circumstances listed below is resolved; (ii) you consent; or (iii) further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual, or reasons of important EU or Member State public interest.

The circumstances in which you are entitled to request that we restrict the processing of your personal data are:

  • where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;
  • where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data;
  • where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and
  • where we have no further need to process your personal data but you require the data to establish, exercise, or defend legal claims.

If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.

RIGHT TO RECTIFICATION

You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

RIGHT OF DATA PORTABILITY

If you wish, you have the right to transfer your personal data between data controllers. In effect, this means that you are able to transfer your LexLeyton account details to another online platform. To allow you to do so, we will provide you with your data in a commonly used machine-readable format that is password-protected so that you can transfer the data to another online platform.

Alternatively, we may directly transfer the data for you. This right of data portability applies to: (i) personal data that we process automatically (i.e. without any human intervention); (ii) personal data provided by you; and (iii) personal data that we process based on your consent or in order to fulfil a contract.

RIGHT TO LODGE A COMPLIANT WITH A SUPERVISORY AUTHORITY

You also have the right to lodge a complaint with the Information Commissioner. The relevant contact details are:
Phone: 0303 123 1113
Email: casework@ico.org.uk
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

You may ask to unsubscribe from direct marketing at any time.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.

 

If you have any comments or suggestions or you would like to exercise any of the rights referred to above then please contact our Data Protection Officer at dpm@LexLeyton.co.uk. We take your data privacy seriously, and will always endeavour to answer your queries and concerns. Where we are not obligated to respond to you within a particular timeframe by law, we will reply to any query or concern that you raise with us within 5 business days.