Privacy Policy

1.      Introduction

Keoghs LLP, a limited liability partnership, of registered office 5th Floor, 20 Gracechurch Street, London, EC3V 0BG is authorised and regulated by the Solicitors Regulation Authority. ICO registration number Z6508550.

Keoghs Northern Ireland LLP, a limited liability partnership of registered office 7th Floor, City Exchange, 11-13 Gloucester Street, Belfast, BT1 4JH is authorised and regulated by the Law Society of Northern Ireland. ICO registration number ZA551920).

Keoghs Scotland LLP, a limited liability partnership of registered office The Forsyth Building, 5 Renfield Street, Glasgow, G2 5EZ is authorised and regulated by the Law Society of Scotland. ICO registration number ZA253630.

Wherever you see the words “Keoghs”, “we”, “us”, “our” in the policy, these words refer to Keoghs LLP, Keoghs Northern Ireland LLP and Keoghs Scotland LLP.

This Privacy Policy outlines how we will collect, hold, process, and share your personal data, to assist you in making informed decisions when using our website and/or accessing our services.

Where ‘legal services’ is referred to throughout this Privacy Policy, this includes, but is not limited to the following:-

• Insurance based legal services;
• Legal advice;
• Claims handling services;
• Advising on and negotiating legal contracts;
• Training and legal updates;
• Day to day operations of our business;
• Managing Court or legal proceedings including prospective legal proceedings; and
• Engaging with law enforcement agencies and regulatory bodies.

2.      The types of personal data we collect

We collect and process the following types of personal data:

• When you browse our website, we use cookies to collect usage data, which may include, but is not limited to, your IP address, browser type/version, browsing behaviour on our site (including the pages that you visit, the time spent on those pages and the date and time of your visit) and your geolocation data. More information about the types of cookies we use and our reasons for using them can be found in our Cookie Policy.
• Personal identifiers, contact details and characteristics, including but not limited to; your name, date of birth, NIN, country of residence, address, phone number and email address.
• Special category data including but not limited to; physical or mental health and/or medical diagnosis information, racial or ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, criminal convictions or, sexual orientation which may be held, used, and processed for the purpose of providing the services offered by Keoghs.
• We may collect personal information relating to children, but only if consent has been obtained (where required) from a parent or guardian, and the information is relevant to the services we provide.

3.      Where we obtain your personal data from and who we share it with

The personal data we process may be collected from a variety of sources including, but not limited to:

• Fraud prevention agencies and organisations;
• Industry regulators and ombudsmen, including but not limited to the Solicitors Regulation Authority (SRA), Law Society of Northern Ireland, Law Society of Scotland, Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO);
• Insurance companies;
• Insurance industry databases;
• Witnesses;
• Counsel;
• Claimants;
• Court;
• Intermediaries, such as claims management companies;
• Law enforcement agencies;
• Loss adjusters and claims investigators;
• Translation services;
• Other third parties;
• Our clients;
• Our website cookies;
• IT systems or software providers;
• Social media;
• Third party data providers and search systems; and
• Your insurers and/or underwriters.

The above list also includes those we may share your information with for the purposes of delivery of the legal services to our clients.

 During the course of providing our legal services, we may also collect personal data from you directly, for example when the information is needed to progress your claim.

4.      Our lawful bases for processing your personal data

We will use your personal data only when legally permitted. We may use your data in a variety of ways that enables us to provide legal services including to provide legal advice and to conduct legal proceedings on behalf of our clients and/or to assist in the prevention of fraud’ or where it is necessary for our legitimate interests (or those of our clients or a third party) and your interests and fundamental rights do not override those interests; or where we need to comply with a legal or regulatory obligation.

Under the UK/EU General Data Protection Regulation (‘GDPR’), the lawful basis we may rely on for processing your personal data are:

• Consent – you have given clear consent for us to process your personal data for a specific purpose. Please note – for any processing we undertake which relies on your consent, you are able to remove your consent at any time by contacting our Data Protection Officer at report@keoghs.co.uk.
• Contract – the processing is necessary for a contract we (or the relevant data controller, where we are acting in the capacity of data processor) have with you, or because you have asked us to take specific steps before entering into a contract.
• Legal Obligation – the processing is necessary for us to comply with the law.
• Vital Interest – the processing is necessary to protect your life.
• Public Task – the processing is necessary for us to perform a task in the public interest or our official functions, and the task or function has a clear basis in law.
• Legitimate Interest – the processing is necessary for our legitimate interests or the legitimate interests of a third party. For example, when you register to attend an event or webinar, we will use your contact details to contact you about the event/webinar and inform relevant staff, and any partner that we are running the event/webinar with, that you will be attending. We may also use your name for name tags and any other event management requirements, including but not limited to table arrangements, corporate gifting and collateral.
   

5.      Change of purpose

We will only process your personal data in line with the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose, and that purpose is compatible with the original purpose.

Please note – we may process your personal data without your knowledge or consent in compliance with the above rules, where this is required or permitted by law. For example, where the processing relates to the detection and prevention of crime.

6.      Automated decision-making and profiling

In some circumstances, Keoghs may use automated processing and decision-making, where a decision is made by automated means without any human involvement. Our current use of automation technologies includes:

• Robotic Process Automation (RPA) – Where virtual workers automate the copying and pasting of information from one system into another.
• Self-Service Platforms – Allows humans to directly interact with an RPA process, enabling human-in-the-loop processing of information.
• Artificial Intelligence (AI) and Machine Learning – To enable virtual workers to learn and understand the data presented and improve effectiveness.
• Intelligent Automation Digital Assistant – An AI supervisor that automatically manages, tracks, and orchestrates virtual worker schedules and activities.
• Computer Vision/Optical Character Recognition – Offers pattern matching within images and can be used to interpret complicated language-based text recognition.
• Natural Language Processing – Translates/extracts human language into computer readable information (think “Hey Siri”) for the purpose of classifying information.
• Conversational AI – Uses AI and Natural Language Processing to enable real-time conversations with customers via the use of chatbots.
• API End-points – Uses virtual workers to bridge the gap between old systems and new ones by copying and pasting information across.
   

We do not anticipate that any of the automation technologies described above will produce legal or similarly significant effects on you, however if this was to change in the future, we would only do so where it is:

• Necessary for the entry into or performance of a contract; and
• Authorised under domestic laws applicable to the data controller; or
• Based on your explicit consent.
   

7.      Who we share your personal data with

Within Keoghs, your personal data will be shared with those team members who need to access it for the processing purposes outlined in this Privacy Policy.

We will only share your personal data with other parties where it is reasonable and necessary to accomplish the processing purposes outlined in this Privacy Policy. This may include (but is not limited to) where we:

• Rely on the services of third-party service providers and hosting providers to carry out activities, provide services, or undertake business operations on our behalf.
• Are required to share information with law enforcement bodies and/or fraud prevention agencies for the purpose of preventing or detecting fraud or criminal activities.
   

In any such cases, the data we share will be limited to that which is strictly necessary and will be subject to appropriate contractual and confidentiality arrangements being in place.

Additionally, all of our third-party service providers are required to take appropriate security measures to protect your personal data, in line with Keoghs policies, and we do not allow them to use your personal data for their own purposes under any circumstances.

8.      International transfers

In the course of providing our services to you, there are circumstances when we and/or one of our third-party service or hosting providers may transfer your personal information outside of the United Kingdom (UK) and European Economic Area (EEA).  Please note – where we are acting in the capacity of data processor, we will never do so without receiving appropriate authorisation from the relevant data controller.

Where such a transfer is necessary, we will only make the transfer once we can be assured that suitable protections will be maintained, and appropriate safeguards are in place. This may include:

Ensuring that we transfer the personal data to countries that the Information ICO has deemed to provide an adequate level of protection.
Putting suitable clauses in our contracts so that organisations take appropriate steps to give personal data the same protection it has in the UK and EEA.
Implementing suitable technical and/or organisational measures to protect the personal data.
 

Please note – where your personal data needs to be transferred between the UK and EEA as part of our business-as-usual operations, this will be done on the basis that the ICO has deemed these jurisdictions to provide an adequate level of protection.

If you would like to understand more about this, please send an email outlining your query to report@keoghs.co.uk.

9.      How long we keep your personal data for

We will keep your personal data for as long as necessary to fulfil the purposes that we describe in this Privacy Policy, including to satisfy any applicable legal, tax-related, and other business requirements.

To determine the appropriate retention period, we also consider a number of additional factors, such as the:

• Nature and sensitivity of the personal data.
• Potential risk of harm from unauthorised use or disclosure of the personal data.
• Requirements of the relevant data controller, where we are acting in the capacity of data processor.
   

10.  How we keep your data secure

Keoghs has implemented an Information Security Management System (ISMS) which is certified globally to International Standards Organisation (ISO) 27001 for Information Security. This demonstrates our commitment to manage risks related to the security of the personal data we own and handle. We are also certified to Cyber Essentials Plus. Both certifications are supported by an internal audit function and annual external certification.

We have put in place robust procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

If at any point you suspect or become aware of a security incident (ie your password is stolen, or you receive suspicious communication from someone holding themselves out to be a Keoghs employee, or from a dupe website claiming to be affiliated with Keoghs), please let us know using the contact information provided below.

11.  Your rights

Keoghs is committed to processing your personal data in compliance with all applicable laws and regulations. Under UK/EU GDPR, you may be able to exercise several individual rights, including:

Right of Access

You have the right to ask us for a copy of the personal data we hold about you, as well as other supplementary information. Please note – there may be certain circumstances under which there are applicable exemptions to the stated access rights. Where we seek to apply those exemptions we will state so clearly an unambiguously.

Right to be Informed

You have the right to know how we will collect and use your personal data.

Right to Rectification

You have the right to ask us to rectify personal information you think is inaccurate, or to complete information you think is incomplete.

Right to Erasure

You have the right to ask us to erase your personal data, in certain circumstances. Please note – there may be certain circumstances under which we are obliged to retain your personal data.

Right to Object

You have the right to object to the processing of your personal information, in certain circumstances.

Right to Data Portability

You have the right to ask that we transfer the personal information you gave us to another organisation, or to yourself, in certain circumstances.

Rights Related to Automated Decision-Making and Profiling

You have the right to request human intervention where a decision has been taken about you using fully automated decision-making or profiling, and which produces legal or similarly significant effects on you, such as the automatic refusal of a claim.

To exercise any of the rights outlined above, please contact us at report@keoghs.co.uk

12.  How to complain

We aim to meet the highest standards to safeguard your privacy. However, if you have any concerns about Keoghs’ use of your personal data, you can make a complaint to our Data Protection Officer by emailing report@keoghs.co.uk, or by writing to:

Data Protection Officer

Keoghs LLP

2 The Parklands

Bolton

BL6 4SE

You also have the right to contact the data protection regulatory if you feel that we have processed your personal data in a manner which contravenes privacy law. You can do this by following the link to their website; https://ico.org.uk/make-a-complaint/.

Alternatively, you can contact them by:

Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Email: casework@ico.org.uk

Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

13.  Contact us

If you have any questions that could not be answered by this Privacy Policy, or if you wish to receive more in-depth information about any of the content within it, please contact us at:

Data Protection Officer

Keoghs LLP

5th Floor, 20 Gracechurch Street

London

EC1V 3BG

Email: report@keoghs.co.uk

14.  Changes to this Privacy Policy

The version of our policy was last updated on 11th January 2024.

We reserve the right to update this Privacy Policy at any time. We may make changes as required to comply with changes in applicable law or regulatory requirement and we encourage you to review this policy periodically to be informed of how we use your personal information.

It is vital that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

15.  Entities