Privacy Policy

Keoghs Privacy Policy

Your privacy is important to us, we respect your privacy and are committed to protecting your data.  This Privacy Policy (“policy”) provides you with information as to how we use and treat your personal data when you utilise our website and/or when we provide you with legal services (“services”).

Keoghs LLP is a limited liability partnership registered in England and Wales, registration number OC321124 and are authorised and regulated by the SRA number 573546, we are subject to the Solicitors Code of Conduct and are registered with the Information Commissioner’s Office Data Protection Register under number Z6508550.

All services in Scotland are delivered under Keoghs Scotland LLP; a limited liability partnership registered in Scotland (registered number SO305857) which is authorised and regulated by the Law Society of Scotland and are registered with the ICO under registration ZA253630.

Wherever you see the words “Keoghs”, “we”, “us”, “our”, in the policy, these words refer to Keoghs LLP and Keoghs Scotland LLP.

Please take a moment to read and understand it our policy carefully and if you have any questions please do not hesitate to contact us.

1. Purpose of our Privacy Policy
2. Scope of our Privacy Policy
3. The data we collect about you
4. Where your personal data may come from
5. How we might use your personal data & our legal basis for doing so
6. Our use of cookies
7. Sharing your personal data
8. Change of purpose
9. If you fail to provide personal data
10. Automated decision making
11. International transfers
12. Linking
13. Data security
14. Data retention
15. Changes to the Privacy Policy and your duty to inform us of changes
16. Your rights over your information
17. How to contact us
18. Your right to complain

1. Purpose of our Privacy Policy

This policy is intended to assist you in making informed decisions when using our website or services and to understand how we may process your personal information through your use of our website and as a result of our provision of services to third parties.

In collecting this information, we can operate in different capacities, as such we may act as data processors, data controllers or joint-controller. This policy sets out relevant information about how we may collect and use your personal data, about why and how we use the data we process, and about the rights you have over your data.

2. Scope of our Privacy Policy

This policy is intended to apply to any person whose personal data we collect such as (not an exhaustive list):

  • an indemnified policyholder
  • a policyholder for whom indemnity has been refused or reserved
  • an insured driver
  • an uninsured driver
  • an employee or representative of an insured or self-insured company
  • an employee or representative of a non-indemnified company
  • a claimant or prospective claimant
  • a third party or prospective third party
  • an employee or representative of a claimant or prospective claimant
  • an employee or representative of a third party or prospective third party
  • a witness, including expert witness
  • an external legal service provider, including but not limited to Counsel, Loss Adjusters, or Claims investigators
  • an employee or representative of an insurer or self-insured client
  • a representative of the Court Service
  • any other individual viably connected to a claim upon which we are instructed to act
  • any user of our website
  • our regulators

This policy does not apply to:

1. our employees, the ways in which we collect and use our employees personal data is governed by https://keoghs.co.uk/careers/responsible-business-approach
2. job applicants, the ways in which we collect and use their personal data is governed by https://keoghs.co.uk/careers/responsible-business-approach

3. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. We will collect, retain and utilise your data to provide you with the services you request and to operate our business in the way that you would anticipate, including through your use of our website.

Depending on your relationship with us, we may collect, use, store and transfer different kinds of personal data about you which we have grouped as follows (not an exhaustive list):

Contact Data     

name, address, email address, telephone number, date of birth

Technical Data

internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

Usage Data        

information about your use of our service, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); elements you viewed or words you searched for; page response times; download errors; length of visits; interaction information (such as scrolling, clicks, and mouse-overs).

Communications Data

emails, notes of conversations.

Certain categories of data are considered Special Category Data and are subject to additional safeguards. The categories of Special Category Data which we may process directly or indirectly relate to the following:

  • racial or ethnic origin
  • political opinion
  • religious or philosophical beliefs
  • trade union membership
  • criminal convictions
  • physical and mental health
  • sexual orientation

4. Where your personal data may come from

The personal data which we process will be collected from a number of sources including, but not limited to, the following:

  • our clients
  • claimants
  • insurers or their insureds
  • defendants
  • 3rd parties
  • third party data providers/search systems
  • witnesses
  • counsel
  • insurance industry databases
  • experts
  • other solicitors
  • law enforcement agencies
  • insurance companies
  • social media
  • loss adjusters and claims investigators
  • intermediaries (claims management suppliers etc.)
  • industry regulators, including but not limited to the SRA, FCA, PRA and ICO
  • fraud prevention agencies and organisations

5. How we might use your personal data & our legal basis for doing so

We will use your personal data only when legally permitted. We may use your data in a variety of ways that enables us to provide legal advice and/or to conduct legal proceedings on behalf of our clients and/or to assist in the prevention of fraud; where it is necessary for our legitimate interests (or those of our clients or a third party) and your interests and fundamental rights do not override those interests; or where we need to comply with a legal or regulatory obligation.

We have set out below, in a table format, a description of the ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Please note that we may process your personal data for more than one legal ground depending on the specific purpose for which we are using your data.

Purpose / Activity

Type of data

The lawful basis for processing

To provide legal services

Contact

Communications

Other identifiers

Location

Claims

Financial

1) Performance of a contract with you.

2) Necessary for our legitimate interests in the provision of legal services to our clients.

3) Necessary for the legitimate interests, of both our clients and us, in the detection and prevention of fraud.

4) Substantial public interest (Data Protection Act 2018 condition for insurance purposes).

To provide counter-fraud services

 Contact

Communications

Other identifiers

Location

Claims

Financial

1) Performance of a contract with you.

2) Necessary for our legitimate interests in the provision of legal services to our clients.

3) Necessary for the legitimate interests, of both our clients and us, in the detection and prevention of fraud.

4) Substantial public interest (Data Protection Act 2018 condition for insurance purposes).

To manage our relationship with you

 Contact

Communications

Other identifiers

Location

Claims

Financial

1) Performance of a contract with you.

2) Necessary for our legitimate interests in the provision of legal services to our clients.

3) Necessary for the legitimate interests, of both our clients and us, in the detection and prevention of fraud.

4) Necessary for our legitimate interests, to study how clients use our services, to grow our business and to inform our marketing strategy.

5) Substantial public interest (Data Protection Act 2018 condition for insurance purposes).

To use client insight and analytics to improve our services, customer relationships and experiences

Contact

Other

Communications

 

Necessary for the legitimate interests to define types of clients for our services, to develop our business.

Miscellaneous business purposes including but not limited to:

o   Recruitment

o   Employment

o   Marketing subsection

o   Website content and user management

Contact

Communications

Other identifiers

Location

Claims

Financial

Necessary for the legitimate interests to manage and develop our business.

To conduct processing necessary to comply with professional, legal and regulatory obligations to include, but not limited to The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

Contact

Communications

Other identifiers

Location

Claims

Financial

1) Performance of a contract with you.

2) Necessary for our legitimate interests in the provision of legal services to our clients.

3) Necessary for the legitimate interests, of both our clients and us, in the detection and prevention of fraud.

4) Substantial public interest (Data Protection Act 2018 condition for insurance purposes).

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

Contact

Technical

1) Necessary for our legitimate interests, to study how clients use our services, to grow our business and to inform our marketing strategy.

To use data analytics to improve our website, our services, marketing, customer relationships and experiences

Usage

Technical

1) Necessary for our legitimate interests, to define types of clients for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.

 

Where ‘legal services’ above includes (but not limited to) the following:

  • insurance based legal services
  • legal advice
  • claims handling services
  • advising on and negotiating legal contracts
  • training and legal updates
  • day to day operations of our business
  • managing court or legal proceedings including prospective legal proceedings
  • Engaging with law enforcement agencies and regulatory bodies

Again this list is not exhaustive and we may undertake additional processing of personal data in line with the purposes set out above. We will update this policy from time to time to reflect any notable changes to the purposes for which your personal data is processed.

When you submit an enquiry via our website, we ask you for standard Contact Data. We use this information to respond to your query, including providing you with any requested information about our services. We will do this based on our legitimate interest in providing accurate information as requested.

6. Our use of cookies

When you use our website to browse our services and view the information we make available, some cookies are used by third parties and by us to allow the website to function, to collect useful information about visitors and to help to make your user experience better.

Some of the cookies we use are strictly necessary for our website to function, and we do not ask for your consent to place these on your computer. However, for those cookies that are useful but not strictly necessary, we will always ask for your consent before placing them. See our Cookies Policy for more information on what a cookie is and how we use them on our website.

7. Sharing your personal data

We may share your personal information with other organisations whenever it is necessary to achieve the purposes as set out above, however, we require all third parties to respect the confidentiality and security of your data and to treat it in accordance with the data protection laws. We do not allow our third-party service providers to use your data for their own purposes and only permit them to process your personal data for specified purposes and by our instructions.

When providing our services to you or in your use of our website we may share your information with following:

  • our clients
  • insurers and their insureds
  • other solicitors
  • professional Indemnity and other relevant insurers
  • professional advisers
  • cost draftsmen
  • mediators
  • witnesses
  • Lexcel and other quality accreditation providers
  • document processors
  • printers
  • translation services
  • confidential waste disposal
  • IT systems or software providers
  • document archiving providers
  • IT support service providers
  • experts
  • fraud prevention agencies
  • government organisations
  • regulators (including SRA, FCA, ICO, PRA)
  • Legal Ombudsman or Financial Services Ombudsman
  • external legal service providers, including but not limited to Counsel, Loss Adjusters, or Claims investigators
  • regulators (ICO, SRA etc.)
  • website hosting and content management providers

8. Change of purpose

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent in compliance with the above rules, where this is required or permitted by law, for example for the purpose of the detection and prevention of crime.

9. If you fail to provide personal data

Where we need to collect personal data by law or under the terms of a contract for legal services we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel our contractual relationship with you, but we will notify you if this is the case at the time.

10. Automated decision making

We do not use the information you provide to make any automated decisions that might affect you.

11. International transfers

We do not knowingly transfer any personal data outside the European Economic Area (EEA).

12. Linking

We may link to other websites which are not within our control. Once you have left our website, we cannot be responsible for the protection and privacy of any information which you provide. You should exercise caution and look at the privacy statement applicable to the website in question.

13. Data security

We are committed to ensuring the security of the personal information provided to us and we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Also, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

If at any point you suspect or become aware of a security incident (i.e. your password is stolen, or you receive suspicious communication from someone holding themselves out to be a Keoghs employee or from a dupe website claiming to be affiliated with Keoghs), please let us know using the contact information provided below.

14. Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

15. Changes to the Privacy Policy and your duty to inform us of changes

This version of our policy was last updated on 25th January 2019

We may make changes to this policy from time to time. We may make changes as required to comply with changes in applicable law or regulatory requirement and we encourage you to review this policy periodically to be informed of how we use your personal information.

It is vital that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

16.Your rights over your information

By law, you can ask us what information we hold about you, request to have access to it, and you can ask us to correct it if it is inaccurate. In those cases where we process your information for contractual reasons, you can ask us to give you a copy of the information.

If you believe we are not using your information lawfully, you can ask us to stop using it for a period. In some circumstances, you may have the right to ask us to erase your personal data.

To submit a request by email, post or telephone, please use the contact information provided below.

17.Contacting us

We are required to have a Data Protection Officer, as mandated by Data Protection Legislation, and any enquiries about our use of your personal data should be addressed to the contact details below.

Phone:

01204 678660

Email:

Report@keoghs.co.uk

Address:

James Heath

QRC & Data Protection Officer

Keoghs Bolton (Headquarters)

2 The Parklands

Bolton

BL6 4SE

 


18.Your right to complain

If you have a complaint about our use of your information, we would prefer you to raise it with us in the first instance to give us the opportunity to put it right, but you can also contact the Information Commissioner’s Office as below:

 

Address:

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Website:

www.ico.org.uk/concerns