Your privacy is important to us, we respect your privacy and are committed to protecting your data. This Privacy Policy (“policy”) provides you with information as to how we use and treat your personal data when you utilise our website and/or when we provide you with legal services (“services”).
Keoghs LLP is a limited liability partnership registered in England and Wales, registration number OC321124 and is authorised and regulated by the SRA number 573546, we are subject to the Solicitors Code of Conduct and are registered with the Information Commissioner’s Office Data Protection Register under number Z6508550.
All services in Scotland are delivered under Keoghs Scotland LLP; a limited liability partnership registered in Scotland (registered number SO305857) which is authorised and regulated by the Law Society of Scotland and are registered with the ICO under registration ZA253630.
All services in Northern Ireland are delivered under Keoghs Northern Ireland LLP; a limited liability partnership registered in Northern Ireland (registered number NC001575) which is authorised and regulated by the Law Society of Northern Ireland and are registered with the ICO under registration ZA551920.
Wherever you see the words “Keoghs”, “we”, “us”, “our”, in the policy, these words refer to Keoghs LLP, Keoghs Scotland LLP and Keoghs Northern Ireland LLP.
Please take a moment to read and understand our policy carefully and if you have any questions please do not hesitate to contact us.
1. Purpose of our Privacy Policy
2. Scope of our Privacy Policy
3. The data we collect about you
4. Where your personal data may come from
5. How we might use your personal data & our legal basis for doing so
6. Our use of cookies
7. Sharing your personal data
8. Change of purpose
9. If you fail to provide personal data
10. Automated decision making
11. International transfers
12. Linking
13. Data security
14. Data retention
15. Changes to the Privacy Policy and your duty to inform us of changes
16. Your rights over your information
17. How to contact us
18. Your right to complain
1. Purpose of our Privacy Policy
This policy is intended to assist you in making informed decisions when using our website or services and to understand how we may process your personal information through your use of our website and as a result of our provision of services to third parties.
In collecting this information, we can operate in different capacities, as such we may act as data processors, data controllers or joint-controller. This policy sets out relevant information about how we may collect and use your personal data, about why and how we use the data we process, and about the rights you have over your data.
2. Scope of our Privacy Policy
This policy is intended to apply to any person whose personal data we collect such as (not an exhaustive list):
an indemnified policyholder
a policyholder for whom indemnity has been refused or reserved
an insured driver
an uninsured driver
an employee or representative of an insured or self-insured company
an employee or representative of a non-indemnified company
a claimant or prospective claimant
a third party or prospective third party
an employee or representative of a claimant or prospective claimant
an employee or representative of a third party or prospective third party
a witness, including expert witness
an external legal service provider, including but not limited to Counsel, Loss Adjusters, or Claims Investigators
an employee or representative of an insurer or self-insured client
a representative of the Court Service
any other individual viably connected to a claim upon which we are instructed to act
any user of our website
our regulators
This policy does not apply to:
1. our employees, the ways in which we collect and use our employees personal data is governed by https://keoghs.co.uk/careers/responsible-business-approach
2. job applicants, the ways in which we collect and use their personal data is governed by https://keoghs.co.uk/careers/responsible-business-approach
3. The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. We will collect, retain and utilise your data to provide you with the services you request and to operate our business in the way that you would anticipate, including through your use of our website.
Depending on your relationship with us, we may collect, use, store and transfer different kinds of personal data about you which we have grouped as follows (not an exhaustive list):
Contact Data
name, address, email address, telephone number, date of birth
Technical Data
internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Usage Data
information about your use of our service, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); elements you viewed or words you searched for; page response times; download errors; length of visits; interaction information (such as scrolling, clicks, and mouse-overs).
Communications Data
emails, notes of conversations.
Certain categories of data are considered Special Category Data and are subject to additional safeguards. The categories of Special Category Data which we may process directly or indirectly relate to the following:
racial or ethnic origin
political opinion
religious or philosophical beliefs
trade union membership
criminal convictions
physical and mental health
sexual orientation
4. Where your personal data may come from
The personal data which we process will be collected from a number of sources including, but not limited to, the following:
our clients
claimants
insurers or their insureds
defendants
3rd parties
third party data providers/search systems
witnesses
counsel
insurance industry databases
experts
other solicitors
law enforcement agencies
insurance companies
social media
loss adjusters and claims investigators
intermediaries (claims management suppliers etc.)
industry regulators, including but not limited to the SRA, FCA, PRA and ICO
fraud prevention agencies and organisations
5. How we might use your personal data & our legal basis for doing so
We will use your personal data only when legally permitted. We may use your data in a variety of ways that enables us to provide legal advice and/or to conduct legal proceedings on behalf of our clients and/or to assist in the prevention of fraud; where it is necessary for our legitimate interests (or those of our clients or a third party) and your interests and fundamental rights do not override those interests; or where we need to comply with a legal or regulatory obligation.
We have set out below, in a table format, a description of the ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Please note that we may process your personal data for more than one legal ground depending on the specific purpose for which we are using your data.
Purpose / Activity
Type of data
The lawful basis for processing
To provide legal services
Contact
Communications
Other identifiers
Location
Claims
Financial
1) Performance of a contract with you.
2) Necessary for our legitimate interests in the provision of legal services to our clients.
3) Necessary for the legitimate interests, of both our clients and us, in the detection and prevention of fraud.
4) Substantial public interest (Data Protection Act 2018 condition for insurance purposes).
To provide counter-fraud services
Contact
Communications
Other identifiers
Location
Claims
Financial
1) Performance of a contract with you.
2) Necessary for our legitimate interests in the provision of legal services to our clients.
3) Necessary for the legitimate interests, of both our clients and us, in the detection and prevention of fraud.
4) Substantial public interest (Data Protection Act 2018 condition for insurance purposes).
To manage our relationship with you
Contact
Communications
Other identifiers
Location
Claims
Financial
1) Performance of a contract with you.
2) Necessary for our legitimate interests in the provision of legal services to our clients.
3) Necessary for the legitimate interests, of both our clients and us, in the detection and prevention of fraud.
4) Necessary for our legitimate interests, to study how clients use our services, to grow our business and to inform our marketing strategy.
5) Substantial public interest (Data Protection Act 2018 condition for insurance purposes).
To use client insight and analytics to improve our services, customer relationships and experiences
Contact
Other
Communications
Necessary for the legitimate interests to define types of clients for our services, to develop our business.
Miscellaneous business purposes including but not limited to:
o Recruitment
o Employment
o Marketing subsection
o Website content and user management
Contact
Communications
Other identifiers
Location
Claims
Financial
Necessary for the legitimate interests to manage and develop our business.
To conduct processing necessary to comply with professional, legal and regulatory obligations to include, but not limited to The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
Contact
Communications
Other identifiers
Location
Claims
Financial
1) Performance of a contract with you.
2) Necessary for our legitimate interests in the provision of legal services to our clients.
3) Necessary for the legitimate interests, of both our clients and us, in the detection and prevention of fraud.
4) Substantial public interest (Data Protection Act 2018 condition for insurance purposes).
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
Contact
Technical
1) Necessary for our legitimate interests, to study how clients use our services, to grow our business and to inform our marketing strategy.
To use data analytics to improve our website, our services, marketing, customer relationships and experiences
Usage
Technical
1) Necessary for our legitimate interests, to define types of clients for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy.
Where ‘legal services’ above includes (but not limited to) the following:
insurance based legal services
legal advice
claims handling services
advising on and negotiating legal contracts
training and legal updates
day to day operations of our business
managing court or legal proceedings including prospective legal proceedings
Engaging with law enforcement agencies and regulatory bodies
Again this list is not exhaustive and we may undertake additional processing of personal data in line with the purposes set out above. We will update this policy from time to time to reflect any notable changes to the purposes for which your personal data is processed.
When you submit an enquiry via our website, we ask you for standard Contact Data. We use this information to respond to your query, including providing you with any requested information about our services. We will do this based on our legitimate interest in providing accurate information as requested.
6. Our use of cookies
When you use our website to browse our services and view the information we make available, some cookies are used by third parties and by us to allow the website to function, to collect useful information about visitors and to help to make your user experience better.
Some of the cookies we use are strictly necessary for our website to function, and we do not ask for your consent to place these on your computer. However, for those cookies that are useful but not strictly necessary, we will always ask for your consent before placing them. See our Cookies Policy for more information on what a cookie is and how we use them on our website.
7. Sharing your personal data
We may share your personal information with other organisations whenever it is necessary to achieve the purposes as set out above, however, we require all third parties to respect the confidentiality and security of your data and to treat it in accordance with the data protection laws. We do not allow our third-party service providers to use your data for their own purposes and only permit them to process your personal data for specified purposes and by our instructions.
When providing our services to you or in your use of our website we may share your information with following:
our clients
insurers and their insureds
other solicitors
professional Indemnity and other relevant insurers
professional advisers
cost draftsmen
mediators
witnesses
Lexcel and other quality accreditation providers
document processors
printers
translation services
confidential waste disposal
IT systems or software providers
document archiving providers
IT support service providers
experts
fraud prevention agencies
government organisations
regulators (including SRA, FCA, ICO, PRA)
Legal Ombudsman or Financial Services Ombudsman
external legal service providers, including but not limited to Counsel, Loss Adjusters, or Claims investigators
regulators (ICO, SRA etc.)
website hosting and content management providers
8. Change of purpose
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent in compliance with the above rules, where this is required or permitted by law, for example for the purpose of the detection and prevention of crime.
9. If you fail to provide personal data
Where we need to collect personal data by law or under the terms of a contract for legal services we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel our contractual relationship with you, but we will notify you if this is the case at the time.
10. Automated decision making
We do not use the information you provide to make any automated decisions that might affect you.
11. International transfers
We do not knowingly transfer any personal data outside the European Economic Area (EEA).
12. Linking
We may link to other websites which are not within our control. Once you have left our website, we cannot be responsible for the protection and privacy of any information which you provide. You should exercise caution and look at the privacy statement applicable to the website in question.
13. Data security
We are committed to ensuring the security of the personal information provided to us and we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Also, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
If at any point you suspect or become aware of a security incident (i.e. your password is stolen, or you receive suspicious communication from someone holding themselves out to be a Keoghs employee or from a dupe website claiming to be affiliated with Keoghs), please let us know using the contact information provided below.
14. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
15. Changes to the Privacy Policy and your duty to inform us of changes
This version of our policy was last updated on 25th January 2019.
We may make changes to this policy from time to time. We may make changes as required to comply with changes in applicable law or regulatory requirement and we encourage you to review this policy periodically to be informed of how we use your personal information.
It is vital that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
16.Your rights over your information
By law, you can ask us what information we hold about you, request to have access to it, and you can ask us to correct it if it is inaccurate. In those cases where we process your information for contractual reasons, you can ask us to give you a copy of the information.
If you believe we are not using your information lawfully, you can ask us to stop using it for a period. In some circumstances, you may have the right to ask us to erase your personal data.
To submit a request by email, post or telephone, please use the contact information provided below.
17. Contacting us
We are required to have a Data Protection Officer, as mandated by Data Protection Legislation, and any enquiries about our use of your personal data should be addressed to the contact details below.
DPO: James Heath
Email: report@keoghs.co.uk
Address:
Keoghs LLP
2 The Parklands
Bolton
BL6 4SE
18.Your right to complain
If you have a complaint about our use of your information, we would prefer you to raise it with us in the first instance to give us the opportunity to put it right, but you can also contact the Information Commissioner’s Office as below:
Address:
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website:
www.ico.org.uk/concerns