Revision Date: 11 June 2019
Controller & Processor
Our full details are as follows:
Full name of legal entity: Cordell & Cordell UK Ltd
Company Number: 09092113
Registered Office: 1st Floor Holborn Gate, 300 High Holborn, CW1V 7QT United Kingdom
Email address: Data_Security@cordelllaw.co.uk
Telephone Number: 0330 60 60 161
Solicitors Regulation Authority (SRA) Number: 619067
What we collect
We may collect, use, and store different kinds of Personal Data which are defined as the following:
- Identity Data (ID): Name and Title
- Contact Data: Postal Address, Email Address, Telephone Number
- Demographic Data: Postcode, Income, and Preferences
- Technical Data: IP address, browser type and version, time zone location settings, browser plug-in types and versions, operating system and platform and other technology on the device you use to access our website
- Marketing and Communications Data
- Usage Data: Information about how you use our website
- Personal and Financial Information: Related to your matter and managing your trust account, billing and collection fees earned
Failure to provide Personal Data
Upon retaining with us, you have instructed us to give you legal advice and/or representation. Our relationship is a contractual one, and it is a requirement that you agree to our terms of business. To perform this contract, it is unavoidable that this requires us to collect, process, and store personal information about you.
We have legal and regulatory duties to process certain Personal Data, including ID and other information we require to conduct due diligence on you and to further our representation of you in your legal matter.
We have a legitimate interest in contacting you in the future to provide you with relevant information and inquires related to our representation of you.
Your duty to inform us of changes
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
How is your Personal Data collected?
We use different methods to collect data from and about you including through:
- Direct Interactions: You, or your representative, may provide us Identity Data by filling in forms or corresponding with us or our third party data processors via post, phone, email or otherwise. This includes Personal Data you provide when you:
- Schedule an appointment with a solicitor;
- Subscribe to our publications;
- Request product/service support; or
- Give feedback.
- Public records
- Other parties you instruct us to contact or whom we contact to further our representation of you (e.g. doctors, employers, estate agents, accountants, business partners, courts, regulatory bodies and other advisors and specialist related to your matter, law enforcement agencies, drug testing agencies, genetic testing agencies, social services departments, housing authorities).
No formal relationship between solicitor and client is created until instructions have been accepted by a written acknowledgement from Cordell & Cordell UK Ltd. To avoid any doubt, neither the submission nor confirmation of submission of an online form constitutes such an acknowledgement. Please do not send any confidential information to us until such time as a solicitor-client relationship has been established, and the Hourly Fee Agreement signed.
How we use your Personal Data
We use the information you provide to us in the following ways:
- To identify you and provide you with the services you have requested;
- To provide you with information you have requested about the services we offer;
- To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and services you request from us;
- To notify you about changes to your services;
- To deal with your feedback, query or complaint;
We also use your information to administer, support, improve and develop our business generally and to enforce our legal rights.
Below, in a table format, the description of all the ways we may use your Personal Data, along with the legal bases for doing so, are outlined.
Type of Personal Data
Lawful basis for processing including basis of legitimate interest
To register you as a new client
Performance of a contract with you
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content
(e) Marketing and Communications
Necessary for our legitimate interests (to study how clients use our services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, customer relationships and experiences
Necessary for our legitimate interests to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To conduct the contractual matter, when retaining the services of a solicitor
(d) Personal and Financial Information
Necessary for our legitimate interests (for running our business), and performance of contract
Where we take your payment online, we use your personal information:
- Where this is necessary for the performance of a contract we have with you (for example to provide legal services to you) or that you have with a third party; and/or
- Where this is necessary to take steps at your request prior to entering into a contract.
If you choose not to provide personal information requested by us, we may not be able to provide you with the information and/or services you have requested, process your payment or otherwise fulfil the purpose(s) for which we have asked for the personal information.
Change of Purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
This website contains links to other websites not operated or controlled by us. If you use these links, you will leave our website. These links are provided for convenience only and do not constitute any endorsement by Cordell & Cordell UK Ltd. We do not have any control over the content of external internet sites which are linked to our site or which are linked from it, and cannot accept any responsibility for them.
Links are only permitted to the Home page of our website, unless otherwise expressly agreed. In order for any link to be permitted, it must be performed in accordance with English law and neither damage our reputation nor take advantage of it. No links are permitted which suggest any form of association, approval or endorsement on our part without prior consent. We reserve the right to withdraw linking permission without notice. If you have any questions about linking, please contact us at Data_Security@cordelllaw.co.uk.
Disclosures of your Personal Data
Any third party organisation that we work with, if they have access to your Personal Data, must be GDPR compliant in order to continue or establish a working relationship with us. We retain oversight of the work any of our third party vendors do as relates to your matter.
We may need to share your Personal Data with other professionals who we instruct on your behalf, who are vital to the matter of our client services, providers of services that are necessary to progress a matter and to perform our due diligence to you, and people with whom you ask us to share your Personal Data with.
We may also need to share your Personal Data with our regulators, insurers and law enforcement agencies upon request.
We may use external auditors to review our files for training, compliance and quality.
We have offices in Saint Louis Missouri, in the United States of America. Our Corporate Office, Cordell Practice Management Group LLC (CPMG), may store both physical and electronic Personal Data. We also use cloud services. With both CPMG and any cloud services that we utilize, we ensure that their data centres are either within the EEA or that there are lawful safeguards in place to protect your Personal Data to the same standard, as if it was held within the EEA.
Your data will be stored at our offices and on our IT equipment, or where your information is shared with a third party, at their premises or on their IT equipment.
As solicitors, we already work with committed attention to confidentiality while representing you. As such, on a day-to-day basis we keep your file and papers in our locked locations, or on our desks to which other clients do not have access. When not in the office, we ensure that any papers that may contain Personal Data are locked away and out of view. Our computers are accessed only via password, and are closed and locked when not in use.
If we discuss your matter with others in our office, we ensure we are doing so in a manner that cannot be overheard by third parties at any point. We limit our internal discussions about your matter to include only employees or third parties that are necessary to further our representation of you, to maintain your trust account and for billing, or to address a concern about the quality of the representation we provide.
We are required by our insurers and regulators to keep your file and Personal Data for minimum periods. We are not however permitted to keep your Personal Data indefinitely or for longer than is necessary.
Our retention policy is that the minimum periods we will keep files and other Personal Data relating to your matter is six years. We may keep your file for significantly longer than that if it is necessary and in our legitimate interests to do so.
We operate a regular process for archiving your hard file and your electronic file. We maintain only what is essential and required of us. Our files and other documents containing Personal Data are destroyed securely.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your Personal Data as listed below:
- Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it. This includes only the Personal Data housed within our applications and used during processing activities. You may not be entitled to the actual documents that contain your Personal Data.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it.
- Object to processing of your Personal Data where we are relying on a Legitimate Interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
- Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
Complaints and Enquiries
If you have a complaint or question about our use of your Personal Data, please contact us at Data_Security@cordelllaw.co.uk. If you are an existing client, please contact your Client Care Representative. We have processes in place to specifically address your questions and concerns about use of your Personal Data.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
You may also make complaints directly to the Information Commissioner’s Office:
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.