1. This Privacy Policy

This Privacy Policy (“Privacy Policy”) explains our approach to any personal data that we collect from you or from third parties and the purposes for which we process that data.  The Privacy Policy sets out how we process your personal data.

We set out how you can request that we delete, update, transfer and/or provide you with access to your personal data.

2.  Who we are and what we do

CSK Legal is the trading name for CSK Legal Limited.  We are based at 38A George Street, Birmingham, B3 1QA.  We can be contacted at office@csklegal.co.uk for any issues concerning the processing of personal data or any of the rights identified in this Privacy Policy.

We are a legal practice that is regulated by the Solicitors Regulation Authority.  We provide legal services to clients in a range of areas.

We are a data controller that is responsible for personal data collected by us through this site and when we are engaged in the instruction of legal services on your behalf.

3.  The personal data that we collect

We collect personal data in the performance of our services in order to enable us to carry out our client’s instructions.  This data may be collected from (a) our clients (b) relatives, associates or those employees or staff of the client, (c) other third parties, such as other legal practices, professionals, public bodies, corporate entities and individuals (e.g. barristers, solicitors, accountants).  The types of reason that we collect such data are as follows:

• to perform our retainers with our clients;
• to address queries from prospective clients;
• to verify the identify of our clients (for example, to satisfy legal customer due diligence requirements);
• to protect the rights of our clients, their and our property and their commercial and personal interests;
• for the purposes of assisting in the recruitment of staff;
• for the establishment, exercise, or defence of legal claims;
• to enforce our agreements with you or those of our clients; and
• as otherwise permitted by law.

There are many types of personal data that we process, when performing our retainers or otherwise provide our services.  This would include the following:

• names and addresses;
• date of birth and ages;
• details of results of Anti-Money Laundering searches (e.g. CCJ details, bankruptcy searches, driving license details, passports and other forms of official identification);
• information provided as part of discharging our services; and
• details of third parties, such as opposing parties to disputes and contracting parties and staff members in commercial transactions.

Some of the data we collect may come from public sources, such as Companies House, the electoral roll, websites, social media sites and so on.

We do not collect personal data with a view to providing marketing.  We do not sell or transfer your data for marketing purposes.

Where you use our website, we collect certain data such as the following: (a) name and address, when you submit enquiries to us (b) Google Analytics tracking (c) email addresses and contents where you email us.

Where you speak to us by telephone, we may monitor or record some telephone calls.  We do this to monitor compliance with our policies, to provide evidence of regulatory compliance and of business transactions and to ensure that our quality standards are being met.

4.  The legal basis for data processing

We process your personal data on the following legal grounds the following purposes:

• to perform our agreements with you if you are our client;
• if there is a legitimate basis for doing so (e.g. to protect the rights and freedoms of our clients, and third parties in whose behalf we act and may have an interest); and
• with your consent.

5.  Sharing your personal data

As a legal practice, we adhere to strict terms in relation to the sharing of personal data, especially that of a confidential nature.

We may share your personal data with the following kinds of third party (these are examples to enable you to understand the broad basis of the data we process and share with others):

• with other professionals, in the discharge of the performance of our retainers with our clients, such as with barristers, other solicitors, accountants, and experts in their specialist fields;
• lay individuals, where appropriate, for the purposes of such things as preparing witness evidence, arranging meetings, and generally performing our client’s retainers;
• Google analytics, to enable us to monitor the use of our website, including, for example, the source of traffic to it;
• our regulatory body, the Solicitors Regulation Authority (where necessary) for the purposes of ensuring that we adhere to our regulatory obligations; and
• couriers, process servers, costs draughtsmen, mediators, the court and opposing parties and agents in the performance of retainers with our clients.

On occasion, we may transfer your data out of the jurisdiction of England to third party countries.  Where we do this, we will always ensure that adequate safeguards are in place to ensure that the required standards set out in the GDPR are adhered to.

6.  Data security

As a legal practice, we have always taken the security of your personal data seriously.  Whilst we can never guarantee the security of your personal data, we have strict measures in place to minimise the risk of it being misused and to ensure that any confidentiality is maintained at all times.

We have information security policies in place that set out procedures for the use of our systems and to ensure the integrity and security of any personal data that we hold.

7.  Accessing your personal data and your rights

For those whose personal data we hold and process, there are a number of rights afforded by law to you.  These include the following rights:

• to access their own personal data;
• to correct any inaccurate personal data;
• to erase data personal data;
• to restrict data processing under certain circumstances;
• to port data to others under certain circumstances;
• Not to be subjected to automated decision making; and
• to be notified of a data security breach.

In addition, you have the right to make a complaint to the supervisory authority about the way in which we process your data or address the exercise of any of your legal rights or in relation to any other rights you may have under law concerning these issues.  The supervisory authority is the  Information Commissioners Office, whose website can be found here:  https://ico.org.uk.

We may decline to act on certain requests if we have a legal right to do so.

8.  Reviewing this policy

We shall, from time to time, update this Privacy Policy and you should check it regularly to make sure that you are familiar with the basis upon which we collect and process your personal data.