top of page

PRIVACY POLICY

CSJ Legal is the data controller of personal data obtained via our website (csjlegal.co.uk), meaning we are the organisation that is legally responsible for deciding how and for what purposes it is used.

​

We are committed to using best practice and being open and transparent with how we collect, use and protect your personal data. 

 

Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your personal data) in connection with your use of our website. It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.

​

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR).

​

Given the nature of our website, we do not expect to collect the personal data of anyone under 13 years of age. If you are aware that any personal data of anyone under 13 years of age has been shared with our website please let us know so that we can delete that data.

​

This privacy and cookie policy:

​

  • provides you with details about the personal data that we collect from you when you use our website

  • explains how and why we collect and use your personal data

  • explains when and why we share personal data with other organisations

  • explains how long we hold your personal information 

  • explains the rights and choices you have when it comes to your personal data

 

This Policy applies to you if you use our website, if you contact us or we contact you or if you use our services.  

 

Our website contains links to other websites operated by other organisations.  These organisations may have their own privacy and cookie policies and we do not accept responsibility or liability for these websites or online applications.

​

What this policy applies to

 

This privacy policy relates to your use of our website.

 

When you contact us to make an enquiry, whether through our website, by telephone or in writing, we will store the information you provide us and the outcome of your enquiry for the following purposes:

​

  • To be able to respond to your enquiry;

  • To comply with regulatory requirements in relation to prospective clients.

 

When using the Contact Form on our website, no information will be stored on the website and your IP address will not be stored. The information will be stored on our cloud based secure case management system.

 

We will store this information on our system for one year, following which it will be destroyed. If you would like further information about this please contact us.

 

Our Clients  

​

If you are a client, we store and use the information you provide primarily for the provision of legal services to you and in order to comply with our contractual obligations as set out in our Retainer Letter. This will include using your data for related purposes including:

  • addressing correspondence and related documents to other parties and opponents in any litigation, as well as other agencies such as the courts or Government agencies where relevant to the work we are doing for you

  • maintaining the financial and other personal information we are required to keep on clients under the professional rules we are subject to and by law including our obligations to HMRC.

 

Our use of that information is subject to your instructions, the EU General Data Protection Regulation 2018 and our professional duty of confidentiality.

 

Our work for you may require us to give information to third parties such as expert witnesses, other professional advisers such as accountants and costs draftsman, consultants, our regulators and our bank if they wish to ascertain the source of monies held in our client account.

 

The primary legal bases which are relevant to the work we undertake for you are in order that we can satisfactorily perform the contract we have with you and also so that we can protect the interests of our professional indemnity insurers through maintaining suitable records. We are required by law to retain certain data including identity and address details in order that we can comply with the Government’s anti-money laundering controls.

 

Your personal data will be stored using a cloud-based case management software called LEAP. You should be aware that LEAP’s infrastructure is maintained by cloud-platform provider Amazon Web Services (AWS) and your data may be held outside of the UK and EU. LEAP uses multiple layers of security controls (software, physical and process based) to protect our client data. Further information about LEAP’s security and agreement with AWS is available on request.

 

Throughout our website we may link to other websites owned and operated by certain trusted third parties to make additional information products and services available to you. Those other third party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third party websites, please consult their privacy policies as appropriate.

​

Personal data we collect about you

​

The personal data we collect about you depends on the particular activities carried out through our website. We will collect and use the following personal data about you:

​

When you use our websites you may provide us with:

​

  • Your personal details, including your postal and billing addresses, email addresses, phone numbers and date of birth and title

 

Where this is the case, the legal basis for our processing your information is the performance of a contract with you in answering your queries, delivering the service or process your order.

 

When you interact with us online or browse our website we may collect:

​

  • Information about your online browsing behaviour on our website and information about when you click on one of our adverts (including those shown on other organisations’ websites)

  • Information about devices you have used to access our website or services (including the make, model and operating system, IP address, browser type and mobile device identifiers)

 

Where this is the case, the legal basis for our processing of your information is our legitimate interest in improving our services, the performance of our website, growing our business and informing our marketing strategy.

​

When you contact us or we contact you or you take part in online or social media promotions, competitions, surveys or questionnaires about our services, we may collect:

​

  • Personal data you provide about yourself anytime you contact us about our Services (for example, your name, username and contact details), including by phone, email or post or when you speak with us through social media

  • Details of the emails and other digital communications we send to you that you open, including any links in them that you click on

  • Your feedback and contributions to customer surveys and questionnaires

  • ​

Where this is the case, the legal basis for processing your data is performance of a contract with you and our legitimate interest to improve our services and the performance of our website, grow our business and inform our marketing strategy.

.

How and why your personal data is collected

​

We collect personal data from you:

​

  • directly, when you enter or send us information, such as when you register with us, contact us (including via email), send us feedback, purchase products or services via our website, post material to our website and complete customer surveys or participate in competitions via our website, and

  • indirectly, such as your browsing activity while on our website; we will usually collect information indirectly using the technologies explain in the section on ‘Cookies and other tracking technologies’ below.

 

We also collect personal data about you from other sources as emails or phone calls.

 

How and why we use your personal data

​

Under data protection law, we can only use your personal data if we have a proper reason, eg:

  • where you have given consent

  • to comply with our legal and regulatory obligations

  • for the performance of a contract with you or to take steps at your request before entering into a contract, or

  • for our legitimate interests or those of a third party

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see ‘How to contact us’ below).

​

To deliver our services to you

​

To manage any accounts you hold with us including your login details, account history or information you send to us through our website, contact forms (including enquiry forms, job opportunities, contact forms or registration forms)

​

To process enquries, services, order and refunds

​

We need to process your personal data so that we can manage your customer accounts, provide you with the services you require and help you with any enquiries, orders and refunds you may ask for.

​

To deliver and improve our website, communications, systems and processes

​

  • To deliver and improve our website

We use cookies and similar technologies on our Websites and online applications to improve your customer experience. For more information see the cookies and similar technologies section.

  • To develop and improve our services, website and the way we communicate with you

  • To detect and prevent fraud and cyber crime

In order to provide as safe a service as possible we monitor how our websites and online applications are used to detect and prevent fraud, other crimes and the misuse of services.

​

To provide you with relevant marketing communications relation to our products and services and those of our partners

 

We may send you relevant updates and offers about our products and services by email or direct mail but only if you have previously agreed to receive this type of communication from us. 

Our email marketing provider may transfer data outside of the EEA and when doing so they ensure that they have adequate levels of protection in place to comply with data protection requirements.  

You may see online adverts in social media channels or through customised online marketing as a result of showing interest in our products and services.  See the Cookie Policy section for more information.

Online advertising may be displayed on our websites and on other organisations’ websites and online media channels. We may measure how well our marketing communications perform in order to ensure we send you relevant information.  

We will ask you to provide us with your preferences to help us send you information that relates to your interests.

You can update your preferences or unsubscribe from email and direct mail updates via links in emails we send you or by contacting us and requesting that your preferences are changed.

​

To contact and interact with you

​

  • To contact you about our Services, by phone, email or post or by responding to social media posts that you have directed at us.

  • To manage promotions and competitions you take part in, including those we run with our partners.

  • To invite you to take part in and manage customer surveys, questionnaires and other types of feedback

 

Where we process such special category personal data, we will also ensure we are permitted to do so under data protection laws.

​

Who we share your personal data with

​

We routinely share personal data with:

  • third parties we use to help deliver our products and services to you, eg. payment service providers and delivery companies

  • other third parties we use to help us run our business, eg. marketing agencies or website hosts and website analytics providers

  • our bank

  • the court and Tribunal service

  • addressing correspondence and related documents to other parties and opponents in any litigation,

  • Government agencies where relevant to the work we are doing for you

  • maintaining the financial and other personal information we are required to keep on clients under the professional rules we are subject to and by law including our obligations to HMRC.

  • Your personal data will be stored using a cloud-based case management software called LEAP. You should be aware that LEAP’s infrastructure is maintained by cloud-platform provider Amazon Web Services (AWS) and your data may be held outside of the UK and EU. LEAP uses multiple layers of security controls (software, physical and process based) to protect our client data. Further information about LEAP’s security and agreement with AWS is available on request.

  • expert witnesses, other professional advisers such as accountants and costs draftsman, consultants, our regulators and our bank if they wish to ascertain the source of monies held in our client account.

  • The primary legal bases which are relevant to the work we undertake for you are in order that we can satisfactorily perform the contract we have with you and also so that we can protect the interests of our professional indemnity insurers through maintaining suitable records. We are required by law to retain certain data including identity and address details in order that we can comply with the Government’s anti-money laundering controls.

​

Whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us.

​

Sharing personal data with our suppliers

​

In order to deliver our services to you we work with carefully selected suppliers e.g. online marketing providers, technology and software providers and payment processors. 

When we share personal data our suppliers we require them to keep it safe, and they must not use your personal data for their own marketing purposes.

In some instances this may include working with online marketing providers who place advertising for our services or products on social media channels and other websites and online platforms.

​

Sharing date with any organisations other than our partners or suppliers

​

We do not share your data with any organisations other than our partners or suppliers unless:

  • We are legally required to do so 

  • We are required to do so in order to protect ourselves against fraud

  • We sell our business or any part of our business to another company or organisation who then have the right to use your information in the same way as we have outlined in this privacy policy 

​

How do we protect your personal data?

​

We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.  We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.

​

  • We use safeguards such as data encryption when we transfer your data through our website and online applications 

  • We may occasionally ask for proof of identity before we share your personal data with you.

  • We require our suppliers to uphold data protection regulations and have appropriate systems and practices in place to safeguard your information.

​

We or the third parties mentioned above may occasionally also need to share personal data with:

​

  • external auditors, eg. in relation to the audit of our accounts, in which case the recipient of the information will be bound by confidentiality obligations

  • professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations

  • law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations

  • other parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations

​

If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).

We will not share your personal data with any other third party.

​

How long your personal data will be kept

​

We will not keep your personal data for longer than we need it for the purpose for which it is used. For example, as long as you remain an active client of the firm.

​

The length of time we keep your information will depend on what type of information you have provided and for what purpose. 

 

Once your information is no longer required (see below for specific details) we will either delete or anonymise your information (remove all personal identifiable information keeping only information needed for statistical purposes).  If it is not possible to delete your data (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

​

Enquiries and form submissions through our website:

​

If you have made an enquiry, sent us your information or applied for a vacancy through our website we will keep your information on our website server for up to 12 months after which it will be deleted (unless you become a client in which case our client care letter will set out how we store your data). 

​

Cookies and other tracking technologies

​

A cookie is a small text file which is placed onto your device (eg. computer, smartphone or other electronic device) when you use our website. We use cookies and on our website. These details improve our website and online applications and help us recognise you and your device and store some information about your preferences or past actions.

​

For further information on cookies and similar technologies, how to manage them, reject them or delete them visit the All About Cookies website.

​

Your rights

 

You generally have the following rights, which you can usually exercise free of charge:

​

  • Access to a copy of your personal data: The right to be provided with a copy of your personal data

  • Correction (also known as rectification): The right to require us to correct any mistakes in your personal data

  • Erasure (also known as the right to be forgotten): The right to require us to delete your personal data—in certain situations

  • Restriction of use: The right to require us to restrict use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data

  • Data portability: The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

  • To object to use: The right to object:

    • at any time to your personal data being used for direct marketing (including profiling)

    • in certain other situations to our continued use of your personal data, e.g. where we use your personal data for our legitimate interests.

  • Not to be subject to decisions without human involvement:

    • The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

    • We do not make any such decisions based on data collected by our website.

​

You also have a right of access under data protection legislation to the personal data that we hold about you. If you would like to make a request to know about the personal data we hold on you please let us know, preferably in writing and addressed to Catherine Jackson, Principal Solicitor by email catherine@csjlegal.co.uk or by post.

​

If you are unhappy about the way we are managing your data you have a right to object to the Information Commissioner at Information Commissioner’s Office. Please also see your rights to complain as explained in our Complaints Policy.

​

Keeping your personal data secure

​

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

​

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

​

Changes to this privacy policy

​

We may change this privacy policy from time to time—when we make significant changes we will take steps to inform you, for example via by including a prominent link to a description of those changes on our website for a reasonable period or by other means, such as email.

bottom of page