Suppliers (including Lawshare)

We collect and process personal information about third parties who supply services to JMW or its clients. This section also applies to members of our Lawshare network and our selected Lawsave partners.

The personal information collected is usually basic contact information relating to the individual(s) we deal with at the particular supplier and includes name, supplier’s business name, phone number(s), email, payment details and other business contact details.

We use any personal information primarily to contact the supplier – on behalf of JMW or its clients – in order to manage the relationship and ensure that the services are delivered under the supply contract.

We will usually collect the information directly from the supplier, but sometimes we may find the information online or from a third party who recommends the supplier to us.

The legal basis for processing personal information about suppliers is that it is necessary to protect our legitimate business interests and, in some cases, to comply with our legal and regulatory obligations.


We manage a database of contacts using a customer relationship management (CRM) system. Each record on the CRM system contains the individual’s name, business (if applicable) and contact details.

Personal information is processed through the CRM system for our legitimate business interests. Our primary aim is to stay in touch with our contacts and keep them updated with news and details of upcoming events. Information is processed according to the contact’s preferences and contacts may at any time opt-out of future communications. Contacts’ records are never shared with third parties unless permitted by law and the records are retained for no longer than necessary.

Visitors to our offices

Various security measures are in place at our offices:

  • Visitor records – all visitors to our offices are required to sign in and out. Basic information such as the visitor’s name and business is recorded. The sign-in sheets are locked away and destroyed after a short period of time. These records are only accessed if we need to investigate an incident.
  • CCTV – our head office (1 Byrom Place) has various CCTV cameras installed. The images are securely stored and the data is overwritten after a number of weeks. These records are only accessed if we need to investigate an incident and may be disclosed to the authorities.

    We consider CCTV necessary for the safety of our staff and visitors, as well as the detection and prevention of crime.
  • WIFI – guest WIFI is available for visitors to our head office (1 Byrom Place). In order to monitor traffic and detect intrusion attempts, we collect information about the devices used to connect to our guest WIFI networks. No personal information is collected and the records are deleted after a short period of time.

Individuals who contact us

Where individuals contact us for information, we collect basic information such as name, contact details and the nature of their enquiry. Information will normally be used only for the purposes of responding to the enquiry. Inbound telephone calls to certain departments are recorded and a sample of the calls are monitored for compliance and quality purposes. The recordings are stored for a short period of time and the retention periods for other enquiries vary depending on the nature but they will be kept for no longer than necessary.

Other individuals

In the course of delivering legal services to our clients, or otherwise operating our business, we collect information relating to individuals who do not fall into any of the categories listed above. The information collected depends on which area of our business is responsible for the processing, but it includes:

  • your name and contact information, including address, email address and telephone number(s);
  • Information to enable us to check and verify your identity, e.g. your date of birth, as well as identity documents such as passports which may contain biometric data or data revealing racial or ethnic origin;
  • your gender information;
  • your billing information, transaction and payment card information;
  • information about your business(es) or employment;
  • details of your assets and financial position.

Such processing is necessary in order to protect our legitimate business interests, deliver a proper standard of service to our clients and to comply with our legal and regulatory obligations.

Sometimes we share information with selected third parties if necessary to comply with our legal and regulatory obligations. For instance, we may as part of customer due diligence and fraud prevention measures carry out identity or screening checks in respect of third parties and require information regarding their financial circumstances.

In the vast majority of cases such information will be collected as part of a client matter and the information will therefore be held in accordance with the retention period that applies to that area of law. We will also, where practical, make efforts to redact and anonymise data where it is not necessary for individuals to be identified as part of any processing activities.

Use of your information

We use information held about you in the following ways:

  • to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and services that you request from us;
  • to provide you with information about other services we offer that are similar to those that you have already purchased or enquired about;
  • to notify you about changes to our service;
  • to ensure that content from our Website is presented in the most effective manner for you and for your device;
  • to administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to allow you to participate in interactive features of our service, when you choose to do so:
    • as part of our efforts to keep our Website safe and secure;
    • to analyse information/data and assist us in the improvement and optimisation of our Website; and
    • to make suggestions and recommendations to you and other users of our Website about services that may interest you or them.

Where your personal information is held

Information may be held at our offices, or on backup servers maintained by our IT consultants. Alternatively, it may be held by any of the third parties listed above.

Some of these third parties may be based outside the European Economic Area (EEA). Territories outside the EEA countries generally do not have the same data protection laws as the UK and EEA. We will, however, take reasonable steps to ensure the transfer complies with data protection law and all personal information will be secure.

Keeping your personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit Get Safe Online is supported by HM Government and leading businesses.

Your rights

You have the following rights, which you can exercise free of charge:



The right to be provided with a copy of your personal information (the right of access)


The right to require us to correct any mistakes in your personal information

To be forgotten

The right to require us to delete your personal information—in certain situations

Restriction of processing

The right to require us to restrict processing of your personal information—in certain circumstances, e.g. if you contest the accuracy of the data

Data portability

The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

To object

The right to object:

—at any time to your personal information being processed for direct marketing (including profiling);

—in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.


If you would like to exercise any of those rights, please send an e-mail to

Please note that before discussing any request we may require you to provide information in order to verify your identity.

How to complain

We always aim to resolve any query or concern you may raise about our use of your information. Please send details of any concerns to

The DPA also gives you right to lodge a complaint with the data protection regulator, the ICO. For more information, please visit or telephone: 0303 123 1113.

Changes to this privacy notice

This privacy notice is kept under regular review to ensure it is meaningful and accurate. It was last updated in June 2018.

How to contact us

Please contact us if you have any questions about this privacy notice or the information we hold about you. You can write to our Head of Compliance at our head office or send an email to

Do you need extra help?

If you would like this notice in another format (for example: audio, large print, braille) please contact us using one of the methods above.