Privacy notice
Introduction
JMW is committed to protecting the privacy and security of your personal information.
This privacy notice describes how and why we collect and use personal information about individuals within the following categories:
- Clients
- Individuals applying for a career at JMW
- Website visitors
- Suppliers
- Contacts
- Office visitors
- Individuals who contact us
- Other individuals
If you are a current or former employee, consultant, worker or contractor, we may hold further personal information about you. For more information, please refer to the privacy notice for employees, accessible via JMW Intranet, or contact dataprotection@jmw.co.uk.
Sometimes we receive personal information directly from individuals but sometimes we receive it via third parties.
The purpose of this privacy notice is to explain:
- How and why we collect and use your information;
- where we obtained your information;
- how you can tell us if you prefer to limit the use of that information; and
- the procedures that we have in place to safeguard your privacy.
Some of the information we collect may include your “personal data”. Personal data includes your contact details. In this privacy notice, and for the purposes of the Data Protection Act 2018 (‘DPA’) and the UK GDPR, the data controller is JMW Solicitors LLP of 1 Byrom Place, Spinningfields, Manchester M3 3HG (“JMW”, “we” or “us”).
JMW is a limited liability partnership registered in England and Wales under registration number OC338958. It is authorised and regulated (under SRA number 508380) by the Solicitors Regulation Authority. It has notified the Information Commissioner’s Office (ICO) that it processes personal data (under number Z5673466).
Clients
Legal basis for processing: necessary for the performance of a contract; consent; legitimate interests.
This section should be read in conjunction with the client care letter and terms of business, provided to you at the outset.
We may collect and use the following personal information about you:
- your name and contact information, including address, email address and telephone number(s);
- Information to enable us to check and verify your identity, e.g. your date of birth, as well as identity documents such as passports which may contain biometric data or data revealing racial or ethnic origin;
- your gender information;
- your billing information, transaction and payment card information;
- information about your business(es);
- details of your assets and financial position.
This personal information is required to provide legal services to you. If you do not provide personal information we ask for, it may delay or prevent us from providing legal services to you.
We collect most of this personal information directly from you – in person, by telephone, text or email and/or via our website and any apps. However, we may also collect information from:
- publicly accessible sources, e.g. Companies House or HM Land Registry;
- a third party directly, e.g. a business such as an estate agency or claims management company that has introduced you to JMW;
- sanctions screening providers;
- customer due diligence providers;
- a third party with your consent, e.g. your bank or building society.
- We use the information you provide primarily for the provision of legal services to you, but also for the following reasons:
- compliance with our legal and regulatory obligations;
- fraud prevention;
- updating and enhancing client records;
- analysis to help us manage our practice;
- statutory returns;
- preventing unauthorised access and modifications to systems;
- external audits and quality checks, e.g. for Lexcel, Conveyancing Quality Scheme or Investors in People accreditation and the audit of our accounts.
You acknowledge that we will undertake a search with a credit reference agency for the purposes of verifying your identity. To do so, the credit reference agency may check the details we supply against any particulars on any database (public or otherwise) to which the credit reference agency has access. The credit reference agency may also use your details in the future to assist other companies for verification purposes, assessing the risk of giving credit and occasionally to prevent fraud, money laundering and to trace debtors. A record of the search will be retained.
A copy of the Credit Reference Agency Information Notice is available on request, which explains how credit reference agencies process your personal data.
Where it is practical, we will anonymise your personal information.
Where we have your consent, we may send you marketing material by e-mail.
We routinely share personal information with:
- third parties we use to help deliver our legal services to you, e.g. payment service providers, IT infrastructure providers, barristers, experts and delivery companies;
- other third parties we use to help us run our business, e.g. marketing agencies or website hosts;
- due diligence providers;
- our insurers and brokers;
- our bank[s];
- where necessary, companies within the JMW group.
We allow our service providers to handle your personal information only if we are satisfied that they take appropriate measures to protect your personal information.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
We will keep your personal information while we are providing legal services to you. Thereafter, we will keep your personal information for as long as is necessary to:
- respond to any questions, complaints or claims made by you or on your behalf;
- show that we treated you fairly;
- keep records required by law.
We will not retain your personal information for longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of personal information. Further details on this aspect are available on request.
Individuals applying for a career at JMW
Legal basis for processing: necessary for the performance of a contract; consent; legitimate interests; legal obligation.
As part of our recruitment processes, we collect information relating to candidates. Most information is collected from candidates directly, through their CV and other information included in any application. We may also receive information from third parties involved in screening checks, notably individuals nominated by you to provide a reference; select recruitment agencies; regulatory bodies and any agencies involved in due diligence such as disclosure and barring service (DBS) checks. Sometimes we collect information from online sources such as social media, online profiles, press or other websites.
Information received as part of applications is used primarily to process the application and also to analyse data for trends. Our reason for processing information regarding applicants is to support our legitimate business interests, but also for reasons of wider public interests. For instance, as part of our efforts to promote equality and diversity, we may collect and use personal information relating to race, ethnicity, religion and health.
Successful applicants’ information is retained in accordance with our privacy notice for employees and other workers.
Unsuccessful applicants’ information is retained for a period of no longer than 12 months, mainly in case other opportunities arise but also as a record of recent applications. Certain Home Office requirements may also apply if we sponsor a worker from outside the EU and need to maintain records of applicants for auditing purposes.
Individuals providing references
Consent; legitimate interests.
As part of our recruitment processes, we may ask successful candidates to provide details of individuals who we can contact to ask for a reference. For those individual referees, we will hold contact details, correspondence relating to reference checks and a copy of any reference on the relevant personnel file for no more than two years from the date that their employment or contract began.
Website visitors
This privacy notice forms part of and must be read in conjunction with our website terms of use.
We may collect and process the following information about you:
- information we receive from you - you may give us information about you by filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our Website, subscribe to our service and/or when you report a problem with our Website. The information you give us may include your name, address, e-mail address and phone number and financial information;
- information we collect about you - each time you visit our website we may automatically collect technical information, including the IP address used to connect your device to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. We may also collect information about your visit, including the full URL clickstream to, through and from our Website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages and methods used to browse away from the page.
- information we receive from other sources - we may receive information about you if you use any of the other websites we operate or other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers) and may receive information about you from them.
Suppliers (including Lawshare)
We collect and process personal information about third parties who supply services to JMW or its clients. This section also applies to members of our Lawshare network and our selected Lawsave partners.
The personal information collected is usually basic contact information relating to the individual(s) we deal with at the particular supplier and includes name, supplier’s business name, phone number(s), email, payment details and other business contact details.
We use any personal information primarily to contact the supplier – on behalf of JMW or its clients – in order to manage the relationship and ensure that the services are delivered under the supply contract.
We will usually collect the information directly from the supplier, but sometimes we may find the information online or from a third party who recommends the supplier to us.
The legal basis for processing personal information about suppliers is that it is necessary to protect our legitimate business interests and, in some cases, to comply with our legal and regulatory obligations.
Contacts
We manage a database of contacts using a customer relationship management (CRM) system. Each record on the CRM system contains the individual’s name, business (if applicable) and contact details.
Personal information is processed through the CRM system for our legitimate business interests. Our primary aim is to stay in touch with our contacts and keep them updated with news and details of upcoming events. Information is processed according to the contact’s preferences and contacts may at any time opt-out of future communications. Contacts’ records are never shared with third parties unless permitted by law and the records are retained for no longer than necessary.
Visitors to our offices
Various security measures are in place at our offices:
- Visitor records – all visitors to our offices are required to sign in and out. Basic information such as the visitor’s name and business is recorded. The sign-in sheets are locked away and destroyed after a short period of time. These records are only accessed if we need to investigate an incident.
- CCTV – our registered office (1 Byrom Place) has various CCTV cameras installed. The images are securely stored and the data is overwritten after a number of weeks. These records are only accessed if we need to investigate an incident and may be disclosed to the authorities.
We consider CCTV necessary for the safety of our staff and visitors, as well as the detection and prevention of crime. - WIFI – guest WIFI is available for visitors to our registered office (1 Byrom Place). In order to monitor traffic and detect intrusion attempts, we collect information about the devices used to connect to our guest WIFI networks. No personal information is collected and the records are deleted after a short period of time.
Individuals who contact us
Where individuals contact us for information, we collect basic information such as name, contact details and the nature of their enquiry. Information will normally be used only for the purposes of responding to the enquiry. Inbound telephone calls to certain departments are recorded and a sample of the calls are monitored for compliance and quality purposes. The recordings are stored for a short period of time and the retention periods for other enquiries vary depending on the nature but they will be kept for no longer than necessary.
Other individuals
In the course of delivering legal services to our clients, or otherwise operating our business, we collect information relating to individuals who do not fall into any of the categories listed above. The information collected depends on which area of our business is responsible for the processing, but it includes:
- your name and contact information, including address, email address and telephone number(s);
- Information to enable us to check and verify your identity, e.g. your date of birth, as well as identity documents such as passports which may contain biometric data or data revealing racial or ethnic origin;
- your gender information;
- your billing information, transaction and payment card information;
- information about your business(es) or employment;
- details of your assets and financial position.
Such processing is necessary in order to protect our legitimate business interests, deliver a proper standard of service to our clients and to comply with our legal and regulatory obligations.
Sometimes we share information with selected third parties if necessary to comply with our legal and regulatory obligations. For instance, we may as part of customer due diligence and fraud prevention measures carry out identity or screening checks in respect of third parties and require information regarding their financial circumstances.
In the vast majority of cases such information will be collected as part of a client matter and the information will therefore be held in accordance with the retention period that applies to that area of law. We will also, where practical, make efforts to redact and anonymise data where it is not necessary for individuals to be identified as part of any processing activities.
Use of your information
We use information held about you in the following ways:
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and services that you request from us;
- to provide you with information about other services we offer that are similar to those that you have already purchased or enquired about;
- to notify you about changes to our service;
- to ensure that content from our Website is presented in the most effective manner for you and for your device;
- to administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to allow you to participate in interactive features of our service, when you choose to do so:
- as part of our efforts to keep our Website safe and secure;
- to analyse information/data and assist us in the improvement and optimisation of our Website; and
- to make suggestions and recommendations to you and other users of our Website about services that may interest you or them.
Where your personal information is held
Information may be held at our offices, or on backup servers maintained by our IT consultants and suppliers. Alternatively, it may be held by any of the third parties listed above.
Some of these third parties may be based outside the European Economic Area (EEA). Territories outside the EEA countries generally do not have the same data protection laws as the UK and EEA. We will, however, take reasonable steps to ensure the transfer complies with data protection law and all personal information will be secure.
Keeping your personal data secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
Your rights
You have the following rights, which you can exercise free of charge:
Access
The right to be provided with a copy of your personal information (the right of access)
Rectification
The right to require us to correct any mistakes in your personal information
To be forgotten
The right to require us to delete your personal information—in certain situations
Restriction of processing
The right to require us to restrict processing of your personal information—in certain circumstances, e.g. if you contest the accuracy of the data
Data portability
The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object
The right to object:
—at any time to your personal information being processed for direct marketing (including profiling);
—in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.
If you would like to exercise any of those rights, please send an e-mail to dataprotection@jmw.co.uk
Please note that before discussing any request we may require you to provide information in order to verify your identity.
How to complain
We always aim to resolve any query or concern you may raise about our use of your information. Please send details of any concerns to dataprotection@jmw.co.uk.
The DPA also gives you right to lodge a complaint with the data protection regulator, the ICO. For more information, please visit https://ico.org.uk/concerns or telephone: 0303 123 1113.
Changes to this privacy notice
This privacy notice is kept under regular review to ensure it is meaningful and accurate. It was last updated in December 2022.
How to contact us
Please contact us if you have any questions about this privacy notice or the information we hold about you. You can write to Matthew O’Neill, risk lawyer at our registered office or send an email to dataprotection@jmw.co.uk.
Do you need extra help?
If you would like this notice in another format (for example: audio, large print, braille) please contact us using one of the methods above.