Privacy & Cookies

Call 0345 872 6666


Privacy notice

1. introduction

1.1 JMW Solicitors LLP (“JMW”) is committed to protecting the privacy and security of your personal information.

1.2 JMW is a limited liability partnership registered in England and Wales under registration number OC338958. It is authorised and regulated (under SRA number 508380) by the Solicitors Regulation Authority. It has notified the Information Commissioner’s Office (ICO) that it processes personal data (under number Z5673466).

1.3 We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to services we offer to individuals in the European Economic Area (EEA).

2. KEY TERMS

2.1 It would be helpful to start by explaining some key terms used in this policy:

We, us, our JMW and our group companies
Personal data Any information relating to an identified or identifiable individual
Special category personal data Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership
Genetic data
Biometric data (where used for identification purposes)
Data concerning health, sex life or sexual orientation
Data subject The individual who the personal data relates to

3. who does this privacy notice apply to?

3.1 This privacy notice applies to the following categories of data subjects:

(a) clients or prospective clients;

(b) individuals applying for a career at JMW;

(c) website visitors;           

(d) suppliers;

(e) contacts;

(f) office visitors;

(g) individuals who contact us; and

(h) other individuals.

3.2 This privacy notice does not apply to current or former employee, consultants, workers or contractors. If you identify as falling within one of these categories then we may process personal data about you. For more information, please refer to the privacy notice for employees, accessible via the JMW Intranet, or contact dataprotection@jmw.co.uk.

3.3 Our services and website are not aimed specifically at children who are usually represented by their parents or guardians. If you are a child and you want further information about how we might use your data, please contact us (see ‘How to contact us’ below).

4. How to read this privacy notice

4.1 Sections 5 and 6 of this privacy notice should be read together. 

(a) Section 5 explains how we collect, store, use and share your personal data.

(b) Section 6 explains your rights in relation to your personal data and how to contact us or the supervisory authorities if you have a complaint.

5. Personal data we collect about you

Clients or Prospective Clients

5.1 This section should be read in conjunction with the client care letter and terms of business, provided to you at the outset of your relationship with JMW.  These documents provide further information on confidentiality.

Personal data we collect about you

5.2 The table below sets out the personal data we will or may collect in the course of providing legal services:

Personal data we will collect Personal data we may collect depending on why you have instructed us
Your name, address and telephone number. Your National Insurance and tax details.
Information to enable us to check and verify your identity, e.g. your date of birth or passport details. Your bank and/or building society details.
Information relating to the matter in which you are seeking our advice or representation. Details of your personal or professional online presence, e.g. LinkedIn profile.
Information to enable us to undertake a SmartSearch or other financial checks on you. SmartSearch will perform sanctions checks, screening for adverse media and checks for politically exposed persons. Details of your spouse/partner and dependants or other family members, e.g. if you instruct us on a family matter or a will.
Your financial details so far as relevant to your instructions, e.g. the source of your funds if you are instructing on a purchase transaction. Your employment status and details including salary and benefits, e.g. if you instruct us on matter related to your employment or in which your employment status or income is relevant.
Your nationality and immigration status and information from related documents, such as your passport or other identification, and immigration information, e.g. if you instruct us on an immigration matter.
Details of your pension arrangements, e.g. if you instruct us on a pension matter or in relation to financial arrangements following breakdown of a relationship.
Your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances, e.g. if you instruct us on matter related to your employment or in which your employment records are relevant.
Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs, e.g. if you instruct us on discrimination claim.
Your trade union membership, e.g. if you instruct us on a discrimination claim or your matter is funded by a trade union.
Personal identifying information, such as your eye colour or your parents’ names, e.g. if you instruct us to incorporate a company for you.
Your medical records, e.g. if we are acting for you in a personal injury claim.
Your genetic data or biometric data e.g. if it is required for the purpose of uniquely identifying you.
Your records relating to relating to criminal convictions and offences e.g. if you instruct us in relation to a criminal or regulatory matter.

5.3 The above personal data is required to provide legal services to you. If you do not provide the personal data we ask for, it may delay or prevent us from providing legal services to you.

5.4 We collect most of this personal data directly from you e.g., in person, by telephone, text, email and any mobile applications (e.g. the JMW app). However, we may also collect information from:

(a) publicly accessible sources, e.g. Companies House or HM Land Registry;

(b) a third party directly, e.g.:

(i) a business such as an estate agency or claims management company that has introduced you to JMW;

(ii) sanctions screening providers such as SmartSearch;

(iii) credit reference agencies;

(iv) customer due diligence providers;

(c) a third party with your consent, e.g.:

(i) your bank or building society another financial institution or advisor;

(ii) consultants and other professionals we may engage in relation to your matter;

(iii) your employer and/or trade union, professional body or pension administrators;

(iv) your doctors, medical and occupational health professionals;

(d) via our website - we use cookies on our website (for more information on Cookies, please see further below

How and why we use personal data

5.5  Under data protection law, we can only use your personal data if we have a proper reason, e.g.:

(a) where you have given consent;

(b) to comply with our legal and regulatory obligations;

(c) for the performance of a contract with you or to take steps at your request before entering into a contract; or

(d) for our legitimate interests or those of a third party.

5.6 A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

5.7 The table below explains what we use your personal data for and why:

What we use your personal data for Our reasons
Providing services to you. To perform our contract with you or to take steps at your request before entering into a contract.
Preventing and detecting fraud against you or us. For our legitimate interest, i.e. to minimise fraud that could be damaging for you and/or us.
Conducting checks to identify our clients and verify their identity. Screening for politically exposed persons, financial and other sanctions or embargoes. Other activities necessary to comply with our professional, legal and regulatory obligations that apply to our business, e.g. under health and safety law or rules issued by the Solicitors Regulation Authority. To comply with our legal and regulatory obligations.
To enforce legal rights or defend or undertake legal proceedings Depending on the circumstances:
· to comply with our legal and regulatory obligations;
· in other cases, for our legitimate interests, i.e. to protect our business, interests and rights.
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies. To comply with our legal and regulatory obligations
Ensuring our business policies are adhered to, e.g. policies covering security and internet use For our legitimate interests, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you
Operational reasons, such as improving efficiency, training and quality control For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price
Ensuring the confidentiality of commercially sensitive information Depending on the circumstances:
· for our legitimate interests, i.e. to protect trade secrets and other commercially valuable information;
· to comply with our legal and regulatory obligations.
Statistical analysis to help us manage our business, e.g. in relation to our financial performance, client base, services range or other efficiency measures. For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price
Preventing unauthorised access and modifications to systems Depending on the circumstances:
· for our legitimate interests, i.e. to prevent and detect criminal activity that could be damaging for you and/or us;
· to comply with our legal and regulatory obligations.
Protecting the security of systems and data used to provide services. To comply with our legal and regulatory obligations.
We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, i.e. to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us.
Updating and enhancing client records. Depending on the circumstances:
· to perform our contract with you or to take steps at your request before entering into a contract;
· to comply with our legal and regulatory obligations;
· for our legitimate interests, e.g. making sure we can keep in touch with our clients about existing and new services
Statutory returns. To comply with our legal and regulatory obligations.
Ensuring safe working practices, staff administration and assessments. Depending on the circumstances:
· to comply with our legal and regulatory obligations;
· for our legitimate interests, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you
Marketing our services and those of selected third parties to: For our legitimate interests, i.e. to promote our business to existing and former clients
· existing and former clients;
· third parties who have previously expressed an interest in our services;
· third parties with whom we have had no previous dealings
Credit reference checks via external credit reference agencies. For our legitimate interests, i.e. to ensure our clients are likely to be able to pay for our services.
 External audits and quality checks, e.g. for ISO or Lexcel accreditation and the audit of our accounts. Depending on the circumstances:
· for our legitimate interests, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards;
· to comply with our legal and regulatory obligations
To share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale or in the event of our insolvency. Depending on the circumstances:
In such cases information will be anonymised where possible and only shared where necessary. · to comply with our legal and regulatory obligations;
· in other cases, for our legitimate interests, i.e. to protect, realise or grow the value in our business and assets.

5.8 You acknowledge that we will undertake a search using software by SmartSearch for the purposes of verifying your identity. To do so, SmartSearch may check the details we supply against any particulars on any database (public or otherwise) to which SmartSearch has access including certain credit reference agencies. SmartSearch and or the credit reference agencies may also use your details in the future to assist other companies for verification purposes, assessing the risk of giving credit and occasionally to prevent fraud, money laundering and to trace debtors. A record of the search will be retained.  Further details can obtain on request.

5.9 A copy of SmartSearch’s privacy notice is available at: https://www.smartsearch.com/privacy-policy, which explains how SmartSearch processes your personal data.

5.10 Certain personal data we collect is treated as a special category to which additional protections apply under data protection law:

(a) personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership;

(b) genetic data;

(c) biometric data (when used to uniquely identify an individual);

(d) data concerning health, sex life or sexual orientation.

5.11 Where we process special category personal data or data relating to criminal convictions or offences, we will also ensure we are permitted to do so under data protection laws, e.g.:

(a) we have your explicit consent;

(b) the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent;

(c) the processing is necessary to establish, exercise or defend legal claims;

(d) the processing is necessary for reasons of substantial public interest.

Marketing

5.12 We will use your personal data to send you updates (by email, text message, telephone or post) about our services, including promotions or new services.

5.13 We have a legitimate interest in using your personal data for marketing purposes. This means we do not usually need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.

5.14 You have the right to opt out of receiving marketing communications at any time by:

(a) contacting us at marketing@jmw.co.uk; or

(b) using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts.

5.15 We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

5.16 We will always treat your personal data with the utmost respect and never sell or share it with other organisations outside the JMW group for marketing purposes.

Who we share your personal data with

5.17 We routinely share personal data with:

(a) companies providing services for money laundering checks and other crime prevention purposes and companies providing similar services, including financial institutions and credit reference agencies, e.g. SmartSearch;

(b) third parties we use to help deliver our services to you, e.g. payment service providers, IT infrastructure providers, delivery companies, barristers, expert witnesses and technology service providers such as eDiscovery and document review platforms;

(c) other third parties we use to help us run our business, e.g. marketing agencies or website hosts;

(d) third parties approved by you;

(e) credit reference agencies;

(f) our insurers and brokers; and

(g) our banks.

5.18 We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.

5.19 We or the third parties mentioned above occasionally also share personal data with:

(a) our and their external auditors, e.g. in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations

(b) our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations

(c) law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations

(d) other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition or asset sale or in the event of our insolvency - usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations

(e) where necessary, companies within the JMW group.

5.20 We will keep your personal data while we are providing legal services to you. Thereafter, we will keep your personal data for as long as is necessary to:

(a) respond to any questions, complaints or claims made by you or on your behalf;

(b) show that we treated you fairly;

(c) keep records required by law.

5.21 We will not retain your personal data for longer than necessary for the purposes set out in this notice. As a general rule, if we are no longer providing services to you, we will delete or anonymise your account data after seven years. However, different retention periods apply for different types of personal data and for different services. Further details on this aspect are available on request.​​​​​​

E-signatures

5.22 In certain circumstances JMW will process your personal data to allow you to sign documents electronically through the use of e-signature software such as DocuSign. 

5.23 The categories of personal data that we may process for facilitating the use of e-signature software might include:

(a) Your name, e-mail address, postal address and phone number.

(b) Your job title and place of work.

(c) Your signature.

(d) Your IP address.

5.24 We process this personal data pursuant to our legitimate interests i.e. to facilitate the use of e-signature software in the course of matter or transaction to ensure the efficient completion of the matter or transaction. If you do not provide this personal data then we not be able to offer you the use of e-signature software. 

5.25 We will share your personal data with the e-signature software provider (usually DocuSign).  A copy of DocuSign’s privacy notice is available at: https://www.docusign.co.uk/en-gb/privacy, which explains how DocuSign processes your personal data.

JMW Mobile Application

5.26 The JMW Mobile Application (“the JMW app”) has been fully integrated into our conveyancing case management system.  If you are a conveyancing client, it allows us to seamlessly deliver updates and information to you to help simply the buying and selling of properties. 

5.27 The categories of personal data that we may process for facilitating the use of the JMW app might include all those in the table at paragraph 5. above.  The way we use this personal data and our reasons are set out in the table at paragraph 5.7 above. 

5.28 The JMW app is provided by Lavatech Limited.  You acknowledge that we will undertake a search using software by Lavatech Limited for the purposes of verifying your identity. To do so, Lavatech Limited may check the details we supply against any particulars on any database (public or otherwise) to which Lavatech Limited has access including certain credit reference agencies. Lavatech Limited and or the credit reference agencies may also use your details in the future to assist other companies for verification purposes, assessing the risk of giving credit and occasionally to prevent fraud, money laundering and to trace debtors. A record of the search will be retained.  Further details can obtain on request.

5.29 A copy of Lavatech Limited’s privacy notice is available at https://www.in-case.co.uk/privacy-policy, which explains how Lavatech processes your personal data.

Transferring your personal data out of the UK and EEA

5.30 The EEA, UK and other countries outside the EEA and the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.  

5.31 It is sometimes necessary for us to transfer your personal data to countries outside the UK and EEA. In those cases we will comply with applicable UK laws designed to ensure the privacy of your personal data.

5.32 Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:

(a) in the case of transfers subject to UK data protection law, the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR.

(b) there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or

(c) a specific exception applies under relevant data protection law.

5.33 Any changes to the destinations to which we send personal data or in the transfer mechanisms we rely on to transfer personal data internationally will be notified to you in accordance with the section on ‘Changes to this privacy policy’ below.

Individuals applying for a career at JMW

5.34 About the information we collect and hold:

(a) Table A below summarises the information we collect and hold up to and including the shortlisting stage of the recruitment process, how and why we do so, how we use it and with whom it may be shared.

(b) Table B summarises the additional information we may collect (depending on the role you are applying for) before making a final decision to recruit, i.e. before making an offer of employment unconditional, how and why we do so, how we use it and with whom it may be shared.

5.35 We seek to ensure that our information collection and processing is always proportionate. We will notify you of any changes to information we collect or to the purposes for which we collect and process it.

Table A

The information we collect How we collect the information Why we collect the information How we use and may share the information
Your name and contact details (i.e. address, home and mobile phone numbers, email address) From you Legitimate interest: To enable HR personnel or the manager of the relevant department to contact you to progress your application, arrange interviews and inform you of the outcome.
· to carry out a fair recruitment process; and To inform the relevant manager or department of your application.
· to progress your application, arrange interviews and inform you of the outcome at all stages. To share with third party screening agencies such as: Sterling, Atlantic Data and SmartSearchUK (see links below table)
Details of your qualifications, experience, employment history (including job titles, salary and working hours) and interests and a UK Credit Check From you, in your CV or any completed application form and interview notes (if relevant). Legitimate interest: To make an informed recruitment decision.
Some of the information is obtained from third parties, further details of how they operate can be found below: Sterling (see ULR below table) · to carry out a fair recruitment process; and
· to make an informed decision to shortlist for interview and (if relevant) to recruit.
Your racial or ethnic origin, sex and sexual orientation, religious or similar beliefs From you, in a completed anonymised equal opportunities monitoring form To comply with our legal obligations and for reasons of substantial public interest (equality of opportunity or treatment) To comply with our equal opportunities monitoring obligations and to follow our equality and other policies.

5.36 If your application is unsuccessful at this stage, we will keep your information for a reasonable period, for the purpose of establishing, exercising and/or defending any legal claims, in accordance with our legitimate interests. Alternatively, in case other opportunities arise but also as a record of recent applications.

Table B: 

The information we collect How we collect the information Why we collect the information How we use and may share the information
Information about your previous academic and/or employment history, including details of any conduct, grievance or performance issues, appraisals, time and attendance, from references obtained about you from previous employers and/or education providers From your referees (details of whom you will have provided) Legitimate interest: To obtain the relevant reference about you.
Some of the information is obtained from third parties, further details of how they operate can be found below (see ULR below table) · to make an informed decision to recruit; and To comply with legal/regulatory obligations.
· to maintain employment records and to comply with legal, regulatory and corporate governance obligations and good employment practice. Information shared with relevant managers and HR personnel.
To comply with our legal obligations.
Information regarding your academic and professional qualifications From you, from your education provider, from the relevant professional body. Legitimate interest: to verify the qualifications information provided by you To make an informed recruitment decision
Some of the information is obtained from third parties, further details of how they operate can be found below (see ULR below table):
Information regarding your criminal record, in a criminal records certificate (CRC) or enhanced criminal records certificates (ECRC) as appropriate From you and from the Disclosure and Barring Service (DBS).  This information may obtained from third parties, further details of how they operate can be found below: Sterling and Atlantic Data (links can be found below the table) To perform the employment contract. To make an informed recruitment decision.
To comply with our legal obligations. To carry out statutory checks
Legitimate interest:  to verify the criminal records information provided by you. Information shared with DBS and other regulatory authorities as required.
For reasons of substantial public interest (preventing or detecting unlawful acts and protecting the public against dishonesty).
Information to enable us to undertake a SmartSearch or other financial checks on you.  SmartSearch will perform sanctions checks, screening for adverse media and checks for politically exposed persons. From you or from from third parties, further details of how they operate can be found below: SmartSearch (links can be found below this table) To comply with our legal obligations. To make an informed recruitment decision.
Legitimate interest:  to verify the criminal records information provided by you. Information shared with DBS and other regulatory authorities as required.
For reasons of substantial public interest (preventing or detecting unlawful acts and protecting the public against dishonesty).
Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information From you and, where necessary, the Home Office To enter into/perform the employment contract. To carry out right to work checks.
To comply with our legal obligations. Information may be shared with the Home Office
Legitimate interest: to maintain employment records.
Legitimate interest: to maintain employment records.
For reasons of substantial public interest (preventing or detecting unlawful acts).
A copy of your passport or driving licence From you To enter into/perform the employment contract. To make an informed recruitment decision.
To comply with our legal obligations. To ensure that you have a clean driving licence.
To comply with the terms of our insurance. Information may be shared with our insurer.
Information relating to your health From you and/or your medical practitioner To enter into/perform the employment contract. To make an informed recruitment decision
To comply with our legal obligations.
Legitimate interests:   to ensure you are fit to perform the duties.
For the purposes of obligations and rights in employment and social security law.

5.37 If your application is unsuccessful at this stage, we will keep your information for a reasonable period, for the purpose of establishing, exercising and/or defending any legal claims, in accordance with our legitimate interests. Alternatively, in case other opportunities arise but also as a record of recent applications. Certain Home Office requirements may also apply if we sponsor a worker from outside the EU and need to maintain records of applicants for auditing purposes.

5.38 You are required (by law or in order to enter into your contract of employment) to provide the categories of information marked ‘☐’ above to us to enable us to verify your right to work and suitability for the position.

5.39 Successful applicants’ information is retained in accordance with our privacy notice for employees and other workers.

Individuals providing references

5.40 As part of our recruitment processes, we may ask successful candidates to provide details of individuals who we can contact to ask for a reference. For those individual referees, we will hold contact details, correspondence relating to reference checks and a copy of any reference on the relevant personnel file for a reasonable period from the date that their employment or contract began.

5.41 The legal basis for processing personal data from individuals providing references is either consent or that it is necessary to protect our legitimate business interests and, in some cases, to comply with our legal and regulatory obligations.

How long we keep your data

5.42 We keep the personal data that we obtain about you during the recruitment process for no longer than is necessary for the purposes for which it is processed. How long we keep your data will depend on whether your application is successful and you become employed by us, the nature of the data concerned and the purposes for which it is processed.

5.43 We will keep recruitment data (including interview notes) for no longer than is reasonable, taking into account the limitation periods for potential claims such as race or sex discrimination (as extended to take account of early conciliation), after which they will be destroyed. If there is a clear business reason for keeping recruitment records for longer than the recruitment period, we may do so but will first consider whether the records can be pseudonymised, and the longer period for which they will be kept.

5.44 If your application is successful, we will keep only the recruitment data that is necessary in relation to your employment.

Website visitors

5.45 This section of the privacy notice forms part of and must be read in conjunction with our website terms of use.

Personal data we collect about you

5.46 The personal data we collect about you depends on the particular activities carried out through our website. We may collect and use the following personal data about you:

(a) your name, address and contact information, including email address and telephone number and company details;

(b) information to check and verify your identity, e.g. date of birth;

(c) your gender, if you choose to give this to us;

(d) location data, if you choose to give this to us;

(e) your billing information, transaction and payment card or other payment method information;

(f) your account details, such client and matter number;

(g) your activities on, and use of, our website;

How your personal data is collected

5.47 We collect personal data from you:

(a) directly, when you enter or send us information, such as when you fill out our online enquiry form or participate in our live chat online; and

(b) indirectly, such as your browsing activity while on our website; we will usually]collect information indirectly using the technologies explained in the section below on ‘Cookies’ below

5.48 We may also collect personal data about you from other sources.  We may receive information about you if you use any of the other websites we operate or other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers) and may receive information about you from them.

How and why we use your personal data

5.49 The table below explains what we use your personal data for and why:

What we use your personal data for Our reasons
Providing services to you To perform our contract with you or to take steps at your request before entering into a contract
Conducting checks to identify you and verify your identity or to help prevent and detect fraud against you or us To comply with our legal and regulatory obligations.
For our legitimate interests, i.e. to minimise fraud that could be damaging for you and/or us.
To enforce legal rights or defend or undertake legal proceedings Depending on the circumstances:
· to comply with our legal and regulatory obligations;
· in other cases, for our legitimate interests, i.e. to protect our business, interests and rights.
Customise our website and its content to your particular preferences based on a record of your selected preferences or on your use of our website Depending on the circumstances:
· your consent as gathered by the separate cookies tool on our website - see ‘Cookies’ below;
· where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price.
If you have provided such a consent you may withdraw it at any time (see further below - this will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn).
Retaining and evaluating information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive or to check our website is working as intended Depending on the circumstances:
· your consent as gathered by the separate cookies tool on our website - see ‘Cookies’ below
· where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price
If you have provided such a consent you may withdraw it at any time (see further below - this will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn).
Communications with you not related to marketing, including about changes to our terms or policies or changes to the or other important notices Depending on the circumstances:
· to comply with our legal and regulatory obligations;
· in other cases, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price.
Protecting the security of systems and data used to provide the services To comply with our legal and regulatory obligations.
We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, i.e. to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us.
Statistical analysis to help us understand our customer base For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price.
Updating and enhancing customer records Depending on the circumstances:
· to perform our contract with you or to take steps at your request before entering into a contract;
· to comply with our legal and regulatory obligations;
· where neither of the above apply, for our legitimate interests, e.g. making sure that we can keep in touch with our clients about existing instructions.
Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, e.g. to record and demonstrate evidence of your consents where relevant. To comply with our legal and regulatory obligations
Marketing our services to existing and former clients. For our legitimate interests, i.e. to promote our business to existing and former customers. See ‘Clients - Marketing’ above for further information
To share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency. In such cases information will be anonymised where possible and only shared where necessary Depending on the circumstances:
· to comply with our legal and regulatory obligations;
· in other cases, for our legitimate interests, i.e. to protect, realise or grow the value in our business and assets.

Marketing

5.50 We will use your personal data to send you updates (by email, text message, telephone or post) about our services.

5.51 We have a legitimate interest in using your personal data for marketing purposes. This means we do not need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.

5.52 You have the right to opt out of receiving marketing communications at any time by:

(a) contacting us at marketing@jmw.co.uk; or

(b) using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts.

5.53 We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

5.54 We will always treat your personal data with the utmost respect and never sell or share it with other organisations outside of the JMW group for marketing purposes.

Who we share your personal data with

5.55 We routinely share personal data with:

(a) third parties we use to help deliver our services to you, e.g. payment service providers.

(b) other third parties we use to help us run our business, e.g. marketing agencies or website hosts and website analytics providers

5.56 We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.

5.56 We or the third parties mentioned above occasionally also share personal data with:

(a) our and their external auditors, e.g. in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations;

(b) our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;

(c) law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations;

(d) other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations

How long your personal data will be kept

5.58 We will not keep your personal data for longer than we need it for the purpose for which it is used.  Different retention periods apply for different types of personal data. Further details on this are available on request.

5.59 Following the end of the of the relevant retention period, we will delete or anonymise your personal data.

Cookies

-

Suppliers (including Lawshare)

5.69 We collect and process personal data about third parties who supply services to JMW or its clients. This section also applies to members of our Lawshare network and our selected Lawsave partners.

5.70 The personal data collected is usually basic contact information relating to the individual(s) we deal with at the particular supplier and includes name, supplier’s business name, phone number(s), email, payment details and other business contact details.

5.71 We use any personal data primarily to contact the supplier – on behalf of JMW or its clients – in order to manage the relationship and ensure that the services are delivered under the supply contract.

5.72 We will usually collect the information directly from the supplier, but sometimes we may find the information online or from a third party who recommends the supplier to us.

5.73 The legal basis for processing personal data about suppliers is that:

(a) it is necessary to perform our contract with you or to take steps before entering into a contract;

(b) to protect our legitimate business interests; and,

(c) in some cases, to comply with our legal and regulatory obligations.

Contacts

5.74 We manage a database of contacts using a customer relationship management (“CRM”) system. Each record on the CRM system contains the individual’s name, business (if applicable) and contact details.

5.75 Personal data is processed through the CRM system for our legitimate business interests. Our primary aim is to stay in touch with our contacts and keep them updated with news and details of upcoming events. Information is processed according to the contact’s preferences and contacts may at any time opt-out of future communications. Contacts’ records are never shared with third parties unless permitted by law and the records are retained for no longer than necessary.

Visitors to our offices

5.76 Various security measures are in place at our offices:

(a) Visitor records: all visitors to our offices are required to sign in and out. Basic information such as the visitor’s name and business is recorded.  If you are parking in one of the office car park spaces you may be asked to provide your car registration number. The sign-in records are stored electronically and deleted after a short period of time. These records are only accessed if we need to investigate an incident.

(b) CCTV: our registered office (1 Byrom Place) has various CCTV cameras installed. The images are securely stored and the data is overwritten after a number of weeks. These records are only accessed if we need to investigate an incident and may be disclosed to the authorities.

(c) WIFI: guest WIFI is available for visitors to our offices. In order to monitor traffic and detect intrusion attempts, we collect information about the devices used to connect to our guest WIFI networks. No personal data is collected and the records are deleted after a short period of time.

5.77 We consider the above measure are necessary and proportionate for the safety of our staff and visitors, as well as the detection and prevention of crime. Our reasons for processing this personal data is to comply with our legal and regulatory obligations and/or for our legitimate interests, e.g. to protect the security of our buildings and premises. 

Individuals who contact us

5.78 Where individuals contact us for information, we collect basic information such as name, contact details and the nature of their enquiry. Information will normally be used only for the purposes of responding to the enquiry.

5.79 Inbound telephone calls to certain departments are recorded and a sample of the calls are monitored for compliance and quality purposes. The recordings are stored for a short period of time and the retention periods for other enquiries vary depending on the nature, but they will be kept for no longer than necessary.

5.80 We process the above personal data to take steps at your request before entering into a contract, to comply with our legal and regulatory obligations and/or for our legitimate interests, e.g. so that the business can run as efficiently as possible. 

Other individuals

5.81 In the course of delivering legal services to our clients, or otherwise operating our business, we collect information relating to individuals who do not fall into any of the categories listed above. The information collected depends on which area of our business is responsible for the processing, but may include:

(a) your name and contact information, including address, email address and telephone number(s);

(b) Information to enable us to check and verify your identity, e.g. your date of birth, as well as identity documents such as passports which may contain biometric data or data revealing racial or ethnic origin;

(c) your gender information;

(d) your billing information, transaction and payment card information;

(e) information about your business(es) or employment;

(f) details of your assets and financial position.

5.82 Such processing is necessary in order to protect our legitimate business interests, deliver a proper standard of service to our clients and to comply with our legal and regulatory obligations.

5.83 Sometimes we share information with selected third parties if necessary to comply with our legal and regulatory obligations. For instance, we may as part of customer due diligence and fraud prevention measures carry out identity or screening checks in respect of third parties and require information regarding their financial circumstances.

5.84 In the vast majority of cases such information will be collected as part of a client matter and the information will therefore be held in accordance with the retention period that applies to that area of law. We will also, where practical, make efforts to redact and anonymise data where it is not necessary for individuals to be identified as part of any processing activities.

How your personal data is stored

5.85 Information may be held at our offices, or on backup servers maintained by our IT consultants and suppliers. Alternatively, it may be held by any of the third parties, service providers, representatives and agents as described above.

5.86 Some of these third parties may be based outside the UK and/or the European Economic Area (EEA). This may include countries which do not provide the same level of protection of personal data as the UK or EEA.

5.87 We will transfer your personal data outside the UK and EEA only where:

(a) the UK government has decided the recipient country ensures an adequate level of protection of personal data (known as an adequacy decision); or

(b) there are appropriate safeguards in place (e.g. standard contractual data protection clauses published or approved by the relevant data protection regulator), together with enforceable rights and effective legal remedies for you; or

(c) a specific exception applies under data protection law.

(d) You can contact us (see ‘How to contact us’ below) if you would like a list of countries benefiting from a UK or European adequacy decision or for any other information about protection of personal data when it is transferred abroad.

How we keep your personal data secure

5.88 We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

5.89 We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

5.90 If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

6. Your Rights

6.1 You have the following rights, which you can exercise free of charge:

Right Definition
Access The right to be provided with a copy of your personal data
Rectification The right to require us to correct any mistakes in your personal data
Erasure (also known as the right to be forgotten) The right to require us to delete your personal data—in certain situations
Restriction of processing The right to require us to restrict processing of your personal data—in certain situations, e.g. if you contest the accuracy of the data
Data portability The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object The right to object:
· at any time to your personal data being processed for direct marketing (including profiling);
· in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims.
Not to be subject to automated individual decision making The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
The right to withdraw consent If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time. You may withdraw consents by emailing: marketing@jmw.co.uk. Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn

6.2 If you would like to exercise any of those rights, please:

(a) email, call or write to us—see below: ‘How to contact us’;

(b) provide enough information to identify yourself (e.g. your full name, address and client or matter reference number) and any additional identity information we may reasonably request from you; and

(c) let us know what right you want to exercise and the information to which your request relates.

How to complain

6.3 Please contact us if you have any queries or concerns about our use of your personal data (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.

6.4 You may also have the right to lodge a complaint with the Information Commissioner (the UK data protection regulator). Please contact us if you would like further information.

Changes to this privacy policy

6.5 This privacy notice is kept under regular review, and we may change it from time to time. When we do, we will publish the updated version on our website and ask for your consent to the changes if legally required.

6.6 It was last updated in August2023

Updating your personal data

6.7 We take reasonable steps to ensure your personal data remains accurate and up to date. To help us with this, please let us know if any of the personal data you have provided to us has changed, e.g. your surname or address—see below ‘How to contact us’.

How to contact us

Individuals in the UK

6.8 You can contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.

6.9 Our contact details are shown below:

(a) Post: FAO: Head of Risk & Compliance, 1 Byrom Place, Manchester, M3 3HG

(b) E-mail: dataptotection@jmw.co.uk

(c) Telephone: 0345 872 666

7. Individuals in the EEA

7.1 We have appointed Rickert Rechtsanwaltsgesellschaft mbH  to be our data protection representative within the EEA. Their contact details are Rickert Rechtsanwaltsgesellschaft mbH - JMW SOLICITORS LLP -  Colmantstraße 15 53115 Bonn  Germany / art-27-rep-jmw@rickert.law.

7.2 Individuals within the EEA can contact us direct (see above) or contact our European representative.

Do you need extra help?

7.3 If you would like this policy in another format (for example audio, large print, braille) please contact us (see ‘How to contact us’ above).