Privacy & Security Policy


Our Privacy Policy

This firm processes your data in accordance with the terms of the Data Protection Act 2018, the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 and the relevant provisions relating to the General Data Protection Regulation contained within the European Union (Withdrawal) Act 2018 (UK GDPR). This Data & Privacy Notice explains, in detail, the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe. Unless otherwise indicated, references in this Data and Privacy Notice to the GDPR refer to the UK GDPR.

We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how our firm uses your data. We hope the following sections will answer any questions you have but if not, please do get in touch with us.

Introduction

This policy explains the steps we take to ensure information about you is kept secure and confidential. Please read it carefully as by using our website, enquiry (contact us) facility and/or instructing a case (“Services”) you will be regarded as having read and accepted this Privacy & Security Policy. You must not use our website or our Services if you do not accept this Privacy & Security Policy.

GWlegal is the data controller in relation to the services and your personal data. Our registered address is GWlegal, 20 Chapel Street, Liverpool, L3 9GW

You can contact us at the address above or:

Call us: 0345 373 3737
Email us: hello@gw.legal 

Information we collect about you

There are a variety of reasons that we would collect information about you which generally fall under the following:

Provide a service for which we have been instructed
Respond when you have contacted us through our website 
Further your case by sending updates (whether this be in writing, email, phone or SMS)
Take/accept payment for the service we have provided
Meet any legal requirements we have (including regulatory obligations)
Review and respond to complaints about the service we have provided
Review job applications to work at GWlegal
Marketing our legal services to you

The data we collect is called personal data and includes the following:

Name
Address(es)
Email Address(es)
Telephone Number(s) (including landlines, mobiles etc.)
Financial Information

There is additional information which is classed as sensitive personal data such as physical/mental health that we may need to obtain such as GP records on a Personal Injury matter. We will ask your permission for this information before collecting it. 

We collect personal data online, face to face, over the phone or in writing. In a lot of cases the information will be sent over to us from a third party (such as a broker or introducer of work). Once we have been instructed on a case we will send you a Terms of Business letter/email or CFA (Contingency Fee Agreement or Conditional Fee Agreement) which includes a copy of our Terms and Conditions (including a copy of this policy) – this is our contract with you. The Terms of Business letter/email or CFA which contains information on the agreement we have with the company who has introduced the work to us.

On the basis of this contract we will use your information to help speed up/further your case. This will include using your data with third parties when necessary to ensure the smooth running of your case. These are third parties we could share data with for the purpose of a contract:

Engineers;
Surveyors;
Lenders;
Medical Agencies;
Barristers etc. 

This list is not exhaustive but gives you an idea of the third parties we work with. The majority of this information is being shared with third parties as we have a contract with you. More details on the legal basis for using your data are contained in the table below. 

Please note: You have rights as regards to how we use this data and if you want to allow it – these rights are outlined in this document, with ways to get in touch to discuss it with us in more detail.

Conditions for Processing Data

We are only entitled to hold and process your data where the law allows us to. The current law on Data Protection sets out a number of different reasons for which a law firm may collect and process your personal data. These include;

Reasons to use your data Legal basis to use your data
Provide a service for which we have been instructed Contract
Respond when you have contacted us through our website Contract
Further your case by sending updates (whether this be in writing, email, phone or SMS) Contract
Take/accept payment for the service we have provided Contract
Meet any legal requirements we have (including regulatory obligations) Legal Obligation
Review and respond to complaints about the service we have provided Contract
Review job applications to work at GWlegal Contract
Marketing our legal services to you Legitimate Interest/Consent

What do the legal reasons for using your data mean?

Contract – we need to process your personal data to fulfil our contractual obligations to you; or because you have asked us to do something before entering into a contract (e.g. provide a quote).

Consent – this means offering you real choice and control. This puts you in charge - we use consent for marketing to new clients. More can be read on this by reading our marketing policy here: https://gw.legal/legal/marketing-policy

Legal Obligation – this is used if we need to process your personal data to comply with a common law or statutory obligation. For example, any personal data received in order to comply with the Money Laundering Regulations 2017 will only be processed for the purpose of preventing money laundering or terrorist financing unless such processing is permitted by law or you consent to any alternative use of the data.

Legitimate Interest – this is appropriate when we you use your data in ways you would reasonably expect and which have a minimal impact on privacy, or where there is a compelling justification for the use of your data. For more information on our assessment for legitimate interests please read our marketing policy by visiting: https://gw.legal/legal/marketing-policy

Online/Website Enquiries  

When you make an online enquiry we may use your personal information for the following purposes:

To enable you to access and use our services; and/or

To personalise aspects of our overall service to you; and/or

To contact you in relation to your enquiry.

Whenever you make an enquiry about any of the services advertised on our website we may collect and store your personal information including name, email address and telephone number.

By submitting your details you are allowing GWlegal (and/or its subdivisions/brands) to provide you with information about the services you select. We will periodically review your personal information to ensure that we do not keep it any longer than necessary. We will only contact you in relation to the enquiry you made for a limited amount of time. We will not add you to our marketing database based on this enquiry alone - only if you instruct us as your solicitors will we ask for consent to market other legal services to you. For more information on marketing please read our marketing policy by visiting:https://gw.legal/legal/marketing-policy

Your Rights – Accessing your Information

Under the Data Protection Legislation, you can request a copy of the information GWlegal holds on you. This is known as a Subject Access Request and the information can usually be obtained at no cost to you. We will send you this information within 30 days of your request. There are some instances in which information you have requested cannot be sent based on legal reasons. We would discuss this with you in detail.

To request a copy, please write to Compliance Team, GWlegal, 20 Chapel Street, Liverpool, L3 9GW. Alternatively you can call us on 0345 373 3737 or email us at hello@gw.legal.

Your Rights – Updating your Information

If any of the information we hold on you is incorrect please write and let us know so we can rectify this. Contact us at Compliance Team, GWlegal, 20 Chapel Street, Liverpool, L3 9GW. Alternatively you can call us on 0345 373 3737 or email us at hello@gw.legal.

Your Rights – Right to be Forgotten

Since the 25th May 2018 you can request for us to erase the information we hold on you. We have 30 days in which to do this from the date of your request. We will comply with this request unless we have a lawful reason to keep the information (there could be regulatory requirements for example). If we are unable to erase your information we will discuss this with you in detail and let you know the reason why. We may keep a copy of this request on file.

To request your information to be erased, please write to Compliance Team, GWlegal, 20 Chapel Street, Liverpool, L3 9GW. Alternatively you can call us on 0345 373 3737 or email us at hello@gw.legal.

Your Rights – Right to Object

You have the right to object to us using your information – but this is dependent on the legal basis for which we are using your information. 

As an example if we are using ‘consent’ as the legal basis in which we can process your personal information then you have the right to withdraw the consent given. Consent would usually be given to us to market further legal services to you, and we will also give you the option within our marketing material to change/withdraw your consent.

Alternatively if you object to us using your information and our legal basis is ‘contract’ then we would have to discuss this with you in detail first.

To talk about withdrawing consent, please write to Compliance Team, GWlegal, 20 Chapel Street, Liverpool, L3 9GW. Alternatively you can call us on 0345 373 3737 or email us at hello@gw.legal.

Your Rights – Right to Porting Data

If you would like to move, copy or transfer your data that we have on file to another company please write to Compliance Team, GWlegal, 20 Chapel Street, Liverpool, L3 9GW. Alternatively you can call us on 0345 373 3737 or email us at hello@gw.legal.

Your Rights – Right to Restrict Processing

If you would like to restrict the processing (using) of your data please write to Compliance Team, GWlegal, 20 Chapel Street, Liverpool, L3 9GW. Alternatively you can call us on 0345 373 3737 or email us at hello@gw.legal. This is not an absolute right and only applies in certain circumstances. If processing is restricted we are permitted to store your data but not use it.

Your Right - Automated Decision-Making

If you would like to object to the profiling of your data or automated decision making, please write to Compliance Team, GWlegal, 20 Chapel Street, Liverpool, L3 9GW. Alternatively you can call us on 0345 373 3737 or email us at hello@gw.legal.

How long do we keep your information for after opening a case?

When you have instructed a case that has completed, we keep our files for six years in electronic format and we will destroy them thereafter unless you ask us not to. Wills & Probate files are however kept in either electronic or paper format indefinitely. Files relating to minors are kept electronically and are kept until six years after they turn 18 years of age - we will destroy them thereafter unless you ask us not to. If you do not go ahead with your case, we may destroy your file at any time.

Whilst we will delete our files after 6 years we will keep a separate record of your information indefinitely for the following reasons:

Conflict Checks – to make sure we can act for someone and it wouldn’t conflict with our obligations to you. This also helps with preventing fraud.

Marketing – if you’re in our marketing database (our marketing policy can be viewed here) we will need to keep these details on file so we can contact you as agreed/requested

You can ask for a copy of our policy on keeping your data and the reasons for this by writing to Compliance Team, GWlegal, 20 Chapel Street, Liverpool, L3 9GW. Alternatively you can call us on 0345 373 3737 or email us at hello@gw.legal.

Changes to our Policy

We may from time to time be required to update our Privacy and Security policy therefore it is advisable that you read through the policy each time you make an enquiry. The most up to date version of the policy will be available on this page. If you do not agree to any of the changes made, please refrain from using our website, submitting an enquiry or instructing us as your solicitor. If significant changes are made to our Privacy and Security Policy we will alert to these changes by a placing a prominent notification on the website.

How do we Protect your Data?

We take protecting your data very seriously. The data you give us may be subject to Legal Professional Privilege and is often extremely sensitive and confidential.

With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it. We have clear Data Protection and information security policies and procedures in place (along with Regulatory and other legal obligations to keep your data safe) and these are regularly assessed as part of our quality standards and compliance processes.

We protect our IT system from cyber-attacks. Access to your personal data is password protected, and sensitive data is secured by encryption.

We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.

Data Privacy and Security

At GWlegal, we maintain a key asset register, which includes relevant information of all existing IT systems that hold personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are >necessary to ensure the best possible privacy.

We also maintain an active information security work programme which seeks to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this helps us to:

Protect against potential breaches of confidentiality;

Ensure all IT facilities are protected against damage, loss or misuse;

Increase awareness and understanding of the responsibility of our employees to protect the confidentiality and integrity of the information that they manage;

Ensure the optimum security of our websites using secure SSL certificates to maintain an encrypted connection;

Staying ahead of the vulnerability curve by only allowing currently secure encryption negotiation, ensuring clients aren’t subject to data leakage by credential theft;

Prevent email fraud using the latest available protocols for email identity validation, protecting our clients from masquerading scammers;

Ensuring our network perimeter is protected by industry best technologies, constant assessment of outside-in vulnerability to maintain integrity of our systems

Your Right to Complain

As part of our commitment to customer satisfaction, GWlegal has a rigorous complaints procedure that you can access at any time. Please let us know as soon as possible if you have any problems or you would like a copy of our Complaints Procedure.

If you have a complaint about the service you receive from us, at any time, you should raise this with the person responsible for your case. If they cannot resolve the matter then you should speak to the manager of the team.

If, after that, you are dissatisfied with how your complaint has been dealt with, you should contact our Customer Services Manager, Lauren Roberts on 0345 373 3737, by email Lauren.Roberts@gw.legal or by writing to us. Your complaint will then be dealt with in accordance with our complaints procedure, a copy of which is available on request. Please do not store up any complaints, please raise them straight away.

If you are still dissatisfied, you may take your complaint to the Legal Ombudsman. The Legal Ombudsman expects complaints to be made to them within one year of the date of the act or omission about which you are concerned or within one year of you realising there was a concern. You must also refer your concerns to the Legal Ombudsman within six months of our final response to you. Their information is available here: www.legalombudsman.org.uk

If the complaint is in relation to how we use, access and/or store your personal data and you are not happy with the outcome you can contact the ICO. Their information is available here: www.ico.org.uk

Links to third party websites 

We can hold no responsibility for the content and/or processes of third party websites that you visit as a result of using the GWlegal website and any websites maintained or run by GWlegal including any brands, trading styles etc. 

Where is your Data Processed?

In the main your data is stored and processed within the United Kingdom (UK) but some information could be transferred out, usually this will be for our transactional emails that help further your case – we use a company called Mandrill who is not based in the UK.

Whenever we transfer any data out of the UK, we ensure a similar degree of protection is afforded to it and treated with the same security measures regardless of location, and in accordance with our internal processes and policies as well as regulatory and legal obligations. In particular, we ensure that at least one of the following safeguards is implemented:

We will only transfer personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK by means of an adequacy decision or similar in accordance with UK adequacy regulations or otherwise comply with EU GDPR transfer restrictions, as applicable

Where we use certain service providers, we may use specific contractual provisions which gives personal data the same protection it has within the UK and ensures a similar level of protection to the personal data as if it was processed within the UK, as applicable, and/or

We will require that any overseas third party to which we disclose personal data to: (a) only use that personal data for the purposes for which it was disclosed (b) use all technical and organisational measures which are reasonable in the circumstances to secure that personal data (c) delete that personal data which it is no longer required, and (d) treat that personal data in accordance with this Data and Privacy Notice and the appropriate data privacy law

Statutory Information 

GWlegal is the trading name of GW LAW LTD (formerly Goldsmith Williams Solicitors) who are registered in England & Wales under company no. 09837891. Registered office: 20 Chapel Street, Liverpool, L3 9GW where a list of members is open for inspection. Authorised and regulated by the Solicitors Regulation Authority under number 636375. Calls charged at a national rate

Last Updated 31st March 2023


Need to ask a question?

Submitting this form was unsuccessful. Please correct the errors and try again.
  • {{error}}

By submitting this enquiry you confirm you agree to GWlegal's Privacy & Security Policy and website Terms & Conditions. GWlegal will only contact you in relation to your enquiry and you will NOT be added to our marketing database. Additionally your information will NOT be shared with any third parties - your privacy and security is paramount here at GWlegal.

Thank you for your enquiry

We will contact you shortly.