Data Protection Statement

Please read this notice carefully. It contains important information about how we process personal information.

Who we are and how we approach data privacy

We are Coffin Mew LLP (Company Registration No. OC323868, Registered Office, 1000 Lakeside, North Harbour, Portsmouth, Hampshire, PO6 3EN).

Our use of your personal information is regulated under the General Data Protection Regulation (Regulation (EU) 2016/679)) for as long as the United Kingdom is a member or the European Union or is subject to any transition arrangements after leaving the European Union, the Data Protection Act 2018 and any other privacy laws or regulations the UK may implement as a results of it leaving the European Union. We are responsible as “Controller” for the purposes of those laws.

As a company we are committed to protecting and respecting the privacy of personal information we hold. We want you to be confident that your information will be properly protected whilst in our possession.

We ask that you read this privacy notice carefully as it contains important information on how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint. Please make sure you’re comfortable with the content.

Our representative for the purpose of data protection compliance is our Data Protection Officer, Emma Stevens, who can be contacted:

Office number: 023 8057 4303;
Mobile: 07341 127940;
Email: emmastevens@coffinmew.co.uk;
Post: 1000 Lakeside, North Harbour, Portsmouth, Hampshire, PO6 3EN.

If you have any questions about our use of your personal information, or you wish to exercise one of your rights under data protection legislation, please contact us. A summary of your rights is detailed at the end of this notice.

Information we collect from you and how we use it

Please click on the relevant section below, depending on the legal service we are providing to you, to understand what information we collect, in what circumstances and how we use it. There is also a section relevant to “All Clients” which you should also read.

In this notice we refer to “Sensitive Personal Data”. By this we mean data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, sex life and/or sexual orientation.

ALL CLIENTS

Our money laundering responsibilities

Before we can accept an instruction, we are required by law:

to obtain proof of identity. The identification documents you provide will be processed only for this purpose and will be held for the retention period that applies to your instruction (see department sections above); and
to ascertain whether you are a Politically Exposed Person (PEP). This is someone who has been entrusted within the last year by: (i) a state including the UK; (ii) a community institution; or (iii) an international body, and who fulfils certain public roles.
In some circumstances it may be necessary to conduct a credit check before we can proceed. We use a search provider for this process, Creditsafe. If you are an individual, we will need your consent to conduct this check. Please note that if you do not consent we may be unable to proceed with your instruction.

Do I have to provide personal information?

No, most personal information you provide to us is entirely voluntary, although we will be unable to perform our service if you fail to give us full disclosure of any information relevant to the matter that you are asking us to assist you with. The only exception is where you are obligated to disclose under an order of the court, legislation or other competent authority.
All personal information we collect will be handled in accordance with this notice and our Terms of Business.

Keeping your personal information up to date

If you become aware that any information we hold about you is incorrect, or there are any changes to your personal details, please contact us.

Data retention and minimisation

Each of our departments has set data retention periods for files (set according to our legal and regulatory responsibilities). These are as set out above. Whilst we adhere to these retention periods, we strive to ensure we only hold personal information that is necessary for your matter.

COMMERCIAL PROPERTY

What data is collected?	In order to complete the property transaction we will need the following: identification documents; client contact information and/or relationship manager (name, address, contact information); details of the property involved; financing information relevant to the transaction; and bank account information (so we can transfer funds if applicable). This data will be requested at first instruction. If, on receipt of this information, we determine we need additional personal data we will speak with you or your nominated contact about this. Naturally, dependent upon the scope of your instruction, we may need to collect additional personal information from you in order to advise and support you. We will explain to you as the matter progresses where personal information needs to be collected, the purpose for that collection and our intended use.
What data is collected about a third party?	We may also need the following third party information to process your transaction: identity and contact information of any applicable agent/developer/property professional; details of the lender (if applicable); identity and contact information of the business/individual on the other side of the transaction (including contact information of their legal representative); any relevant referral information; name and contact information of a guarantor (if applicable); name of any individual to whom third party payments are made (for example a service or rent charge); any third party in possession of your deeds; name and address of broker (if applicable); information on any tenancy in place or proposed (or other occupier of the property); information on any landlord/freeholder and/or management company; and/or information on any assignee. This information will be requested at the start of the instruction.
Where is this data collected from?	This information will usually be collected from you or your nominated contact. We may also receive: some preliminary contact information about your nominated contact and your proposed purchase from your agent and/or the legal representative acting for the other side (where you have agreed this disclosure); publicly available sources, such as Companies House (where we need to check the status of your business and the currently appointed directors); information from the electoral role; and/or financial information from your lender (again where you have agreed your lender can disclose this to us).
What do we use this information for?	All personal information we obtain will only be used for the following reasons: for the provision of our legal services to you (our contract); to ensure we comply with our legal obligations (for example our money laundering responsibilities); or in respect of third party information, for our legitimate business interests to support the transaction.
Who do we disclose it to?	As part of the transaction we may have to disclose personal information to the following third parties (if relevant): the lender/financial advisor; the agent; the broker; the indemnity insurer (if relevant); the legal representative on the other side of the transaction; NHBC; data room providers; search providers; portals for the visibility of workflow/transaction status/secure document exchange; HM Revenue and Customs; and/or HM Land Registry. We will always discuss with you or your nominated contact which third parties we need to involve, before we disclose any personal information to them. If the instruction involves international assets or funding we may need to transfer personal information relevant to those assets/funding outside of the United Kingdom. You will be informed if this is the case and the agreement to any transfer obtained in advance.
How long will you hold my data for?	Following completion of the property transaction (or abandonment) we will hold the information in your property file (paper and electronic) for a period of 16 years (for an acquisition, mortgage or planning), 7 years (for a sale), 16 years for a lease (or 3 years after expiry of the term if less), or 7 years for any other Commercial Property advice.

CORPORATE AND COMMERCIAL SERVICES

What data is collected?	We collect limited personal information in order to commence an instruction: basic contact information of the instructing client (or nominated client contact) to include name, address, email address (business and private), contact telephone numbers; basic contact information of the counterparty to the transaction/deal; and financial information pertinent to the instruction. Where we act for your business in a corporate sale, we act for the shareholders of that business. Naturally, dependent upon the scope of your instruction, we may need to collect additional personal information from you in order to advise and support you. We will explain to you as the matter progresses where personal information needs to be collected, the purpose for that collection and our intended use
What data is collected about a third party	Where we act for your business in a corporate sale, the other side will request personal information about your employees that they will inherit as part of the sale. You should only provide such information if you have a lawful basis to disclose or the data has been anonymised. Where we act for your business in a purchase we will expect only to receive personal data of employees where the seller has a lawful basis to disclose or the data has been anonymised. Where applicable, we may: require personal information of shareholders relevant to a corporate deal; require personal information of staff for option holders (including name, address and details of their employment to ascertain whether they qualify for the share option).
Where is this data collected from?	Personal information pertinent to the transaction will usually be gathered from the client or the client nominee. Other sources of personal information may include: the other side to the transaction; HR advisors (where external to the client); publicly available sources, such as Companies House (where we need to check the status of your business and the currently appointed directors); pension advisors; and/or investors (where we are instructed to act for a company that is private equity backed)
What do we use this information for?	All personal information we obtain will only be used for the following reasons: for the provision of our legal services to you (our contract); to ensure we comply with our legal obligations (for example our money laundering responsibilities); or in respect of third party information, for our legitimate business interests to support the transaction. As Controller of personal information relating to your employees you should ensure that it is lawful for you to disclose the personal information of your staff for the transaction (including any Sensitive Personal Data and data proposed to be held in an international data room). We can advise if needed.
Who do we disclose it to?	As part of the transaction/advice we may have to disclose personal information to the following third parties (if relevant): the legal representative on the other side of the transaction; Counsel (although rare); Investors (where we are acting for a company that is private equity backed); Data room providers; and/or Search providers (such as LegalLinks and HM Land Registry Direct) as part of the completion process. If the instruction involves international parties, assets or funding we may need to transfer personal information relevant to the transaction outside of the United Kingdom, including to in a data room that can be accessed outside of the UK. You will be informed if this is the case and the agreement to any transfer obtained in advance. If necessary we can discuss with you the data privacy considerations of this, prior to any upload. As far as possible all data you upload should be anonymised.
How long will you hold my data for?	Following completion of the matter (or abandonment) we will hold the information in the case file (paper and electronic) for a period of 7 years and we will keep copies of scanned completed documents for 20 years.

COURT OF PROTECTION

What data is collected?

The attorney, trustee or deputy will be advised at each point personal information is collected about the individual who lacks capacity of the proposed use of that data. In circumstances where a client lacks capacity, personal information will be collected and used in accordance with the best interests of the individual according to the Mental Capacity Act 2005.

We always need to obtain identification from the person or person instructing us. We also need identification for the person who lacks capacity but understand that obtaining this can be difficult and we will provide you with assistance, we we can.

In other cases, personal information will be collected and used in accordance with client instructions (dependent upon the personal circumstances of the case). In some circumstances we may require information about:

you (name, title address, email address, contact information, date of birth, NI number);
your family relationships (if applicable);
your relationship to any person who lacks capacity (if relevant to your instruction);
any third party body that has been involved in the matter (such as social services);
your financial assets and any insolvency proceedings concerning you (if relevant to the instruction); and
your occupation.

We acknowledge that information we hold in this regard will be Sensitive Personal Data and/or data relating to a child. We will treat this with the highest level of confidence and security.

What do we use this information for?

All personal information we obtain will only be used for the following reasons:

for the provision of our legal services to you (our contract with you);
to ensure we comply with our legal obligations (for example our safeguarding and money laundering responsibilities);
to protect the vital interests of the individual or another;
as part of performing a task carried out in the public interest or the exercise of official authority vested in us; or
in respect of third party information, for our legitimate business interests to support our instruction.

Any Sensitive Personal Data we hold for your case will only be processed:

with the explicit consent of the individual to whom it relates (where this can be obtained);
as necessary to protect vital interests of the individual where he/she cannot consent;
as necessary to carry out obligations in social protection law with appropriate safeguards in place;
if made public by the individual to whom it relates; or
where necessary for the establishment, exercise or defence of a legal claim.

We ensure that any data usage in respect of information pertaining to a child is fully discussed with the adult instructing us.

How long will you hold my data for?

Following completion of your matter (or abandonment) we will hold the information in your file (paper and electronic) for the lifetime of the individual for whom the file relates plus a period of 7 years thereafter if a Partner in Coffin Mew is appointed as Deputy, Trustee or Attorney. When providing advice to lay Deputies, Trustees or Attorneys we will hold the information for 7 years after completion of your matter.

DISPUTE RESOLUTION, RESTRUCTURING AND INSOLVENCY , PROPERTY LITIGATION

What data is collected?	We collect limited personal information in order to commence an instruction: basic contact information of the instructing client (or nominated client contact) to include name, address, email address (business and private), contact telephone numbers; and basic contact information of the opposing party (if applicable); financial information pertinent to the instruction; the output of credit searches. Naturally, dependent upon the scope of your instruction, we may need to collect additional personal information from you in order to advise and support you. We will explain to you as the matter progresses where personal information needs to be collected, the purpose for that collection and our intended use.
Where is this data collected from?	The information listed in this section will come from the instructing client (or the nominated client contact). The only exception is where personal information is received from: a third party opponent directly making contact and/or serving proceedings; and/or a referrer (where you have authorised the referrer to contact us directly).
What do we use this information for?	All personal information we obtain will only be used for the following reasons: for the provision of our legal services to you (our contract with you); to ensure we comply with our legal obligations (for example our money laundering responsibilities); in respect of third party information, for our legitimate business interests to support our instruction. Any Sensitive Personal Data we hold for your case will only be processed: with the explicit consent of the individual to whom it relates (where this can be obtained); if made public by the individual to whom it relates; or where necessary for the establishment, exercise or defence of a legal claim.
Who do we disclose it to?	In progressing your instruction we may have to disclose personal information to the following third parties (if relevant): the legal representative on the other side of the dispute; legal professionals (including counsel, mediators, adjudicators, costs draftsman); insolvency practitioners, administrators, receivers and/or the official receiver; accountants; third party experts; tracing agents; data room providers; and HM Courts and Tribunals Service (including through the Online Court Service). We will always discuss with you/your nominated contact which third parties we need to involve, before we disclose any personal information to them. If the instruction involves international assets and/or where the opponent is overseas we may need to transfer personal information outside of the United Kingdom. You will be informed if this is the case and the agreement to any transfer obtained in advance. A record of service of proceedings internationally is kept.
How long will you hold my data for?	Following completion of the matter (or abandonment) we will hold the information in the case file (paper and electronic) for a period of 7 years.

EMPLOYMENT AND BUSINESS IMMIGRATION SERVICES

What data is collected?	We collect limited personal data in order to commence an instruction, being the basic contact information of the instructing client (or nominated client contact(s)). This will include: name(s); addresses; email addresses (business and/or private); and contact telephone numbers. Naturally, dependent upon the scope of your instruction, we may need to collect additional personal data from you in order to advise and support you. We will explain to you as the matter progresses where personal data needs to be collected, the purpose for that collection and our intended use.
What data is collected about a third party?	Owing to the nature of employment and/or immigration services, we will also collect basic information regarding the individuals to whom a specific employment query relates. This will include the names and addresses of the following categories of individuals, dependent upon the particular matter: employees; workers; executive and non-executive directors; contractors; consultants; agency workers; volunteers; interns; job applicants/candidates for any of the above positions; or any individual who formally held one of the above positions. In the event of a contentious matter, we will collect basic contact information of the opposing party and their legal representative (if applicable). We may also collect the contact details of other third parties involved in a matter, which may include: your insurance provider and their nominated contact; your accountant or financial adviser; other legal professionals; HR Consultants (if applicable); directors or shareholders of your business; third party experts; and/or in the event of employment tribunal proceedings, any relevant witnesses (provided they have given their consent to you providing us with their personal data and are happy to act as a witness).
Where is this data collected from?	The information listed above will typically come from the instructing client (or the nominated client contact). We may also receive personal data from: a third party opponent directly making contact and/or serving proceedings; an ACAS Conciliator; a referrer, such as a HR Consultant (where you have authorised the referrer to contact us directly); a third party, such as an accountant (where you have provided us with their details and they are involved in a matter); HM Courts and Tribunals Services; and/or publicly available sources, such as Companies House (where we need to check the status of your business and the currently appointed directors).
What do we use this information for?	All personal data we obtain will only be used for the following reasons: for the provision of our legal services to you (our contract with you); to ensure we comply with our legal obligations (for example our money laundering responsibilities); in respect of third party information, for our legitimate business interests to support our instruction to provide legal services. Any Sensitive Personal Data we hold for a matter will only be processed: with the explicit consent of the individual to whom it relates (where this can be obtained); if made public by the individual to whom it relates; or where necessary for the establishment, exercise or defence of a legal claim.
Who do we disclose it to?	In progressing your instruction we may have to disclose personal data to the following third parties (if relevant): an opposing party or the legal representative on the other side of the dispute (if applicable); legal professionals (including counsel, mediators, adjudicators, costs draftsman); insurance providers; HR Consultants; accountants; third party experts; data room providers, where required as part of a corporate transaction; and HM Courts and Tribunals Service (including the Employment Tribunal). We will always discuss with you/your nominated contact which third parties we need to involve, before we disclose any personal data to them. If the instruction involves international angles and/or where the opponent is overseas, we may need to transfer personal data outside of the United Kingdom. You will be informed if this is the case and the agreement to any transfer obtained in advance.
How long will you hold my data for?	Following completion of the matter (or abandonment) we will hold the information in the case file (paper and electronic) for a period of 7 years.

EMPLOYMENT AND BUSINESS TO INDIVIDUALS

What data is collected?	When you first instruct us, we will ask you for information about you including: name; title; address; email address; date of birth; telephone number; occupation; and financial information (such as your salary and whether you have Home Contents Insurance Cover). We will ask you to provide identification documents to us to prove your identity, which may also include a copy of a recent payslip. Naturally, dependent upon the scope of your instruction, we may need to collect additional personal data from you in order to advise and support you. We will explain to you as the matter progresses where personal data needs to be collected, the purpose for that collection and our intended use. Some of the information you provide to us about you and others will be Sensitive Personal Data (such as your physical or mental health). We will treat this with the highest level of confidence and security.
What data is collected about a third party?	Owing to the nature of employment services, we will also collect basic information regarding your previous, current or future employer (as applicable) and the relevant contact. This will include basic contact information, such as their name, email address and telephone number. In the event of a contentious matter, we will also require details of the opposing party’s legal representation (if instructed). We may also collect the contact details of other third parties involved in a matter, which may include: your insurance provider and their nominated contact; your accountant or financial adviser; your ACAS Conciliator; your partner or family (should you wish for us to liaise with them directly regarding your matter and provided they are happy for us to do so); in the event of employment tribunal proceedings, any relevant witnesses (provided they have given their consent to you providing us with their personal data and are happy to act as a witness); and third party experts (including, for example, occupational health or medical professionals).
Where is this data collected from?	The information listed above will mainly be collected from you during the course of your matter. We may also receive personal data during the course of your instruction from: a third party opponent (such as your employer) or their legal representation (if applicable); other legal professionals; accountants or financial advisers; public registers; pension providers; and HM Courts and Tribunals Service (specifically, the Employment Tribunal). Of course, the source of personal data collected will depend upon the specific circumstances of your matter.
What do we use this information for?	All personal data we obtain will only be used for the following reasons: for the provision of our legal services to you (our contract with you); to ensure we comply with our legal obligations (for example, our money laundering responsibilities); or in respect of third party information, for our legitimate business interests to support our instruction. Any Sensitive Personal Data we hold for your matter will only be processed: with the explicit consent of the individual to whom it relates; if made public by the individual to whom it relates; or where necessary for the establishment, exercise or defence of a legal claim.
Who do we disclose it to?	In progressing your instruction we may have to disclose personal data to the following third parties (if relevant): an opposing party or the legal representative on the other side of the dispute (if applicable); legal professionals (including counsel, mediators, adjudicators, costs draftsman); insurance providers; HR Consultants; accountants; third party experts, including occupational health or other medical professionals; and HM Courts and Tribunals Service (including the Employment Tribunal). We will always discuss with you which third parties we need to involve, before we disclose any personal data to them. If the instruction involves international angles and/or where the opponent is overseas, we may need to transfer personal data outside of the United Kingdom. You will be informed if this is the case and the agreement to any transfer obtained in advance.
How long will you hold my data for?	Following completion of the matter (or abandonment) we will hold the information in the case file (paper and electronic) for a period of 7 years.

FAMILY LAW

What data is collected?	When you first instruct us you will be asked to complete a “Family Department Client Information Form”. This will ask you for information relevant to your matter including: Information about you (name, title, address, email address, contact information, date of birth, NI number); information on your partner (to the same detail as above); information on your partner’s legal representation (if applicable); information relevant to your relationship (if relevant to your instruction); information on your dependents (including children) and contact arrangements; confirmation of any third party bodies that have been involved (such as social services); details of your financial assets (if relevant to the instruction); details of your occupation and that of your partner; information on any relevant sources of income outside of work; and/or details of any live or pending court proceedings. Naturally, dependent upon the scope of your instruction, we may need to collect additional personal information from you in order to advise and support you. We will explain to you as the matter progresses where personal information needs to be collected, the purpose for that collection and our intended use. Some of the information you provide to us about you and others will be Sensitive Personal Data and/or data relating to a child. We will treat this with the highest level of confidence and security.
Where is this data collected from?	The information listed above will mainly be collected from you by completing the Family Department Client Information Form and/or by you providing us with additional information during the course of your matter. We may also receive personal information during the course of your instruction from: agents; competent authorities; social care professionals; medical professionals; other legal professionals; financial institutions; public registers; pension providers; HM Land Registry; HM Courts and Tribunals Service; property professionals; educational establishments; residential and nursing homes; the armed forces; corporate valuers; and/or utility providers. The source of personal information collected will depend upon the specific circumstances of your case. Please note that we cannot accept, hold, consider or utilise any document you pass to us belonging to a third party that has been obtained without the consent of that third party.
What do we use this information for?	All personal information we obtain will only be used for the following reasons: for the provision of our legal services to you (our contract with you); to ensure we comply with our legal obligations (for example our safeguarding and money laundering responsibilities); or in respect of third party information, for our legitimate business interests to support our instruction. Any Sensitive Personal Data we hold for your case will only be processed: with the explicit consent of the individual to whom it relates; as necessary to protect vital interests of the individual where he/she cannot consent; if made public by the individual to whom it relates; or where necessary for the establishment, exercise or defence of a legal claim. We ensure that any data usage in respect of information pertaining to a child is fully discussed with the adult instructing us.
Who do we disclose it to?	As part of your case we may have to disclose personal information to the following third parties (if relevant): agents; Counsel; experts instructed on your behalf; competent authorities; social care professionals (including independent social workers); medical professionals (including therapists and counsellors); legal professionals (including mediators, collaborative lawyers, arbitrators, private financial dispute resolution judges and litigation funding providers); financial institutions; public registers; pension providers; HM Land Registry; HM Courts and Tribunals Service; property professionals; educational establishments; residential and nursing homes; the armed forces; corporate valuers; and/or utility providers. We will always discuss with you which third parties we need to involve, before we disclose any personal information to them. If your instruction involves international assets or international child relocation we may need to transfer personal information relevant to that issue outside of the United Kingdom. You will be informed if this is the case and your agreement to any transfer obtained in advance.
How long will you hold my data for?	Different retention periods apply dependent upon the nature of your matter. We will advise you of the retention period that applies in your specific circumstances. If you would like more information about this please contact us.

INHERITANCE AND WILLS DISPUTES

What data is collected?	In order to advise you we will need you to provide: basic personal information about you (your name, address, contact information); basic contact information of the opposing party (if applicable); data relevant to the dispute e.g. Will, Grant of Probate; details of relevant finances – assets, debts, liabilities and tax information; details of named professionals who hold information; and/or information about relationships and beneficiaries. Naturally, the breadth of personal information we need to collect will depend upon the scope of your instruction. We will only ask for information that we need in order to advise and support you. We will explain to you at each stage what personal information needs to be collected, the purpose for that collection and our intended use. Some of the information you provide to us about you and others will be Sensitive Personal Data and/or data relating to a child. We will treat this with the highest level of confidence and security.
Where is this data collected from?	This information will mainly be collected from you. In some cases we may need to ask for additional information from third parties such as banks, other solicitors, financial advisors, HM Courts and Tribunals Service and pension trustees – we will only contact these third parties with your agreement.
What do we use this information for?	The personal information we collect will only be used in accordance with your instructions (for the purpose of advising you about the dispute and representing you in litigation) and/or responding to your instructions. In other words: for the provision of our legal services to you (our contract with you); to ensure we comply with our legal obligations (for example our safeguarding and money laundering responsibilities); or in respect of third party information, for our legitimate business interests to support our instruction. Any Sensitive Personal Data we hold for your case will only be processed: with the explicit consent of the individual to whom it relates; as necessary to protect vital interests of the individual where he/she cannot consent; if made public by the individual to whom it relates; or where necessary for the establishment, exercise or defence of a legal claim. We ensure that any data usage in respect of information pertaining to a child is fully discussed with the adult instructing us.
Who do we disclose it to?	You will be informed prior to any intended disclosure of personal information to a third party. We will not disclose personal information outside of our organisation unless we have your agreement. The only exception to this is where we have a legal obligation to disclose (for example our safeguarding and money laundering responsibilities). If your instruction involves international assets we may need to transfer personal information relevant to those assets outside of the United Kingdom. You will be informed if this is the case and your agreement to any transfer obtained in advance.
How long will you hold my data for?	Following completion of your matter we will hold the information in your file (paper and electronic) for 7 years.

NEW HOMES AND RESIDENTIAL PROPERTY

What data is collected?	In order to complete your property transaction we need you to provide us with the following: identification documents (confirming your name and address); your personal details (name, address, contact information, date of birth, NI number, Unique Tax Reference, employer, occupation); details of the property involved; your existing mortgage information (if applicable); details of any financial transaction relevant to your purchase (such as a private loan or gift); and your bank account details (so we can transfer funds if applicable). This information will be requested in the Working Pack that you will receive at the start of the instruction. If, on receipt of replies in the Working Pack, we determine we need additional personal information about you we will speak with you about this.
What data is collected about a third party	We may also need the following third party information to process your purchase/sale: identity and contact information of any applicable agent; details of your lender (current and future) and the lender of the other side (if known); name of any individual to whom third party payments are made (for example a service or rent charge); name of any individual who is gifting or loaning money as part of the transaction; name of any guarantor on a mortgage; any third party in possession of your deeds; name and address of broker (if applicable); information on any tenancy in place or proposed (or other occupier of the property); and/or information on any landlord/freeholder and/or management company. This information will also be requested in the Working Pack that you will receive at the start of the instruction.
Where is this data collected from?	The above categories of information will usually be collected from you directly by completing the Working Pack. We may also receive: some preliminary contact information about you and your proposed purchase from your developer/agent (where you have agreed your developer/agent can disclose this to us); and/or some financial information from your lender about your current mortgage (again where you have agreed your lender can disclose this to us).
What do we use this information for?	All personal information we obtain will only be used for the following reasons: for the provision of our legal services to you (our contract with you); to ensure we comply with our legal obligations (for example our money laundering responsibilities); or in respect of third party information, for our legitimate business interests to support the transaction.
Who do we disclose it to?	As part of the transaction we may have to disclose your personal information to the following third parties (if relevant): your developer (if this is relevant to you, you will be informed within your Working Pack); your lender/financial advisor; your agent; your broker; your indemnity insurer (if relevant); the NHBC; ISIS (insurance broker) for the purpose of local search insurance, Key One and chancel repair; the legal representative on the other side of the transaction; the Conveyancing Quality Scheme (which regulates property transactions); search providers, such as Search Acumen, Search Flow and SDL; conveyancing form suppliers, such as Oyez and Laserform; family members (only where you have authorised us to do so); HM Revenue and Customs; and/or HM Land Registry. We will always discuss with you which third parties we need to involve, before we disclose any personal information to them.
How long will you hold my data for?	Following completion of your property transaction (or abandonment) we will hold the information in your property file (paper and electronic) for a period of 16 years (for a purchase) or 7 years (for a sale).

SERIOUS PERSONAL INJURY

What data is collected?

We will need to collect various categories of personal information from you in order to manage your claim. We will engage with you at each stage of the litigation to explain what personal information we need, why and where it will be sent.

In circumstances where a client lacks capacity, personal information will be collected and used in accordance with the best interests of the individual according to the Mental Capacity Act 2005. We will discuss collection and use with the individual’s litigation friend.

In other cases, personal information will be collected and used in accordance with client instructions (dependent upon the personal circumstances of the case).

We acknowledge that information we hold in this regard will be Sensitive Personal Data and/or data relating to a child. We will treat this with the highest level of confidence and security.

What do we use this information for?

All personal information we obtain will only be used for the following reasons:

for the provision of our legal services to you (our contract with you);
to ensure we comply with our legal obligations (for example, our money laundering responsibilities);
to protect the vital interests of the individual or another;
as part of performing a task carried out in the public interest or the exercise of official authority vested in us; or
in respect of third party information, for our legitimate business interests to support our instruction.

Any Sensitive Personal Data we hold for your case will only be processed:

with the explicit consent of the individual to whom it relates (where this can be obtained);
as necessary to protect vital interests of the individual where he/she cannot consent;
as necessary to carry out obligations in social protection law with appropriate safeguards in place;
if made public by the individual to whom it relates; or
where necessary for the establishment, exercise or defence of a legal claim.

Where we have consent to process medical information we ensure this consent is refreshed every six months.

We ensure that any data usage in respect of information pertaining to a child is fully discussed with the adult instructing us.

How long will you hold my data for?

Different retention periods apply dependent upon the nature of your matter. We will advise you of the retention period that applies in your specific circumstances. If you would like more information about this please contact us.

WILLS, TRUSTS AND PROBATE

What data is collected?	In order to prepare a Will, create a Power of Attorney, create a Trust or advise you on Estate Administration we will need you to provide: basic personal information about you (your name, address, contact information and in some cases you National Insurance number); details of relevant finances – assets, debts, liabilities and tax information; details of named professionals who hold information about your assets; and/or information about family relationships and beneficiaries. Naturally, the breadth of personal information we need to collect will depend upon the scope of your instruction. We will only ask for information that we need in order to advise and support you. We will explain to you at each stage what personal information needs to be collected, the purpose for that collection and our intended use. Some of the information you provide to us about you and others will be Sensitive Personal Data and/or data relating to a child. We will treat this with the highest level of confidence and security.
Where is this data collected from?	This information will mainly be collected from you. In some cases we may need to ask for additional information from third parties such as banks and pension trustees – we will only contact these third parties with your agreement.
What do we use this information for?	The personal information we collect will only be used in accordance with your instructions (for the purpose of preparing your Will, creating a Power of Attorney, creating a Trust, Administering your Estate and/or responding to your instructions). In other words: for the provision of our legal services to you (our contract with you); to ensure we comply with our legal obligations (for example our safeguarding and money laundering responsibilities); or in respect of third party information, for our legitimate business interests to support our instruction. Any Sensitive Personal Data we hold for your case will only be processed: with the explicit consent of the individual to whom it relates; as necessary to protect vital interests of the individual where he/she cannot consent; if made public by the individual to whom it relates; or where necessary for the establishment, exercise or defence of a legal claim. We ensure that any data usage in respect of information pertaining to a child is fully discussed with the adult instructing us.
Who do we disclose it to?	You will be informed prior to any intended disclosure of personal information to a third party. We will not disclose personal information outside of our organisation unless we have your agreement. The only exception to this is where we have a legal obligation to disclose (for example our safeguarding and money laundering responsibilities). If your instruction involves international assets we may need to transfer personal information relevant to those assets outside of the United Kingdom. You will be informed if this is the case and your agreement to any transfer obtained in advance. Please note that when a Grant of Probate is issued it becomes a public document.
How long will you hold my data for?	Different retention periods apply dependent upon the nature of your matter. We will advise you of the retention period that applies in your specific circumstances. If you would like more information about this please contact us.

AUTOMATED DECISION MAKING

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:

Where we have notified you of the decision and given you 21 days to request a reconsideration.
For performing our contract with you where appropriate measures are in place to safeguard your rights.
In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

If we make an automated decision on the basis of any particularly Sensitive Personal Data, we must have either your explicit written consent or it must be justified in the public interest, and we must also put in place appropriate measures to safeguard your rights.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

BUSINESS CONTACTS

We keep a central record of business contacts, comprising:

contact information of representatives of our suppliers, advisers, agents, referrers, experts and counsel in order to manage our commercial relationship with that third party and perform contractual obligations (i.e. it is necessary for us to perform a contract);
contacts from competent authorities and regulators linked to our industry, together with their contact information, in order to comply with a legal obligation; and
prospective business contacts. This is in our legitimate interests (i.e. we have a justifiable reason for processing information in this way).

We ask our staff to ensure that business contact information they collect is kept up to date. Where the contact record is inactive for 2 years it will be automatically deleted from our central record.

We may send business contact information to third parties to nominate their business for an industry award or accreditation and/or to understand how we are performing. In this instance, we will only disclose personal information that is publicly available. This is in our legitimate interests and does not undermine your data rights.

EX EMPLOYEES

We will retain your personal data after employment or engagement in accordance with our separate PRIVACY NOTICE FOR EMPLOYEES, WORKERS AND CONTRACTORS.

Please contact us if you would like a copy of this notice.

MARKETING

All communications we send to you will be connected with our legal service. Our service includes the provision of our Connect magazine, which is provided to all clients for general interest.

Where you have provided us with a business card at an event or personal meeting, you may receve an email communication asking you to opt into our marketing communications. You are completely free to accept of decline this invitation.

We will not use your personal information to directly market to you any product or service of a third party.

You can unsubscribe to our communications at any time (or change your preferences for the type of information you’d like to receive/the ways in which we may contact you) by following the link contained within them or by contacting us at marketing@coffinmew.co.uk. We will promptly honour your request to cease receipt of these communications/change your preferences. We will retain just enough information to ensure that your details are suppressed and your marketing preferences respected.

In some situations we use a third party processor (Campaign Master) to assist us with our marketing communications. We have satisfied ourselves that Campaign Master has appropriate technological and organisational measures in place to protect your personal data and we always ensure this whenever we engage with a third party processor.

We use live chat software on our website in order to assist with enquiries. This software is provided by Click4Assistance. We may ask for your name, email address, telephone number and additional information about the nature of your enquiry. We believe it is in our legitimate interests to process your information in this way.

If you send personal information to us indirectly through a third party we work with (such as agents/referrers) these third parties will be a separate Controller of your personal information. You should check their privacy notice/transparency notice to ensure you’re comfortable with their marketing activities and the marketing you have consented to.

USERS OF OUR WEBSITE

This notice details how we use information you provide to us through our website.

Any other external websites that may be linked to our website will be subject to their own data protection statements/privacy policies which may be different to this notice. You should check carefully the content of those third party notices before you submit any personal information to them.

Unfortunately, the transmission of information through the internet is never completely secure. Although we do our best to protect personal information at all times, we cannot guarantee the security of the data sent to us through our website. Any transmission made is therefore at the sender’s risk. Once we have received personal information, we use strict procedures and state of the art security features to protect against unauthorised access.

Contacting us through our website

If you use our website to contact us with a new enquiry or to report a problem with our website, we may ask you to provide basic contact information (name, address, telephone number and email address) so we can verify your identity and deal with your enquiry/resolve the problem. We will create an electronic file of the enquiry/problem which will contain any personal information you have given us. If you later go on to instruct us, this information will be kept with your case file.

We will only use your personal information to investigate and respond to you about your enquiry/our investigation.

The provision of information to us through our website is entirely voluntary. However, we may be limited in our ability to deal with your enquiry and respond to you if contact information is not provided. We will only correspond with you in the way you have asked us to.

It is in our legitimate business interests to process this information in order to deal with your enquiry/investigate the problem you’ve raised. We’ll ensure your rights are protected.

Where you submit an enquiry to us and then decide not to proceed we will retain the personal information you have given us for a period of 12 months with the exception of enquiries to our Family or Personal Injury/Medical Negligence teams where the retention period is 3 years from enquiry. This is to ensure we can swiftly serve your needs if you return to us during this time.

Providing us with feedback

If you choose to complete a review or feedback form, you will be asked for basic contact information including name, address, email address (business and/or private), contact telephone number and job title. We use this information to analyse responses.

We currently use third party tools to conduct reviews and surveys (Survey Monkey and Review Solicitors) to seek feedback from users about our website, events and services. Completion of any survey or providing feedback is entirely voluntary. We will only use this information from your response to improve our website and services.

It is in our legitimate interests to understand how you feel about our website and services. This justifies the processing of personal information for

Making payments through our website

We provide a facility through our website to allow clients to easily make payments to us for money on account and to pay invoices we have issued. Where this is an option we will provide you with unique log on details contained within:

our initial letter of engagement;
the related invoice; or
an email accompanying the invoice.

To help facilitate the processing of your payment we will send your name to our hosting provider, AMT. They will retain this personal information for a period of 45 days to allow you to make payment within this time.

When you log on to make payment you will be asked to provide your address and email address. You will then be re-directed to a Worldpay online portal; we have chosen Worldpay as a reputable supplier to control and manage the payment process. You should read the privacy notice of this provider (available at https://www.worldpay.com/uk/privacy-policy) and ensure you are comfortable with how they may independently process any personal information you provide to them directly for the purpose of making a payment. Any additional personal information you provide to worldpay will not be passed to us. Worldpay will send a confirmation email back to you to confirm whether or not payment is successful.

Information we collect about your device

Each time you visit our website we will automatically collect the following information:

technical information, including your operating system, the browser you use, time zone setting, browser plug in types and versions, your log in information and the internet protocol address used to connect your computer to the internet (Device Information);
details of your use of our website including traffic data, the resources you use, where you have clicked through to our website from that of a third party, the domain name of the connecting website, page response times, download errors, length of your visit, page interaction information and browsing behaviour (Log Information);

Some online identifiers (such as static IP addresses) are personal information.
We collect information so that we can ensure adequate technical support for our website and ensure it is functioning properly on all operating systems/browsers, and to improve its functionality/content.

These activities are in our legitimate interests (i.e. we have a justifiable reason for processing your information in this way).

We use cookies and pixel tags on our website:

a cookie is a small text file sent to your computer or device;
a pixel tag is an invisible tag placed on certain parts of our website. It does not leave a footprint on your computer/device.
Pixel tags and cookies work together to tailor our website. These are also used in our email communications to understand whether you have used our website from the email and record whether it has been read.

You can manage this automatic collection of data by adjusting your cookie settings. More information about the particular cookies we use and the legal basis under which we rely when using them can be found in our Cookie Policy here and at www.allaboutcookies.org.

WHERE WE SEND YOUR PERSONAL INFORMATION

As well as the recipients of personal information unique to each department, we may share your personal information with the following third parties for the reasons listed:

carefully selected third parties who provide a service to us to support our core operations, such as: processing our mail, communicating with clients on our behalf, providing IT systems and administrative services and the development and improvement of internal systems and processes;
competent authorities (statutory bodies, regulatory authorities, authorised bodies who have a role laid out by law);
other organisations where we are legally obligated to disclose your personal information (such as requests made in the prevention and detection of crime), where disclosure is necessary to protect the property, rights and safety of us and our staff or where disclosure is necessary in order to enforce or apply our contract with you (including non payment of an invoice);
another business, if our business (or part) is purchased/taken over to ensure our products and services to you can be continually serviced or as part of discussions leading up to a sale/takeover;
another company from whom we are looking to purchase assets, where the personal information is relevant to us assessing if those assets will improve our offering to clients and/or our business processes;
other businesses where we are trialling products and services which we consider may improve our offering to clients and/or our business processes;
other third parties where you have given your express consent or where we reasonably believe a third party is acting on your behalf.

Whenever we share personal information with third parties we will take all reasonable steps to ensure appropriate safeguards are in place to protect personal information and privacy rights.

WHERE WE STORE YOUR DATA

The data that you provide to us as set out above may be transferred to, and stored at, a destination outside of the United Kingdom or where relevant European Economic Area (EEA) by us and/or by the carefully selected third parties we work with.

We and third parties we work with may use cloud platforms to store your personal information. A cloud is a network of remote servers hosted on the internet. We will only use state of the art cloud platforms which give adequate guarantees that your personal data is secure. We will treat the storage of your personal information to the same level of protection as we treat our commercial information.

Where your data is held outside of the United Kingdom, or where relevant the EEA, on a cloud or otherwise transferred, we will ensure this is only to a country which has been deemed adequate by a competent data protection regulator or where adequate protections have been put in place to safeguard the data (to the standards prescribed by law). This includes contractual protections.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this notice.

All information you provide to us is also stored on our secure servers.

To find out more about storage of your data, and the safeguards that are in place to protect your data outside of the United Kingdom and the EEA, please contact the DPO.

YOUR RIGHTS

We recognise that the personal information we hold about you belongs to you and it is right that you have control over that personal information. We have detailed below a summary of your legal rights.
You can:

ask us to have access to, and for a copy of, the personal information we hold about you;
request that we amend or delete your personal information;
ask us to stop processing your personal information altogether or in a certain way;
change your mind about how you have agreed we can use your personal information. If you have given us consent to use your personal information in a specific way you can withdraw it. This means that we will stop processing your personal information in the way you have objected to from the date that your permission is withdrawn;
issue a complaint to the appropriate authority – see www.ico.org.uk for more information;
request that we transfer your personal information to another provider (this is known as data portability);
object to any automatic processing we conduct.

If you would like to exercise any of these rights, or discuss them in more detail, please contact us.

We need to make you aware that even where you exercise a right detailed above, we may not be able to comply with that request if an exception in law applies. Where this is the case we will notify you and explain why we’re unable to meet your request.

Changes to this notice

We keep this notice under regular review. This notice was last updated on 20 November 2019.

Any changes we make to this notice will be posted on our website with a prominent notice and, where appropriate, we will notify you by email.

If, in the future, we wish to use your personal information in a way not set out in this notice we will notify you and seek your permission to do so.

Contact us

If you would like to request further information about this notice or the way in which we handle your personal information, please contact our DPO using the contact information in the opening of this notice.

Enquire now

Data Protection Statement