Privacy Policy

Our Client Privacy Policy (CPP) applies to personal data and information that we hold and process about our clients.

We take confidentially very seriously. Any personal data you share with us and that we process will comply with the UK GDPR and the Data Protection Act 2018 and other relevant data protection and privacy legislation in the UK (together referred to as the “Data Protection Legislation”).

All enquires in relation to this privacy policy should be made to hello@burmanlaw.co.uk or by telephone to 0113 547 2888.

1. Personal Data Processing

Your personal data includes all the information we hold that identifies you, including but not limited to:

contact details including name, email address, postal address, date of birth and personal phone number
identification documents (such as passport images and utility bills).

Everything we do with your personal data counts as processing it, including collecting, storing, transferring, updating, amending and deleting it.

2. Our Responsibilities

Burman Environmental Law ( “we”) is the data controller of the personal data you provide.

Our Managing Director has day to day responsibility for ensuring we comply with the Data Protection Legislation. He will also deal with requests we receive from individuals exercising their rights under Data Protection Legislation.

We shall comply with Data Protection Legislation to make sure that your information is protected and only used appropriately.

3. Your Personal Data

We may process the following types of personal data about you:

Identity Data for example name, title, date of birth, gender, marital status, signature.
Contact Data, for example your phone numbers, home and business address, personal and business email addresses, social media profiles etc.
Financial Data, including your bank account details, card details, documents confirming source of funds and income.
Matter and File Data which includes any personal data about you that we receive and/or process during the work we do while we are instructed to act for you.
Marketing Data for example details of your marketing preferences and how you would like us to contact you.

4. Special Categories of Personal Data

Special categories of data that we collect and process are subject to additional safeguards. Special categories of personal data include the following:

Racial or ethnic origin;
Genetic and/or biometric data;
Sexual orientation;
Political opinions;
Religious or philosophical beliefs;
Trade union membership;
Your physical and mental health.

5. Other Data

We may also collect and process other data about you in the course of our business relationship. This could include details about your vehicles, your meeting preferences, dietary requirements, medical or health related conditions, family information. This is also personal information that we process.

We may also use Artificial Intelligence (AI) to help us deliver legal services. Your personal information may be uploaded or processed by any AI software that we use, but only as is necessary. We will ensure that any of your personal information used in conjunction with AI is stored securely in accordance with Data Protection Legislation and deleted in accordance with this policy.

6. How we Collect your Personal Data

Most of your personal data will be provided by you. Some personal data will come from other sources such as credit reference agencies and due diligence service providers, Companies House, Land Registry, medical practitioners, public and trade bodies you belong to and your employer.

When collecting your personal data will explain clearly why we need the information we are collecting.

7. Processing your Personal Data

We process your personal data so we can provide the legal services and advice that you have asked us to provide. This could include initial discussions to decide whether we are able to act for you, whether you wish us to act, and once engaged, to deliver services under any agreement we have reached.

We may not be able to act for you if you do not provide the personal information that we require.

Your personal data is processed on one of the following grounds:

Our legitimate interests in providing you with the services you have requested;
Continuing and developing our ongoing relationship with you;
Entering into our contract with you or fulfilment of our contract with you (personal clients)
Compliance with our legal or regulatory obligations, for example Anti Money Laundering, preventing crime, etc.
Where it is necessary to protect your vital interests, or someone else's vital interests.

We may also process special categories of personal data on one of the following grounds:

Where processing is necessary for the establishment, exercise or defence of legal claims.
Where processing is necessary for reasons of substantial public interest, for example prevention or detection of an unlawful act, preventing fraud.
Where we have a recognised legitimate interest to process data in that respect.
Where the personal data is manifestly made public by you.

We may also process personal data relating to your criminal convictions and offences on one of the following grounds:

Where necessary in relation to legal claims.
To prevent or detect unlawful acts or to comply with regulatory requirements relating to unlawful acts
To prevent and detect dishonesty and to prevent fraud and money laundering.

8. Cookies

We may also process personal data about you through the use of cookies, in accordance with our cookie policy which includes the use of cookies which are strictly necessary for the operation of our website or otherwise only with your prior consent.

9. Recipients of your Personal Data

Recipients of your personal data may include the following:

Our third party suppliers including IT and systems providers, archiving and storage contractors, website host and designers, consultants who assist us with accounts, compliance, business development etc;
Third party providers of compliance, credit referencing and anti money laundering services.
Our banks and insurers;
Professional advisers such as lawyers, barristers, expert witnesses and others who work on your files;
courts and any other official bodies, including law enforcement agencies;
Companies House and the Land Registry;
Regulatory bodies we deal with.

This is not an exhaustive list but we will only transfer your personal data to the extent that we need to.

10. Transfer of Personal Data outside the UK

We will only transfer your personal data outside the UK where you have asked us to engage of liaise with an organisation or professional in another country on your behalf.

We will transfer your data only to countries that have been deemed to provide an adequate level of protection for personal data; or where an organisation in another country that does not have an adequate level of protection has appropriate safeguards in place in respect of the transfer of your data.

11. How we keep your Personal Data secure

We have measures in place to protect your data and limit access to only those who have a genuine business need to access it. Anyone who is processing your data will do so only in an authorised manner and they will be subject to a duty of confidentiality.

We have procedures to deal with any suspected data breach. If there is a suspected data security breach we will notify you and the relevant regulator where we are legally required to do so.

12. Retention of your Personal Data

Generally, we will retain your personal data for a minimum of seven years from the end of your retainer with us, or the date on which your file was closed.

The retention period will depend on factors including the type of work we have done for you, our insurance and regulatory requirements and any statutory requirements.

Any marketing data will be held until you advise us that you no longer wish to receive communications from us.

If there has been a query, complaint, query or other event within the retention period we may retain your personal data for a longer period.

Your personal data will be stored securely. It will also be destroyed securely and confidentially.

If you would like more information about retention or destruction of your personal data please contact us.

13. Your Rights

You have the following rights in relation to your personal data, including a right:

Of access to your personal data we hold or process.
To ask for the correction of your personal data (requests will be considered in accordance with Data Protection Laws).
To ask that the data is erased if it is no longer necessary for the purpose for which it was originally processed, and if there are no overriding legitimate grounds for ongoing processing.
A right to object to aspects of how your personal data is processed and a right to restrict the processing of your personal data (requests will be considered in accordance with Data Protection Laws).
A right to request the transfer of your personal data to a third party.

Please contact us if you wish to exercise any of your rights. We will endeavour to deal with all requests within 28 days. We may need you to clarify your request or provide further information to allow us to process it.

More information on your rights can be found on the website of the Information Commissioner’s Office (“ICO”) website.

14. Complaints about our data processing

If you have any concerns about how we have processed your personal data or if you think it has been processed unlawfully please contact our Managing Director by email or phone so we can investigate your concerns. Please send your correspondence to hello@burmanlaw.co.uk or call us on 0113 547 2888.

Please note that we may need to speak to you, obtain further information or clarify your concerns before we can investigate your concerns.

You also have the right to raise a complaint or concern with the ICO. You may contact the ICO at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF

Telephone: +44 (0) 303 123 1113
ICO complaints: https://ico.org.uk/make-a-complaint/data-protection-complaints/