WHO WE ARE AND WHY WE'RE DOING THIS
We want to give everyone we deal with complete confidence in the way that we collect, maintain and use their personal information. We are legally obliged to deal with the personal information of everyone we deal with.
We’ve put in place measures to ensure that any personal data we obtain from you visiting this website is processed and maintained in accordance with accepted principles of good information handling and the Data Protection Act 2018 (which is the name that GDPR has acquired in UK Legislation).
The policy applies to all visitors to our website and sets out the details of the type of information we hold about you, how we obtain and use any information and how we protect your privacy. We invite you to read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.
There is a legal version which basically regurgitates this, but in a way much less easy to follow. That is available here.
For the purposes of the Data Protection Act 2018, the data controller is Bridge Risk Control Limited. In some situations, such as where we obtain personal information during the course of an instruction, we will also act as data processor.
We are registered with the Information Commissioner as a Data Controller and Processor under registration number ZA035947.
If you have any queries or questions at any point, drop us an email at firstname.lastname@example.org.
You will have seen that the GDPR reiterated and created a few new rights for people in relation to their personal data.
You can expect, as a client or a potential client, that the information we hold about you will not be disclosed to anyone other than in the circumstances listed below:
- where we are legally required to disclose;
- where we have a public duty to disclose;
- where our legitimate business purposes require disclosure;
- where the disclosure is made with your consent.
We won’t sell your data to anyone. Ever. Not that we could ever think of a good reason for doing so!
WHAT IF YOU DON'T AGREE TO THIS
That’s absolutely fine. If you don’t want us to use your personal data- don’t give it to us. its really that simple.
This will likely make it difficult for you to use our services though. We won’t be able to get very far at all without you providing us with personal data.
At any time, you can withdraw this consent and we’ll close the instruction down and bill you for the work we’ve done so far.
WHAT HAPPENS IF WE CHANGE THIS POLICY
We generally only change things when we need to. A typical situation where we would do this would be if the legislation changed and we had to comply with it.
When this happens we would amend the policy on our website and, if you are an existing client, let you know via an email. We will probably announce it on the homepage of the website too. We’ll try and give everyone enough time to look at it and make a call as to whether they are happy with the changes.
HOW DO I GET YOU TO CHANGE OR DELETION
If we hold your personal data- it’s got to be accurate.
You also have the ‘right to be forgotten’ which is basically where we have to delete your personal data if you ask us to.
If you want us to delete or amend your data you can get in touch with us by emailing email@example.com
You can also use the chat feature in the bottom right of the screen.
WHAT DATA DO YOU COLLECT FROM ME ANYWAY?
This is not likely going to be much- as you won’t have asked us to do anything by this point.
We will collection and maintain the following data:
- IP address (which can provide your geographical location at the time you access our website)
- Browser Version
- Operating System
- Any information you provide to us about yourself through live chat, contact forms on the website.
We are likely to hold much more information about you if you are an existing client of ours.
We will collect and maintain the following data.
- Contact Information such as where you work and your contact details such as telephone number and email address.
- Communication information arising from your contact with us including calls, emails, letters, and Live Chat.
- Transactional data such as your invoices and repayment history
- Preferences such as how you use our product and services. This includes any consent provided during your dealings with us such as marketing preference.
- Device data arising from information collected from your devices (computer, mobile, tablet etc.) and your usage of our website
OTHER THINGS WE ARE OBLIGED TO DO
USING SUB CONTRACTORS
We’ll never share data with people unrelated to the service we provide. But you (as the data controller) can give us permission to use another process server. They’d be a subcontractor. We must tell you who they are. We must also tell you if we plan to change subcontractor so you have time to object to the change. The subcontractor will be under exactly the same obligations we’re laying out here. They’ll need to show us they plan to take appropriate security measures. Once contracted, they—and their employees—can access the same data we can, as long as they themselves don’t subcontract with another party.
If the subcontractor is based in a country that doesn’t have data protection legislation matching that of the EU, we’ll set up safeguards when we transfer data to that country. We’ll tell you about those safeguards if you want to know more.
A situation where this might come in to play is where you instruct us to serve documents in a foreign country. In this circumstances, we’d likely instruct a local process server to assist us (especially if we don’t speak the native language).
DELETING YOUR DATA
We are obliged to delete or give back all data you’ve given us. We’d delete any copies of that data as well—unless the law tells us not to.
NOTIFYING YOU OF A DATA BREACH
We will tell you if there’s a data breach – this is where we accidentally disclose personal data. We’ll support you to identify what’s been breached, contact the ICO (if necessary), and tell any other relevant parties about the breach. We’ll help carry out privacy impact assessments.
DATA SUBJECT ACCESS REQUESTS
You have the right to access a record of everything we’ve done with your data. Just let us know by email at firstname.lastname@example.org and we’ll send you a copy in writing.
WHY DO YOU NEED MY DATA?
The obvious response is that we need personal data to carry out our services. If you instruct us, we use the data you provided to carry out this instruction and communicate with you throughout.
We will use your data to improve the quality of our service delivery. We will use the data we collect to change processes, plan future services and make general improvements to what we do for the benefit of you and everyone else.
We’ll also use your data to deal with any queries you might have regarding our services. For example, you might want us to provide a written quote for an instruction- obviously we will need your name, email and potentially, your address, to fulfil this request.
WILL YOU SELL MY DATA?
WILL YOU SELL OR SHARE MY DATA?
We’ll never sell your data. Ever.
We might have to share your data though. This would apply in situations where:
- You request a service and we need to collaborate with third parties (with your permission).
- You give us permission.
- An authority requests us to do so (the police, for example).
- The law asks us to do so.
WHAT ABOUT COOKIES?
A cookie is a small string of information that the website you visit sends to your computer for identification purposes. Cookies are used to follow your activity through our website. That helps us understand your preferences and give you a better website experience.
We have a cookies policy. You can see it here.
HOW LONG DO YOU HOLD MY INFORMATION
Basically, for as long as is necessary.
We might keep information from closed instructions to deal with complaints, comply with our obligations in respect of fighting financial crime and collect any outstanding invoices.