Privacy Policy

This policy is addressed to individuals who are clients of Redpoint Law Limited (we” , “our” or “us”) in their own right, or representatives of a client (including prospective clients); visitors to our website or social media accounts; and other individuals who may deal with us, including suppliers and individuals related to a matter we are working on. We collectively refer to these categories of individuals as “you”.

If you are applying for a job, or you are a staff member of the firm, a different policy will apply, which will be provided to you.

This policy describes how we process your personal data when you deal with us, receive our services, visit our website www.redpoint.law (“our site”), interact with us via our social media accounts, complete a survey or make a complaint.

We have set out our privacy policy in full below for those of you who like a good read.

1. Who we are and how you contact us?

We are Redpoint Law Limited, if you have any questions about this policy, or how we process your personal data, email our Compliance Officer for Legal Practice at [email protected] or call on 0117 2141 284.

If you have a complaint, we ask you to get in touch with us as soon as you can. You can, of course, make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK’s supervisory authority for data protection issues, at https://ico.org.uk/make-a-complaint .

In this policy, we refer to our clients’ transactions, disputes and other situations requiring legal advice as “matters”, and that term is used in this policy. “SRA” refers to the Solicitors Regulation Authority.

2. Who is responsible for your personal data?

For the purposes of the UK data protection legislation, we process your personal data as a controller.  It is important that the personal data we hold is accurate and current. Please inform us if your personal data changes during your relationship with us.

3. Changes to this policy

Any changes that we make to this policy in the future will be posted on this page and, where appropriate, notified to you by email.

4. Third party links

Our site, and information that we may post on our site or via our social media accounts, may include links to third-party websites, plug-ins and applications for your convenience and information. If you use these links, you will leave our site or our accounts. When you access a site or social media account that is owned by a third party, we do not control the content and are not responsible, or liable, for how they process your personal data. For example, they may send their own cookies to users, collect data or solicit personal data from you. We encourage you to read the privacy policy of every website, app and social media account that you use or visit.

5. Where we get your personal data from and how we use it

Your name, address, and other contact details

We get these from you, your organisation or persons associated with you and your affairs. We use these for:

  • If you are our client, communicating with you in connection with your matters, this being necessary to take steps at your request prior to entering into a contract, and the performance of our contract with you.
  • If you are a representative of our client, or are an individual connected to any matter on which we are advising, we use this information for communicating with you and your colleagues in connection with your organisation’s matters, which we have a legitimate interest in when entering a contract and performing our contract with your organisation.
  • Obtaining information from credit reference agencies, or credit checking services, about your ability to pay our charges, and then collecting and processing those charges, this being necessary for ensuring that we get paid promptly, which we have a legitimate interest in doing.
  • Telling you about our services and legal issues that we believe will be of interest to you, this being necessary for promoting our business, which we have a legitimate interest in doing. For example, we send a regular email newsletter, we send specific legal or industry updates where we think they are relevant, and we may contact you or share information via our social media platforms.
  • To provide contact details of our clients to legal directory providers (such as The Legal 500 and Chambers & Partners ) to obtain your feedback on us, and for them to assess us for their directory rankings, which is necessary for our legitimate interests to seek industry recognition to promote our firm.
  • If you or your organisation is a supplier, for agreeing our terms and managing our relationship with you, which we have a legitimate interest in doing, or, if you are an individual, for the performance of our contract with you.
  • To notify you of changes to this policy, which is a legal obligation, and of changes to any applicable terms and conditions, which we have a legitimate interest in doing to maintain our relationship with you.
  • To keep our records updated, which we have a legal obligation to do.

Information about your affairs

By this, we mean information about the matter on which we are advising that relates to you, including our communications with you or about you. We get this from you, other people associated with you or with your affairs (e.g., other parties to your transactions and disputes), official sources (e.g., details of your company directorships and shareholdings from Companies House) and occasionally other public sources. We use it for:

  • Providing our services, this being necessary to take steps at your request prior to entering a contract, and the performance of our contract, with you.
  • If you are a representative of our client, or are an individual connected to any matter on which we are advising, we use this information for communicating with you and your colleagues in connection with your organisation’s matters, which we have a legitimate interest in when entering a contract and performing our contract with your organisation.
  • Completing our file opening procedures, including avoiding conflicts of interest (i.e. between your interests and those of our other clients), this being necessary for complying with our legal obligations under common law and the SRA code of conduct for solicitors, and for the performance of our contract with you.
  • Keeping records of your identity and affairs, assessing the likelihood that money laundering or terrorism financing might be taking place, and notifying the appropriate authorities if necessary. We have a legitimate interest in doing this and, where they apply, this is necessary for complying with our legal obligations under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
  • Dealing properly and fairly with complaints, this being necessary for complying with our legal obligations under the SRA code of conduct for solicitors and for the performance of our contract with you; we also have a legitimate interest in doing this to manage our business properly and maintain our relationships with our clients and other third parties.
  • Defending claims against us, for which we have a legitimate interest to manage our business properly.
  • Managing payments, and collecting and recovering money owed to us, which we have a legitimate interest in when performing our contract with your organisation and for managing our business properly.
  • Keeping proper business records (e.g., accounts and copies of invoices), this being necessary for complying with our legal obligations under The Companies Act 2006 and the SRA code of conduct for solicitors; we also have a legitimate interest in managing our business properly.
  • Obtaining professional indemnity insurance and processing claims under the policy, this being necessary for complying with our legal obligations under the SRA Indemnity Insurance Rules 2013; we also have a legitimate interest in obtaining and benefitting from this insurance cover.
  • Sending you information in accordance with the SRA’s requirements, this being necessary for complying with our legal obligations under the SRA code of conduct for solicitors.
  • Conducting strategic business planning about our services and our clients, which we have a legitimate interest to do.
  • If you or your organisation is a supplier, for agreeing our terms and managing our relationship with you or your organisation, which we have a legitimate interest in doing, or, if you are an individual, for the performance of our contract with you.
  • If we sell part or all of our business, or restructure our business, we may disclose appropriate personal data about you as necessary for that purpose, provided we have in place appropriate confidentiality restrictions, which we have a legitimate interest to do.

Information we collect through your use of our site

This is information about the device that you are using, its software and the IP address associated with it and your connection, and the network that you are using. We use this for presenting our website content to you in the best format for your device and for security (where our website hosting provider checks for spammers or targeted attacks), all this being necessary for ensuring its proper operation, which we have a legitimate interest in doing.

Information we collect through our social media accounts

Where you interact with us via our social media accounts, we will receive information from those social media platforms about who you are, what action you took (such as liking, sharing, or commenting on us or our content), any communications or content that you send to us or share with us via that platform, and when you interacted with us. We will use this information to interact with you via the relevant platform, or to contact you directly if requested, which we have a legitimate interest in doing.

Where you interact with social media functions on our website, you may provide information to those social media platforms about you, and where you have linked from. You should check their privacy policy to understand how they process such data.

Sensitive personal data/special categories of personal data

It is unlikely, but, depending on the nature of the services that we provide to you, we may collect special categories of personal data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic data. We may also need to collect information about actual or alleged criminal convictions and offences. We will tell you how we collect this type of data, and for what purposes, at the time.

Automated decision-making

We provide a very personal service and we do not make any decisions that could have a legal effect, or other significant effect on you, based solely on automated processing of your personal data.

6. Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you would like to understand more about any of our purposes, please contact us. We will notify you to explain if we need to use your personal data for an unrelated purpose.

7. Marketing

We hope that you enjoy and value our newsletter and updates, and our marketing material generally. We may send you this information by various means, including email, text message, post, telephone, or social media. We respect your right to choose what marketing messages you receive. You can opt out of any marketing material that we send you at any time by clicking the unsubscribe link in our emails, by unsubscribing from our social media accounts or by contacting us.

We use an email marketing management platform. That platform provides information to us that helps us to understand the effectiveness of an email campaign and plan future email campaigns. For example, it will tell us about whether you opened the email, what you clicked on, the email delivery status and the geographic location.

We may ask you to confirm or update your marketing preferences over time, such as when you instruct us to provide further services in the future, or if there are changes in the law or the regulation or structure of our business.

8. How long we store your personal data

Personal data that we have obtained solely for the purpose of assessing your ability to pay our charges will be deleted once we have decided what credit limit to apply.

Personal data that we have obtained solely for the purpose of complying with money-laundering and terrorism-financing laws will be kept in accordance with those laws. Currently, this means that it will be deleted five years after our business relationship with you has come to an end.

All information that relates to one of your matters will be stored in a file dedicated to that matter. We take reasonable steps to ensure that any papers are scanned and stored on the electronic file, and then where appropriate, they are shredded and disposed of securely or otherwise kept in a locked cabinet.

The file will be kept on our computer until we have completed our work and closed it. Then, it will be archived securely on our system, where we retain it for 6 years in case it is needed in connection with a complaint or claim – it will not be accessed during that period, unless a complaint or claim arises. At the end of that period, it will be reviewed and then deleted unless there is reason to believe that it should be retained in connection with a potential claim.

If we close the firm, we may pass your matter file, including any personal data in it, to our insurer who will retain your matter file in accordance with their own privacy policy, solely for the purposes of dealing with an actual or potential claim.

Our client’s name, brief details of your matter and the names of any third parties who are involved will be kept in a register so that we can see when the file was archived and deleted and identify potential conflicts of interest. This information will stay on our computer even after the file has been deleted, but only for this purpose.

We may also choose to anonymise your personal data by making sure that you are no longer identifiable. We can then keep that data indefinitely.

9. What personal data do you have to provide?

It is entirely up to you what personal data you provide, although if you withhold any relevant information, our advice may be inadequate or inappropriate, or we may even have to decline to advise or continue providing our advice. However, if there is any indication of money laundering or terrorism financing by anyone, we may have to ask you for certain information and we will not be able to do any more work until you provide it. Your failure to provide it may trigger a report to the authorities. We will tell you when this is the case if we can, although the law may prevent us from doing so.

10.  Transferring your personal data outside of the UK

We will not intentionally transfer your personal data outside the UK without ensuring that appropriate safeguards are in place. For example, we may put in place standard contractual clauses, or, if that is not appropriate, we may seek your explicit consent. However, we have no control over the routes that emails take, and even emails exchanged between two people in the UK could appear on equipment in countries outside the UK, where they may not be protected by strong privacy or data protection laws and practices. You will probably not consider this an issue, but if you have any concerns, please raise them with us and we will make alternative arrangements.

Currently, we transfer your personal data to the following jurisdictions:

  • Our email is hosted and our files are stored using Microsoft 365, which is a cloud service provider based in Ireland. Ireland is considered by the UK as having an adequate level of protection for your personal data.

If you would like further information about these arrangements, please contact us.

11.  Disclosure to third parties

Our duty to keep information about you and your affairs confidential is set by law (including the SRA’s code of conduct for solicitors). In summary, we have to keep it confidential unless: (i) we need to disclose it in the course of providing our service to you; (ii) you have given us permission to disclose it to a particular person; or (iii) the law or a rule or order of the court requires us to disclose it.

We may disclose your personal data to the businesses that we use to provide and support our services, this being necessary for them to provide that service (which we have a legitimate interest in them doing). For example, we may engage sub-contractors such as consultants in providing our advice or performing part of our services or engage other professionals on your behalf. We also use support service providers such as IT support, the collation and provision of management information, email hosting, cloud storage, off-site disaster recovery, storage, archiving, shredding, payment services (which are operated by our bank), call answering and conference calling, and marketing and advertising services. Those businesses have all signed confidentiality agreements that only permit them to use personal data as necessary to provide their services to us, and state that their staff have made appropriate confidentiality commitments.

We may provide contact details of our clients to legal directory providers (such as The Legal 500 and Chambers & Partners) to obtain your feedback on us, and for them to assess us for their directory rankings.

We may also be required to disclose your personal data to our professional indemnity insurer in relation to any actual or potential claims.

If our business, or part of it, should ever be put up for sale, or we restructure our business, we may allow potential buyers or transferees to have access to your personal data and matter files after they have signed confidentiality agreements that restrict their use of it to that transaction.

12. Security

To help keep your personal data confidential:

  • We limit access to your personal data to those members, employees, consultants or external third parties who have a business need to know. Where those parties act as our processors, they will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
  • Our computer systems – including backups and archives – are encrypted using strong passwords.
  • Our matter files are stored on our system and backed up to a secure, encrypted cloud server.
  • Our website uses a Secure Socket Layer certificate to protect data passing through it.
  • We take reasonable precautions to reduce the risk of hackers gaining access to our computers. For example, we use anti-virus and firewall software.
  • When your matter file is closed, it will be transferred to an offline archive to further reduce the risk that it might be accessed or corrupted by hackers.
  • Third parties have access to our offices very rarely, and when they do, they are closely supervised. All computers are locked and all papers locked away before they enter.
  • Our offices are kept locked whenever they are unattended.
  • Our staff receive regular data protection training.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

If you would like to know more about our data security measures, please contact us.

A warning about website security

Information carried over the Internet is not secure; information can be intercepted, lost, redirected, changed, and read by other people. If you need to send us personal data securely, please contact your main point of contact.

13. Your rights

You have the right to ask us:

  • To receive a copy of the personal data we hold about you and to check that it is being lawfully processed.
  • Where the legal basis for our processing is your consent, or that it is necessary for the performance of our contract with you, you are entitled to receive a copy of your personal data (or have it passed to a third party) in a common and structured electronic format.
  • To correct your personal data if it is wrong and to complete it if it is incomplete.
  • How and why, we are processing your personal data, the legal basis for that processing, who we have disclosed it to and who we will disclose it to (which we have done in this privacy policy).
  • To stop using your personal data for direct marketing.
  • To restrict our processing of your personal data – you may want to do this while we consider your request to have it corrected.
  • To erase your personal data, but we will retain your data for the purposes of dealing with any claims or where we have any other legitimate reason to retain it.

You also have the right:

  • To withdraw your consent to our processing of your personal data (where that is relevant) at any time.
  • To object to how we are processing it, for example, if we are processing it on the basis of a legitimate interest and that does not override your individual rights.
  • To complain to the Information Commissioner’s Office about our processing or our response to your requests and objections. To do so, go to https://ico.org.uk/make-a-complaint or call 0303 123 1113.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee or refuse your request if your request is clearly unfounded, repetitive, or excessive.

What we may need from you

We may need to request proportionate information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We will be pleased to discuss any of this with you, so please contact us.

This Policy is reproduced with the kind permission of Pritchetts Law LLP.