Privacy Policy
Overview
information on who we are and how and why we collect, store, use and share your personal information. It also explains
your rights in relation to your personal information and how to contact us or supervisory authorities in the event you
have a complaint.
1. Who we are
2. Our website
3. Personal information we collect about you
4. How your personal information is collected
5. How and why we use your personal information
6. Who has access to your information?
7. Promotional communications
8. Where your personal information is held
9. Transfer of your information out of the UK and EEA
10. Your rights
11. Keeping your personal information secure
12. How to contact us
13. Contacting us via email
14. How to complain
15. Visitors to our website
16. Changes to this privacy policy
This website is operated by Brooklyn Law Limited trading as Brooklyn Law. Brooklyn Law is a registered company
10004052 and our registered office address is: 1-9 St. Anns Road, Harrow, Middlesex HA1 1LQ. Brooklyn Law is a
registered Data Controller (ICO registration number A8438867).
the General Data Protection Regulation (“GDPR”) which applies across the European Union (including in the United
Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
This privacy policy also relates to your use of our website https://www.brooklynlaw.co.uk
We collect personal information about clients, prospective clients, job applicants, our current and former employees,
suppliers, and external experts. We collect personal information about you when you:
• Make an enquiry via our website or via the telephone (see below)
• Use our website (see below)
• Enquire about a job opportunity
• Work for or with the firm
• Exchange business cards with a member of the firm
The personal information we collect and use about you also depends on the particular activities carried out through
our website and may include:
• Information to enable us to check and verify your identity, eg your date of birth
• Your gender information, if you choose to give this to us
• Location data, if you choose to give this to us
• Your account details, such as username, login details
• Your billing information, transaction and payment card information
• Your personal or professional interests
• Your professional online presence, eg LinkedIn profile
• Your contact history, purchase history and saved items
• Information from accounts you link to us, eg Facebook
• Information to enable us to undertake credit or other financial checks on you
• Information about the services we provide to you
• Information about how you use our website, IT, communication and other systems
• Your IP address, and information regarding what pages you access on this website and when.
• Your responses to surveys, competitions and promotions
• Details of any feedback you give us by phone, email, post or via social media
This personal information is required to provide our services to you. If you do not provide personal information we
ask for, it may delay or prevent us from providing our services to you.
We collect personal information about you when you access our website, register with us, contact us, exchange
business cards with a member of the firm, work for or with the firm, make an enquiry via our website or via the
telephone, send us feedback, purchase products or services via our website, post material to our website and complete
customer surveys or participate in competitions via our website.
via our website, such as when you instruct us to act on your behalf, enquire about a job opportunity or purchase
products or services via our website or indirectly, such as your browsing activity while on our website (see ‘Cookies’
below).
We may also collect information:
• Directly from a third party, eg sanctions screening providers, credit reference agencies, customer due diligence
providers, crown prosecution service;
• From a third party with your consent, eg your bank or building society
• From cookies on our website
• Via our IT systems, eg door entry systems and reception logs, automated monitoring of our websites and
other technical systems, such as our computer networks and connections, CCTV and access control systems,
communications systems, email and instant messaging systems and answer connect, our live call answering,
monitoring and recording service.
Under data protection law, we can only use your personal information if we have a proper reason for doing so. There
are various different legal bases on which we may rely, depending on what personal information we process and
why.
The legal bases we may rely on include:
• For the performance of our contract with you or to take steps at your request before entering into a contract
• Where you have given consent
• Where our use of your personal information is necessary to protect you or someone else’s life
• Where our use of your personal information is necessary for us to perform a task in the public interest or
for our official functions, and the task or function has a clear basis in law
• For our legitimate interests or those of a third party
overridden by your own rights and interests. The following does not apply to special category personal information,
which we will only process with your explicit consent.
service. We may use your information:
• To create and manage your account with us
• To deliver legal services to you on your instruction
• To update customer records for the performance of our contract with you or to take steps at your request
before entering into a contract
• To answer enquiries that you make prior to any formal instruction.
• To avoid any conflict of interest as we represent you
• To improve our services
• To maintain security of our office and IT infrastructure
• To adhere to regulations set out by the Solicitors Regulatory Authority
• To adhere to quality standards as set out under the Lexcel Standard.
• To invoice you, and to track payments you make or payments made to you
• To customise our website and its content to your particular preferences
• To notify you of any changes to our website or to our services that may affect you
• To process a job application
• To fulfil our obligations as an employer
• To provide benefits to you as an employee
To comply with our legal and regulatory obligations we may use your personal information for:
• Ensuring the confidentiality of commercially sensitive information
• Ensuring safe working practices, staff administration and assessments
• Screening for financial and other sanctions or embargoes
• Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory
bodies
• Conducting other processing necessary to comply with professional, legal and regulatory obligations that
apply to our business, eg under health and safety regulation or rules issued by our professional regulator
• Preventing unauthorised access and modifications to systems
• Completing statutory returns
• External audits and quality checks
For our legitimate interests or those of a third party, we may use your information to:
• Minimise fraud that could be damaging for us and for you
• Prevent and detect criminal activity that could be damaging for us and for you
• Ensure business policies are adhered to, eg policies covering security and internet use
• Make sure we are following our own internal procedures so we can deliver the best service to you
• Maintain our accreditations so we can demonstrate we operate at the highest standards
• Make sure that we can keep in touch with our customers about existing and new services
• Protect trade secrets and other commercially valuable and confidential information
• Make sure we are working efficiently so we can deliver the best service to you
• Be as efficient as we can so we can deliver the best service for you at the best price, by improving efficiency,
training and quality control and statistical analysis to help us manage our business, eg in relation to our
financial performance, customer base, product range or other efficiency measures
• Promote our business to existing and former customers by marketing our services to existing and former
customers, third parties who have previously expressed an interest in our services and third parties with
whom we have had no previous dealings.
firm, our contractual requirements to deliver the agreed legal services to you, and our legal obligations, both as a
limited company and responsible employer. If we represent you in a criminal case, we will collect information about
the alleged offences and any related criminal history. Where we process sensitive personal information in the course
of these and other similar cases, we do so to assist you and/or your organisation to establish, exercise or defend
legal claims.
to children.
We do not sell or rent your personal data or information to any third party or share your information with third
parties for their marketing purposes.
our legal and regulatory obligations.
fraud or other crime.
where we need to provide information to other law firms involved in the conveyancing process as part of the
service we deliver to you.
a task or providing services to you on our behalf eg payment service providers; other third parties we use to help
us run our business, eg marketing agencies or website hosts; third parties approved by you, eg social media sites you
choose to link your account to or third party payment providers; our insurers and brokers; our banks.
measures to protect your personal information. We disclose only the personal information necessary to deliver that
service.
ensure they can only use your personal information to provide services to us and to you and not to use it for any
other purpose. We may also share personal information with external auditors, eg in relation to accreditation and
the audit of our accounts.
our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible.
The recipient of the information will be bound by confidentiality obligations.
We may use your personal information to send you updates by email or post about our services, including exclusive
offers, promotions or new services which may be of interest to you.
and why we use your personal information’). This means we do not usually need your consent to send you promotional
communications. However, where consent is needed, we will ask for this consent separately and clearly.
for marketing purposes.
co.uk
the future, or if there are changes in the law, regulation, or the structure of our business.
Information may be held at our offices and those of our third party agencies, service providers, representatives and
agents as described above.
how we safeguard your personal information when this occurs, see below: ‘Transferring your personal information
out of the EEA’.
our internal systems. We will keep your personal information while you have an account with us or while we are
providing services to you. Thereafter, we will keep your personal information for as long as is necessary:
• to show that we treated you fairly;
• to keep records required by law.
retention periods apply for different types of personal information. If you would like to know more, please read
below:
• Prospective Clients
• Job Applicants, Our Current and Former Employees
• Suppliers
As a client, we will hold the following information about you:
• National insurance number
• Information relating to your legal matter
• Financial details including relating to Legal Aid you may be entitled to access
• Demographic information such as postcode
• Information and documents relating to the service we are providing, including communications with you.
• Billing and payment information.
• Sensitive personal data such as information about your racial or ethnic origin, political opinions, religious
beliefs, trade union activities, physical or mental health, sexual life and sexual orientation or details of
criminal offences, or genetic or biometric data.
LEAP offices throughout the world, including the United States and Australia, and any third parties who provide
services on behalf, of LEAP including in countries that do not provide the same level of protection for personal information
as in the EEA. In any case, LEAP will only transfer personal data to recipients that provide an adequate level
of data protection or as permitted by applicable data protection laws. We also hold paper copies of your information
in the client matter files, stored in our Harrow office and in a secure, offsite storage archive.
after, and a maximum of 15 years, if required for audit purposes. We will retain financial records for 6 years, following
the end of the current financial year.
As a prospective client, we may hold the following information about you:
• National insurance number
• Brief information relating to your legal matter
• Demographic information such as postcode
• Signposting information we may have provided to you if we are unable to provide you with a service
LEAP offices throughout the world, including the United States and Australia, and any third parties who provide
services on behalf, of LEAP including in countries that do not provide the same level of protection for personal information
as in the EEA. In any case, LEAP will only transfer personal data to recipients that provide an adequate level
of data protection or as permitted by applicable data protection laws.
months. We will retain minimal personal information about you for a period of 7 years to enable us to conduct
conflict of interest checks as required by the Solicitors Regulatory Authority.
When you apply for a job with us, we may hold the following information about you:
• Name, date of birth, and contact information.
• Information relating to your qualifications and experience
• Demographic information such as postcode
• References where we take them up
• Information and documents relating to the review, interview and selection process, including communications
with you.
LEAP offices throughout the world, including the United States and Australia, and any third parties who provide
services on behalf, of LEAP including in countries that do not provide the same level of protection for personal
information as in the EEA. In any case, LEAP will only transfer personal data to recipients that provide an adequate
level of data protection or as permitted by applicable data protection laws. They may also be retained in hard copy
in a secure filing cabinet in our Harrow office. We will retain your personal data relating to the review, interview and
selection process for a period of 6 months after the interview date.
When you work for us, we may hold the following information about you:
• Name, date of birth, and contact information
• National insurance number and Unique Tax Reference (UTR)
• Information relating to your qualifications and experience
• Demographic information such as postcode
• Information and documents relating to your performance and supervision as an employee of the firm,
including communications with you
• Your photograph, including Passport and Driving Licence
• Financial information, such as bank details, pension scheme and salary details
• Information about your next of kin
• Health information
LEAP offices throughout the world, including the United States and Australia, and any third parties who provide
services on behalf, of LEAP including in countries that do not provide the same level of protection for personal information
as in the EEA. In any case, LEAP will only transfer personal data to recipients that provide an adequate level
of data protection or as permitted by applicable data protection laws. They may also be retained in hard copy in a
secure filing cabinet in our Harrow office. We will also store communications with you on our email server, based in
the UK.
firm. Beyond this point, we only retain minimal information about you to confirm the period of time you were employed
by the firm for reference purposes. We share your information with HMRC, and our chosen pension / benefits
providers.
When you work with the firm as a supplier, we may hold the following information about you:
• Name and business contact information.
• Information relating to your qualifications and experience, if relevant
• Demographic information such as postcode
• Information relating to your business activities
• Information and documents relating to the services or products you offer, including our communications
with you.
• Financial information
LEAP offices throughout the world, including the United States and Australia, and any third parties who provide
services on behalf, of LEAP including in countries that do not provide the same level of protection for personal information
as in the EEA. In any case, LEAP will only transfer personal data to recipients that provide an adequate level
of data protection or as permitted by applicable data protection laws. We will also store communications with you
on our email server, based in the UK. We will retain your information for the duration of our relationship with you
and for 7 years after the last purchase we made with you.
Your personal information in the European Economic Area (EEA) is protected by data protection laws, but other
countries do not necessarily protect your personal information in the same way. The EEA covers all countries in the
EU plus Norway, Liechtenstein and Iceland.
example where your and our service providers located outside the EEA; if you are based outside the EEA; or where
there is an international dimension to the services we are providing to you.
ensure the transfer complies with data protection law and all personal information will be secure. Our standard
practice is to use standard data protection contract clauses that have been approved by the European Commission
and are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of
your personal information. If you would like further information please contact our Data Protection Officer.
law or which is set up under any agreement between two or more countries.
Under the GDPR you have a number of important rights free of charge. In summary, those include:
• The right to access the information we hold about you and to be provided with a copy of your personal
information
• The right to object at any time to your personal information being processed for direct marketing (including
profiling); in certain other situations to our continued processing of your personal information, eg
processing carried out for the purpose of our legitimate interests.
• The right to the erasure of personal information concerning you in certain situations
• The right to receive the personal information you provided to us, in a structured, commonly used and
machine-readable format and have the right to transmit those data to a third party in certain situations
• The right to have your data rectified and correct any mistakes in your personal information if it is inaccurate
• The right to restrict our processing of your personal information, in certain circumstances, eg if you contest
the accuracy of the data
• The right to object to decisions being taken by automated means which produce legal effects concerning
you or similarly significantly affect you
For further information on each of those rights, including the circumstances in which they apply, please contact us
or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the GDPR.
• Email, call or write to us or our Data Protection Officer —see below: ‘How to contact us’; and
• let us have enough information to identify you (eg your full name, address and customer or matter reference
number); and
• let us have proof of your identity and address (a copy of your driving licence or passport and a recent
utility or credit card bill); and
• let us know what right you want to exercise and the information to which your request relates, including
any account or reference numbers, if you have them.
We have appropriate security measures to prevent personal information from being accidentally lost, or used or
accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business
need to access it. Those processing your information will do so only in an authorised manner and are subject to a
duty of confidentiality.
regulator of a suspected data security breach where we are legally required to do so.
We have appointed a Data Protection Officer who is responsible for overseeing your questions in relation to this
privacy notice.
any questions about this privacy policy, the information we hold about you, including any requests to exercise your
legal rights, please contact our Data Protection Officer Mrs Heena Patel using the details set out below:
T: 0208 861 4004
A: 1-9 St. Anns Road, Harrow, HA1 1LQ
of the information, we hold on you, please write to us or send us an email.
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government standards. If your
email service does not support TLS, you should be aware that any emails we send or receive may not be protected
in transit.
aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
We hope that our Data Protection Officer can resolve any query you may raise about our use of your information.
However, the GDPR also gives you right to lodge a complaint with a supervisory authority. If you feel that we have
failed to address your concerns appropriately, the supervisory authority in the UK is the Information Commissioner
who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113 for further information about
your rights and how to make a formal complaint.
15. Visitors to our website
A cookie is a small text file which is placed onto your device (eg computer, smartphone or other electronic device)
by websites that you visit. We use cookies on our website. These help us recognise you and your device and store
some information about your preferences or past actions.
to the owners of the site. Unless you have set your browser to block cookies, this site will place the following cookies
on your computer.
session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies,
including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
Our website may contain links to other websites run by other organisations. This privacy policy applies only to our
website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible
for the privacy policies and practices of other sites even if you access them using links from our website.
practices of the owners and operators of that third-party site and recommend that you check the policy of that third
party site.
We keep our privacy policy under regular review. This policy was last updated in April 2020.
