privacy

Privacy Policy

Overview

At Brooklyn Law we take your privacy very seriously. Please read this privacy policy carefully as it contains important
information on who we are and how and why we collect, store, use and share your personal information. It also explains
your rights in relation to your personal information and how to contact us or supervisory authorities in the event you
have a complaint.

This privacy policy is divided into the following sections:
1. Who we are
2. Our website
3. Personal information we collect about you
4. How your personal information is collected
5. How and why we use your personal information
6. Who has access to your information?
7. Promotional communications
8. Where your personal information is held
9. Transfer of your information out of the UK and EEA
10. Your rights
11. Keeping your personal information secure
12. How to contact us
13. Contacting us via email
14. How to complain
15. Visitors to our website
16. Changes to this privacy policy

1. Who we are
This website is operated by Brooklyn Law Limited trading as Brooklyn Law. Brooklyn Law is a registered company
10004052 and our registered office address is: 1-9 St. Anns Road, Harrow, Middlesex HA1 1LQ. Brooklyn Law is a
registered Data Controller (ICO registration number A8438867).

We collect, use and are responsible for certain personal information about you. When we do so we are subject to
the General Data Protection Regulation (“GDPR”) which applies across the European Union (including in the United
Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

2. Our website
This privacy policy also relates to your use of our website https://www.brooklynlaw.co.uk

3. Personal information we collect about you
We collect personal information about clients, prospective clients, job applicants, our current and former employees,
suppliers, and external experts. We collect personal information about you when you:

• Instruct us to act on your behalf
• Make an enquiry via our website or via the telephone (see below)
• Use our website (see below)
• Enquire about a job opportunity
• Work for or with the firm
• Exchange business cards with a member of the firm

The personal information we collect and use about you also depends on the particular activities carried out through
our website and may include:

• Your name and contact information, including email address and telephone number and company details
• Information to enable us to check and verify your identity, eg your date of birth
• Your gender information, if you choose to give this to us
• Location data, if you choose to give this to us
• Your account details, such as username, login details
• Your billing information, transaction and payment card information
• Your personal or professional interests
• Your professional online presence, eg LinkedIn profile
• Your contact history, purchase history and saved items
• Information from accounts you link to us, eg Facebook
• Information to enable us to undertake credit or other financial checks on you
• Information about the services we provide to you
• Information about how you use our website, IT, communication and other systems
• Your IP address, and information regarding what pages you access on this website and when.
• Your responses to surveys, competitions and promotions
• Details of any feedback you give us by phone, email, post or via social media

This personal information is required to provide our services to you. If you do not provide personal information we
ask for, it may delay or prevent us from providing our services to you.

4. How your personal information is collected
We collect personal information about you when you access our website, register with us, contact us, exchange
business cards with a member of the firm, work for or with the firm, make an enquiry via our website or via the
telephone, send us feedback, purchase products or services via our website, post material to our website and complete
customer surveys or participate in competitions via our website.

We collect most of this personal information directly from you either in person, by telephone, text or email and/or
via our website, such as when you instruct us to act on your behalf, enquire about a job opportunity or purchase
products or services via our website or indirectly, such as your browsing activity while on our website (see ‘Cookies’
below).

We may also collect information:

• From publicly accessible sources, eg Companies House or HM Land Registry;
• Directly from a third party, eg sanctions screening providers, credit reference agencies, customer due diligence
providers, crown prosecution service;
• From a third party with your consent, eg your bank or building society
• From cookies on our website
• Via our IT systems, eg door entry systems and reception logs, automated monitoring of our websites and
other technical systems, such as our computer networks and connections, CCTV and access control systems,
communications systems, email and instant messaging systems and answer connect, our live call answering,
monitoring and recording service.

5. How and why we use your personal information
Under data protection law, we can only use your personal information if we have a proper reason for doing so. There
are various different legal bases on which we may rely, depending on what personal information we process and
why.

The legal bases we may rely on include:

• To comply with our legal and regulatory obligations
• For the performance of our contract with you or to take steps at your request before entering into a contract
• Where you have given consent
• Where our use of your personal information is necessary to protect you or someone else’s life
• Where our use of your personal information is necessary for us to perform a task in the public interest or
for our official functions, and the task or function has a clear basis in law
• For our legitimate interests or those of a third party

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not
overridden by your own rights and interests. The following does not apply to special category personal information,
which we will only process with your explicit consent.

We collect your personal data or information to operate the firm effectively and provide you with a high-quality
service. We may use your information:

• To provide goods and services to you
• To create and manage your account with us
• To deliver legal services to you on your instruction
• To update customer records for the performance of our contract with you or to take steps at your request
before entering into a contract
• To answer enquiries that you make prior to any formal instruction.
• To avoid any conflict of interest as we represent you
• To improve our services
• To maintain security of our office and IT infrastructure
• To adhere to regulations set out by the Solicitors Regulatory Authority
• To adhere to quality standards as set out under the Lexcel Standard.
• To invoice you, and to track payments you make or payments made to you
• To customise our website and its content to your particular preferences
• To notify you of any changes to our website or to our services that may affect you
• To process a job application
• To fulfil our obligations as an employer
• To provide benefits to you as an employee

To comply with our legal and regulatory obligations we may use your personal information for:

• Conducting checks to identify our customers and verify their identity
• Ensuring the confidentiality of commercially sensitive information
• Ensuring safe working practices, staff administration and assessments
• Screening for financial and other sanctions or embargoes
• Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory
bodies
• Conducting other processing necessary to comply with professional, legal and regulatory obligations that
apply to our business, eg under health and safety regulation or rules issued by our professional regulator
• Preventing unauthorised access and modifications to systems
• Completing statutory returns
• External audits and quality checks

For our legitimate interests or those of a third party, we may use your information to:

• Prevent and detect fraud against you
• Minimise fraud that could be damaging for us and for you
• Prevent and detect criminal activity that could be damaging for us and for you
• Ensure business policies are adhered to, eg policies covering security and internet use
• Make sure we are following our own internal procedures so we can deliver the best service to you
• Maintain our accreditations so we can demonstrate we operate at the highest standards
• Make sure that we can keep in touch with our customers about existing and new services
• Protect trade secrets and other commercially valuable and confidential information
• Make sure we are working efficiently so we can deliver the best service to you
• Be as efficient as we can so we can deliver the best service for you at the best price, by improving efficiency,
training and quality control and statistical analysis to help us manage our business, eg in relation to our
financial performance, customer base, product range or other efficiency measures
• Promote our business to existing and former customers by marketing our services to existing and former
customers, third parties who have previously expressed an interest in our services and third parties with
whom we have had no previous dealings.

We believe that all these purposes are justified on the basis of our legitimate interests in running and promoting the
firm, our contractual requirements to deliver the agreed legal services to you, and our legal obligations, both as a
limited company and responsible employer. If we represent you in a criminal case, we will collect information about
the alleged offences and any related criminal history. Where we process sensitive personal information in the course
of these and other similar cases, we do so to assist you and/or your organisation to establish, exercise or defend
legal claims.

This website is not intended for use by children and we do not knowingly collect or use personal information relating
to children.

6. Who has access to your information
We do not sell or rent your personal data or information to any third party or share your information with third
parties for their marketing purposes.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with
our legal and regulatory obligations.

We will disclose your data or information if required by law, for example by a court order or for the prevention of
fraud or other crime.

We may share information about your matter to other parties as required to provide legal services to you. For example,
where we need to provide information to other law firms involved in the conveyancing process as part of the
service we deliver to you.

We may share information with third parties we use to help deliver our services to you, for the purposes of completing
a task or providing services to you on our behalf eg payment service providers; other third parties we use to help
us run our business, eg marketing agencies or website hosts; third parties approved by you, eg social media sites you
choose to link your account to or third party payment providers; our insurers and brokers; our banks.

We only allow our service providers to handle your personal information if we are satisfied they take appropriate
measures to protect your personal information. We disclose only the personal information necessary to deliver that
service.

We also impose contractual obligations on service providers that requires them to keep your information secure, to
ensure they can only use your personal information to provide services to us and to you and not to use it for any
other purpose. We may also share personal information with external auditors, eg in relation to accreditation and
the audit of our accounts.

We may also need to share some personal information with other parties, such as potential buyers of some or all of
our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible.
The recipient of the information will be bound by confidentiality obligations.

7. Promotional communications
We may use your personal information to send you updates by email or post about our services, including exclusive
offers, promotions or new services which may be of interest to you.

We have a legitimate interest in processing your personal information for promotional purposes (see above ‘How
and why we use your personal information’). This means we do not usually need your consent to send you promotional
communications. However, where consent is needed, we will ask for this consent separately and clearly.

We will always treat your personal information with the utmost respect and never sell or share it with other organisations
for marketing purposes.

You have the right to opt out of receiving promotional communications at any time by contacting us at info@brooklynlaw.
co.uk

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in
the future, or if there are changes in the law, regulation, or the structure of our business.

8. Where your personal information is held
Information may be held at our offices and those of our third party agencies, service providers, representatives and
agents as described above.

Some of these third parties may be based outside the European Economic Area. For more information, including on
how we safeguard your personal information when this occurs, see below: ‘Transferring your personal information
out of the EEA’.

When you give us personal information we take steps to ensure that it’s treated securely and strive to protect it on
our internal systems. We will keep your personal information while you have an account with us or while we are
providing services to you. Thereafter, we will keep your personal information for as long as is necessary:

• to respond to any questions, complaints or claims made by you or on your behalf;
• to show that we treated you fairly;
• to keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different
retention periods apply for different types of personal information. If you would like to know more, please read
below:

• Clients
• Prospective Clients
• Job Applicants, Our Current and Former Employees
• Suppliers

Clients
As a client, we will hold the following information about you:

• Name, date of birth, and contact information.
• National insurance number
• Information relating to your legal matter
• Financial details including relating to Legal Aid you may be entitled to access
• Demographic information such as postcode
• Information and documents relating to the service we are providing, including communications with you.
• Billing and payment information.
• Sensitive personal data such as information about your racial or ethnic origin, political opinions, religious
beliefs, trade union activities, physical or mental health, sexual life and sexual orientation or details of
criminal offences, or genetic or biometric data.

We store your information in our practice management system LEAP, which may need to transfer personal data to
LEAP offices throughout the world, including the United States and Australia, and any third parties who provide
services on behalf, of LEAP including in countries that do not provide the same level of protection for personal information
as in the EEA. In any case, LEAP will only transfer personal data to recipients that provide an adequate level
of data protection or as permitted by applicable data protection laws. We also hold paper copies of your information
in the client matter files, stored in our Harrow office and in a secure, offsite storage archive.

We will retain your client matter file for the duration of our relationship with you, then for a minimum of 7 years
after, and a maximum of 15 years, if required for audit purposes. We will retain financial records for 6 years, following
the end of the current financial year.

Prospective client
As a prospective client, we may hold the following information about you:

• Name, date of birth, and contact information.
• National insurance number
• Brief information relating to your legal matter
• Demographic information such as postcode
• Signposting information we may have provided to you if we are unable to provide you with a service

We store your information in our practice management system LEAP, which may need to transfer personal data to
LEAP offices throughout the world, including the United States and Australia, and any third parties who provide
services on behalf, of LEAP including in countries that do not provide the same level of protection for personal information
as in the EEA. In any case, LEAP will only transfer personal data to recipients that provide an adequate level
of data protection or as permitted by applicable data protection laws.

Communications with you relating to your initial enquiry may also be stored in our email system for a period of 12
months. We will retain minimal personal information about you for a period of 7 years to enable us to conduct
conflict of interest checks as required by the Solicitors Regulatory Authority.

Job Applicants
When you apply for a job with us, we may hold the following information about you:
• Name, date of birth, and contact information.
• Information relating to your qualifications and experience
• Demographic information such as postcode
• References where we take them up
• Information and documents relating to the review, interview and selection process, including communications
with you.

We store your information in our practice management system LEAP, which may need to transfer personal data to
LEAP offices throughout the world, including the United States and Australia, and any third parties who provide
services on behalf, of LEAP including in countries that do not provide the same level of protection for personal
information as in the EEA. In any case, LEAP will only transfer personal data to recipients that provide an adequate
level of data protection or as permitted by applicable data protection laws. They may also be retained in hard copy
in a secure filing cabinet in our Harrow office. We will retain your personal data relating to the review, interview and
selection process for a period of 6 months after the interview date.

Current and Former Employees
When you work for us, we may hold the following information about you:
• Name, date of birth, and contact information
• National insurance number and Unique Tax Reference (UTR)
• Information relating to your qualifications and experience
• Demographic information such as postcode
• Information and documents relating to your performance and supervision as an employee of the firm,
including communications with you
• Your photograph, including Passport and Driving Licence
• Financial information, such as bank details, pension scheme and salary details
• Information about your next of kin
• Health information

We store your information in our practice management system LEAP, which may need to transfer personal data to
LEAP offices throughout the world, including the United States and Australia, and any third parties who provide
services on behalf, of LEAP including in countries that do not provide the same level of protection for personal information
as in the EEA. In any case, LEAP will only transfer personal data to recipients that provide an adequate level
of data protection or as permitted by applicable data protection laws. They may also be retained in hard copy in a
secure filing cabinet in our Harrow office. We will also store communications with you on our email server, based in
the UK.

We will retain your personal data for the duration of your employment and for a period of 1 year after you leave the
firm. Beyond this point, we only retain minimal information about you to confirm the period of time you were employed
by the firm for reference purposes. We share your information with HMRC, and our chosen pension / benefits
providers.

Suppliers
When you work with the firm as a supplier, we may hold the following information about you:
• Name and business contact information.
• Information relating to your qualifications and experience, if relevant
• Demographic information such as postcode
• Information relating to your business activities
• Information and documents relating to the services or products you offer, including our communications
with you.
• Financial information

We store your information in our practice management system LEAP, which may need to transfer personal data to
LEAP offices throughout the world, including the United States and Australia, and any third parties who provide
services on behalf, of LEAP including in countries that do not provide the same level of protection for personal information
as in the EEA. In any case, LEAP will only transfer personal data to recipients that provide an adequate level
of data protection or as permitted by applicable data protection laws. We will also store communications with you
on our email server, based in the UK. We will retain your information for the duration of our relationship with you
and for 7 years after the last purchase we made with you.

9. Transfer of your information out of the UK and EEA
Your personal information in the European Economic Area (EEA) is protected by data protection laws, but other
countries do not necessarily protect your personal information in the same way. The EEA covers all countries in the
EU plus Norway, Liechtenstein and Iceland.

To deliver services to you, it is sometimes necessary for us to share your personal information outside the EEA, for
example where your and our service providers located outside the EEA; if you are based outside the EEA; or where
there is an international dimension to the services we are providing to you.

Non-EEA countries do not have the same data protection laws as the United Kingdom and EEA. We will, however,
ensure the transfer complies with data protection law and all personal information will be secure. Our standard
practice is to use standard data protection contract clauses that have been approved by the European Commission
and are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of
your personal information. If you would like further information please contact our Data Protection Officer.

We will not otherwise transfer your personal data outside of the UK or to any organisation governed by public international
law or which is set up under any agreement between two or more countries.

10. Your rights
Under the GDPR you have a number of important rights free of charge. In summary, those include:

• The right to be informed, which is what this privacy policy is for
• The right to access the information we hold about you and to be provided with a copy of your personal
information
• The right to object at any time to your personal information being processed for direct marketing (including
profiling); in certain other situations to our continued processing of your personal information, eg
processing carried out for the purpose of our legitimate interests.
• The right to the erasure of personal information concerning you in certain situations
• The right to receive the personal information you provided to us, in a structured, commonly used and
machine-readable format and have the right to transmit those data to a third party in certain situations
• The right to have your data rectified and correct any mistakes in your personal information if it is inaccurate
• The right to restrict our processing of your personal information, in certain circumstances, eg if you contest
the accuracy of the data
• The right to object to decisions being taken by automated means which produce legal effects concerning
you or similarly significantly affect you

For further information on each of those rights, including the circumstances in which they apply, please contact us
or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the GDPR.

If you would like to exercise any of those rights, please:
• Email, call or write to us or our Data Protection Officer —see below: ‘How to contact us’; and
• let us have enough information to identify you (eg your full name, address and customer or matter reference
number); and
• let us have proof of your identity and address (a copy of your driving licence or passport and a recent
utility or credit card bill); and
• let us know what right you want to exercise and the information to which your request relates, including
any account or reference numbers, if you have them.

11. Keeping your personal information secure
We have appropriate security measures to prevent personal information from being accidentally lost, or used or
accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business
need to access it. Those processing your information will do so only in an authorised manner and are subject to a
duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable
regulator of a suspected data security breach where we are legally required to do so.

12. How to contact us
We have appointed a Data Protection Officer who is responsible for overseeing your questions in relation to this
privacy notice.

To contact Brooklyn Law with a data protection query regarding the processing of your personal data or if you have
any questions about this privacy policy, the information we hold about you, including any requests to exercise your
legal rights, please contact our Data Protection Officer Mrs Heena Patel using the details set out below:

E: [email protected]
T: 0208 861 4004
A: 1-9 St. Anns Road, Harrow, HA1 1LQ

The accuracy of your information is important to us. If you change your contact details or if you want to update any
of the information, we hold on you, please write to us or send us an email.

13. Contacting us via email
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government standards. If your
email service does not support TLS, you should be aware that any emails we send or receive may not be protected
in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be
aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

14. How to complain
We hope that our Data Protection Officer can resolve any query you may raise about our use of your information.
However, the GDPR also gives you right to lodge a complaint with a supervisory authority. If you feel that we have
failed to address your concerns appropriately, the supervisory authority in the UK is the Information Commissioner
who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113 for further information about
your rights and how to make a formal complaint.

15. Visitors to our website

Cookies
A cookie is a small text file which is placed onto your device (eg computer, smartphone or other electronic device)
by websites that you visit. We use cookies on our website. These help us recognise you and your device and store
some information about your preferences or past actions.

Cookies are widely used in order to make websites work, or work more efficiently, as well as to provide information
to the owners of the site. Unless you have set your browser to block cookies, this site will place the following cookies
on your computer.

The PHPSESSID cookie is native to PHP and enables websites to store serialised data. It is used to establish a user
session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies,
including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Links to other websites
Our website may contain links to other websites run by other organisations. This privacy policy applies only to our
website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible
for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and
practices of the owners and operators of that third-party site and recommend that you check the policy of that third
party site.

16. Changes to this privacy policy
We keep our privacy policy under regular review. This policy was last updated in April 2020.
Share by: