The Irwin Mitchell Group is a group of organisations that provide legal services via Irwin Mitchell LLP, Financial Services via IM Asset Management Limited, and other associated services via our other group companies and affiliates.
“Affiliates” are defined as follows:
(a) a subsidiary or holding company of Irwin Mitchell LLP or a subsidiary of that holding company;
(b) a corporate member of Irwin Mitchell LLP or a subsidiary or holding company of that corporate member or subsidiary of that corporate member’s holding company;
(c) any limited liability partnership of which Irwin Mitchell LLP or any IM Affiliate is a corporate member;
(d) an entity where there is a commonality of two or more partners between Irwin Mitchell LLP or any Affiliate and the other entity, including where those Irwin Mitchell LLP or Affiliate partners are partners, members or directors of that other entity;
(e) Irwin Mitchell Scotland LLP; or
(f) any company in which any member of the Group holds 50% or more of the voting rights relating to the issued share capital of such company shares
(and “affiliated company” or “affiliated firm” shall be interpreted accordingly).
Any reference to “we”, “our” or “us” means Irwin Mitchell LLP which is authorised by the Solicitors Regulatory Authority.
We are committed to protecting your privacy. So that you are reliably informed about what personal data we collect about you, how we use it, who we share it with and what your rights are, we are providing you with this privacy notice , which describes the ways in which we collect, store and process your personal data (personal information).
We’ll tell you:
Should you wish to make an individual rights request under UK GDPR, please email our Data Protection Team at: dataprotection@irwinmitchell.com.
Alternatively, you can write to us at:
The Colmore Building
9th Floor
20 Colmore Circus
Birmingham
B4 6AH
Who we are
Irwin Mitchell LLP is a member of the Irwin Mitchell Group and is a law firm in the UK offering a broad range of legal services to national and international organisations and institutions, small and medium- sized businesses and private individuals.
Specifically, we act as a “Data Controller” in respect of the information gathered and processed by us. A Data Controller determines the purposes of which, and the manner in which, any personal data is processed.
In order that you are reliably informed about how we operate, we have developed this privacy notice (also known as a Fair Processing Notice or FPN), which describes the ways in which we collect, manage, process, store and share information about you. The privacy notice also provides you with information about your data privacy rights.
What personal information we collect, store and use and the purpose we use your personal information for
Your personal information contains certain information about you as an individual which identifies who you are, such as name, address, telephone number date or birth, video/CCTV etc. Sometimes the information we collect is sensitive in nature such as health information or your religious beliefs. Such sensitive information is given added protection.
Please also note all the personal information we receive from you is also treated with the strictest of confidentiality.
We may process your personal information (where we have received this directly from you or from another source) if:
You are a client or prospective client
As an essential part of our business, we collect and manage client information. In doing so, we observe applicable data protection laws and are committed to protecting and respecting clients’ privacy, rights and personal information.
The personal information that we collect about you is to manage and administer your engagement with us as a client or prospective client and provide our services. We collect personal information which includes your name, address, contact details, NI number, passport/driving license details, financial information (including bank details, details of any benefits, tax and tax residency, savings and loan information, and expenditure), details of dependents and spouse.
We may also collect, store and use more sensitive special category personal information that may include marital, civil partnership or relationship status, details of your partner, civil partner or spouse, physical or mental health details, religious and other beliefs, and racial or ethnic origin.
We collect this in a number of different ways. For example, you may provide this personal information to us directly, online, over the telephone or when corresponding with us by email or letter. Alternatively, you may receive information because, as a client of an Affiliated company, you have a legal or other need with which we may be able to support you.
We use this personal information to set you up as a client, open a file, provide our advice and services and administer and manage our relationship with you. Our approach is to identify your legal needs and use our expertise to respond to your requirements, throughout our relationship with you.
In a little bit more detail, our reasons for using your information include:
- Carrying out regulatory and compliance checks in order to set you up as a client including checks to verify your identity, fraud and credit checks
- Enable business development including sending legal updates, publications and details to events
- Administer and manage usage of our website
- Making and receiving payments to and from you in accordance with your instructions
- Communicating with you via email, telephone and in writing about the work we are doing for you
- Recording telephone conversations or meetings for regulatory, monitoring and quality purposes and to administer and improve our services to you
- Carrying out client satisfaction surveys
- Carrying out our compliance obligations (other than those referred to above)
- Processing and responding to any complaints
- Bringing or defending legal proceedings
- Ensuring that our colleagues are trained and competent in their duties
- In restricted circumstances, for testing purposes - we fully test our systems and services, to ensure that they will work as expected and will not cause loss or damage to data. Wherever we can, we use anonymous data. Only in very limited circumstances will we use personal data and on these occasions, the data will be protected in a secure and closed environment and deleted as soon as the testing is completed.
- We also use and share information which does not identify you (‘anonymised data’) to improve our services and those of others. For example, If you have contacted us about a potential claim which we ultimately conclude that we cannot assist with, then we may share a limited amount of effectively anonymised data about your case with public bodies for the purpose of improving patient safety.
There may be circumstances in which we may contact you after the end of our business relationship with you. This might be because we have a regulatory obligation to do so, because you have asked for us to do so or because we genuinely believe it’s in your best interests to do so. We rely on consent or legitimate interests as our lawful bases for reaching out to you.
You use our website or other services we may provide through our website
If you fill in a form on our website, or contact us via other means such as email, telephone or by post, we will collect the information you provide when you contact us, such as your name and contact details. We will use this personal information to:
- Send you the information you have requested, for example about our products and services
- Respond to your enquiry.
When you visit our website we will also collect your personal information via cookies. We use both essential and non-essential cookies on our website which collect information such as your browsing patterns and information about the device you are using. We may use this information to inform our marketing and future business strategies. Full details of how we use cookies can be found in our cookie policy.
You are an individual within any third party we engage with such as our suppliers or other service providers such as marketing agencies
As part of our business dealings, we engage with third party service providers and their workforce to enter into agreements or other services and products. If you are an individual within such third party service providers, we will process your personal information as set out in this privacy notice.
A client has provided us with your information
Our client may give us personal information about you as part of asking us to provide advice to them. This may include your name, address, contact details, NI number, passport/driving license details, financial information (including bank details, details of any benefits, tax and tax residency, savings and loan information, and expenditure), details of dependents and spouse. We may also collect, store and use more sensitive special category personal information that may include marital, civil partnership or relationship status, details of your partner, civil partner or spouse, physical or mental health details, religious and other beliefs, and racial or ethnic origin.
We will use this personal information in order to carry out our compliance checks or to give advice to our client or to trustees where you are a beneficiary.
You have been referred to us from a third party or we have collected information about you from another third party
If a member of the Irwin Mitchell Group, an Affiliate or any other third party has obtained your consent we may contact you in relation to our services or any other matter that you have consented to. We will be using your personal data for this purpose on the basis of your consent.
How we use your personal information
We use the data collected from you for the specific purposes listed in the table below. Please note that this table also explains: the legal basis for processing your data, linked to each processing purpose; and in what circumstances your data will be shared with a third party organisation.
We may share your personal information with trusted third parties from time to time. These third parties are our processors who will only process your personal information in accordance with our instructions. We will not, however, share your personal information with a third party for marketing purposes unless we have your consent to do this. We do not sell any personal information to any third party so that they can send you their marketing material.
We have set out below the third parties we may share your personal information with. If we do this, we will put in place a contract with them which controls how your personal information may be used and which requires that your personal information is treated in accordance with data protection laws.
We may record our telephone conversation with you therefore any information captured via this medium will automatically be processed for managing and developing our contract with you, regulatory, training and monitoring purposes.
Purpose for processing data |
Legal basis for processing data |
Third party organisations with whom data is shared |
To administer our relationship with you, provide services and respond to enquiries and for internal administrative purposes |
Our contract with you
For our legitimate interests
|
Irwin Mitchell Group Companies |
To act in your best interests and enable us to provide you with additional and relevant information and/or comply with our corporate and/or regulatory obligations |
Our contract with you
For our legitimate interests
With your consent
|
IM Group Companies, Affiliates and Companies who supply us with support services under an outsourcing arrangement |
In accordance with our legal, professional and regulatory obligations |
With your consent
To meet a legal obligation
For our legitimate interests
|
Government, enforcement agencies, regulators, courts and other third parties |
Provision of legal services in collaboration with partners |
Consent
For our legitimate interests
Contract |
Third party organisations and their representatives, where a Data Sharing Agreement is in place |
In connection with mergers and acquisitions of all or part of our business |
For our legitimate interests
With your consent
|
The organisation that we are selling to or merging with
|
Carrying out surveys to allow us to improve our business offerings |
With your consent |
Irwin Mitchell Group Companies |
To refer you to other entities within the IM Group Services and Affiliates |
With your consent |
Irwin Mitchell Group Companies and Affiliates |
To instruct an expert from IM Asset Management to assist with your case |
With your consent |
Irwin Mitchell Group Companies |
To ensure the billing of any procured services by you and obtain payment |
Our contract with you |
Government VAT and tax inspectors, external auditors, internal auditors |
To communicate with you about legal updates, breaking news, newsletters |
With your consent |
Irwin Mitchell Group Companies |
To send you information about the Irwin Mitchell Group and its Affiliates, details about events which are relevant to your interests |
With your consent
For our legitimate interests
|
Irwin Mitchell Group Companies |
To provide enquirers with support by telephone |
With your consent |
helpline providers and their representatives, internal auditors |
To record conversations for monitoring and quality purposes |
With your consent |
helpline providers and their representatives, internal auditors |
To process and respond to complaints |
To meet a legal obligation |
Irwin Mitchell Group Companies and third parties under contract to provide relevant services |
To monitor and record information relating to the use of our services, to include our website |
For our legitimate interest in order to improve the services and experience and website for individuals |
Web service providers and cookie providers |
To capture photographs and videos to be used for marketing and promotional material for the firm, including our website, brochures, bids and tenders |
With your consent |
Irwin Mitchell Group Companies |
To ensure the firms offices and its stored information is secure we use CCTV services |
With your consent |
CCTV service providers |
IT and other business services |
For our legitimate interests |
IT service providers and other carefully selected suppliers. We only use reputable third parties and they may only access your personal data to the extent that they provide their services and deal with any issues. We consider it is in our legitimate interests to be able to use reputable third-party providers to provide these services. |
Do you have to provide us with your personal information?
Where we have said that your personal information is used in order to comply with statutory requirements, carry out a contract with you or to take steps to enter into that contract, we will need you to provide the personal information requested. If you don’t provide the personal information we need when we ask for it, we may not be able to respond to you, enter into a contract with you, meet our obligations under the contract, or comply with our legal obligations. If you have any concerns about whether you need to provide your personal information please contact our Data Protection Officer at dataprotection@irwinmitchell.com.
Do we transfer your personal information outside the UK?
It may sometimes be necessary to transfer personal information outside the UK. We will only transfer your personal information overseas where e.g. our third party service providers who we share personal information with (as set out above) are based outside the UK, have support services located outside the UK or host personal information outside the UK.
We only transfer your personal information outside the UK where we are sure that your personal information is protected to the same standard as it would be protected in the UK.
If you would like further information on the safeguards we have in place for transfers of your personal information outside the UK, please contact dataprotection@irwinmitchell.com.
Whether we can change the purpose that we are collecting, storing and using your personal information for
We will only use your personal information for the purposes set out above unless another purpose we want to use it for is compatible with those original purposes. If we change the purpose for which we are using your personal information we will contact you and explain how the new purpose is compatible with the original purpose, If we would like to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do this.
How long we will keep your personal information for
We will generally retain personal information for a period of seven years after the termination of our business relationship with you. For example, if you become a client of our firm, your information will typically be held for seven years after your case has closed. Equally, if you enquire whether we might be able to support your claim, but you do not ultimately become a client of our firm, your information will be held for no longer than seven years after your enquiry was made.
To request additional information about our firm’s retention periods, please contact us.
At the end of the retention period, we will delete, anonymise or put the personal data beyond use.
Whether we intend to do automated decision-making or profiling
We are striving to become a more digital business while retaining our human approach. We believe that embracing technology has the potential to enhance the overall experience of clients. We use certain tools that draw on artificial intelligence – such as spell-check and anti-virus software – to work efficiently and safely. These tools may process some personal data, however our expert staff review the output from the technology, wherever appropriate. However, we do not use your personal information to make automated decisions about you.
How we process your personal information in relation to marketing
If you are one of our clients, we may use your personal information for the purposes of providing you with further information about the services that the IM Group and our Affiliates can offer, including sending legal updates, publications and details of events and webinars, that may be of use to you.
Whether you are a client or other interested party, we, other IM Group companies or our Affiliates other may also send marketing material to you, tailored to your needs and interests. These might include legal updates, publications and invitations to events. We will only do this if either you have agreed to receive this content or we consider that we have a legitimate interest to share the marketing material with you and this interest does not override your rights.
Where we carry out marketing via email or other electronic means we will also comply with our obligations under the Privacy and Electronic Communications Regulations 2003.
We use your personal information to carry out client satisfaction surveys on the basis of our legitimate interests in order to receive feedback as a business and improve our services that we provide to clients.
In any case, you can, of course, opt out of receiving our marketing by contacting our Data Protection Officer at dataprotection@irwinmitchell.com and, where we send you marketing material via email, an option to unsubscribe will be given in each email.
What security and privacy measures we have put in place to help protect your personal information?
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These measures include:
- Protecting against potential breaches of confidentiality
- Ensuring all IT facilities are protected against damage, loss or misuse
- Increasing awareness and understanding of the requirements of information security, and the responsibility of our colleagues to protect the confidentiality and integrity of the information that they handle
- Ensuring the optimum security of our website.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties (see above) who have a business need-to-know.
We have put procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Our security procedures mean that we may occasionally request proof of identity before we are able to disclose personal information to you.
Your data privacy rights
You have the following rights under data privacy laws:
This privacy notice together with our cookie policy together fulfil our obligation to tell you about the ways in which we use your personal information.
Right to access
You have the right to ask us what personal information we hold about you (Subject Access Request) and to have a copy of that personal information from us (along with certain other details).
Should you wish to make an individual rights request under UK GDPR, please email our Data Protection Team at: dataprotection@irwinmitchell.com.
Alternatively, you can write to us at:
The Colmore Building
9th Floor
20 Colmore Circus
Birmingham
B4 6AH
Right to rectification
If any of the personal information that we hold about you is inaccurate, you have the right to ask us to correct any errors in your personal information.
Right to be forgotten
You have the right to ask us to delete your personal information where: (i) we don’t need your personal information anymore; (ii) you withdraw your consent to our use of your personal information and we have no other legal basis to keep your personal information; (iii) you have asked us to review and explain our legitimate interests to you and we don’t actually have a valid legitimate interest to do what we are doing; (iv) our use of your personal information is illegal; (v) we have to delete your personal information to comply with our legal obligations.
Right to object
You have the right to ask us to review and explain our legitimate interests to you where we are collecting, storing and using your personal information on a legitimate interests basis, including where we are collecting, storing and using for profiling or by automated means. You have the right to object to our legitimate interests and that collection, storage and use unless we can demonstrate compelling legitimate grounds.
You also have the right to object to us sending you marketing communications.
Right to restrict processing
you have the right to ask us to restrict our use of your personal information where:
- You don’t think the personal information we have about you is correct, so that we can check if it is correct
- What we are doing with your personal information is illegal but you would rather we stop using your personal information rather than delete it
- We don’t need your personal information anymore, but you need us to keep it so that you can exercise any legal rights
- You have asked us to review and explain our legitimate interests to you, so that we can check whether we actually have a valid legitimate interest to do what we are doing.
If any of these circumstances apply, then please contact us.
Right to data portability
The right to ask us to provide you with a copy of the personal information you have provided to us, in a structured, commonly used and machine-readable format and the right to transfer that personal information to another entity where: (i) we are using your personal information on the basis of your consent or on the basis that it is necessary to perform a contract with you; and (ii) the use we are making of your personal information is carried out by automated means. If you would like to move, copy or transfer the electronic personal information that we hold about you to another organisation, please contact us.
Right to withdraw consent
Where we are using your personal information based on your consent you have the right to withdraw that consent at any time by contacting our Data Protection Officer at dataprotection@irwinmitchell.com.
Right to make a complaint
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), (the UK regulator for data protection issues, who may be contacted at Wycliffe House, Water Lane, Wilmslow SK9 5AF or ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO and so, if you are happy to do so, please contact us in the first instance and we will try to resolve your issue.
Visits to our offices
What personal information do we collect if you visit us and how do we use it?
If you visit one of our offices there are CCTV cameras to capture images. Irwin Mitchell LLP, a member of the Irwin Mitchell Group, operates our offices and is the Controller of the personal information collected via CCTV. It may share images with us for the purposes of security, employee safety and in certain circumstances, to verify information (such as when you visited our site or to establish facts in relation to health and safety incidents).
There are notices at our offices informing visitors that CCTV cameras are recording. We restrict access to the CCTV images to authorised staff and we keep the personal information obtained for only a limited period of time.
Questions and comments regarding this Privacy Notice are welcome, and should be sent to our Data Protection Officer at: dataprotection@irwinmitchell.com
Alternatively, you can write to our Data Protection Officer at:
The Colmore Building
9th Floor
20 Colmore Circus
Birmingham
B4 6AH
Should you wish to make an individual rights request under UK GDPR, please contact the Data Protection Team using the details provided above.