Privacy Notice
This Privacy Notice forms part of Admiral Law’s Terms of Business. It is provided in this format to ensure it is clear and easy to understand. Additional Privacy Notices can also be found on:
- Your Client Extra (CLEX) account, if you have one; and
- Our website.
Personal information is any information that can be used to identify a living person. This Privacy Notice is designed to explain:
- Who we are
- What personal information we collect about you, and how we do that
- What we do with your personal information, and why
- What our lawful bases for using your personal information are
- Whether we share your personal information, and if so, with whom
- Your rights in relation to your personal information
Who are Admiral Law?
Admiral Law Limited is a company registered in England & Wales (company no. 08023665). Admiral Law Limited is a legal practice that is authorised and regulated by the Solicitors Regulation Authority (SRA), and our registration number is 596862. We’re registered with the Information Commissioner’s Office as a controller in relation to personal data under registration number Z3651435.
The SRA’s Code of Conduct and professional rules, that we are bound by, are available on their website: www.sra.org.uk.
We are required to process any personal information in accordance with the law, including the UK GDPR, and the DPA 2018.
What type of information do we collect about you, and how do we do that?
The personal information we collect about you may include:
- Your name and address, date of birth and gender;
- Your telephone numbers and email address;
- Your IP address;
- Information on the pages you visit on our website;
- Records of your communications with us, for example, call history, audio & video recordings
- Lifestyle and other information;
- Details of your claim, including any losses you have incurred; and
- Feedback and survey scores.
Examples of sensitive personal information we may collect include:
- Your medical history; and
- Your previous claims history.
We collect information about you as a necessary part of providing our services to you. Without it, we may be unable to act for you. We will ask for some information directly from you, and we monitor and record calls, emails, SMS messages and other communications. We may also collect information on you when:
- Your insurer passes your details to us;
- Other parties involved in your claim pass details to us;
- You instruct us to provide you with our services;
- You use our website or Client Extra (CLEX), our dedicated online client portal;
- You make client enquiries;
- You register for information or other services;
- You respond to communications or surveys; or
- We require additional information from you for validation purposes.
We will collect sensitive information about you when:
- We talk to you about a claim;
- We receive medical or employment reports or records as part of your claim;
- We undertake industry-required searches regarding your claims history.
What will we do with your information?
The information we collect will be used to:
- Set up, assess and pursue your claim;
- Seek your feedback on the services we provide;
- Improve our services;
- Comply with our legal, professional and regulatory obligations;
- Notify you of changes to our services.
How long will we keep your personal information for?
Your personal information will be kept electronically for as long as Admiral Law requires it in order to provide you with the agreed product(s) or service(s). Original paper documents will be returned to the sender once we have made an electronic copy. In some cases we may keep selected paper documents which are kept securely on our premises during the course of your case; these will be confidentially and securely destroyed when your case is concluded.
We will retain client files for 15 years once the file has been closed, except where our client is under the age of 18 years old, where we will retain the client’s file for 15 years from their 21 st birthday. Admiral Law will secure these files in line with our legal and regulatory requirements, and for as long as you may legally bring claims against us.
We will retain call recordings for 7 years before securely disposing of them.
Who will we share your information with?
In addition to our staff (which may include locums), and those providing technical services to us, such as cloud providers (which host some of our business systems), we will share your information with anyone whose involvement is necessary to deliver our services to you, or where legally required. Without such information, we may be unable to act for you. This may include the following people and organisations:
- Our sister company, Lyons Davidson Limited, and their services company File Dynamics Limited, who are our IT service provider. The services which Lyons Davidson Limited and File Dynamics Limited provide are IT, file audits, accounting services, scanning and printing of post. In agreeing our terms and conditions you agree that it is necessary for us to share information and documents about you with Lyons Davidson Limited and File Dynamics Limited in order that they can effectively provide these services;
- Other professionals involved in your case, as neccesary, including MedCo, which is the system used to facilitate the sourcing of medical report providers in many personal injury claims. Where this applies, you are able to find information on how MedCo will use your information in their Privacy Notice, which can be found here: https://www.medco.org.uk/privacy-policy.
- We may also share your information with medico-legal agencies, or individual medical experts, to arrange for you to be medically examined for the purposes of proving your claim, treatment or rehabilitation providers, so that they can help to ease your symptoms appropriately, including ensuring unecessary costs are not incurred, advocates, to advise upon or present your case at Court;
- Other parties involved in the matter, including the person and/or insurer you make your claim against;
- Any organisation from whom you have ordered any ancillary products or services, such as a legal expenses insurance policy or a car hire company;
- Your own insurer;
- Government agencies such as The Department for Work and Pensions, who have to be notified of all personal injury claims, the Courts, and law enforcement agencies, as appropriate;
- Any organisation or person that may hold information that can prove your case and losses, such as your employer, the police (if they have prepared a police report), or witnesses;
- Our regulator, the Solicitors Regulation Authority, the Information Commissioners Office, or the Legal Ombudsman.
What is our lawful basis for using your personal information?
There are a number of legal grounds for using your personal information. We rely on a number of these, including using your personal information:
- To comply with our legal obligations when we verify your identity, engage with our regulators, and perform industry-mandated checks or processes
- To provide our services to you, in line with your instructions, under our contract with you
- To seek feedback via Trustpilot, where we rely on your consent
For our legitimate interests in:
- Complying with our professional and regulatory obligations;
- In making use of telephony routing and sending SMS messages;
- Reviewing and improving the quality of the services we provide (for example, by auditing and reviewing call recordings for training and monitoring purposes) and ensuring compliance with internal policies;
- Processing the personal information of people closely associated with our clients’ cases, including witnesses, children and protected parties, and
- Fraud detection & prevention,
You can withdraw your consent by contacting the Privacy & Risk Operations Manager by writing to the Privacy & Risk Operations Manager using the contact details below.
What are your rights in relation to your personal information?
Your rights include:
- The right to access a copy of your personal information (commonly known as a Subject Access Request, or a SAR);
- The right to be informed about our processing of your personal information;
- The right to have your personal information corrected if it is inaccurate, incomplete personal information completed;
- The right to restrict the processing of your personal information.
You also have the right to:
- Have your personal data erased ("right to be forgotten");
- Object to the processing of your personal information; and
- Move, copy, or transfer your personal data ("data portability").
Some of these rights only apply in certain circumstances, or have certain exemptions. For more details on these rights and how to exercise them, please contact the Privacy & Risk Operations Manager by writing to:
The Privacy & Risk Operations Manager
Subject Access Request
Admiral Law Limited
P.O. Box 3151
Bristol
BS1 9GS
Or by email at [email protected].
We conduct proportionate checks to ensure personal information is treated appropriately and in line with these obligations. Please therefore provide:
- Your name, address, case reference and details of what information you would like;
- Identification documents: one which shows your name, photograph and signature (e.g. a copy of your passport). Please cover any information which goes beyond that, as we are unlikely to require it. Please also provide an additional identification document which shows your name and address (e.g. a copy of a recent bill or bank statement or other official document). We will accept just one identification document if it shows your name, address and signature, such as a copy of your driving licence.
Please note that if your request involves personal data of other people or you are making a request on behalf of another (such as a parent on behalf of their child), we will need identification from these individuals, as well as a signed letter of authority from them confirming that they are happy for you to make that request on their behalf and, where applicable, for us to release their data to you. Where that individual is unable to provide such authority, or where those identification documents may not be available (for example, due to their age), we will make a decision on a case by case basis and will advise you as to what we will accept instead.
Once we have received your written request and identification documents we will have a calendar month to fulfill your request.
Please note that in the case of unfounded or repetitive requests for copies of data we are able to charge a fee; the level of that fee will be confirmed in appropriate cases and the time limit for provision of the data, which is a calendar month, will commence upon receipt of payment by us.
If you have any complaints relating to the processing of your personal data, you also have the right to complain to the relevant Supervisory Authority. In the UK, this is the Information Commissioner’s Office (ICO). They can be contacted by telephone on 0303 123 1113, via their website: https://www.ico.org.uk, or at their address, which is:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Confidentiality
Although we have to share your information for the purposes of pursuing your claim, as set out above, our staff will not reveal confidential information about you or your case to other people (that aren’t otherwise involved in your case) unless you agree. If you want to authorise us to speak to another person, then we will only do that if you provide us with that person’s name, address and date of birth. If you do this you are fully authorising us to share any and all information that we have gathered about you and your claim with that person. You can remove that authorisation at any time. You must also have made the person that you want us to speak to aware that you have provided us with their details and in providing those details to us you are confirming that they have specifically agreed that we can have and store their information.
Security
We take the security of the information we hold seriously and have a number of technical, organisational and human controls to achieve this. We will communicate with and on behalf of you in the most effective way, and would recommend that you sign up to use our secure online portal which is called CLEX (Client Extra) to ensure we protect it.
- We may send emails which, for convenience, are not in encrypted format but we will scan them for computer viruses, although we cannot guarantee they will be virus-free.
- All emails are sent using opportunistic TLS, which encrypts the connection to your email provider, but not the content of the message.
- All cloud services that we make use of (like Microsoft 365) are hosted on secure infrastructure. Our data is encrypted in transit and often, at rest.
- We maintain ISO27001 certification, which we have held for a number of years
- We make use of a data loss prevention tool, Darktrace, which monitors our environment and communications and takes action to quarantine anything it deems suspicious.
International Transfers of Data
Although not done as a matter of course, on occasion, some of our staff may work remotely, including in countries outside of the EEA, and so we may transfer your data outside of the EEA and/or the UK. Whenever we do so, we fulfil our legal duty to ensure a similar degree of protection is afforded to it by ensuring that safeguards such as those detailed above are implemented. In instances where this is not possible, we do not permit remote working in such countries.