Company logoCompany logo

Your privacy and security

Privacy Notice

This Privacy Notice forms part of Admiral Law’s Terms of Business. It is provided in this format to ensure it is clear and easy to understand. An additional Privacy Notice can be found on your Client Extra (CLEX) account, if you have one.

Personal information is any information that can be used to identify a living person. This Privacy Notice is designed to explain:

  • Who Admiral Law are
  • What personal information we collect about you, and how we do that
  • What we do with your personal information, and why
  • What our lawful bases for using your personal information are
  • Whether we share your personal information, and if so, with whom
  • Your rights in relation to your personal information

Who are Admiral Law?

Admiral Law Limited is a company registered in England & Wales (company no. 08023665). Admiral Law Limited is a legal practice that is authorised and regulated by the Solicitors Regulation Authority (SRA), and our registration number is 596862. We’re registered with the Information Commissioner’s Office as a controller in relation to personal data under registration number Z3651435.

The SRA’s Code of Conduct and professional rules, which we are bound by, are available on their website: www.sra.org.uk.

We are required to process any personal information in accordance with the law, including the UK GDPR, and the DPA 2018.

What type of information do we collect about you, and how do we do that?

The personal information we collect about you may include:

  • Your name and address, date of birth and gender;
  • Your telephone numbers and email address;
  • Your IP address;
  • Information on the pages you visit on our website;
  • Records of your communications with us, for example, call history, audio & video recordings;
  • Lifestyle and other information;
  • Details of your claim, including any losses you have incurred; and
  • Feedback and survey scores.

Examples of sensitive personal data (known as special category data) we may collect include:

  • Your medical history; and
  • Your previous claims history.

We collect information about you as a necessary part of providing our services to you. Without it, we may be unable to act for you. We will ask for some information directly from you, and we monitor and record calls, emails, SMS messages and other communications. We may also collect information on you when:

  • Your insurer passes your details to us;
  • Other parties involved in your claim pass details to us;
  • You instruct us to provide you with our services;
  • You use our website or Client Extra (CLEX), our dedicated online client portal, or our Virtual Assistant;
  • You make client enquiries;
  • You register for information or other services;
  • You respond to communications or surveys; or
  • We require additional information from you for validation purposes.

We will collect sensitive information about you when:

  • We talk to you about a claim;
  • We receive medical or employment reports or records as part of your claim;
  • We undertake industry-required searches regarding your claims history.

What will we do with your information?

The information we collect will be used to:

  • Set up, assess and pursue your claim;
  • Seek your feedback on the services we provide;
  • Improve our services;
  • Comply with our legal, professional and regulatory obligations;
  • Notify you of changes to our services.

Our Virtual Assistant

Our Virtual Assistant allows our clients to ask questions of, and receive answers from, our Virtual Assistant. The Virtual Assistant sits within our Client Extra portal (CLEX), and so is only available to clients of Admiral Law. You may also have heard Virtual Assistants referred to as automated services, or as chatbots. Our Virtual Assistant will only answer questions when it has a high level of confidence in the answer it will provide. Whilst the Virtual Assistant will endeavour to provide you with an accurate reply, you should be aware that such response may not be error-free.

If you make use of our Virtual Assistant, it will share the contents of your chat with Microsoft Azure cognitive services which enable our Virtual Assistant to answer questions appropriately. This third party service only processes your data during the session with our Virtual Assistant. Any information you provide during your interaction/s with our Virtual Assistant will be shared with those services.

How long will we keep your personal information for?

Your personal information will be kept electronically for as long as Admiral Law requires it in order to provide you with the agreed product(s) or service(s). Original paper documents will be returned to the sender once we have made an electronic copy.  In some cases, we may keep selected paper documents which are kept securely on our premises during the course of your case; these will be confidentially and securely destroyed when your case is concluded.

The contents of conversations with our Virtual Assistant will be added to the relevant client file.  We retain client files for 15 years once the file has been closed, except where our client is under the age of 18 years old, where we will retain the client’s file for 15 years from their 21st birthday. Admiral Law will secure these files in line with our legal and regulatory requirements, and for as long as you may legally bring claims against us.


We will retain data within CLEX (which includes conversations with our Virtual Assistant) for 30 days after we close the corresponding client file. This is to provide our clients with the ability to access and view the contents of their CLEX account for a brief period following closure of their case.

We will retain call recordings for 7 years before securely disposing of them.

Who will we share your information with?

In addition to our staff (which may include locums), and those providing technical services to us, such as cloud providers (which host some of our business systems), we will share your information with anyone whose involvement is necessary to deliver our services to you, or where legally required. Without such information, we may be unable to act for you. Depending on the type of claim/s you are making, this may include the following people and organisations:

  • Our sister company, Lyons Davidson Limited, and their services company File Dynamics Limited, who are our IT service provider. The services which Lyons Davidson Limited and File Dynamics Limited provide are IT, file audits, accounting services, scanning and printing of post. In agreeing our terms and conditions you agree that it is necessary for us to share information and documents about you with Lyons Davidson Limited and File Dynamics Limited in order that they can effectively provide these services;
  • Other professionals involved in your case, as necessary, including MedCo, which is the system used to facilitate the sourcing of medical report providers in many personal injury claims. Where this applies, you are able to find information on how MedCo will use your information in their Privacy Notice, which can be found here.  Where we are required to do so, we use the Online Injury Portal (OIC), which is the Ministry of Justice’s online portal designed to facilitate those making personal injury claims. You are able to find information on how OIC will use your information in their Privacy Notice, which can be found here.
  • Other parties involved in the matter, including the person and/or insurer you make your claim against;
  • Any organisation from whom you have ordered any ancillary products or services, such as a legal expenses insurance policy or a car hire company;
  • Your own insurer;
  • Government agencies such as The Department for Work and Pensions, who have to be notified of all personal injury claims, the Courts, and law enforcement agencies, as appropriate;
  • Any organisation or person that may hold information that can prove your case and losses, such as your employer, the police (if they have prepared a police report), or witnesses;
  • Our regulator, the Solicitors Regulation Authority, the Information Commissioners Office, or the Legal Ombudsman.

What is our lawful basis for using your personal information?

There are a number of legal grounds for using your personal information. We rely on a number of these, including using your personal information:

  • To comply with our legal obligations when we verify your identity, engage with our regulators, and perform industry-mandated checks or processes
  • To provide our services to you, in line with your instructions, under our contract with you
  • To seek feedback via Trustpilot, where we rely on your consent

For our legitimate interests in:

  • Complying with our professional and regulatory obligations;
  • In making use of telephony routing and sending SMS messages;
  • Reviewing and improving the quality of the services we provide (for example, by auditing and reviewing call recordings for training and monitoring purposes) and ensuring compliance with internal policies;
  • Processing the personal information of people closely associated with our clients’ cases, including witnesses, children and protected parties, and
  • Fraud detection & prevention,

You can withdraw your consent by contacting the Privacy Operations Manager by writing to the Privacy Operations Manager using the contact details below.

What are your rights in relation to your personal information?

Your rights include:

  • The right to access a copy of your personal information (commonly known as a Subject Access Request, or a SAR);
  • The right to be informed about our processing of your personal information;
  • The right to have your personal information corrected if it is inaccurateincomplete personal information completed;
  • The right to restrict the processing of your personal information.

You also have the right to:

  • Have your personal data erased ("right to be forgotten");
  • Object to the processing of your personal information; and
  • Move, copy, or transfer your personal data ("data portability").

We conduct proportionate checks to ensure personal information is treated appropriately and in line with these obligations. You will be asked to provide your name, address, case reference and details of the information you would like.

You may also be asked to provide current, valid identification documents: showing your name, photograph and signature (e.g. a copy of your passport). If asked to provide this, please cover any information which goes beyond that, as we are unlikely to require it. Please also provide an additional identification document which shows your name and address (e.g. a copy of a recent bill or bank statement or other official document). We will accept just one identification document if it shows your name, address and signature, such as a copy of your driving licence.

Please note that if your request involves personal data of other people or you are making a request on behalf of another (such as a parent on behalf of their child), we may  need identification from these individuals, as well as a signed letter of authority from them confirming that they are happy for you to make that request on their behalf and, where applicable, for us to release their data to you. Where that individual is unable to provide such authority, or where those identification documents may not be available (for example, due to their age), we will make a decision on a case by case basis and will advise you as to what we will accept instead.

Once we have received your request and any identification documents we may have asked you to provide, we will have a calendar month to fulfil your request.

Please note that in the case of unfounded or repetitive requests for copies of data we are able to charge a fee; the level of that fee will be confirmed in appropriate cases and the time limit for provision of the data, which is a calendar month, will commence upon receipt of payment by us.

Some of these rights only apply in certain circumstances, or have certain exemptions. For more details on these rights, or for any queries on how to exercise them, you can contact the Privacy Operations Manager, who is the person with responsibility for Data Protection within Admiral Law. You can do this by email, at [email protected], or by writing to:

The Privacy Operations Manager
Admiral Law Limited
P.O. Box 3151
Bristol
BS1 9GS

If you have any complaints relating to the processing of your personal data, you can raise a complaint with Admiral Law by contacting the Privacy Operations Manager using the contact details above. For reference, our complaints process can be found here. You also have the right to complain to the relevant Supervisory Authority. In the UK, the Supervisory Authority is the Information Commissioner’s Office (ICO). They can be contacted by telephone on 0303 123 1113, via their website: https://www.ico.org.uk, or at their address, which is:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Confidentiality

Although we have to share your information for the purposes of pursuing your claim, as set out above, our staff will not reveal confidential information about you or your case to other people (that aren’t otherwise involved in your case) unless you agree.  If you want to authorise us to speak to another person, then we will only do that if you provide us with that person’s name, address and date of birth. If you do this you are fully authorising us to share any and all information that we have gathered about you and your claim with that person.  You can remove that authorisation at any time.  You must also have made the person that you want us to speak to aware that you have provided us with their details and in providing those details to us you are confirming that they have specifically agreed that we can have and store their information.

Security

We take the security of the information we hold seriously and have a number of technical, organisational and human controls to achieve this. We will communicate with and on behalf of you in the most effective way, and would recommend that you sign up to use our secure online portal which is called CLEX (Client Extra) to ensure we protect it.

  • We may send emails which, for convenience, are not in encrypted format but we will scan them for computer viruses, although we cannot guarantee they will be virus-free.
  • All emails are sent using opportunistic TLS, which encrypts the connection to your email provider, but not the content of the message.
  • All cloud services that we make use of (like Microsoft 365) are hosted on secure infrastructure. Our data is encrypted in transit and often, at rest.
  • We maintain ISO27001 certification, which we have held for a number of years. ISO27001 is the leading international standard focused on information security management. We undergo a rigorous and independent annual audit to maintain that certification. Admiral Law is committed to identifying and managing information security risk effectively, consistently and measurably, with a focus on continuous improvement.
  • We make use of a data loss prevention tool, Darktrace, which monitors our environment and communications and takes action to quarantine anything it deems suspicious.

International Transfers of Data

Although not done as a matter of course, on occasion, some of our staff may work remotely, including in countries outside of the EEA, and so we may transfer your data outside of the EEA and/or the UK. Whenever we do so, we fulfil our legal duty to ensure a similar degree of protection is afforded to it by ensuring that safeguards such as those detailed above are implemented. In instances where this is not possible, we do not permit remote working in such countries.

Please note that other countries privacy standards may differ from the UK’s, and may not provide the same level of safeguarding of your privacy rights. Should you choose to use our website, Virtual Assistant, CLEX, or communicate with us by any method from a country outside of the EEA, we would recommend that you consider the privacy and security safeguards of that country before doing so.

 

Last reviewed and updated: 26th March 2025