1. About this notice

This notice gives you information about how we use your personal data, and the rights that you have in your data.

We are a data controller. This means that we are responsible for deciding how we hold and use personal data about you, and explaining it clearly to you.

This notice applies to our prospective, existing and former: clients (including employees and representatives of our clients); individual and business contacts and prospects; referrers; individuals who request information from us; any person who provides services to us, either as an individual or as the employee or representative of a service provider; third parties acting for our clients; parties connected to or on the other side of our client matters and lawyers acting for such parties.

It is important that you read this notice, together with any other privacy information or notices we may provide.

We may update this notice at any time. We will provide notice of such changes as appropriate and recommend that you regularly check our website for updates to this notice.

Our Compliance and Practice Standards team is responsible for overseeing our compliance with data protection law. If you have any questions about this transparency notice or how we handle your personal data, please contact  0117 314 5609 or compliance@vwv.co.uk.

It is important that the personal data that we hold about you is accurate and current. Please keep us informed if your personal data changes.

2. Who we are

This notice applies to the following entities:

• Veale Wasbrough Vizards LLP
• Veale Wasbrough Executor and Trustee Company
• Narrow Quay Consulting Limited (NQHR)
• VWV Plus Limited (VWV Plus)
• VWV Legal Services Limited

together referred to as VWV group in this notice.

In this notice, a reference to "us, we or our" is a reference to any or all of the VWV group entities, as the context requires. A reference in this notice to the contract we have with you is a reference to the contract between you and the relevant VWV group entity that you have contracted with.

VWV Approach and Augustines Injury Law are brands of Veale Wasbrough Vizards LLP and Veale Wasbrough Vizards LLP is a data controller of all information processed by VWV Approach and Augustines Injury Law.

We may add to the list of VWV group entities as our business develops.

Information may be shared between the VWV group entities for the purposes set out in this notice. In particular we will share information to enable us to market and promote our products and services to you and others. For example:

• if you are a client or prospect of a VWV group entity, then it may share your information with other VWV group entities, which may inform you about their services
• if you attend an event through VWV Plus, then VWV Plus may share your information with other VWV group entities so that those other entities can tell you about their services
• if you ask us to act as an executor of a will, or act as a trustee, then we may share information with Veale Wasbrough Executor and Trustee Company. We will provide further information if this is relevant to you.

3. What information do we hold and how do we use it?

Personal data means any information about an individual from which that person can be identified.

There are special categories of more sensitive personal data which require a higher level of protection (see section 7, below).

We collect different information depending on your relationship with us.

• Individual clients
• Individual prospects and other non-client contacts
• Individual service providers
• Corporate clients, suppliers and third party business contacts and prospects
• Other individuals involved in client matters

In each case we have identified our lawful basis for processing. These are described in more detail at section 6 below.

3.1. Individual clients

We process:

• your name, address and contact details. Such processing is necessary for performance of the contract between you and the VWV group entity that you are contracting with
• anti-money laundering and know your client information (see section 9 below). We do this to comply with our legal obligations and as necessary for the legitimate interest of understanding who we are contracting with
• information relating to your matter and our instructions. If you are an individual client, this may include information about your family or third party beneficiaries. Such processing is necessary for us to perform our contract with you for the provision of advice or other services that we have agreed to provide
• your bank details. Such processing is necessary for performance of a contract where we are required to pay funds to you (for example on completion of a sale of property)
• your personal data in connection with the performance of the contract between us and to the extent necessary for our legitimate interests in managing the contract. This includes recovery and payment of our fees
• your marketing preferences and details of any services you have subscribed to or events you have attended. Such processing is necessary for the legitimate interest of promoting and developing our business
• background information about you and your relationship with us, to inform and improve the services we provide to you. This may include lifestyle information and information about your family. Such processing is necessary for the legitimate interest of informing and improving the services we provide to you
• feedback you provide to us on our services. Such processing is necessary for the legitimate interest of managing our business and improving our services

To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies. This processing is necessary for the legitimate interest of managing our business and compliance obligations.

We use information from our client relationship management (CRM) system to monitor your engagement with our digital content in accordance with our Cookies policy for the legitimate interest of informing and improving the service we provide to you, and future product and service development.

We may, from time to time, approach you for your consent to allow us to process your personal data for other purposes. If we do so, we will provide you with details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

3.2. Individual prospects and other non-client contacts

We process:

• your name, address and contact details
• your marketing preferences and details of any services you have subscribed to or events you have attended
• feedback you provide on events or marketing campaigns
• background information about you and your relationship with us.

Such processing is necessary for the legitimate interest of promoting and developing our business and improving our services.

We use information from our CRM system to monitor your engagement with our digital content in accordance with our Cookies policy for the legitimate interest of informing and improving the service we provide to you, and future product and service development.

We process any feedback you provide to us in relation to our services including your decision whether or not to instruct us. Such processing is necessary for the legitimate interest of managing our business and improving our services.

To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies. This processing is necessary for the legitimate interest of managing our business and compliance obligations.

We may, from time to time, approach you for your consent to allow us to process your personal data for other purposes. If we do so, we will provide you with details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

3.3. Individual service providers

We process:

• your name, title and business contact information including addresses, telephone numbers and email addresses
• details relating to the performance of the contract between us, including financial information and bank details for payment.

Such processing is necessary for the performance of the contract between us.

We may perform due diligence in the form of credit checks and verification of your identity including checking photographic identification and proof of address. We do this to comply with our legal obligations, and as necessary for our legitimate interests of understanding the party or parties with whom we are contracting.

To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies. This processing is necessary for the legitimate interest of managing our business and compliance obligations.

We may, from time to time, approach you for your consent to allow us to process your personal data for other purposes. If we do so, we will provide you with details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

3.4. Corporate clients, suppliers and third party business contacts and prospects

We process:

• names, titles and business contact information including addresses, telephone numbers and email addresses for your employees and representatives.

Such processing is necessary for performance of the contract between us. Where you are an employee of a corporate client or contractor, we process this information for the legitimate interest of performing our contract with your employer.

We process personal data as part of our anti-money laundering and know your client procedures (see section 9 below). We do this to comply with our legal obligations, and as necessary for our legitimate interests (provided that the interests and fundamental rights of the individual do not override our interests).

We may perform due diligence including verification of company registration details, credit checks on companies, checking photographic identification and proof of address of directors and, in some cases, your shareholders. We do this to comply with our legal obligations, and as necessary for our legitimate interests (provided that the interests and fundamental rights of the individual do not override our interests).

We process:

• information relating to your matter and our instructions. If you are an employer, this may include information about your staff. For educational institutions, this may include information about pupils, students and parents.

Processing of this information is necessary for the purpose of providing advice to you.

We process personal data contained in documents reviewed by us as part of any due diligence and provided to us in disclosure. Such processing is necessary for the purpose of providing advice.

We process your marketing preferences and details of any services to which you have subscribed, and any events your employees and representatives have attended. Such processing is necessary for the legitimate interest of promoting and developing our business.

We process any feedback you, your employees or representatives provide to us on our services. Such processing is necessary for the legitimate interest of managing our business and improving our services (provided that the interests and fundamental rights of any individual employees and representatives do not override our interests).

We process background information about you, and your employees and representatives, and your relationship with us. Such information may include how you found us and what your interests are. Such processing is necessary for the legitimate interest of informing and improving the service we provide to you (provided that the interests and fundamental rights of any individual employees and representatives do not override our interests).

To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies.

We use information from our CRM system to monitor your engagement with our digital content in accordance with our Cookies policy for the legitimate interest of informing and improving the service we provide to you, and future product and service development.

3.5. Other individuals involved in client matters

We process the details of parties involved in or on the other side in client matters for the purpose of carrying out conflict of interest checks. Such processing is necessary for our legal obligations and the legitimate interest of meeting our compliance requirements.

For third parties involved in client matters, including lawyers and professional advisers acting on the other side of a particular matter, we will collect your contact details and such information about you (and, where applicable, your clients) as necessary for us to advise our clients, to carry out our client's instructions and to comply with our legal obligations, including personal data contained in documents reviewed by us as part of our due diligence or as provided to us in disclosure. Such processing is necessary for:

• the purpose of establishing, exercising or defending legal claims
• the legitimate interests of our client in receiving advice and services from us (provided that the other party's interests and fundamental rights do not override our client's interests).

We may process your (or, where applicable, your client's) bank details. Such processing is necessary where we are required to pay funds to you (or your client), for example on completion of a sale of property.

If you are a beneficiary under a will then we will hold your name, address, contact details and information about your relationship with the testator. This enables us to communicate with you and to fulfil the testator's wishes as set out in the will.

To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies.

4. Our events

We use your personal data in order to manage your attendance at our events, such as our webinars, training and workshops. This includes both online and in-person events. Your name, and the name of the organisation you work for, may be visible to other attendees, for example, if you ask a question or if you participate in a group discussion.

If we have a contract with you to provide the event, then our lawful basis for processing your personal data is the contract. If we do not have a contract with you, our lawful basis is legitimate interests. Either, we have a legitimate interest in making the event available to you so that we fulfil our contract with the person who has paid for you to attend or, for free events, we have a legitimate interest in encouraging engagement with clients and prospects. Please see section 6 below for more information.

Our events are usually recorded and we may make the event publicly available, for example, by uploading to our website.

If you are a speaker at one of our events then we may also publish your name, contact details and profile. We may also process other personal data relevant to your attendance, for example, if an attendee gives us feedback on the event.

Our events and webinars are delivered through VWV Plus, which means that other VWV group entities may share personal data of clients, prospects and attendees with VWV Plus to enable VWV Plus to market and run events. Please see section 3 above for more information on how personal data is used and shared for marketing purposes.

5. How do we collect personal data?

We collect personal data direct from you when you enquire about our services, when we establish you as a client of the firm, if you register with us for an event or to receive updates and information from us, or where we enter into a contract to receive services from you.

We collect further information from you during the period of our retainer or for the duration of your providing services to us.

We collect information about our clients, and about third parties, from our clients and from parties acting on the other side in a transaction, or from lawyers or other professional advisors acting on their behalf.

We collect information from other third parties, such as other professionals advising our clients on a matter, from referrers, partner organisations (if we have run a joint event), and from credit reference agencies or other background check agencies.

We may collect information about our clients and about third parties from public sources, such as Companies House or the Land Registry, from an online search or from social media sites.

6. Our lawful basis for using personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• where we need to perform the contract we have entered into with you
• where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Where we rely on legitimate interests for our processing, we will advise you of the relevant interest. When we send you marketing communications, then, unless we have told you otherwise, we are doing so for our legitimate interest of promoting and developing growing our business
• where we need to comply with a legal obligation otherwise, with your consent.

We may also use your personal data in the following situations, which are likely to be rare:

• where we need to protect your vital interests (or someone else's interests)
• where to do so it is needed in the public interest.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal data.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Where we process your personal data on the basis of your consent then you have a right to withdraw that consent at any time.

7. How we use particularly sensitive personal data

Special categories of particularly sensitive personal data require higher levels of protection. We need to have further justification for collecting, storing and using the following types of personal data.

Depending on the nature of our instructions, we may collect, store and use any of the following special categories of information:

• physical or mental health, including any medical condition or disability
• nationality, race or ethnicity
• political opinions
• religious or philosophical beliefs
• trade union membership
• sexual orientation or sex life
• genetic information and biometric data
• information relating to criminal convictions and offences.

We process this type of information where it is necessary to establish, exercise or defend a legal claim.

We may process particularly sensitive personal data if we are under a legal obligation to do so, or if it becomes necessary to protect your vital interests or those of another person, or for reasons of substantial public interest.

We may process information:

• relating to a health condition or disability in order to make reasonable adjustments in the provision of our services
• where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public
• about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

We make every effort to anonymise such information.

We may approach you for your written consent to allow us to process certain particularly sensitive information. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

8. Information about criminal convictions

We may only use information relating to criminal convictions where the law allows us to do so. Except where this is necessary in the course of the advice we are providing to you, we do not envisage that we will hold information about criminal convictions.

We may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

9. Anti-money laundering and know your client information

We are required by law to verify the identity of all clients. In addition, our internal requirements may require us to conduct background checks on new or existing clients. These may necessitate verification of the identity and good standing of clients. For corporate clients this will include verifying one or more of their directors or other officers, and verifying the identity of shareholders, beneficial owners, management or other relevant background information.

We may require evidence of source of funds, at the outset of and possibly from time to time throughout our relationship with clients, which we may request or obtain from third party sources. The sources for such verification may comprise documentation which we request from the prospective or current client, or through the use of online sources, or both. We may also be required to make detailed enquiries of any unusual transactions such as the transfer of large amounts of money.

In some circumstances we may decline to, or may not be permitted to, act until such procedures have been completed. We reserve the right to decline to act or, if appropriate, cease to act should these procedures not be completed to our satisfaction.

Where we instruct counsel or other professionals on behalf of clients, they may request us to provide them with copies of evidence of identity of clients or their representatives which we have obtained from you or from other sources. We will be entitled to send such copies to them if we so decide.

10. Who do we share your personal data with?

We will share your personal data with third party service providers who provide services to us and to other third parties who use your information, as data controller, for their own purposes.

If you are a client, we share your personal data with other data controllers where required by law, for example if we are required to share information in accordance with our anti-money laundering procedures, or to meet our regulatory requirements or as required by our insurers.

We share personal data with:

• our regulator, the Solicitors Regulation Authority (SRA), HM Revenue & Customs (HMRC) or other government or law enforcement agencies
• our insurance providers and our professional indemnity insurance broker
• Lexcel (the Law Society's legal practice accreditation service) and other auditors, for the purpose of auditing our compliance with our legal and regulatory obligations (including anti-money laundering requirements) and the SRA Standards and Regulations.

We may share your information if we refer you to a third party adviser for specialist advice or if we are prevented from acting for you due to a conflict.

Where we share information with other data controllers, they are responsible to you for their use of your information and compliance with the law.

The following activities are carried out by third party service providers on our behalf: office and client administration, security, video conferencing and online training platforms; archiving; document and records management (this includes using software to help us manage large volumes of documents); confidential waste disposal; IT support and maintenance; hosting our website (including analytics); marketing campaigns; payment; carrying out surveys; obtaining feedback on our services; and providers of anti-money laundering and know your client services.

If you are a delegate at an event, or if you attend training that we provide, we may share names and contact details with other attendees unless you ask us not to and with third party event organisers and with other attendees, unless you ask us not to.

We may share your personal data with other third parties in the context of the negotiations for a sale or restructuring of the business.

11. Transferring information outside the UK and the European Economic Area (EEA)

Where an equivalent level of protection for personal data has not been deemed adequate by the Information Commissioner's Office (ICO), we will usually have put in place contractual clauses to protect personal data. If you have any specific questions about this, please contact compliance@vwv.co.uk for more details.

If you are based outside the UK or the EEA we may transfer personal data to the correspondence address you provide to us. We will take all reasonable steps to ensure that such transfers are secure. By instructing us from outside the UK or the EEA you acknowledge and agree that such transfers are necessary for us to provide services to you.

12. How long do we keep your personal data?

We will only retain your personal data for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Where a minimum retention period is required by law (such as retaining records for HMRC purposes or for compliance with SRA requirements, or anti-money laundering law), we comply with that minimum period plus up to 12 months to allow time for us to anonymise or delete information in accordance with our internal data management processes.

Unless particular circumstances warrant retention for longer periods, we retain client documents in line with the National Archives' recommended best practice and (where applicable) the Law Society's recommended retention periods for client files. We apply the same rules to electronic files as to paper files. Access to archived files is restricted. Please contact compliance@vwv.co.uk if you would like to discuss specific retention periods applicable to your matters.

Our backup and disaster recovery service provider retains a copy of all emails and attachments for ten years. Access to this information is restricted.

If we are required to retain your information longer than our standard retention periods, we will let you know (unless we are prevented by law from doing so).

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

13. Your rights in connection with personal data

Under certain circumstances, by law you have the right to:

• request access to your personal data (commonly known as a subject access request). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it
• request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
• request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below)
• object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes
• request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it
• request the transfer of your personal data to another party
• withdraw consent in the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are required to continue to process your information in accordance with another lawful basis which has been notified to you
• complain to the Information Commissioner's office if you are unhappy with our use of your personal data: you can do this at https://ico.org.uk/concerns/

To exercise any of the above rights, please contact 0117 314 5609 or email compliance@vwv.co.uk.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is to ensure that personal data is not disclosed to any person who has no right to receive it.

Last updated 1 May 2024