Privacy Policy

Please send any data-related enquiries to enquiries@aikerlegal.org

About Aiker Legal

We are committed to protecting the information we hold, and to meeting the requirements of Data Protection/GDPR requirements.

This policy sets out the steps we take to make this happen and how we process your information lawfully and keep your information safe.

Should you need to contact us, please use the details below.

Address: FAO The Data Protection Officer, Aiker Legal Ltd, 4 Edison Court, Ellice Way, Technology Park, Wrexham, LL12 7YT.

Collection and use of your personal information

What personal information do we collect about you?

We may collect personal information from you in the course of our business, including through your use of our website, when you contact / request information from us, when you engage our legal services or as a result of your relationship with one or more of our staff and clients.

The personal information that we process includes:

• Basic information, such as your name (including name prefix or title), the company you work for, your title or position and your relationship to a person.
• Contact information, such as your postal address, email address and phone number(s).
• Professional information such as those from business networking sites provided by you.
• Financial information, such as payment-related information.
• Technical information, such as information from your visits to our website or applications or in relation to materials and communications we send to you electronically, collected through cookies and other tracking technologies.
• Information you provide to us for the purposes of attending meetings and events, including access and dietary requirements.
• Identification, background, and financial verification information provided by you or collected as part of our business acceptance and ongoing monitoring.
• Personal information provided to us by or on behalf of our clients or generated by us in the course or providing services to them.
• Any other information relating to you which you may provide to us directly.

When and how may we collect and use your information

As a Law firm, most of the personal information we collect, and use is required to fulfil legal or contractual obligations that arise during the delivery of a client matter [when we are instructed to provide a legal service].

Your personal information may be collected, exchanged and used with/by a client, from you, other third parties, or from publicly available sources.

We take care to only collect and use information required to fulfil our lawful purpose and retain for a proportionate period.

How long may we keep your information

Our retention polices reflect our statutory obligations and specific business requirements. The retention period will vary according to the category and nature of the information, and why we have it.

We have statutory obligations to retain some documents in their original format; for everything else, we routinely scan and destroy.

Please contact dataprotection@aikerlegal.org for details about retention schedules relating to your information.

Our most common use of your personal information

See below for the most common activities involving the use of your personal information.

You are a client (or in the process of instructing us)

Onboarding checks

• Purpose: Fulfil our legal obligations / our legitimate interests
• Detail: We are required to conduct regulatory and public interest duties before we act for you (including conflicts, identity, PEP’s, AML and other fraud detection / prevention). We may be obligated to share your information with appropriate official bodies
• Collection: We may use multiple sources - Direct from you, indirect, research, legal
• Categories: These include identity, contact, financial, special category and criminal conviction and offence

Delivering your service

• Purpose: Fulfil a contract
• Detail: Access and use of your personal information will vary according to the nature of your specific matter
• Collection & share: We may share your information when we consult or engage with other professional agencies, experts, sub processors, data controllers or other third parties to perform duties or provide a service to deliver the expectations of your engaged service [including but not limited to; other legal professionals, courts, witnesses, consultants, Experts]
• Categories: Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information

Administration of relationships

• Purpose: Fulfil our legal obligations / our legitimate interests
• Detail: Manage, review, and update documents within your client and matter file. Provide invoices and carry out billing and other related financial functions and debt recovery
• Categories: Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information

Industry updates

• Purpose: Our legitimate interests
• Detail: We will add your contact details to our marketing database keep you up to date with legal insights, service and events information related to your service area. We may also ‘opt you in’ to receive other relevant marketing and promotional materials, you may ‘opt out’ of these
• Categories: Contact, preferences

Statutory obligations - others

• Purpose: Fulfil our legal obligations
• Detail: We may undertake other activities commensurate with a law firm, to the extent required to comply with legal, regulatory, governmental, or other statutory or judicial obligation or requirement, such as complying with a court order or information request
• Collection: Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information

Our Business operations

• Purpose: Our legitimate interests
• Detail: We may use elements of your matter file for our own business purposes, such as billing, generating management information and reports. We may perform audits, accountancy tasks, compliance, training, and performance reviews. When we do, we ensure that the use of personal information for these purposes are relevant and proportionate

Collection

Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information.

Transparency

When we process [collect, use or share] your information we will be transparent with you, unless we have legal or professional obligation not to.

Retention

• Purpose: Fulfil our legal obligations
• Detail: We may undertake other activities commensurate with a law firm, to the extent required to comply with legal, regulatory, governmental, or other statutory or judicial obligation or requirement, such as complying with a court order or information request
• Collection: Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information

Your information was provided during a matter and you are not a client

Our client services are regulated by the Solicitors Regulation Authority, these regulations mandate us to maintain confidentiality of client affairs, unless permitted by law or the client consents.

This means, when we process your information to deliver a client service, we may do this without your knowledge or consent. Confidentiality rules may also exempt us from fulfilling some data protection rights requests, such as your right of access.

Activities that may take place involving your personal information

Delivering client services | Administering client relationships | Statutory obligations | Our business operation

• Purpose: Fulfil a contracted service
• Detail: Access and use of your personal information will vary dependant to the nature of the specific matter
• Collection & share: We may share your information when we consult or engage with other professional agencies, experts, sub processors, data controllers or other third parties to perform duties or provide a service to deliver the expectations of the engaged service [including but not limited to; other legal professionals, courts, witnesses, consultants, Experts]
• Categories: Information used will vary depending on the nature of the matter and may include special category and criminal conviction and offence information

Communicating with us

By phone, Microsoft email,miManager secure send and Microsoft Teams.

• Detail: Tools used for calls include mobile or landline, and platforms such as Microsoft teams. These automatically collect and display your personal information. We may use this information to maintain our records and demonstrate accountability and to help improve the efficiency and effectiveness of our call handling
• Voicemail: Our automated systems may generate an email, audio file and / or text transcript of the call recording. Automated emails may be sent to the intended recipient to notify them of the message and copy of the information. Other authorised personnel may access and review the contact. Further processing will be dependent on the nature and purpose of your contact
• Collection: Technical, from the caller
• Categories: Identity, contact, date / time technical. Plus, any personal information provided by the caller

Website analytics

• Cookies: When you visit and interact with our website, cookies and similar technologies automatically collect technical information about your equipment, browsing actions and patterns. We use this to improve your experience, record your permissions and to record pop up activities within our domain. We use performance cookies for our statistical purposes and to plan and manage our website performance. More information on this can be found within our cookies policy. When you access a link from our website to a third-party website, you should review their notices
• Collection: From the machine in use
• Categories: Identity, preferences, technical, usage

Contact forms

• Detail: Information you provide is triaged and processed to effectively manage the query. We use consolidated information to review and improve our services
• Collection: From the visitor
• Categories: Identity, contact, technical, usage. Plus, any personal information provided by the visitor

Applying for employment, training - or work experience

• Detail: When you register for an event your information is added to our subscriber database, this is used by the events team to facilitate the event, manage your attendance, and gain post event feedback. [see section: attending an event]. We will let you know on the subscription pages if the event is delivered using a third party and if your information will be shared with them for the same purpose
• Collection: From the subscriber
• Categories: Identity, contact, preferences, technical, usage

Third party access

Detail: Our trusted third parties may access our website to provide us with technical support during routine or operational performance and maintenance.

Visiting our office - Managing your visit (Guest and staff Wi-Fi)

• Purpose: Health & safety and maintaining security
• Detail: Our reception services may ask you to ‘sign in’ and wear an ID badge. This is to facilitate your visit, ensure your safety and to manage our security. If you inform us about any additional requirements relating to your visit, we may use this to make reasonable provisions for you. On occasion, there may be a requirement to complete an individual risk assessment, implement reasonable adjustments or to investigate an accident or manage an incident. Your information may be processed and shared with relevant third parties such as a fire marshal, building manager, HR, or the Health and Safety Executive
• Retention: Information may be retained for six months; a longer retention will be applied in the event of any incidents or accidents or claims
• Collection: Direct from you
• Categories: Identity, contact, special category

You subscribe to receive marketing materials

Unless you provide express consent, we limit the use of your subscription information for our marketing purposes. We do not share, allow access to, or sell your information to third parties for additional marketing purposes. We will be transparent with you and provide details of any proposed additional use of your information.

Your subscription, interactions and consent

When you agree to receive promotional materials by subscribing via our website or sign up for an event [that we run or co-host]. Subscription information is stored within our secure marketing database. We may use software to review and categorise your preferences and identify relevant materials to provide.

Maintenance by third parties

Our trusted third parties may access our database to provide us with technical support during routine or operational performance and maintenance.

You can change your preferences or unsubscribe ‘Opt-out’ at any time by following the embedded links within the footers of our direct marketing emails, or you can let us know by email to enquiries@aikerlegal.org or through the contact us form on our website.

You submit an information request or make a complaint

Your contacts and identity

We may use your personal information to take reasonable measures to verify your identity and confirm your authority to make the complaint, enquiry, or request.

Investigations

We review information you provide and other relevant personal information that we hold, we may share this with relevant personnel, to the extent required to investigate and manage the query.

3rd Party sharing

We may share your personal information with relevant third-parties or agencies such as the regulator, clients, solicitors, or insurers).

Mitigations

We may make changes or update your information and implement appropriate actions to achieve the required outcome.

Collection

Direct, Indirect, technical.

Catagories

Identity, contact, technical and any information relevant to your contact.

Our other business operations

In addition to the activities described within this notice, your personal information is likely to be further accessed and processed during our routine business operational tasks and administration duties. These activities are commensurate with head office functions for a business of this nature.

Our people may process, access and review your information for duties consistent with their position and responsibilities, such as delivering a client service and performance management. Bespoke training is a mandatory requirement for all of those who have access to personal information. We restrict access to personnel and service providers who have a legitimate ‘need to know’. There are contractual obligations of confidentiality and data protection; we have disciplinary provisions in place to address performance.

Your information may be processed when we apply security measures. We use physical, electronic, and administrative safeguards designed to protect your personal data from loss, misuse, and unauthorised access, use, alteration, or disclosure. We store all personal data you provide to us behind firewalls on servers employing security protections. We continually review and improve our technical systems and tools to maintain resilience, security, and adaptability of our IT Infrastructure. We achieve and work towards accreditations and information security best practice standards, such as Cyber Essentials Plus, ISO 27001, ISO 9001.

When we use third parties to perform activities for us, we complete due diligence checks to ensure information remains secure, confidential, and used for the contracted purposes.

Where overseas or cross boarder transfers are required, we ensure appropriate technical or contractual security measures are in place.

Sale or transfer of business assets

We may disclose your personal information to a prospective seller or buyer or successor in the event that we sell or buy any part of our business group, entity or assets or seek to acquire new businesses, merger, divestiture, restructuring, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, where one of the transferred assets is the personal data we hold.

Your information may be lawfully processed when our obligations or legal rights outweigh your right to privacy. We take reasonable measures that protect and enforce our legal rights against breach of contract or agreement, detection or prevention of fraud or crime, and to protect people, property, or assets.

Non-personal information

We may process and share other, non-personal information without restriction of this notice. However, we will consider our other regulatory or contractual obligations prior to use.

Data protection and your rights

The General Data Protection Regulations and the UK Data Protection Act 2018 [the Regulations] provide individuals within the UK and EEA with specific data protection rights, explained by the UK regulator, the ICO.

These rights are not absolute and the ability to enforce your rights is dependent on the nature of the information and why we have it.

There are exemptions within data protection regulations and other legislation or Acts, to which we are bound. These may override your rights.

These rights may vary for those outside of the UK and EEA; please contact us for more information.

Making a request

There are no restrictions for who you can ask or how you make your request. However, we encourage you to contact dataprotection@aikerlegal.org

You may find the ICO guidance helpful.

When we receive your request, we will let you know we have received it and inform you if we need any additional information from you such as to verify your identity.

We usually provide an outcome within one month, however if we need any extra time we will let you know and provide you with an explanation.

Raising a concern with us

If you wish to speak to us about a concern or to make a complaint about how we manage your information or how we have responded to your request, please contact dataprotection@aikerlegal.org to schedule a call.

You may find the ICO guidance helpful.

Raising a concern to the regulator

If you are unhappy about how we have managed your information or dissatisfied about how we have responded to your information request or compliant, you have the option to raise concerns directly with the information regulator.

Each office location may be subject to one or more data protection authority; the relevant authority will depend on your location and where the processing takes place.

If you are making a complaint about our UK operations please complain to the ICO.