Privacy Policy

Rothera Bray Privacy Information Policy

Rothera Bray are a firm of Solicitors providing legal services as detailed on our website.

We are a data controller (see contact details below).  This means we decide how your personal data is processed and for what purposes.

Rothera Bray has created this Privacy Information Policy because we take your privacy very seriously.  We always treat any personal details you give us as confidential.

The policy sets out who we are, what information we collect from you, how we use it and your data rights.

Introduction

We are committed to being transparent about how we handle your personal information, to protecting the privacy and security of your personal information and to meeting our data protection obligations under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information during and after your working relationship with us. We are required under Data Protection Legislation to notify you of the information contained in this privacy notice. This privacy notice applies to all current and former clients, those who make enquiries of us, current and former employees, workers and contractors.

Rothera Bray has a Data Protection Team to oversee compliance with this Privacy Policy. For further information please contact us at dataprotection@rotherabray.co.uk or ring (0115) 9100600 and ask to speak to a member of our Data Protection Team. Full contact details are towards the end of this Policy but please note that Richard Hammond (r.hammond@rotherabray.co.uk) has overall responsibility for Rothera Bray’s Privacy Information Policy.

Data Protection Principles

Under the Data Protection Legislation, there are six data protection principles that Rothera Bray must comply with.  These provide that the personal information we hold about you must be:-

1.         Processed lawfully, fairly and in a transparent manner.

2.         Collected only for legitimate purposes without clearly being explained to you and not further processed in a way that is incompatible with those purposes.

3.         Adequate, relevant and limited to what is necessary in relation to those purposes.

4.         Accurate and, where necessary, kept up-to-date.

5.         Kept in a form which permits your identification for no longer than is necessary for those purposes.

6.         Processed in a way that ensures appropriate security of the data.

We are responsible for, and must be able to demonstrate compliance with, these principles.  This is called accountability.

“What is personal data”?

Personal data relates to any living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.  Personal data can be anything from a name, date of birth, address (including IP address), National Insurance number, sex, to medical records, to information retained by us on a file.

Our basis for processing your personal data

Our legal basis for collecting and storing your personal data is to provide legal advice and our right to retain that data is on the grounds of legitimate interest which is to establish, exercise or defend our legal rights in the event of any claim arising in relation to the legal advice provided.

How do we store your data?

Electronic client data will be stored in our File Management System called SOS Connect.  This contains all file details including personal data, letters, documents, emails, and ledgers.  This is situated with the European Economic Area (EEA).  We meet our obligations by keeping all personal data up-to-date.

Paper based data is kept on files at the office where the work is carried out and kept secure in lockable filing cabinets.

How do we protect your data?

All paper and electronic data is stored securely and also destroyed securely.  We protect personal data from loss, misuse, unauthorised use and disclosure with appropriate policies and internal training and technical measures in place to protect personal data which is underpinned by a Data Protection Policy.

As regards electronic data, our servers are stored in a secure room on site. We operate a secure networked MPLS environment with built in firewall protection and protection is additional is administered by Sophos.

Destruction of data

Paper waste is destroyed on site and this is carried out by a third party confidential waste company.

Paper files archived off site are destroyed securely by the hosting third party company.

Enquiries

If you provide personal data about yourself or your company when using our website, it will only be used to give an answer to your enquiry.  The personal data collected will be limited to that to enable us to be able to satisfy ourselves this is a genuine enquiry and to answer that enquiry.

The personal data in relation to that enquiry will be retained on our File Management System for 6 years prior to destruction.  It will be retained for that period on the grounds that we have a legitimate interest to do so; namely, to establish, exercise or defend our legal rights arising out of any advice given.

We do not share your personal data with any third party except where necessary to answer to a query raised by you.  If we need to communicate with a third party to deal with your enquiry we will request your written consent to do so.   However, if we are formally instructed by you to act this will be governed by our Terms of Business (please see hereafter).

Legal Advice Clinics

As part of our provision of legal services, we attend a number of legal advice clinics where we give free initial advice.  You will be asked to provide personal data limited to enable us to give advice at such clinics.

The personal data obtained will be retained on our File Management System for 6 years prior to destruction.  It will be retained for that period on the grounds that we have a legitimate interest to do so; namely, to establish, exercise or defend our legal rights arising out of any advice given.

We confirm that we will not share your personal data with any third party except where necessary to answer a query raised by you relating to the attendance at the advice clinic.  If we are subsequently instructed by you this will be governed by our Terms of Business (please see hereafter).

Clients (lawful processing)

Rothera Bray will process your personal data for the purposes of and so long as we are instructed by you in relation to a matter in which you have signed a Terms of Business letter. The legal work undertaken by us will be as detailed in the said Terms of Business letter with which we also provide a Terms of Business and Service Commitments Leaflet which details our obligations of confidentiality, your data protection rights and our need to share information with third parties as appropriate in representing your interests.

Communicating with third parties for clients

From time to time we may need to share your personal data with a third party to ensure that your legal interests are appropriately represented.  You will be informed at the time when this is happening but examples of the provision of personal data to third parties includes instructing barristers, instructing costs draftsman, instructing experts and submitting claims to the Courts and through online portals.  All third parties with whom we will have dealings will be required to provide satisfactory evidence that they will ensure that your personal data is kept secure.

Personal data retention policy for clients

We reserve the right to retain file records and data where we have acted for you for the necessary establishment, exercise or defense of any possible legal claim against the firm.  The relevant periods for which the file will be retained prior to destruction (both paper and electronic) are:-

Conveyancing purchases – 15 years

Family cases – 7 years

Children cases – 15 years

Trusts – 15 years

Wills/Enduring Powers of Attorney – Never destroyed

All other matters – 6 years

Storage of Deeds

Rothera Bray will retain deeds in our deeds storage system at your request and retain them until asked to release them to you.

Storage of Wills

Rothera Bray will retain Wills in our wills storage system at your request and retain them until asked to release them to you.

Marketing

For individuals who attend either Rothera Bray events or other events as our guests, we have their express informed consent to hold their relevant personal data and they are advised of the right to withdraw their consent at any time. This is carried out by what is called “Double Opt-in”.

Clients are only sent information about services that we provide where they specifically request us to do so when completing a client satisfaction questionnaire and thereafter we do not provide further information from time to time unless we have their express informed consent to do so.

Data Protection

Our legal basis for collecting, processing and storing your personal data is on the grounds of legitimate interest which is primarily for the provision of legal services to you and for related purposes including updating and enhancing client records, analysis to help us manage our practice, statutory returns, legal and regulatory compliance including for the purposes of preventing money laundering or terrorist financing.

Our use of that information is subject to your instructions, the General Data Protection Regulations (GDPR) and our duty of confidentiality. Please note that our work for you may require us to give information to third parties such as expert witnesses and other professional advisers including barristers. You have the right of access under GDPR to the personal data that we hold about you. Your Subject Access Request rights are set out on the website and are also available on request. We may from time to time send you information that we think might be of interest to you, ensuring that any such communications are relevant and beneficial. You have the right to opt-out of marketing communications at any time by using the link at the bottom of any such emails or by contacting the marketing team directly on: marketing@rotherabray.co.uk. Your instructions to us to act for you will constitute your agreement and consent to our data processing and retention policies. Our Data Protection Team can be contacted at dataprotection@rotherabray.co.uk or by telephoning 01159 100
600.

Marketing data is managed with the use of a third-party data processor called Mailchimp. This is subject to a data processing service agreement for users within the EEA.

Marketing data retention policy

We retain personal data in accordance with express consent subject to review every 12 months.

Client satisfaction questionnaires are only retained for 6 months from receipt and then securely destroyed.

Employees and former employees

Rothera Bray has a separate privacy notice for employees which by way of illustration details the types of personal information we collect, how we collect it, and why and how we use personal information. This separate notice is available to all existing employees internally and is available on request to former employees.

Employee data

Any paper data is retained in lockable filing cabinets in a secure room. Electronic data is stored on People HR, which is a cloud-based Portal and hosted within the EEA.

Retention of employee data

This data is retained for 6 years from the date of leaving our employment and is then securely destroyed. Payroll data is retained for 3 years prior to destruction. Specific medical related data maybe held longer; for a period of 40 years.

Retention of applicant’s data

This data for applicants who apply for employment with Rothera Bray is retained for 3 months and then is securely destroyed.

 Your Rights and Your Personal Data

You have the right to request a copy of your personal data by way of what is known as a Data Subject Access Request (DSAR).  In most circumstances this will be provided free of charge.

Our DSAR Policy can be read by following this link and is available on our website.  This also details other statutory rights as regards your personal data, which are for the avoidance of any doubt, the right to rectification, the right to erasure (“right to be forgotten”), erasure of children’s personal data, the right to restrict processing, the right to portability and the right to object to processing.

Breach of your data rights

If you have reason to believe that you have been subject to a breach of your personal data rights please contact our Data Protection Team (details hereafter). We have a policy and procedures to deal with any potential breach of data.

Cookie Policy

A cookie is a small file which asks for permission to be placed on your computer’s hard drive.  Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site.  Cookies allow web applications to respond to you as a individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use cookies to identify which pages are being used.  This helps us to analyse data about web page traffic and improve our website and services in order to tailor it to customer’s needs.  We only use this information for statistical analysis purposes.

Cookies help to provide you with a better website and service, by enabling us to monitor which pages you find useful and which you do not.  A cookie does not give access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies.  Most web browsers automatically accept cookies but you can usually modify your browser setting to decline cookies if you prefer.  This may prevent you taking full advantage of the Rothera Bray website.

For more information about cookies please see our separate Cookies page on our website.

Contact Details

To exercise all your statutory rights, queries, or complaints about how we have processed your personal data please contact in the first instance the Data Protection Team at 2 Kayes Walk, Stoney Street, The Lace Market, Nottingham, NG1 1PZ or by email at dataprotection@rotherabray.co.uk or by ringing our main line number on 0115 9100600 and asking to speak with a member of the Data Protection Team.

Lodging a complaint with the ICO

You have the right to contact the Information Commissioner’s Office (ICO) on 03031231113 or via email at https://ico.org.uk/global/contact-us/ or at the ICO’s office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Further processing

If we wish to use your personal data for a new purpose, which is not covered by this Privacy Information Policy we will provide you with a new notice explaining the new use prior to commencing the processing and setting out the relevant purposes and processing conditions.  Where and whenever necessary, we will seek your prior consent to the new processing.

Changes to Privacy Information Policy

Internet and data privacy practice is continually developing.  Therefore, we reserve the right to revise our policy at any time.  If our Information Privacy Policy changes in any way, we will post an updated version on this page.

By using this website you consent to the collection and use of any personal information in the matter set out above.

Updated February 2025