Burness Paull LLP is committed to protecting the privacy and security of the personal data of its clients. This privacy notice is to inform you about how Burness Paull LLP collects and uses personal data belonging to you or your personnel in the context of providing legal services to you or your business, through your use of the firm's website and through any of the other ways we interact. This notice should be read in conjunction with our full privacy policy which can be viewed on our website: www.burnesspaull.com.
Burness Paull LLP is the controller and responsible for your personal data collected by us (collectively referred to as Burness Paull, we, us or our in this privacy policy).
For any questions about how we process your data, please contact dataprotection@burnesspaull.co.uk.
Types of data we may collect, use, store or transfer
- Identity Data (i.e. names, any previous names, username or similar identifier, marital status, title, date of birth and gender).
- Contact Data (i.e. billing address, delivery address, email address and telephone numbers).
- Financial Data includes (i.e. bank account and payment card details).
- Transaction Data includes (i.e. details about payments to and from you and other details of products and services you have purchased from us).
- Technical Data includes (i.e. internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website).
- Usage Data includes (i.e. information about how you interact with and use our website, products and services).
- Contractual data (i.e. information obtained by providing legal services to you).
- Marketing and Communications Data (i.e. data received from your letters, emails, call recordings and conversations between us as well as your preferences in receiving marketing from us and our third parties and your communication preferences).
- In certain circumstances, our collection of the different categories of data set out above may include the collection of Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We also may collect Criminal Convictions and Offences Data.
- We may collect, use and share aggregated data such as statistical or demographic data for various purposes (i.e. we may aggregate your usage data to calculate the percentage of users accessing a specific feature on our website, to analyse website traffic in general such as average time spent on our site and the most visited pages, or to give insight into user demographics.)
We process your data based on our legitimate interests in providing legal services, to fulfil our contractual or legal obligations and to keep our records up to date.
We do not envisage taking any decisions about you or to process your data based on fully automated means.
Where we need to collect personal data by law, or under the terms of our engagement with you (as set out in our engagement letter and terms of business), and you fail to provide that data when requested, we may not be able to perform the services set out in the engagement letter.
How is your personal data collected?
We use different methods to collect data from and about you including:
- In the process of providing legal services to you or your personnel.
- When we communicate with you by mail, email or other electronic correspondence, by telephone or using video conferencing software.
- When you:
- make a request for our services;
- create an account on our website;
- subscribe to our publications;
- request marketing to be sent to you;
- complete a survey; or
- provide us with feedback.
- Otherwise through providing our legal services and operating our business.
- Cookie on the website – please see our separate Cookies Policy.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
- Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.
Purpose
We are collecting your personal data to provide legal services to you or your personnel as follows:
|
Purpose/Use |
Type of data |
Lawful basis |
|
To check whether we can act for you as a new or existing client or across from you as a counter party or other third party on a matter involving a new or existing client, and comply with regulatory requirements, including conflicts of interest, anti-money laundering, anti-terrorism, sanctions, fraud and background screening |
Identity Contact Financial Professional |
Performance of a contract with you. Necessary to comply with a legal or regulatory obligation Public interest. Necessary for our legitimate interests (to detect and prevent the commission of fraud, money laundering and terrorism offences). |
|
To deliver our services to you including engaging service providers, managing payments, fees and charges and collecting and recovering money owed to us |
Identity Contact Financial Transaction Marketing and Communications |
Performance of a contract with you. Necessary for our legitimate interests (to recover debts due to us). |
|
To manage our relationship with you which will include notifying you about changes to our terms |
Identity Contact Profile Marketing and Communications |
Performance of a contract with you. Necessary to comply with a legal obligation. Necessary for our legitimate interests (to keep our records updated and to study how customers and clients use our products and services). |
|
To enable you to complete a survey |
Identity Contact Profile Usage Marketing and Communications |
Performance of a contract with you. Necessary for our legitimate interests (to study how customers and clients use our products and services, to develop them and grow our business). |
|
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
Identity Contact Technical |
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). Necessary to comply with a legal obligation. |
|
To deliver relevant website content to you and measure or understand the effectiveness of the marketing we provide to you |
Identity Contact Profile Usage Marketing and Communications Technical |
Necessary for our legitimate interests (to study how customers use our products and services, to develop them, to grow our business and to inform our marketing strategy).
|
|
To use data analytics to improve our website, products and services, marketing, customer relationships and experiences |
Technical Usage |
Necessary for our legitimate interests (to define types of clients and customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy). |
|
To make suggestions and recommendations to you about services that may be of interest to you |
Identity Contact Technical Usage Profile Marketing and Communications |
Necessary for our legitimate interests (to develop our products and services and grow our business).
|
Data sharing
We may share your information with the parties below as part of providing services to you, where required by law or where we have a legitimate interest in doing so. This includes sharing data with:
- Other professional advisors instructed on your behalf, or in respect of the legal matter in which you may be involved, including solicitors, accountants, law accountants, tax advisors, experts, insolvency practitioners, arbitrators, adjudicators and mediators, local agent solicitors, foreign law firms and barristers, advocates and healthcare professionals, social and welfare organisations
- Your organisation
- Counterparties or opposing parties to any legal services we provide to you
- External investigators
- Regulatory bodies (if applicable)
- Our suppliers who provide us with their services, including IT and communication suppliers, screening service providers, outsourced business support, and translation companies
- Law enforcement bodies, the courts, our regulators and other competent authorities in accordance with legal or regulatory requirements or good practice
- Our insurers, brokers, external auditors, banks and other third parties who provide services to us.
Data retention
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, subject to satisfying legal, regulatory, accounting, and reporting requirements. We have a data retention policy which has different retention periods depending on the type of information we hold. In accordance with guidelines issued by the Law Society of Scotland, we retain client files for a minimum period of 10 years from the date of completion of the client matter.
Your rights of access, correction, erasure, and restriction
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the investigation.
Under certain circumstances, by law you have the right to:
- Access your data
- Rectify inaccurate data
- Erase data (subject to conditions)
- Restrict processing
- Data portability
- Object to processing
If you wish to exercise any of these rights, please email us at dataprotection@burnesspaull.com.
For more information about your rights you can consult our overarching privacy policy.
You have the right to complain at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues. https://ico.org.uk/.
Security measures
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.
All information you provide to us is stored on secure servers with industry standard anti-virus and firewall protection in place.
© Burness Paull 2025
