Burness Paull LLP is committed to protecting the privacy and security of the personal data of its clients and business contacts. This privacy notice is to inform you about how Burness Paull LLP collects and uses personal data belonging to you or your personnel in the context of marketing legal services to you or your business, to enable you to use our website and attend any of our events or offices. This notice should be read in conjunction with our full privacy policy which can be viewed on our website: www.burnesspaull.com.
Burness Paull LLP is the controller and responsible for your personal data collected by us (collectively referred to as Burness Paull, we, us or our in this privacy policy).
For any questions about how we process your data, please contact dataprotection@burnesspaull.co.uk.
Types of data we may collect, use, store or transfer
- Identity Data (i.e. names, username or similar identifier, title, date of birth and gender).
- Contact Data (i.e. billing address, delivery address, email address and telephone numbers).
- Financial Data (i.e. bank account and payment card details).
- Technical Data (i.e. internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access our website).
- Usage Data (i.e. information about how you interact with and use our website, products and services).
- Marketing and Communications Data (i.e. data received from your letters, emails, call recordings and conversations between us as well as your preferences in receiving marketing from us and our third parties and your communication preferences).
- We may collect, use, and share aggregated data such as statistical or demographic data for various purposes (i.e. we may aggregate your usage data to calculate the percentage of users accessing a specific feature on our website, to analyse website traffic in general such as average time spent on our site and the most visited pages or to give insight into user demographics).
- Visitors logs from your visits on our office premises.
We do not envisage taking any decisions about you or to process your data based on fully automated means.
How is your personal data collected
We use different methods to collect data from and about you including:
- When we communicate with you by mail, email or other electronic correspondence, by telephone or using video conferencing software.
- When you:
- Attend any of our events;
- make a request for our services;
- subscribe to our publications;
- request marketing to be sent to you;
- complete a survey;
- provide us with feedback;
- visit any of our offices.
- Cookies on our website – Please see our Cookies Policy.
- Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.
Purpose
We are collecting your personal data in the context of marketing legal services to you or your business, to enable you to use our website and attend any of our events or offices.
|
Purpose/Use |
Type of data |
Lawful basis and retention period |
|
For events management |
Identity Contact Professional information |
Consent – where you agreed to be contacted by us. Legitimate interest - to hold events to promote our business and services or to enable clients and contacts to remotely participate/view our event recordings. We will retain this data for one year. |
|
To manage our relationship with you which will include sending you marketing communication, or other marketing and business development activities |
Identity Contact Profile Marketing and Communications |
Consent – where you agreed to be contacted by us. Soft opt in – where you have not opted out from receiving communication by us and we have an existing relationship that allows us to send you these. Legitimate interest - to hold events to promote our business, services or developments that may be of interest. We will retain this data for as long as we maintain an active relationship with you and up to six and a half years thereafter. |
|
To enable you to complete a survey or to manage your marketing preferences and keep our records up to date |
Identity Contact Profile Usage Marketing and Communications |
Legitimate interest – to improve our systems and services, seek feedback, for data management and business development purposes. Necessary for our legitimate interests (to study how customers and clients use our products and services, to develop them and grow our business). We will retain this data for as long as we maintain an active relationship with you and up to six and a half years thereafter. |
|
To use data analytics to improve our website, products and services, marketing, customer relationships and experiences |
Technical Usage |
Necessary for our legitimate interests (to define types of clients and customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy). We will generally retain this data for up to 2 years. Please see our separate Cookies Policy. |
|
To register you as a visitor on our premises and keep our premises secure |
Name Contact details
|
Necessary to comply with our legal obligations and for our legitimate interests to keep our premises safe and secure and for incidents reporting, management and investigation. We will retain this data for six months. |
Data sharing
We may share your information with the parties below as part of providing services to you, where required by law, you consented or where we have a legitimate interest in doing so. This includes sharing data with:
- Event organisers if we are organising an external event which you are attending;
- our agents and service providers who we use to help us with business development and providing legal services;
- our suppliers who provide us with their services, including IT and communication suppliers, outsourced business support and other third parties who provide services to us;
- relevant regulators, emergency services or other competent law enforcement authorities in accordance with legal or regulatory requirements or good practice;
Data retention
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, subject to satisfying legal, regulatory, and reporting requirements. We have a data retention policy which has different retention periods depending on the type of information we hold. We retain your data for as long as we have your consent or legitimate business reason to do so.
Your rights of access, correction, erasure, and restriction
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the investigation.
Under certain circumstances, by law you have the right to:
- Access your data
- Rectify inaccurate data
- Erase data (subject to conditions)
- Restrict processing
- Data portability
- Object to processing
If you wish to exercise any of these rights, please email us at dataprotection@burnesspaull.com.
For more information about your rights, you can consult our overarching Privacy Policy.
You have the right to complain at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues. https://ico.org.uk/.
Security measures
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.
All information you provide to us is stored on secure servers with industry standard anti-virus and firewall protection in place.
© Burness Paull 2025
