Burness Paull LLP is committed to protecting the privacy and security of the personal data of its clients and contacts, including third parties in legal proceedings or investigations in which we are instructed as representatives or external legal advisors. This privacy notice is to inform you about how Burness Paull LLP collects and uses third party personal data in the context of providing legal services. This notice should be read in conjunction with our full privacy policy which can be viewed on our website: www.burnesspaull.com

Burness Paull LLP is the controller and responsible for your personal data collected by us (collectively referred to as Burness Paull, we, us or our in this privacy policy).

For any questions about how we process your data, please contact dataprotection@burnesspaull.co.uk.

Types of data we may collect, use, store or transfer

  • Identity Data (i.e. names, any previous names, username or similar identifier, marital status, title, date of birth and gender).

  • Contact Data (i.e. billing address, delivery address, email address and telephone numbers).

  • Professional Information (i.e. Job title, employer and professional qualifications and performance related information).

  • Case-related information (i.e. statements, evidence and other information relevant to a legal matter in which we are instructed).

  • Communication Data (i.e. correspondence and communications with us).

  • In certain circumstances, our collection of the different categories of data set out above may include the collection of Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We also may collect Criminal Convictions and Offences Data.

We do not envisage taking any decisions about you or to process your data based on fully automated means.

How is your personal data collected

We use different methods to collect data from and about you including:

  • When we communicate with you by mail, email or other electronic correspondence, by telephone or using video conferencing software. 

  • When you provide information to us, such as providing a witness statement or documentary evidence.

  •  When information about you is provided to us by a third party such as your employer, or another client of ours who has instructed us to contact you with a view to conducting an investigation or taking a witness statement. 

  • Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.

Purpose

We process your data based on our legitimate interests in providing legal services to our client or to fulfil our contractual or legal obligations. 

Data sharing

We may share your information with the parties below as part of the process of gathering evidence, preparing for and conducting legal proceedings or investigations, where required by law or where we have a legitimate interest in doing so. This includes sharing data with:

  • Our clients who have instructed us in respect of legal services in which you/your evidence are relevant;

  • Counterparties or opposing parties to any legal services in which we are instructed and in which you/your evidence are relevant;

  • External investigators;

  • Regulatory bodies (if applicable);

  • Our suppliers who provide us with their services, including IT and communication suppliers, screening service providers, outsourced business support, and translation companies;

  • Law enforcement bodies, the courts, our regulators and other competent authorities in accordance with legal or regulatory requirements or good practice;

  • Our insurers, brokers, external auditors, banks and other third parties who provide services to us.

Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, subject to satisfying legal, regulatory, accounting, and reporting requirements. We have a data retention policy which has different retention periods depending on the type of information we hold. In accordance with guidelines issued by the Law Society of Scotland, we retain client files for a minimum period of 10 years from the date of completion of the client matter.

Your rights of access, correction, erasure, and restriction

It is important that the personal information we hold about you is accurate and current.  Please keep us informed if your personal information changes during the investigation.

Under certain circumstances, by law you have the right to:

  • Access your data
  • Rectify inaccurate data
  • Erase data (subject to conditions)
  • Restrict processing
  • Data portability
  • Object to processing

If you wish to exercise any of these rights, please email us at dataprotection@burnesspaull.com.
For more information about your rights you can consult our overarching Privacy Policy.

You have the right to complain at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues on https://ico.org.uk/.

Security measures

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.

All information you provide to us is stored on secure servers with industry standard anti-virus and firewall protection in place.

© Burness Paull 2025

Want to hear more from us?

Subscribe here