EJ Lazenby Contracts Ltd (“Lazenby”, “we”, “us” or “our”) takes privacy very seriously. Please read this Privacy Notice to Customers carefully. It contains important information on who we are and how and why we collect, store, use and share your Customer Personal Data. It also explains your rights in relation to your Personal Data and how to contact us or supervisory authorities in the event you have a complaint.
When we use Customer Personal Data we are regulated by Data Protection Legislation and we are responsible as a ‘controller’ of that Customer Personal Data for the purposes of Data Protection Legislation. Our use of Customer Personal Data is subject to your instructions, the UK GDPR, other relevant UK legislation and our professional duty of confidentiality.
Please note the definitions of the key terms referred to in this Privacy Notice to Customers are set out at the end.
1. Personal information we collect
The table below sets out the categories of Customer Personal Data we will or may collect when instructed by you:
|Categories of Personal Data we will always collect
|Categories of Personal Data we may collect
Such Personal Data may include Special Category Personal Data and/or information relating to criminal convictions and criminal offences. Further information is set out in paragraph 3 below entitled ‘How and why we use your Personal Data’.
The above categories of Personal Data are required to enable us to provide our services to you. If you do not provide such Personal Data, it may delay, or prevent, us from providing services to you.
2. How we collect personal information
Most of the Customer Personal Data that we use in or in connection with the matters that you instruct us on will be either provided to us by you or created by us during the course of the matter.
We may also collect Customer Personal Data:
- From publicly accessible sources, such as websites and Companies House or HM Land Registry;
- Directly from third parties such as:
– sanctions screening providers;
– credit reference agencies;
– customer due diligence providers;
– local and public authorities;
– the Police;
– corporate service providers;
– financial institutions or advisors;
– consultants and other professionals we may engage, or work with, or be on the other side in relation to your matter e.g. engineers, contractors, architects
- Where you have instructed us to do so (in your personal capacity), from:
– your bank, building society or other financial institution;
- Through newsletters, marketing or event communications we send to you, we use link click tracking within these to manage event RSVPs and automatic unsubscribes (for more information on link click tracking please see our cookies policy https://www.lazenby.co.uk/cookie-policy
- Via our information technology (IT) systems;
- Case management, document management and time recording systems;
- Reception logs;
- Automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.
3. How and why we use Customer Personal Data
Under Data Protection Legislation, we can only use Personal Data if we have a proper legal basis for doing so. For example:
- To comply with our legal obligations;
- For reasons of substantial public interest;
- For the performance of our contract with you or to take steps at your request before entering into a contract;
- For our legitimate interests or those of a third party, so long as this is not overridden by your own rights
and interests; or
- Where you have given consent.
Generally we do not rely on consent as a legal basis for processing your Personal Data. Where we do require consent, we will ask for that separately and clearly, and you have the right to withdraw consent at any time by contacting us.
The table below explains the purposes for which we process Customer Personal Data ("Purpose") and the applicable legal basis for each Purpose:
|The purpose for which we use your Customer Personal Data
Special Category Personal Data
As and when we process Special Category Personal Data, we will process it in accordance with applicable Data Protection Legislation.
Typically, this will be where the processing is necessary for performing our contract with you or the processing is necessary for compliance with a legal obligation to which we are subject and (in addition) the processing is necessary:
(1) for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; or
(2) for reasons of substantial public interest, such as where the processing is necessary for the purpose of
(i) preventing or detecting unlawful acts, or (ii) protecting the public against dishonesty, or (iii) regulatory requirements relating to unlawful acts and dishonesty, or (iv) preventing fraud, or (v) making disclosures of suspicions of terrorist financing or money laundering.
On occasion we may need to obtain your explicit consent, or (in the case of another Data Subject's Special Category Personal Data) require you to obtain the Data Subject's explicit consent, before we can process that Special Category Personal Data.
If we do seek and obtain your (or another Data Subject's) explicit consent, you/they can withdraw it at any time, without affecting the lawfulness of processing based on your/their consent before its withdrawal.
Personal Data relating to criminal convictions and offences
We will only process information relating to criminal convictions and offences in accordance with applicable Data Protection Legislation.
Typically, this will be where the processing is necessary for performing our contract with you or the processing is necessary for compliance with a legal obligation to which we are subject and (in addition) the processing is necessary for the purpose of:
(1) preventing or detecting unlawful acts, or (2) protecting the public against dishonesty, or (3) regulatory requirements relating to unlawful acts and dishonesty, or (4) preventing fraud, or (5) making disclosures of suspicions of terrorist financing or money laundering, or (6) legal proceedings or obtaining legal advice or establishing, exercising or defending legal rights.
On occasion, we may need to obtain your explicit consent, or (in the case of another Data Subject) require you to obtain the Data Subject's explicit consent before we can process information relating to criminal convictions and offences.
4. Promotional communications
We will always treat Customer Personal Data with the utmost respect and never sell or share it with other organisations for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by:
- Contacting us by emailing email@example.com
- Using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
5. Who we share personal information with
We routinely share Customer Personal Data with:
- Our staff and members;
- Our subsidiaries;
- Third party professional advisers who we instruct on your behalf or refer you to or you request we send it to, for example engineers, sub contractors or other experts;
- ID check and verification providers;
- Credit reference agencies;
- Our insurers and brokers;
- External auditors;
- Our bank;
- External service suppliers, representatives and agents that we use to make our business more efficient, for example, outsourced IT service providers, marketing agencies, marketing and electronic communication service providers, document collation or analysis suppliers or debt recovery service providers all based within the UK; and
- Any other third parties you ask us to send it to.
We only allow our service providers to handle your Customer Personal Data if we are satisfied that we have a legal basis to share the same with them and they take appropriate measures to protect your Customer Personal Data. We also impose contractual obligations on service providers to ensure they can only use your Customer Personal Data to provide services to us and to you.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some Customer Personal Data with other parties, such as potential buyers of some or all of our business or during a re-structuring or merger process. Information will often be anonymised but this may not always be possible or appropriate. The recipient of the information will be bound by confidentiality obligations.
6. Where we store personal information
Information may be held at our offices and the locations of our third party agencies, service providers, representatives and agents as described above (see ‘Who we share your Personal Data with’).
Some of these third parties may be based outside the UK. For more information, including on how we safeguard your Personal Data when this occurs, see below: ‘Transferring your Personal Data out of the UK’.
7. How long we keep personal information
We keep Customer Personal Data after we have finished advising or acting for you. We do so for the following reasons and purposes:
- To respond to any questions, complaints or claims you might make or which we make on your behalf;
- To show that we treated you fairly and in accordance with the law and relevant regulation; and
- To keep and process records required by law or regulation.
We will not retain and process your Customer Personal Data for longer than is necessary for the purposes set out in this Privacy Notice to Customers.
To determine the appropriate retention period for Customer Personal Data, we consider the amount, nature, and sensitivity of the Customer Personal Data, the potential risk of harm from unauthorised use or disclosure of the Customer Personal Data, the purposes for which we process the Customer Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Generally our retention periods are 7 years after the matter we are acting for you on has completed. However, longer retention periods will apply for certain types of instructions. We also reserve the right to store all emails that we have sent and/or received from you or about your matter or you for up to 15 years (either ourselves or using a third party IT service provider). Further details are available by contacting us.
When it is no longer necessary to retain your Customer Personal Data, we will delete or anonymise it.
8. Transferring Customer Personal Data out of the UK
To deliver services to you, it is sometimes necessary for us to share and transfer Customer Personal Data outside the United Kingdom (UK), for example:
- With advisors outside the UK;
- With your and our service providers located outside the UK;
- If you are based outside the UK; or
- Where there is an international dimension to the matter on which we are advising you.
These transfers may be subject to special rules under UK data protection law.
Between the UK and EU (and EEA) member states:
The UK Government has deemed the EU and EEA states to be adequate to allow for data flows from the UK. The UK Government has stated that this will be kept under review. The EU has also granted the UK an ‘adequacy decision’. This means that the EU has determined the UK’s data protection laws to be robust enough to ensure personal data can transfer freely from the EU (and EEA) to the UK.
No additional safeguards are therefore needed at this time.
Between the UK and Non-EU (and Non-EEA) countries:
The following countries to which we may transfer Customer Personal Data have been assessed by the European Commission and, from 01 January 2021, are also recognised by the UK Government as providing an adequate level of protection for Personal Data:
Andorra; Argentina; Faroe Islands; Guernsey; Isle of Man; Israel; Japan; Jersey; New Zealand; Switzerland; and Uruguay.
The European Commission has also made partial findings of adequacy in relation to Canada (for commercial organisations).
Except for the countries listed above, where we transfer Customer Personal Data to non-EU (and non-EEA) countries we will ensure the transfer complies with Data Protection Legislation. Our standard practice is to use standard data protection contract clauses which have been approved by the European Commission and recognised by the UK Government/ICO. To obtain a copy of those clauses or if you would like further information please contact us (see ‘How to contact us’ below).
9. Your rights
You have the following rights in respect of your Personal Data, which you can exercise free of charge:
|The right to be provided with a copy of your Personal Data.
|The right to require us to correct any mistakes in your Personal Data.
|To be forgotten
|The right to require us to delete your Personal Data - in certain situations.
|Restriction of processing
|The right to require us to restrict processing of your Personal Data - in certain circumstances (e.g. if you contest the accuracy of the Personal Data).
|The right to receive the Personal Data you provided to us, in a structured, commonly used and machine- readable format and/or transmit that data to a third party - in certain situations.
|The right to object:
|Not to be subject to automated individual decision-making
|The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
For further information on each of those rights, including the circumstances in which they apply, please contact us or consult the guidance issued by the UK Information Commissioner’s Office (ICO) on individuals’ rights under the UK General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- Email, or write to us (see below: ‘How to contact us’); and
- Let us have enough information to identify you (e.g. your full name, address and customer or matter reference number); and
- Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- Let us know what right you want to exercise and the information to which your request relates.
To the extent that a Data Subject makes a request in relation to any of the above rights in relation to the Customer Personal Data for which we are both a Data Controller, both you and us will provide reasonable assistance to each other in respect of any such request.
10. Keeping Personal Data secure
We have appropriate technical and organisational measures in place to look to prevent Personal Data from being accidentally lost, or used or accessed unlawfully. Those processing your Customer Personal Data are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
11. How to complain
We hope that we can resolve any query or concern you may raise about our use of your Customer Personal Data.
You have the right to lodge a complaint with a supervisory authority where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/make-a-complaint/ or telephone: 0303 123 1113.
12. Changes to this Privacy Notice to Customers
This Privacy Notice to Customers was updated on 2nd January 2024. We may change this Privacy Notice to Customers from time to time.
13. How to contact us
Please contact us by post, email or telephone if you have any questions about this Privacy Notice to Customers or the personal data we hold about you.
Our contact details are:
E J Lazenby Contracts Ltd, Pen Mill Station Yard, Yeovil, Somerset, BA21 5DD
01935 700 306
Means the agreement between you and us for the provision of legal services by us to you.
Customer Personal Data
Personal Data processed by either us or both you and us under the Agreement, in respect of which (as between us and you) you are the original Data Controller. This shall include, as applicable, your Personal Data, your employees’, contractors’ and any other staff’s Personal Data, your customers' Personal Data (either consumer customers or the representatives of any business customers, including their staff) and any other Personal Data disclosed to us by you or your representatives, or obtained by us or anyone engaged by us, in relation to the services to be provided under the Agreement.
Means a person or entity which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
Data Protection Legislation
All applicable privacy and data protection laws, including the UK General Data Protection Regulation, the Data Protection Act 2018, and any applicable regulations and secondary legislation in England and Wales relating to the processing of Personal Data and/or the privacy of electronic communications, as amended, replaced or updated from time to time, including the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426).
An individual who is the subject of Personal Data.
Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal Data Breach
A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
Processing, processes, process
Either any activity that involves the use of Personal Data or as Data Protection Legislation may otherwise define processing, processes or process. It includes any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing also includes transferring Personal Data to third parties.
Special Category Personal Data
Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership; genetic and biometric data; data concerning health, or a person's sex life or sexual orientation.
We, us, our
E J Lazenby Contracts Ltd.