asb aspire LLP is a limited liability partnership registered in England and Wales with registered number OC327667 and registered office address being at Horizon House, Eclipse Park, Sittingbourne Road, Maidstone ME14 3EN (“asb aspire” “we” “us”). A list of members of the firm is available for inspection at the above office address.

asb aspire also has its other principal office at Origin Two, 106 High Street, Crawley, West Sussex RH10 1BF

This Privacy Policy should be read together with our Cookies Policy and Terms of Use Policy together with any Terms and Conditions we may provide to you and sets out how we will treat any personal data that you provide us or that we collect about you.

Introduction

This privacy policy sets out how asb aspire uses and protects any personal data  that asb aspire processes about you (including information provided through the website www.asb-aspire.com (“Website”)).

asb aspire is a firm of solicitors, specialising in catastrophic and serious injury claims, particularly cases involving acquired head and brain injuries and through providing services to its customers may collect personal data of contacts, its clients or potential clients (“Services”). In addition to this, the Website also collects certain personal data from its users.

asb aspire is firmly committed to respecting and protecting the privacy of all personal data received or collected, in strict adherence to Data Protection Legislation (defined below) and best business practice.

Jonathan Clement is the data protection officer for asb aspire, to contact the data protection officer please email DPOenquiries@asb-aspire.com .

Data Protection definitions

asb aspire’s data protection and privacy measures are governed by the (i)  the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), the Data Protection Act 2018 and The Privacy and Electronic Communications (EC Directive) Regulations 2003 (‘PECR’)  and (ii) any relevant successor and/or subordinate legislation as may be directly applicable from time to time.  (the ‘data protection laws’)

For the purpose of data protection laws, where personal data is provided directly to asb aspire through use of the Website, email, or other means asb aspire will be a data controller of such personal data. Where asb aspire is provided with personal data by a third party only for the purpose of performing a contract with that third party and asb aspire cannot and do not determine the use of such personal data, asb aspire will be data processor of such information.

Personal data collected

asb aspire may collect, use, store and transfer different kinds of personal data about you and because of the nature of the Services we provide, the types of data we process can be quite varied, but will usually include:

  • Identity Data including your first name, last name, marital status, title, job title, national insurance number, directorships and shareholdings;
  • Anti-Money Laundering Data including copies of your passport, utility bills, birth certificate, national identity card and/or other identifying information required to be provided to us for anti-money laundering purposes;
  • Individual Data including correspondence and personal data from our clients, or from others, about themselves or about other individuals (such as our corporate clients’ employees) which is provided to us for use for the purpose of carrying out our business of providing legal services, including your relationship to a person, financial affairs, family, lifestyle and social circumstances, education, employment background, health and medical history, genetic and biometric information, information about convictions and personal preferences;
  • Contact Data including your residential address, billing address, delivery address, email address and telephone numbers;
  • Financial Data including bank account and payment card details;
  • Transaction Data including details about payments to and from you and other details of products and Services you have purchased from us;
  • Usage Data including information about how you use asb aspire’s Services or submit an enquiry or query through the Website including IP addresses;
  • Technical Data including information from your visits to the Website or in relation to materials and communications we send to you electronically;
  • Event Data including the information you provide to us for the purposes of attending meetings and events, including your preferences, access and dietary requirements; and
  • Additional Data including any other information relating to you which you may provide to us.

If you fail to provide personal data

Where asb aspire is required by law  to collect process and retain personal data , or need to do so under the terms of a contract asb aspire has with you (or our customer for whom you are acting on behalf of) and you fail to provide that personal data to us when requested, asb aspire may not be able to perform the contract it has with you or is  trying to enter into on your behalf. In this case, asb aspire may have to cancel the Services we have agreed to provide to you but will notify you if this is the case.

How is your personal data collected?

asb aspire use different methods to collect personal data from and about you including through:

  • Direct interactions. You may give us your Identity, Contact, Anti-Money Laundering, Individual, Event, Additional and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you purchase Services or provide us with feedback.
  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources such as:
    • Contact, Financial and Transaction Data from providers of technical, payment and delivery services, including third party debt agencies and SmartSearch;
    • Individual Data from experts, health trusts and medical advisors;
    • Identity, Anti-Money Laundering and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.

How asb aspire uses your personal data

asb aspire will only process your personal data when the law allows us to do so. Most commonly, we will process your personal data in the following circumstances:

  • Services for clients- Where it is necessary for us to do so in the formation, performance and termination of our agreement with you in order to provide you (or the company on behalf of which you instruct us) with legal advice or other information that you have requested from us;
  • Anti- Money Laundering Requirements – In order to fulfil our anti-money laundering obligations we are obliged to verify the identity of new clients, and in certain circumstances existing clients. This includes the identity of clients’ or potential clients’ shareholders, beneficial owners, management, directors or officers and/or other relevant information;
  • Payment – To invoice you for the Services we have provided to you (or the company on behalf of which you instruct us), and to trace and collect debts where required or to make payment to you (or the company on behalf of which you instruct us);
  • Compliance – To keep records of the work we have carried out for you (or the company on behalf of which you instruct us) in accordance with our data retention policy;
  • Marketing – To send you electronic and/or paper form marketing materials relating to our Services and to invite you to seminars or other events hosted by us (so far as permitted by law);
  • Events – To enable us to provide events to you which take into consideration your preferences;
  • Business Performance – To manage our business performance and assess client satisfaction and improvement to our Services.

Purposes for which asb aspire will use your personal data

We have set out below, in a table format, a description of all the ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Please contact asb aspire if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a new customer and verify your identity

(a) Identity

(b) Contact

Performance of a contract

Explicit consent (for use of special categories of data)

Compliance with a legal requirement

To process and deliver the Services including:

(a) managing payments, fees and charges

(b) collecting and recovering money owed to us

(c)   making payments to you

(d)   contacting you and corresponding about the Services

(e) updating and enhancing client records;

(f) for legal and regulatory compliance;

(g) to complete statutory returns

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Individual

 

Performance of a contract

Necessary for our legitimate interests (to recover debts due to us)

Use of special categories of personal data for the establishment, exercise or defence of legal claims or proceedings

Compliance with a legal requirement

 

To respond to queries, complaints, claims and enquiries

(a) Identity

(b) Contact

Compliance with a legal requirement

Legitimate interests

Direct Marketing

(a)   Identity Data

(b)   Contact Data

Legitimate interests

 

Consent (where an individual consumer)

Events

(a)   Identity Data

(b)   Individual Data

(c)   Event Data

Legitimate interests

 

Business Performance

(a)   Identity Data

(b)   Individual Data

Legitimate interests

 

 

Change of purpose

Asb aspire will only process your personal data for the purposes for which it was originally collected, unless we are required by law or reasonably consider that we need to process it for another reason. Where we reasonably consider that we need to process your personal data for another reason we will only do so if that reason is compatible with the purpose for which your personal data was originally collected. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact asb aspire.

If we need to use your personal data for  a purpose unrelated to the purpose for which your personal data was originally collected then  we will notify you beforehand in order to seek your consent  or  to  explain the legal basis which requires us or allows us to do so.

Please note that in certain circumstances we may have to process your personal data without your knowledge or consent, in compliance with an obligation imposed upon us by law.

How your personal data may be shared

Personal data asb aspire collects in accordance with this Privacy Policy, may be shared as follows:

  • with third party consultants selected by asb aspire, whom we outsource certain support services such as word processing, translation, photocopying, document review and IT services or where we are using a third party service provider to provide services that involve data processing, such as DocuSign or dotmailer, Royal Mail;
  • with trade associations and professional bodies such as with the SRA and Law Society;
  • with the Information Commissioners Office, the legal ombudsmen or other regulatory body where asb aspire is under a duty to disclose your personal data to comply with any legal obligation (for example, in order to fulfil our anti-money laundering obligations);
  • with statutory bodies to complete returns on your behalf such as the Land Registry, HMRC or Companies House;
  • with our insurers, auditors and accountants;
  • with courts, to lawyers or experts advising the other party to a matter we are assisting you (or the company on which you act on behalf of) with, or to other professionals (such as costs draftsman, medical advisors, health trusts or barristers);
  • with Cardinal Management as part of the Major Trauma Signposting Partnership;
  • with our banking providers (including Royal Bank of Scotland plc (RBS)), where we are making payments to you. For details on how RBS uses your personal information, please visit www.rbs.co.uk/privacy;
  • with event partners or corporate hospitality providers;
  • with asb law, a limited liability partnership operated under the laws of England and Wales, registered number OC351354 with its registered office address being at Origin Two, 106 High Street, Crawley, West Sussex RH10 1BF, whom we outsource a number of internal functions;
  • with third party debt recovery agencies;
  • with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice;
  • to protect the rights, property, or safety of asb aspire, asb aspire’s customer, or others or to enforce any terms and conditions we provide to you. This includes exchanging information with other companies and organisations for the purposes of fraud protection and for compliance with laws;
  • where you have expressly consented for us to share your personal data with third parties;

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

How asb aspire stores personal data

For secure storage, asb aspire do not transfer your personal data outside the European Economic Area (EEA).

We do not normally share your personal data with anyone outside the EEA, however, we may do so when a particular circumstance or the Services we provide to you requires us to do so. Where we transfer personal data outside the EEA to countries not covered by an EU Commission adequacy decision or with appropriate safeguards, we will only do so if the transfer of personal data is necessary for us to perform our contract with you to establish, make or defend a legal claim on your behalf; because it is in our legitimate interests to do so or because you have given us specific and informed consent. In which case we will tell you:

  • the country to which the data is to be sent
  • the identity of the receiver
  • why we need to send the data
  • the type of data
  • the possible privacy risks involved

Where the basis of our lawful processing is based on your consent; you have the right to withdraw your consent.

Data security

We have assessed and put in place appropriate security, technical and organizational measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We adopt a risk-based approach to data security which means that we implement a level of technical measures appropriate and proportionate to the risk of any data breach or threat we can reasonably assess. We keep our security, technical and organizational measures under regular review but it is not possible to guarantee data security in all circumstances and we give no warranty to this effect. We limit access to your personal data to those employees, agents, contractors and other third parties who have received the appropriate training and have a business need to know. In the case of contractors and other third parties, they also have appropriate security and organisational measures and they will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Personal Data Retention

We will only retain your personal data for as long as it is necessary to fulfil the purposes that we collected it for, including for the purposes of satisfying any legal, accounting, regulatory, insurance or reporting requirements. We keep personal data in accordance with our internal data storage and retention procedures, which are determined in accordance with our regulatory obligations, our business needs and good practice. These retention periods vary and depend on the nature or the category of the personal data we hold. The retention periods we prescribe are subject to periodical review and to change; if you have any questions in this regard, please contact us using the details below.

Marketing

We may send you marketing material where you are a business customer and we consider the marketing material to be relevant to you or where you are a business customer and we have previously provided you with Services, and you have not opted out of receiving such communication.

Where you are an individual consumer we will only provide you with marketing material where you have provided your express consent.

You can update your marketing preferences by emailing marketing@asb-law.com .

Your Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:  

  • Request access to your personal data;
  • Request correction of your personal data;
  • Request erasure of your personal data;
  • Object to processing of your personal data;
  • Request restriction of processing your personal data;
  • Request transfer of your personal data;
  • Right to withdraw consent.

To exercise any of the above rights please contact us using the details below.

Where you exercise your right to erasure or where information is deleted in accordance with asb aspire’s retention policy, please note that after the deletion of your personal data, it cannot be recovered, so if you require a copy of this personal data, please request this during the period asb aspire retains the data.

Where you exercise your right to request access to the information asb aspire processes about you, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Where you provide us with information it is your responsibility to ensure that all such information is complete in all material respects and not misleading. The accuracy and appropriateness of our advice may be affected as a consequence of your failure to do so. If any information changes, please let us know so that we can keep it updated on our systems.

Children

The Website is not intended for children and asb aspire will not knowingly collect any personal data from persons under the age of 18. asb aspire may collect personal data about children which is incidental to the Services it provides. In this case asb aspire will ensure that such personal data is processed securely.

Complaints

If you would like to make a complaint in relation to how asb aspire may have stored, used or processed your personal data, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). asb aspire would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

External Websites

The Website may, from time to time, contain links to and from the websites of asb aspire partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. asb aspire is not responsible for the content of external internet sites and you are advised to read the privacy policy of external sites before disclosing any personal information.

Changes to this Privacy policy and your duty to inform us of changes

As and when necessary, changes to this privacy policy will be posted here.

This Privacy Policy was last updated on 01/11/2019.

Remember the Risks Whenever You Use the Internet

asb aspire is committed to ensuring that your information is secure and has in place reasonable and proportionate safeguards and procedures to protect your personal information. While asb aspire does its best to protect your personal information, asb aspire cannot guarantee the security of any information that you transmit to asb aspire and you are solely responsible for maintaining the secrecy of any passwords or other account information.

Questions and Contact information

For any questions or for further information, please contact: DPOenquiries@asb-aspire.com .