Privacy policy

  1. Introduction
    1. We are committed to protecting the privacy of our clients, subscribers, and website visitors.
    2. This privacy policy applies where we act as the data controller, the entity that determines the purposes and means of processing data, of personal data given to us by clients, subscribers, and website visitors.
    3. By using our website, and agreeing to this privacy policy, you consent to the use of cookies as set out within this policy. See section 6 on how we use cookies on our website.
    4. Throughout this privacy policy, “we”, “us”, and “our” refer to PKA Legal Limited, alongside the trading names of DBS Law, DBS Plus, CTS Claim Today Solicitors, and Claim Today Solicitors. For more information about us, see section 12.
    5. This privacy policy was amended on 10th October 2018, and has been amended to ensure compliance with the General Data Protection Regulation, which is to be implemented across the European Economic Area (EEA), and extraterritorially for citizens within the EEA.
      1. We may update this policy periodically by uploading it to our website, and you should check this page periodically to ensure you remain happy with this policy.
      2. We may notify you of changes to this policy by email.
    6. This privacy policy has been created using a template from SEQ Legal.
  2. Using personal data
    1. We may process data that details your use of our services and our website. This is known as usage data. Such data may include: your IP address, your geographical location, the browser type and version you are using, your operating system, how you got through to our website (known as a referral source), the length of your visit, what pages you viewed, how you navigated through our website, as well as the frequency and pattern of your service use.The source of the usage data is our analytics tracking system within the website. This usage data may be processed in order to analyse the use of the website and the services that we offer on the legal basis of our legitimate interests in monitoring and improving our website and services to the mutual benefit of both ourselves and yourselves, as users.
    2. We may process data submitted within an enquiry you submit to us regarding our services. This is known as enquiry data, and relates to data submitted to us either through our contact forms on our website pages. This data may be processed for the purposes of offering a service to you, and is performed under the legal basis of either consent, or contract.
    3. We may process data related to transactions and the purchases of goods and services that you enter into with us and/or through our website. This is known as transaction data, and may include your contact details, your card details, and details relating to the transaction. Such data may be processed in order to supply you with the purchased goods and services, and record-keeping of such transactions.The legal basis for such processing is to perform a contract, or take steps to enter into such a contract at your request, as well as to fulfil our legitimate interests, in ensuring the proper administration of our business.
    4. We may process data related to a matter that you instruct us to perform. This is known as service data, and relates to any data provided to us to complete a prescribed service, including legal documentation, names and personal data of witnesses or other involved persons, and special category data such as medical records where necessary. This service data is processed under the legal basis of contract.
    5. We may process data submitted to us for the purpose of subscribing to our email marketing and newsletters. This is known as notification data and is processed under the legal basis of consent.
    6. We may process data for direct marketing purposes to some categories of individuals, for example commercial contacts, and to individual clients of the business before the new General Data Protection Regulation came into force on 25th May 2018. This notification data is processed under the legal basis of our legitimate interests, which are to further our commercial interests.
    7. Whether notification data is processed under the legal basis of consent (as set out in point 2.5) or legitimate interests (point 2.6) for the purpose of direct marketing, you have the right to withdraw from such processing at each instance, and will be given an opportunity to do so each time.
    8. We may process data submitted to us in any correspondence you have with us. This is known as correspondence data, and may include content and metadata associated with the communication. Our website will automatically generate metadata associated with correspondence made using its contact forms. This data may be processed in order to respond to your correspondence, and for record-keeping. This processing is executed under the legal basis of our legitimate interests, in carrying out our obligations to respond to correspondence, and to administer our business and communications effectively.
    9. We may process any personal data identified in this policy, where necessary, for the purposes of establishing, exercising, or defending legal claims. The legal basis for processing this data is our legitimate interests in protecting and asserting our legal rights, your legal rights, and those of others.
    10. We may process any personal data identified in this policy, where necessary, for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. This is under the legal basis of our legitimate interests, namely providing the business with proper protection against risks.
    11. We may also process any personal data where such processing is necessary to comply with legal obligations to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
    12. You should not supply the personal data of another person, unless prompted to do so by us.
  3. Third parties and your personal data
    1. We may disclose your personal data to our insurers or professional advisers insofar as is reasonable and necessary in order to obtain or maintain insurance coverage, manage risks, obtain professional advice, or for the establishment, exercise, or defence of a legal claim.
    2. We may disclose your personal data to our suppliers or subcontractors, insofar as reasonably necessary to carry out the obligations stated in a contract between you and ourselves.
    3. We will share transaction data with our payment service providers, WorldPay, only to the extent required to processing, refunding, and handling queries and complaints in regards to payments. You can find WorldPay’s privacy policy by clicking here.
    4. We may disclose your personal data where such processing is necessary to comply with legal obligations to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
  4. Personal data retention and deletion
    1. Personal data shall not be kept for longer than is necessary for the purposes outlined in this privacy policy. Where possible, we have outlined our retention timeframes below:
      1. For direct marketing purposes, we will retain your data indefinitely unless you revoke consent.
      2. To uphold our contractual and legal obligations for those who have instructed us, we will hold your service data for a number of years upon completion of our service to you. The retention period is outlined in our client care letter to you.
      3. Transaction data will be retained for seven years to maintain our contractual and legal obligations.
      4. Enquiry and correspondence data will be retained until we have responded. This will then either form part of a wider dataset as part of processing to fulfil a contract and deliver a service, or will be deleted unless opted-in to our direct marketing.
    2. We may disclose your personal data where such processing is necessary to comply with legal obligations to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
  5. Your rights
    1. Under the General Data Protection Regulation (GDPR), your data protection rights are the following:
      1. the right to access;
      2. the right to rectification;
      3. the right to erasure;
      4. the right to restrict processing;
      5. the right to object to processing;
      6. the right to data portability;
      7. the right to complain to a supervisory authority; and
      8. the right to withdraw consent.
    2. You have the right to confirmation as to whether or not we process your personal data, and access to that data if we do, together with certain additional information. That additional information includes details of why we are processing that data, the categories of personal data concerned, and the recipients of the personal data.If access is requested, and provided that the rights and freedoms of others are not infringed, we will supply a copy of your personal data. The first copy will be free of charge, however additional copies may be subject to a reasonable fee.
    3. You have the right to have any inaccurate personal data rectified, and subject to the purposes of processing such data, to have any incomplete personal data about you rectified.
    4. In some circumstances, so long as the processing of data is not necessary, you have the right to have your personal data erased without undue delay. This includes the following:
      1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
      2. you withdraw consent to consent-based processing including direct marketing;
      3. you object to the processing under certain rules of applicable data protection law; and
      4. the personal data have been unlawfully processed.
    5. In some circumstances, you have the right to restrict the processing of your personal data.Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.The circumstances to restrict are:
      1. you contest the accuracy of the personal data;
      2. processing is unlawful but you oppose erasure;
      3. we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection.
    6. You have the right to object to our processing of your personal data, but only whereby the legal basis for processing the data is for the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of legitimate interests pursued by us or a third party.If such an objection is made, we will cease to process the personal data unless we can demonstrate compelling legitimate grounds for processing your data that overrides your interests, rights, and freedoms, or that the processing is for the establishment, exercise or defence of legal claims.
    7. You have the right to object to our processing of your personal data for direct marketing purposes, including profiling for direct marketing purposes.
    8. You have the right to object to our processing of personal data for statistical, scientific, or historical research purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
    9. You have the right to receive your personal data from us in a structured, commonly used and machine-readable format so long as the following conditions are met:
      1. the legal basis for our processing of your personal data is consent;
      2. the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
      3. such processing is carried out by automated means;
      4. it does not adversely affect the rights and freedoms of others.
    10. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
    11. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
    12. You may exercise your rights expressed in this section by written notice to our offices, or by email to info@dbsplus.co.uk.
  6. Cookies
    1. A cookie is a file that contains an identifier, a string of letters and numbers, that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
    2. Cookies may either be “persistent” (stored and valid until deleted or expired) or “session” (expire when the user session on the web browser ends) cookies.
    3. Cookies do not typically contain any information that personally identifies a user, but personal data that we store about you may be linked to the data stored in, and obtained from, cookies.
    4. We use the following cookies:
      1. exp_last_visit – Sets the time that the user last visited the site.
      2. exp_tracker – Tracks the last five pages viewed by the user. We use it primarily to redirect users after logging in.
      3. exp_last_activity – Sets the time of your last user activity on our website. We use it to determine the expiry of cookies.
      4. exp_sessionid – Generates an ID when you log in to the site to ensure that we can continue to recognise you once you are logged in. Applies only to members of the website.
      5. exp_uniqueid – Helps identify the computer when logging in to the website. Only applies to members of the website.
      6. exp_userhash – The encrypted password of the currently logged in user.
      7. exp_anon – A flag set by the user to determine if they are listed in the online users.
      8. exp_expiration – Determines the length of session for a logged in user.
    5. We use Google Analytics to create reports and analyse the use of our website. It uses cookies to provide that service. Google’s privacy policy can be found by clicking here.
    6. Most browsers will allow you to refuse and delete cookies. To find out how, click on your chosen browser here.
      1. Google Chrome
      2. Mozilla Firefox
      3. Opera
      4. Internet Explorer
      5. Safari
      6. Microsoft Edge
    7. Blocking all cookies may have a negative impact on the usability of many websites, and you may not be able to use all the features on this website.
  7. Our details
    1. This website is owned and operated by DBS Law.
    2. We are registered in England and Wales, with the company registration number 11426547, and our registered office is DBS Law, 69 Steward Street, Birmingham, B18 7AF.
    3. You can contact us:
      1. by post, to the registered office named above;
      2. by using our contact form on the website;
      3. by calling 0800 157 7055;
      4. by emailing info@dbsplus.co.uk.
  8. Data Protection Officer
    1. Our data protection officer is Parveen Attri.
    2. You can contact our data protection officer through the contact details in section 7.