Privacy notice - Client

Privacy notice – Client

  1. Introduction

BBP Legal Limited (Company registration Number 09541133) of 15 Northumberland Street, Morecambe, Lancs. LA4 4AU is the Data Controller and is committed to protecting the rights of individuals in line with the Data Protection Act 1998 (DPA) and the General Data Protection Regulation (GDPR). This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when we collect and process your personal data.

Our Data Protection Officer, Nicola Codd, is responsible for the data we hold. If you have any questions regarding this notice or the data we hold about you, please contact her by email at the following address;

  1. What information do we collect about you?


  • Personal data

We process your personal information to enable us to provide you with legal services and to meet our legal, statutory and contractual obligations. We will keep your personal data confidential and use it only to enable us to act in your best interests and carry out your instructions. We will not collect any personal data from you we do not need in order to provide and oversee this service to you.

‘Personal data’ means any “information relating to an identified or identifiable natural person (‘data subject’)” In simple terms, information that can be used to identify who you are.

The personal data we collect from you may include:

  • Name, address, date of birth
  • Telephone numbers and email addresses
  • IP address, mobile device lD’s, social media posts
  • Financial details
  • National insurance number
  • Gender and nationality
  • Occupation
  • Personal identity documents, such a Passport or Driving Licence
  • Medical records and details of medical conditions


  • Special category data

Special categories of personal data (sensitive personal data) relate to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

The special categories of data we collect from you for the purposes of acting on your behalf or dealing with a legal matter, may include:


  • Medical information
  • Information relating to children in Personal Injury, family or other legal matters
  • Information relating to sex life or sexual orientation in Family legal matters
  • Ethnic origin or race, when applicable to a legal matter
  • Any other special category data, where specifically required for the purpose of carrying out a legal contract at your request

In order for us to process your special category data we would need to establish a legal basis for doing so. We would not process your sensitive data unless:

  • you gave us your explicit consent to do so or
  • it related to sensitive data which you had already made public or
  • the processing was necessary in order to protect your vital interests and you were physically or
  • legally incapable of giving consent
  • where it is necessary for reasons of substantial public interest
  • where there is some other legal basis that allows us to use the information.

You are free to withdraw your consent at any time. If consent is withdrawn you may have the right to have your personal data erased and it will no longer be used for processing, subject to provisions in the GDPR.


  1. How will your information be used?

We will use your data to:

  • provide you with legal services you have requested from us
  • fulfill our contractual obligations to you
  • obtain further information about you or a company you represent
  • fulfill any compliance or legal obligation to which we are subject
  • verify your identity
  • process your payment details
  • collect and recover monies owed to us


  1. What is the legal basis for processing your personal data?

We may lawfully process your personal data where we have a lawful basis for doing so. Lawful bases include holding and using your data to fulfil our contractual obligations to you or to ensure your contractual obligations to us are met, to enable us to comply with our statutory and regulatory obligations or where we (or a third party to whom you disclose it) have a legitimate interest in holding and using your information. In all cases we will consider your legitimate interests, rights and freedoms.



  1. Sharing and disclosing your information

We may share your information with other professionals such as Solicitors, Barristers, Experts, Accountants, Banks, Building Societies, Estate Agents, Licensed Conveyancers, Insurance Companies or other third parties who are acting on your behalf in connection with the matter for which we are providing legal services to you. We regard such processing of personal data as lawful processing as it is linked to the performance of our contractual obligations to you or for compliance with a legal obligation to which we are subject.

We require all third party service providers to keep your personal information confidential and to use it only for specific purposes and in accordance with our instructions.

We may use or share any of your personal data which you made public for purposes of communicating with you. We regard such processing of personal data as lawful processing as it is held on publicly accessible databases, registers or lists and its use by us will be compatible with the reasons that justify its presence on such databases, registers or lists.

It may be necessary to share your personal data with credit reference agencies, fraud prevention agencies, the Solicitors Regulation Authority, National Crime Agency, Serious Fraud Office, Information Commissioner’s Office, Legal Aid Agency and other regulators and authorities who require reporting of processing activities under certain circumstances.

We will not use, share or transfer any information that you provide to us other than to send you information about our services that we consider relevant to you, subject to your express consent to hold and use your information for such purposes.


  1. Data transfers to third countries and the safeguards in place

Third Countries are any countries outside the European Union and the European Economic Area for whom the GDPR does not apply. Some of these countries do not have adequate data protection controls.

We will not transfer your personal data to third countries without:

  • advising you of the risks involved and
  • your explicit consent to the proposed transfer.


  1. How long will your information be held?

We will keep your personal data for no longer than is necessary for the above specified purposes. This is likely to be a minimum period of 6 years after which time it will be confidentially destroyed. In some cases data is kept for a longer period of time to adhere to the Limitation Act; a copy of our Data Retention Schedule is available upon request. Where we are relying solely on your consent we will keep your personal data until you either:

  • withdraw your consent or
  • we no longer consider it necessary to keep your personal data, whichever occurs first.

This is subject to our obligations to adhere to any overriding legal requirements.


  1. Automated decision making

We do not use automated decision-making processes.


  1. Your rights

You have a right to access the personal information we hold about you. This includes your right to:

  • know what personal data we hold about you
  • know with whom we have shared/or will share your personal data with
  • know how long we will store your personal data
  • object to the processing of your personal data
  • ask us to stop using/storing the information we hold about you where it is inaccurate, where we no
  • longer need to use the information or where there is no lawful basis for us to continue to process it*
  • ask us to erase the information we hold about you. (The right to be forgotten)
  • ask us to transfer your data to you or another person in a secure and structured machine-readable format.

Any requests or objections should be made in writing to:-

Data Protection Officer

*We will stop using/storing your information unless we can demonstrate why we have a legitimate business interest which overrides your interests, rights and freedoms.


  1. Security of your information

We take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure, loss or destruction. All our information is stored on secure servers in the UK or on cloud-based services in the European Economic Area. We have several layers of security measures in place including a hardware firewall to prevent unauthorised access and anti-virus software, daily data back-ups, encryption of sensitive data, password protection and confidential shredding.


  1. How to make a complaint

If you are unhappy with the way in which your personal data has been processed you may in the first instance contact Nicola Codd, our Data Protection Officer using the contact details above, or email

If you remain dissatisfied then you have the right to apply directly to the Information Commissioner for a decision.

The Information Commissioner can be contacted at:-

Information Commissioner’s Office

Wycliffe House

Water Lane





The ICO helpline number is: 0303 123 1113.