Copious Law (T/A TenancyDepositClaims.co.uk) understands that protecting personal information and data is very important.
The purpose of this POLICY is to explain when, why and how Copious Law collect personal information and data and, more importantly how it is used. In addition, Copious Law explains the conditions which they adhere to for disclosure to others but also how they maintain its security.
All prospective and actual Clients should read this policy together with the Terms of Business which outline further detail regarding Copious Law’s professional duty of Confidentiality. This Policy applies to all potential and actual Clients if personal information has been supplied to them, even if these individuals decide not to proceed with any service they offer.
This notice does not apply to any websites that may have a link to Copious Law.
Who we are:
TenancyDepositClaims.co.uk is a trading style of Copious Law Ltd. Copious Law is a Recognised Body, authorised and regulated by the Solicitors Regulation Authority under number 833570.
Data is collected, processed, and stored by Copious Law, and they are known as the “data controller” of the personal information provided to them. They will handle and store personal information in line with the statutory legal framework, including the General Data Protection Regulation and the Data Protection Act 2018.
The Data Protection Officer is Anthony James Wilson who can be contacted by email at firstname.lastname@example.org
Alternatively, you can write to him at Data Protection Officer, 9/10 18 Clock Tower Park, Liverpool, L10 1LD.
This website and non-reserved legal services are not appropriate for children, this is because any legal work undertaken on behalf of children is usually supplied through their parent or guardians. If you are a child that requires further information or additional explanation regarding the use of your data, please email email@example.com.
What we need:
The specific information and data needed will depend upon the legal service you require but we only request from you the exact information or data to enable us to support your legal claim and what you contracted us to do.
Type of Data:
There are two types of personal data/information that you may have supplied to us.
- Personal Data: comprising general information about yourself for example your name, address, date of birth, contact details and financial information for example.
- Sensitive Personal Data: comprising your racial or ethnic origin, religion, sexual orientation, political opinions, health data, trade union membership, philosophical views, biometric and general data.
The primary reason personal data is restricted to basic information is to complete anti-money laundering checks and verifying identity in compliance with our professional obligations. In some case the type of claim we are instructed on may require us to ask for more sensitive information.
Sources of Information:
Information and Data comes from many sources such as:
- You may volunteer the information.
- You may provide information concerning someone else.
- Information from third parties to enable us to provide our services.
- Various institutions have data that they release such as:
i. Credit Reference Agencies.
ii. Banks or Building Societies.
iii. Financial Institutions such as Pension Companies.
iv. Digital Marketing companies.
v. Local Authorities, Landlords and Housing Associations.
vi. Finance Companies.
Why do we need it?
The secondary reason is to support us in pursuing your claim by providing as much information and detail as necessary to do this.
The following are some examples, although not exhaustive, of what we may use your information for:-
- Verifying your identity.
- Verifying source of fund.
- Communicating with you.
- Establish funding of your matter.
- Obtaining insurance on your behalf.
- Processing your legal transaction.
- Maintaining financial records and transactions.
- Seeking advice from third parties.
- Responding to complaints or allegations of professional negligence.
Who has access to it?
We have implemented a data protection regime, in accordance with our regulatory obligations, to ensure the effective and secure processing of your personal data. We will not sell your information nor share with third parties for marketing purposes and only use it for the purpose for which it was given.
However, in some circumstances, in carrying out your legal work, we may need to disclose some information to third parties for example:-
- HM Revenue & Customs.
- HM Land Registry.
- Court or Tribunal.
- Defendant Solicitors.
- Instructing independent barrister for advice/representation.
- Non-legal experts for advice or assistance.
- Translation Agencies.
- Contracted suppliers.
- Outsourcing companies.
- External auditors, SRA, ICO, LEXCEL.
- Payment Service companies that process transactions.
- The Financial Ombudsman Service, Financial Services Compensation Scheme, Pension Ombudsman Service, ADR / Mediators.
- Communication providers (e.g. telephone line providers, and email and text/live chat service providers).
- Potential third-party funders.
- Insurance Companies (ATE / BTE).
- Trade Union (BTE).
- Advertisers and social media companies such as Facebook, Google and Twitter.
- Legal or regulatory obligation, such as the prevention of financial crime or terrorism.
- Emergency services if we think you or others are at risk.
In addition to the above, to enable us to provide our services to you, the following third parties provide critical functions to our business and will process your personal information as directed by us and in accordance with strict data security arrangements.
In the event any of your information is shared with the above third parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so.
There may be some uses of personal data that may require your specific consent. If this is the case, we will contact you separately to ask for your consent which you are free to withdraw at any time.
Please also be advised that when you visit this website, cookies will be used to collect information about you such as your Internet Protocol (IP) address which connects your computer or mobile device to the Internet, and information about your visit such as the pages you viewed or searched for, pages response times, download errors etc. We store these cookies on our UK servers. we do this so that we can measure our website’s performance and make improvements in the future. Cookies are also used to enhance this website’s functionality and personalisation, which includes sharing data with third-party organisations.
Sharing your data outside of the EEA
For convenience or as a matter of necessity, where we share personal data for the reasons outlined in this policy, we may transfer it to countries or territories outside the of the European Economic Area (EEA). We may also do so if we decide to use a third party to process personal data for us who are located outside or conduct processing outside the EEA. We make these transfers when we deem it appropriate for the administration of our business, to provide or obtain services from third parties.
Where we transfer data outside of the EEA, we will use a method specified in the GDPR which provides an adequate level of protection for the rights and freedoms of affected persons.
Data Privacy and security
We take the protection of personal information very seriously and will deploy appropriate measures to maintain the confidentiality, integrity and availability of the information you have provided.
Such measures include:
- Company security policies and standards.
- Staff security awareness.
- Role-based and biometric access controls to prevent unauthorised access to the information.
- Encryption and anonymisation technology.
- Anti-malware technologies.
- Security monitoring.
- Security testing.
- Secure archiving and deletion.
- Compliance with industry regulations and legislation.
We maintain a comprehensive data management work programme, which includes processes for ensuring that data protection is a key consideration of all new and existing IT systems that hold personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy. We also maintain an active information security work programme that seeks to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this helps us to:
- Protect against potential breaches of confidentiality.
- Ensure all IT facilities are protected against damage, loss or misuse.
- Secure archiving and deletion.
- Increase awareness and understanding of the requirements of information security, and the responsibility of our colleagues to protect the confidentiality and integrity of the information that they handle; and
- Compliance with industry regulations and legislation.
- Ensure the optimum security of this website
Under the terms of data protection legislation, you have the following rights:
Right to Be Informed
This privacy notice, together with our Cookies Policy, fulfils our obligation to tell you about the ways in which we use your information as a result of you using this website.
Right to Access
You have the right to ask us for a copy of any personal data that we hold about you. This is known as a “Subject Access Request”. Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost. We will send you a copy of the information within 30 days of your request.
To make a Subject Access Request, please write to our Data Protection Officer:
Copious Law Limited,
Clock Tower Park,
Or email firstname.lastname@example.org.
Right to Rectification
You are entitled to have personal data rectified if it is inaccurate or incomplete. If any of the information that we hold about you is inaccurate, you can either:
Contact us on 0151 372 0875 or email:
Contact our Data Protection Officer on: email@example.com
Right to Erasure / Right to Be Forgotten
You have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing. This right only applies in the following circumstances:
- Where the personal data is no longer necessary in regard to the purpose for which it was originally collected
- Where consent is relied upon as the lawful basis for holding your data and you withdraw your consent
- Where you object to the processing and there is no overriding legitimate interest for continuing the processing
- The personal data was unlawfully processed
- Where you object to the processing for direct marketing purposes
Right to Object
You have the right to object to the continued use of your data for any purpose listed above for which consent is identified as the lawful basis for processing i.e. you have the right to withdraw your consent at any time. The continued use of your data for any purpose listed above for which the lawful basis of the processing is that it has been deemed legitimate.
Right to Restrict Processing
You have the right to request the restriction or suppression of your data. When processing is restricted, we can store the data but not use it. This right only applies in the following circumstances.
- When you contest the accuracy of the personal data, we should restrict the processing until we have verified the accuracy of that data
- Where you object to processing (where it was necessary for the performance of public interest or purpose of legitimate interests), and we are considering whether our organisation’s legitimate grounds override your right
- Where the processing is unlawful, and you request the restriction
- If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim.
If you wish us to restrict the use of your data please contact our Data Protection Officer at firstname.lastname@example.org
Right to Data Portability
In some cases, you may be able to request for your information to be provided to you or to another company in a format that can be processed electronically by you or the other company. If you want to request this, you will need to contact us.
Rights Related to Automated Decision-Making
If you would like to object to automated decision making without any individual involvement, and to the profiling of your data, please contact our Data Protection Officer at email@example.com.
There may be occasions when we are unable to delete the data due to our legal or regulatory obligations. We will however discuss this with you if you request for your information to be deleted.
How long do we keep your personal information?
We will typically retain information for a period of 7 years. This is due to regulatory reasons and to ensure our business records are adequate to maintain the requisite levels of insurance to protect our clients and non-clients.
How we collect personal data
The following are examples, although not exhaustive, of how we collect your personal information:
- Sign up to receive one of our newsletters.
- Submitting an online enquiry
- Following / liking / subscribing to our social media channels
- Completing a questionnaire on our website
- Ask us a question, submit any queries, or concerns you have via email or on social media channels
- Post information to our website or social media channels, for example, when we offer the option for you to comment on, or join, discussions
- When you leave a review about us on Trustpilot.com
When we collect your personal data, you will be provided the opportunity to opt in to receiving marketing communications from us. We hope you will provide this information so you find our communications useful but if you choose not to, this will have no effect on accessing our legal services.
As we handle enquiries at different stages, we separate these enquiries in two ways. we will take the following steps:
- Potential Clients: Consent will need to be recorded before being added to marketing campaigns.
- Actual Clients: Legitimate interest will be the legal basis. Relevant marketing communication by email will be sent during the case and once the case has been closed. Clients have the option to exclude themselves from marketing by clicking the unsubscribe link on all our emails, on the telephone or contacting by email or on social media.
Any contacts who have not engaged by opening an email over a period of 6 months will be removed from marketing communications.
Whenever we collect your personal data, you will be given the opportunity to opt in to receiving marketing communications from us. We hope you will provide this information so you find our communications useful but if you choose not to, this will have no effect on accessing our legal services.
We appreciate that you may decide that you do not want us to use your personal data in this way and we will respect that choice. We have a legal obligation under the DPA and GDPR to stop sending you marketing communications if you object. If you do not want us to use your personal data in this way, please: firstname.lastname@example.org or write to me.
How we may use your details
The following are examples, although not exhaustive, of how we may use your personal information for our legitimate business interests:
- Fraud prevention.
- Direct marketing.
- Network and information systems security.
- Data/analytics / enhancing, modifying or improving our services.
- Identifying usage trends.
- Determining the effectiveness of promotional campaigns and advertising.
We may use your personal information for legitimate interests such as direct marketing or under reasonable expectation to provide you with information you would expect to receive or that would benefit and enhance our relationship. This information will help us review and improve our services.
You have the right to object to this processing. Should you wish to do so please email email@example.com.
We use publicly available social media platforms to promote our services, to provide updates and to share any news and promotional updates. We may collect personal information from these social media platforms, for example, if you post a message on our Facebook page.
By providing any of your information to us through these platforms you should be aware that:
- The social media web pages are publicly available, and you must not provide any personal or sensitive information on our pages that are accessible to the public, such as your account information. We may ask you for your account information via a private message to identify you and to service any request you make; and
Other types of advertising
More information about cookies can be found below.
We do not have any control over the advertisements you see on other third-party websites however you can request to opt-out or customise these advertisements by using the Google Ads Preference Manager.
We currently do not record and retain telephone calls.
If you have any questions or queries or wish to raise a complaint on how we have handled your personal data you can contact our Data Protection Officer who will investigate further, using the address or email below:
Data Protection Officer
Anthony James Wilson
Clock Tower Park,
If you are not happy with how we process your personal information you should contact m in the first instance. If you’re not happy with how we have dealt with your complaint you have the right to lodge a complaint with the Information Commissioner’s Office. You can find their details on their website at https://ico.org.uk/