top of page

PRIVACY NOTICE

Privacy Notice – SEN Legal

Introduction

This privacy notice tells you what we do with your personal data when you contact us or use our services.

If you have any questions about how we use your personal data or believe any of your rights have been infringed, please contact our Data Protection Officer.

This privacy notice was last updated August 2024.

Our contact details

Name: SEN Legal Ltd

Address: Units 3 – 4 Forbes Business Centre, Kempson Way, Bury St Edmunds, IP32 7AR

Phone number: 01284 723 952

Enquiries email address: customerservices@senlegal.co.uk

Website: www.senlegal.co.uk

We are the “Data Controller” of your personal data. This means we have decided how and why your personal data is used.

 

We are registered with the Information Commissioner’s Office [ICO]. Our registration number is Z6481249.

Our Data Protection Officer contact details

Our Data Protection Officer can be contacted by telephone on 01284 723 952 or by email at accounts@senlegal.co.uk

How we get your personal data

There are various ways we may collect your personal data, which include:

Directly – This means you have given us your personal data, for example when you contacted us to enquire about our services, to engage us for a particular service, to apply for a job with us, to sign up to our marketing messages.

Indirectly - This means someone else has given us your personal data, or we have sourced it from information you have made public, or we have inferred information about you. For example:

  • Companies House

  • Local Authorities

  • NHS

  • Educational settings

  • Independent Advisory Services

 

We also collect personal data about you automatically. This is done when you visit our website, and we collect your IP address and other information from the cookies that are deposited on the device you are using. You can control which cookies are deposited to your device and you can change your settings at any time you wish. To find out more about the cookies we use, please read our Cookie Policy.

Personal data we collect about you

Personal data is any information that relates to a person who is or can be identified from it. We will collect and use some or all the following types of personal data:

  • Name

  • Telephone number(s)

  • Email address

  • Home address

  • Work address

  • Work telephone number(s)

  • Work email address

  • Child/young person name

  • Child/young person date of birth

  • School name(s)

  • Name of Local Authority

  • Name of NHS Hospital attended

 

How we use your personal data

We need your personal data to allow us to:

 

  • To deal with your enquiry

  • To deal with complaints

  • To provide legal advice

  • Create cards/matters on our secure case management system

 

If our purposes of processing change

We will only use your personal data for the purposes set out above, unless we reasonably consider that we need to use it for another purpose that is compatible with any of the above. If we need to use your personal data for an unrelated purpose, we will always inform you about this and explain the GDPR lawful ground which allows us to do so.

The GDPR lawful basis we rely on to collect and use your personal data

We can only collect and use your personal data when we have a lawful basis to do so. The lawful basis we rely on depends on the reason we need your personal data, which are set out above.

Generally, our lawful basis will be one of the following:

 

  • Legal obligation

  • Contractual obligation

  • Consent

  • Vital interest

 

Consent

When we rely on consent you will always have the choice to provide your personal data and there will be no detriment to you should you decide not to give your consent. If you have given us your consent to process your personal data for a specified reason, you can always withdraw that consent later.

 

Contractual Obligation

This means at your request we have entered into a contract with you or have taken steps to be able to enter into a contract with you, for example to respond to your enquiries about our services and to deliver our service to you if you engage us for one of our services.

 

Legal Obligation

There are times when we must process your personal data for us to comply with a legal or regulatory requirement. In these cases, we will usually rely on the “legal obligation” lawful basis as the processing is necessary for use to fulfil our legal obligation to which we are subject to. For example:

  • We have a legal obligation under finance and tax laws to keep certain information relating to payments and tax.

  • We have a legal obligation to provide the police or other law enforcement body with information if they are investigating a potential crime.

Vital Interests

In rare situations, we might need to share your personal data with the emergency or care services if we believe it is in your ‘vital interests’, or those of another person (i.e., a vulnerable person or a child), to do so. For example:

  • if you are taken ill, or

  • if any safeguarding concerns are raised.

Am I under a Contractual or Legal obligation to provide my personal data?

If you are not able to provide the specific personal data that is required to meet either a contractual or legal obligation we have with you, we may not be able to continue our contract with you.

The GDPR conditions we rely on to collect and use your special category personal data

When we collect and use personal data that falls under the GDPR definition of special category personal data (e.g. health data, racial or ethnic origin data) we need to identify a GDPR condition to allow us to process your special category personal data. This is in addition to the GDPR lawful basis which is set out above.

We generally only require special category personal data to allow us to provide legal advice to you and to progress legal cases.

 

The condition we rely on to collect and use your special category personal data is Explicit Consent.

Explicit Consent

Similar to the lawful basis of consent, you always have the choice to provide your special category personal data and there will be no detriment to you should you decide not to. We will always ask you to consent to providing special category personal data separately from any other consents we ask and we will clearly specify the type of special category personal data we are asking you to provide.

Data Sharing

We will only share your personal data with other organisations when required to by law or when GDPR allows us to do so. 

We may share your personal data with the following types of organisations:

 

  • Local Authorities

  • NHS

  • Educational placements

  • Independent experts

  • Barristers

  • UK Courts and Tribunals

 

Data Processors

There may be times when we need to work with other trusted businesses to help us process your personal data along your journey with us. These other businesses are known as “data processors” as they are acting on our behalf and under strict instruction from us on what they can and cannot do with the personal data.

When we do use other businesses to process personal data on our behalf, we always ensure we have appropriate UK GDPR compliant contracts in place with each one.

A data processor is not allowed to do anything with your personal data other than what we have instructed them to do with it. They will not share your personal data with any other business apart from us unless they are required to do so by law. They will hold it securely and retain it for the period we instruct.

We use the following data processors:

  • ID-Pal

 

Transferring personal data outside of the UK

Sometimes it is not possible for us to process and store your personal data solely in the UK. When your personal data does need to be transferred or stored outside of the UK, we make sure we comply with the specific requirements set out in UK GDPR for us to undertake this. Data stored in another country is only accessible by our staff in the UK and the technical support staff of where the data is stored.

We will only transfer personal data outside of the UK when one of the following GDPR provisions are in place to safeguard your personal data:

  • an “adequacy decision” is in place with the country where the personal data is being transferred to;

  • an “appropriate safeguard” as set out in UK GDPR is in place - these include using Standard Contractual Clauses and the UK’s International Data Transfer Agreements; and

  • an “exception” as set out in UK GDPR can be relied on if there is no adequacy decision or appropriate safeguard in place, for example, we could rely on your explicit consent to make the transfer of personal data.

How long we keep your personal data

We only keep your personal data for as long as is necessary for us to fulfil the purposes we collected it for. We keep your personal data for 7 years.

 

Your rights

Depending on the purpose and GDPR lawful grounds we rely on for processing your personal data, there are various rights available to you. You can:

  • request access to the personal data we keep about you and be given specific information about the processing - this right always applies regardless of the processing activity we undertake.

  • request we rectify personal data we hold about you if you believe it to be inaccurate - this right always applies regardless of the processing activity we undertake.

  • request us to delete your personal data - this right only applies in specific circumstances; this means we don’t always need to comply with this type of request.

  • request a restriction of the processing of your personal data - this right only applies in specific circumstances; this means we don’t always need to comply with this type of request.

  • object to the processing when we have relied on the “legitimate interest” lawful ground to undertake the processing activity and you believe we have infringed your rights - we don’t always have to comply with such objections if we can demonstrate compelling grounds to continue with the processing.

  • transfer your personal data from us to another service provider or give it to you - this right only applies to personal data you have given to us and when the processing is based on your consent or contractual basis and the processing is automated.

 

We do not undertake any solely automated decision making, including profiling, about you.

To find out more about the rights that apply to individuals under GDPR please refer to the guidance on the Information Commissioner’s Office website - https://ico.org.uk/for-the-public/.

If you want to exercise one of your rights, please contact our Data Protection Officer. We shall respond to a valid request within one month of receiving it.

 

How to make a complaint about us to the Information Commissioner’s Office

If you are not happy with how we are processing your personal data, or you believe we have not dealt with one of your rights correctly you can make a complaint to us at customerservices@senlegal.co.uk.

 

If you, after following our complaints process, you are still not happy with how we use your personal data you are entitled to make a complaint to the ICO. The ICO has several ways in which you can get in touch with them, including post, email, and online forms. For full details how to make a complaint please refer to their website - https://ico.org.uk/make-a-complaint/.

 

Changes to our Privacy Notice

We keep our Privacy Notice under review to ensure it remains accurate and up to date and we reserve the right to modify it at any time.

bottom of page