Privacy & Cookie Policy

Last Reviewed: 1st March 2024

Who Is Holding Your Information

Caytons Law LLP

‘Caytons’ is the trading name of Caytons Law LLP which is a limited liability partnership registered in England and Wales (Companies House No. OC430379) and registered office at 10A Tower42, 25 Old Broad Street, EC2N 1HQ.

ICO registration number is ZA643615

For enquiries please contact: DPO@caytonslaw.com

Caysure Digital Limited

A company registered in England and Wales with company number 09801397 and registered office at 10A Tower42, 25 Old Broad Street, EC2N 1HQ.

ICO registration number is ZA216195

Caysure Digital Limited are ISO 27001:2022 Certified

For enquiries please contact: DPO@caysure.digital

Our Values About Personal Information

We promise respectful treatment of the personal information of everyone we have contact with.
This Policy explains how we do that, when and why we collect information, how we use it, the situations when other people can see or use it, and how we keep it secure.
We have split this Policy into sections, depending on who you are.

  • Section A is for everyone and includes information about cookies on our websites.
  • Section B is for you if you are or work for a potential client.
  • Section C is for clients.
  • Section D is for you if we have information about you purely because we are providing services to a client – third party information.
  • Section E is for you if you are a supplier.

Section A – For Everyone

This Privacy Policy is up to date from the date above. We keep this Policy under regular review, and we may revise it as time goes on. Please check from time to time to make sure you’ve got the latest information.

Words or phrases with special meaning

In this Policy, there are words and phrases that have a specific meaning or that we are using in a special way. They are:

  • “personal data” is any information about an identifiable living human being.
  • “process” means we “process” your personal data when we do anything with it, which might include:
    collecting, recording, organising, storing, adapting, altering, retrieving, using, combining, disclosing, or
    deleting it.
  • “special category data” is personal data that reveals racial or ethnic origin, political opinions, religious
    or philosophical beliefs, trade union membership, sex life or sexual orientation, health, genetic or
    biometric data.

Our General Approach To Personal Data

We are committed to protecting your privacy and honouring your legal rights to control how we use your personal data.

We only collect and use personal data when we need to

  • because you have asked us to do something, for example, send you information;
  • so that we can reply to queries or complaints;
  • to develop and manage our business relationships;
  • to help grow our business and fulfil our contracts;
  • to provide services to clients;
  • to meet our legal obligations.

We try to make sure the information we hold is accurate and up to date, and is no more than we need
to have.

If we are processing information about you purely because we are providing services to others, please
see Section D below. Please note that your rights may be subject to applicable exemptions as our
services include the provision of legal advice and supporting the establishment, exercise or defence of
legal claims.

If you have any questions or concerns about our use of your information, or how we have responded to
any request about your personal data, please take it up in the first instance by emailing DPO@caytonslaw.com.

If we cannot sort it out, the official authority in the UK is the Information Commissioner, and you can
raise your concerns with them by contacting them.

Special Notes And Exclusions Arising From The Nature Of Our Business

The statutory data protection regime recognises the special situation where processing is necessary for the establishment, exercise or defence of legal claims. This is relevant for much of the processing that we do.

This means that we may be obliged to disclose personal data:

  • during the course of giving legal advice;
  • when exchanging documents with other parties to litigation;
  • in response to court orders and under the Civil Procedure Rules;
  • to facilitate the smooth running of legal proceedings.;
  • in compliance with our obligations under the Code of Conduct of the Solicitors Regulation Authority.

We may also be prevented from giving individual data subjects access to information where that would
prejudice a legal case or ongoing legal work or an appeal.

This Policy cannot and does not waive client or third party rights of privilege and confidentiality, and is
subject to those rights.

However, please be reassured that we operate under strict confidentiality obligations, and maintain strict
security protocols with respect to data we hold.

Cookies On Our Website

We use cookies to enable us to benefit from certain analytics to understand how users use our website and improve our service. You can disable these cookies by using the CookieFirst pop up in the bottom left of this website

None of this results in us contacting you or monitoring you in any personal or individual way.

To learn more about cookies, including how to disable them, view http://www.allaboutcookies.org/ or https://www.aboutcookies.org/.

Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our site

Contacting You

If you submit information to us using our website, the information you submit will be sent to the appropriate person to respond to you.

We ask our own team to research and contact potential corporate clients from time to time. We are not a hard-sell organisation. This is normally because you have requested a call, or because we are actively trying to let you know about something you may benefit from.

Social Media

We have a presence on LinkedIn. Click the name of the platform for a link to their privacy policy.

If you ‘like’ any of our posts or ‘follow’ us, we can make ourselves aware of who you are from the information that you publish in your profile. Your information is held by the platform and is subject to their data policy – we don’t control that. You can find a link to the privacy policy by clicking on their name above.

Your replies to us, messages you send us, and your other activities linked to our posts may be seen by members of our staff. Our staff are under professional obligations of confidence and are contracted to obligations of confidentiality.

Who Can See Or Use Your Data

We do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes.

We will share your data as necessary to determine your legal issues and process and evaluate any claim you may have or be defending.

This will be with solicitors and counsel, the courts, expert witnesses, your insurance broker and insurers, the tax authorities where relevant, the appropriate tribunals, courts, mediators and other bodies or people needed to advise you and determine your claim. In the event of formal proceedings, we will also be sharing data in accordance with obligatory disclosure requirements.

Data Location & Platforms

We hold claims management and litigation files on servers hosted in the UK.

If your claim comes under the jurisdiction of the Irish courts, your information may be accessed in our Irish Office.

We have chosen mainstream suppliers with appropriate security standards.

Special category data, about your health, orientation, beliefs etc, is only held by us as part of providing legal advice or claims management or data processing to support such a process.

People

Caytons use Caysure Digital Limited to provide computerised claims management support to facilitate our work and to maintain our IT systems. They work under a written data processing agreement and are under obligations of confidentiality.

Other support services have limited access to your data – only where the service they provide to us means they need it.

We actively monitor for any potential breaches.

Your information/advice is held in the strictest confidence and in accordance with our contracts and security rules.

Data Retention – How Long Do We Keep Your Data For?

Potential Clients

We find that people come back to us a long time after our initial contact, and sometimes after things have been quiet between us for a very long time. However, we do like to be able to respond appropriately and intelligently to long-standing connections, so we keep a list of who we have contacted and notes of what we discussed.

Clients & Suppliers

We have a long-term and discreet relationship with most of our clients. We also offer legal advice and support. For that reason, we retain information for 10 years from the last point of contact. This allows us to have financial records going back far enough to satisfy HMRC, and advice records going far enough back to satisfy our insurers and professional obligations.

Want To See What We Hold On You?

If you want to know what information we have about you (if any), email DPO@caytonslaw.com and give us your name, email address(es), and other identifying information we may request to ensure that it is your information we are looking for. Provided we can legitimately disclose the information to you (see Section D), we will search and let you know what we hold.

What Are Your Rights?

You have the right to know what information we have about you, and to amend it if it is inaccurate.

If you believe we have information about you that we should not be keeping, or it is out of date or otherwise wrong, please let us know and we will take appropriate action.

Your rights with respect to your personal data are, in summary, to be informed what processing is taking place, to have access to your data, rectification, erasure, restriction, portability, objection, and relating to automated decisions.

Our Basis Of Processing

The information we collect and hold is based on our needing the information to run our business and provide services to our clients either under a contract with that client or because we have a legitimate business interest in processing your data.

In a few situations, we are processing personal data because we are under a legal obligation to do so. This includes our business, accounting and tax records.

You have a “right to be forgotten” – but that does have some legal limits to it. If you want us to remove information about you, let us know. We may not be able to remove all data as we will have to ensure that we can continue to comply with legal, accounting, taxation, insurer and professional supervisory
body requirements.

If you want to know what information we have about you (if any), email us at the email address set out above and give us your name and email address(es) and other identification data we may request so we can be sure we are searching appropriately in our systems.

Section B: Potential Clients

Most of the information we process comes from you. It comes directly from you, or in some cases through your insurance broker or insurer who will have notified you that they intend to use us to assess your claim or represent you.

That information will be stored in our email system and on our claims administration system.

We use Microsoft Outlook email and our emails are held in the UK. Those emails form part of our records with you and are kept in accordance with our Data Retention policy.

Some departments record phone calls. If you are speaking to a department that does, you will be informed by a recorded message that plays before you start speaking to our team members. This is done to ensure an accurate record of the calls and the advice you were given.

Depending on the nature of your legal situation, we may sometimes need to collect special category data on health, or other more personal aspects. This is only done where the legal situation indicates this is necessary and such data is only used to properly determine a claim and where necessary
represent you.

We keep a small database of potential corporate clients and contacts.

Section C: Clients

Once you become a client, we will collect further information from you.

We process your data to support the delivery of our services. We keep records of the advice and services provided to you, and information you give us, so we can support you when needed and advise you of any additional services you may need or may be appropriate for you.

Third Party Data

As well as your own personal data, we understand that you may need to provide us with personal data relating to your employees, your clients, your associates and intermediaries or third parties – depending on the services we are providing to you. This may necessarily include special category data such as health-related data in order to properly assess and manage a claim. We maintain high levels of security and confidentiality with respect to data
you supply to us.

Financial

When you pay us by BACS or direct transfer, we receive limited information about you from our bank, usually the name of the person who paid us and how much and the reference number. If we need to transmit funds to you, we keep the information you provided for us to send funds to your account.

Section D: Third Party Information

When we are processing data about you because it is necessary for us to do so to provide services to a client, depending on the circumstances we may be acting as ‘data processor’ (and operating under the banner of our client’s data privacy policy), or we may be ‘data controller’ (and operating under our privacy policy).

If our client is the data controller, we will act as directed by them under the contract we hold with them and follow their data processing instructions.

If we are the data controller, we will act in accordance with your statutory rights, subject to the exclusions and exemptions that may well apply in the circumstances of our processing of your data in the course of giving advice and providing legal services to our client, or where our processing is necessary for the establishment, exercise or defence of legal claims.

However, please be reassured that we operate under strict confidentiality obligations and maintain strict
security protocols with respect to data we hold.

Section E: Suppliers

We collect information on potential and actual suppliers. This is mostly provided by you, but we do add to it the same kind of data we use for potential clients (see above).

If you become a supplier we keep a copy of the contract between us and your bank details so we can pay you. We also keep a record of invoices/payments for accounting purposes.

We keep a record of the work you undertook for us along with any comments, reviews or suggestions about that work including complaints (if any) and their resolution.

This information is all needed to manage the contract between us, support our client relationships, and manage our supply chain.

In Conclusion

If you have any queries or comments about our handling of your personal data, please email us at DPO@caytonslaw.com.