Our privacy and cookies policy
How we are ensuring the security of your data during the time of Covid-19.
In order to protect our staff and ensure that we can continue to offer the same level of care to our clients. Although changes to Covid-19 guidelines we have not yet returned to the office. As a general rule visits to our offices at this time are not possible.
We take our responsibility to your data seriously. We have taken the following additional steps to safeguard your data.
- Access to Leigh Day systems is only possible via our secure Citrix workspace;
- This means that your data remains within the exact same secure systems that it would be in if our staff were in the office;
- Data cannot be removed from the Citrix workspace;
- We have ensured that staff have appropriate equipment to allow them to work from home;
- Staff have been given training in how to maintain confidentiality and data protection whilst working at home;
- We are providing support and guidance to those who require it;
- Our telephone service diverts calls to mobile phones from staff members’ office lines so that you can contact your legal team in the same way that you would normally;
- Where third parties (expert witnesses, barristers and other data controllers or processors) are instructed, information is sent using secure email and file sharing systems, with password protection.
- We have reviewed all of our new services to ensure that they offer sufficient security protections.
If you have any concerns or queries about how we are handling your data during this period, please contact us by email at email@example.com
We are committed to protecting your privacy when you use our services and we ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Our data protection registration number is Z5524826.
Leigh Day collects uses and is responsible for certain personal information about you. When we do so we are regulated under UK Data Protection Legislation We are responsible as ‘controller’ of that personal information for the purposes of those laws.
The personal information we collect and use
When you make an enquiry to us, via our website, in person, by email, letter or telephone we collect the following personal information when you provide it to us:
- contact information including email address and telephone numbers
- other information relevant to your enquiry / case
By submitting your details, you are requesting us to process your personal data to enable us to provide information or assistance, to you and we will use and store your information for that purpose.
How we use your personal information
If you are contacting us about a potential legal case or matter we will use your personal information for the purposes of dealing with your enquiry to:
- consider if we should provide legal services to you in accordance with our procedures for accepting instructions
- provide legal services to you
- help us prevent money laundering
- verify your identity to help us prevent fraud
we may use your personal information for the purpose of dealing with your enquiry to:
- respond to claims, exercise and defend our legal rights
- offer you information about events or services e.g. to send you a brochure about the work that we do
- keep you informed of legal developments
- help us improve our services
If you contact us for a non-case related query we will use your personal information to respond to your enquiry. Depending on the nature of your interest in our firm we may also provide you with information about us, our services and our events.
Our general retention period is six years, from the conclusion of your enquiry or case which we consider a legitimate time period taking into consideration applicable UK law.
If you attend an event or visit our offices
If you attend an event that we host or if you visit our offices we may need to collect some personal data from you in order to provide you with the appropriate level of service.
The data that we may need to collect from you can include:
- Your name
- Your contact details
- Health data , for example additional mobility requirements or food allergies if appropriate to your attendance;
During the Covid-19 pandemic we will also ask you to complete a health declaration.
Who we share your personal information with
We use third parties to provide us with additional services.
These include (but are not limited to):
- IT (including back up) services;
- Marketing automation and email marketing services;
- Out of hours contact support;
If you become a client we may use additional third parties including:
- Off-site archiving and storage facilities;
- ID verification services and money laundering checks;
- Payment services.
If you become a client, there are times that we will have to share your details with third parties in order to investigate or progress your case, to provide you with legal services or to comply with our legal obligations. Examples of third parties in this case would be the other party in your case, medical experts to provide supporting medical evidence and the Court.
We have contractual relationships with all of the third parties who handle your personal data, and use them only to fulfil the service they provide us on your behalf. This data sharing enables us to provide an efficient service to you in order to progress your matter. After your matter has been closed, they are obliged to dispose of the details in line with data protection legislation.
Leigh Day may disclose personal information if required to do so by law or if we believe such an action is necessary to protect and defend the rights, property and personal safety of our company name and its website.
We may on occasion need to transfer your information outside of the European Economic Area (EEA). Countries outside of the EEA do not have the same data protection laws. Any transfer of your personal information outside of the EEA will be subject to an agreement and appropriate safeguards to help protect your privacy rights. If you would like further details please contact our Data Protection Officer.
We take the fair treatment of our staff seriously and zero tolerance for harassment and abuse. We may record your phone call for the detection of harassment and abuse to enable us to investigate and prevent crime.
In the event that our staff may have suffered harassment or abuse by a caller we may pass on a recording of the conversation and your phone number where permitted under data protection legislation (e.g. criminal prosecutions.) Recordings will be automatically deleted after 1 year.
We do not record video calls as standard. There may be times where it is prudent or necessary to record a call, for example, if we are taking a witness statement from you. If this is the case, we will discuss it with you in advance ask your permission to record the call before the recording begins. The length of time we will hold the recording for will depend on the purpose for which the recording has been made.
You have a number of rights. If you want to exercise these rights the process is provided free of charge. In summary, those include rights to:
- The right to be informed about the collection and use of your personal information
- The right to access your personal information
- The right to correct any mistakes in the information which we hold
- The right to erasure of personal information
- The right to restrict processing of your personal information
- The right to move, copy or transfer your personal information
- The right to object to direct marketing
- Rights in relation to automated decision making and profiling.
For further information on each of those rights, including the circumstances in which they apply, see:
If you would like to exercise any of those rights, please email, call or write to our Data Protection Officer. Let us have enough information to identify you (e.g. matter reference, full name, address) and let us know the information to which your request relates, including any account or reference numbers, if you have them.
Keeping your personal information secure
Leigh Day is committed to ensuring that your information is secure. We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Our services are not aimed at children and we are concerned to protect the privacy of children. For matters involving children, the children will be represented by their parents or guardians known as a litigation friend. Where we act in these matters, we shall explain to the litigation friend why we need the information and how it will be used, both when we initially collect the data and as the matter progresses.
Changes to this privacy notice
This privacy notice was published in July 2018 and last updated on 19th January 2021.
We may change this privacy notice from time to time. You should check this policy occasionally to ensure you are aware of the most recent version.
How to contact us
Please contact our Data Protection Officer, if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact our Data Protection Officer, please send an email to firstname.lastname@example.org write to Leigh Day, 25 St Johns Lane London EC1M 4LB or call 0207 7650 1200.
If you are in the European Union, you may address privacy-related inquiries to our EU representative pursuant to Article 27 GDPR:
EU-REP. Global GmbH, Attn: Leigh Day
Hopfenstr. 1d, Kiel, Germany
The GDPR also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at www.ico.org.uk/concerns/ or telephone: 0303 123 1113.
Do you need extra help?
If you would like this notice in another format (for example: audio or large print) or language please contact us (see ‘How to contact us’ above).
How we are ensuring the security of your data during the time of Covid-19 and restricted movement.
In order to protect our staff and ensure that we can continue to offer the same level of care to our clients, we have followed the government’s advice and have moved our staff to home working. Visits to our offices at this time are not possible.