Your privacy is important to us and we are committed to keeping your information secure and managing it in accordance with our legal responsibilities under applicable data protection laws. We are registered with the UK Information Commissioner’s Office (ICO) as a data controller under registration number ZA155749.
Please read this Privacy Statement carefully as it contains important information to help you understand how and why we process any personal information that you give to us.
What does ‘processing’ mean when it comes to personal data?
The term ‘processing’ refers to any manual or automated action performed on personal data. So that includes (but isn’t limited to) collecting it, recording it, organising it, structuring it, storing it, altering it, retrieving it, consulting it, transmitting it, making it available somewhere, combining it, restricting it, or erasing or destroying it.
What information do we collect about you?
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data includes first name, maiden name, last name, username or similar identifier, title, date of birth and gender.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments and other details of products and services you or your business have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Profile Data includes your username and password, purchases or orders made by you or your business, your interests, preferences, feedback and survey responses.
Usage Data includes information about how you use our website, products and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Please note any data about a company or about a person in capacity for a company would not necessarily fall under a data subject or personal information. Should any the of the records held be about a specific company director of a company customer and information/ processing decision does not relate to them as an individual then it will not be deemed personal data and will not fall within the scope for any requests/processing.
Special Categories of Personal Data
We don’t generally process information referred to as ‘special categories of personal data’. So that’s data about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, and so on. We’ll only do this if you give it to us voluntarily, or we need it for a service you’ve asked us for. And wherever we can we’ll keep the collection and use of this type of data to a minimum.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you or your business, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
How we use your Information
We process the info we collect from you to:
Provide to you or your company products and services and to administer your account (including billing you) when we are dealing with your account through our website, in writing or over the phone so we can give you any information or help you ask us for
So we can comply with our legal obligations for the prevention of financial crime and money laundering, include checking your identity, and for any audits we need to do to carry out any duties we’ve agreed to do in any contracts we have with you.
For services and legal services of third party providers on our panel, who we quote or refer on behalf of.
We will process your information in order to meet our contractual obligations to you, where have a legitimate interest to do so, to tell you about products and services you or your business might be interested in so you can use the interactive features of our services when you choose to (like the online chat service on our website) to help us train our people and improve our service to you and where we are permitted by law or to comply with applicable laws and regulation.
|Providing a service and internal processing|
|To assess your needs and provide you with suitable products and services||
· Contractual obligation to provide you with, or a proposal including a costs estimate
· Where special categories of personal data are processed, these are necessary to assess your needs
|To service and administer your matter including billing||
· Legitimate interests to provide and manage the service
|To verify the identity of our clients||· To comply with legal obligations to prevent money laundering|
|To confirm, update and improve our client records||· To comply with legal obligations in the Data Protection legislation|
|To provide you with any information on the services that you have requested||
· To meet our contractual obligation to provide information on the services you have requested
|To manage and develop our relationship with you||· Legitimate interest to service your matter and improve our service to you|
To inform you of products and services that may be of interest to your business(es), where you have chosen to be made aware of this
|Training and development|
|For training purposes and to improve our service to you||· Legitimate interests to improve our services and develop our employees|
|Complying with Legal Obligations|
|To prevent, investigate and prosecute crime, fraud and money laundering||
· To comply with legal obligations for prevention of financial crime and money laundering
|For auditing purpose||· To comply with our legitimate interest to conduct audits|
|If we are obliged to disclose information by reason of any law, regulation or court order||
· To comply with legal obligations
|To transfer information to any entity which may acquire rights in us||· Legitimate interests for commercial interests|
|For any other purpose to which you agree.||· With your consent|
How long we keep your personal information
We follow the laws that apply when it comes to how long we hold on to your personal information. So we’ll destroy it or make it anonymous when we don’t need it anymore.
Our retention periods are:
|Type of Personal Information||Retention Period|
|General personal data which includes your normal personal data, personal identity and personal financial data||· 6 years after the end of our business relationship with you, or the end of your matter which ever comes later|
|Material we need for legal reasons i.e. documents that show we’ve done our ‘due diligence’ to prevent fraud, financial crime and money laundering. That includes things like copies of your passport, driver’s licence, bank statements and any other documents you give us.||· 5 years after the end of our business relationship with you, or the end of your matter which ever comes later|
|Special categories of personal data||· 6 years after the end of our business relationship with you|
|Call recordings||· 3 months|
|CCTV – digital images if you visit our offices||· 90 days|
Who we share your information with
There are a few third-party companies and organisations we might give your information to. They are:
Any company within the LegalZoom Group, for the purposes set out in this notice (information and customer relationship, software and service improvements, to provide you with any information, applications, products or services that you have requested);
our service providers and agents (including their sub-contractors) or third parties which process information on our behalf (e.g. internet service and platform providers, payment processing providers and those organisations we engage to help us send communications to you) so that they may help us to provide you with the applications, products, services and information you have requested or which we believe is of interest to you ;
regulatory authorities, government bodies and any other third party necessary – we might need to do this to make sure we’re following our legal obligations and/ or regulations;
third parties used to facilitate payment transactions;
credit reference and fraud prevention agencies;
insurers – so we can give you the right level of financial cover, or if you make a claim against us;
Our own and our Group professional advisors and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;
government departments like HMRC, Companies House, Local London Authorities and Trading Standards – for legal reasons;
our auditors and external assessment bodies – this is so we can meet any regulatory or quality assurance standards and accreditations we need to, and so we can give you quality services;
third parties for marketing purposes (e.g. our partners and other third parties with whom we work and whose products or services we think will interest you in the operation of your business activities. For example, financial services organisations (such as banks, insurers, finance providers), payment solutions providers, software and services providers that provide business solutions).
We invest appropriate resources to protect your personal information, from loss, misuse, unauthorised access, modification or disclosure. However, no internet-based site can be 100% secure and we cannot be held responsible for unauthorised or unintended access that is beyond our control.
How we keep your data secure
We do everything we can to keep your personal information safe. So we have systems in place to protect it from loss, misuse, unauthorised access, modification or disclosure.
Where we store your personal data
We usually hold your data inside the UK and we will only ever send your data outside of the UK to:
Comply with a legal duty or legitimate interest
Provide our products and services
If we do transfer information outside of the UK, we will make sure that it is protected in the same way as if it was being used in the UK. To do this, we will use one or more of these safeguards:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
If any of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK.
You can find out more about these safeguards on the European Commission Justice and Information Commissioner’s Office (ICO) websites.
If you want to see or change the data we have about you
You have the right to ask us for a copy of the personal information we hold about you.
And if any of it’s wrong, you can ask us to put it right, or delete it. Under certain circumstances you might also have the right to ask us to stop processing your personal information – but this doesn’t apply where there’s a legal or legitimate business reason for us to keep doing it.
If you’d like to do this, please email us or write to Data Protection Supervisor, 130 Old Street, London EC1V 9BD.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
In relation to all of these rights, please write to us at the address below.
If you want to contact us or complain about the way we’ve handled your personal dataYou can contact us by writing to us at:
Data Protection Supervisor, The Formations Company, 130 Old Street, London, EC1V 9BD or at firstname.lastname@example.org
If you are located within the European Economic Area (EEA) and you wish to contact us in respect to any personal data we’ve handled, please contact our EU Representative: Instant EU GDPR Representative Ltd https://legalzoomlimited.gdprlocal.com/eu on email email@example.com and/ or telephone + 353 15 549 700. The EU Representative Dublin address is INSTANT EU GDPR REPRESENTATIVE LTD 69 Esker Woods Drive, Lucan Co. Dublin Ireland.
You can also complain to the Information Commissioner’s Office at any time – go to their website www.ico.org.uk to find out how. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.