top of page

Privacy Notice

Introduction

This Privacy Notice (“Notice”) explains how we may collect and use information that we obtain about you, and your rights in relation to that information. Your use of our online services or your provision of information to us constitutes your acknowledgment of the terms of this Notice. Please do not send us any of your information, if you do not want it to be used in the ways described in this Notice.

We are committed to safeguarding the privacy of information provided to us and information about visitors to our Aria Grace website.

The purpose of this Notice

When you engage with Aria Grace, you trust us with your information. We take privacy seriously and we are committed to protecting the data you provide to us.

This Notice explains when and why we process personal data collected from you or provided to us by third parties, how this data is used, the conditions under which it may be disclosed to others, and how it is kept secure. It also provides you with information regarding various rights you may have in respect of processing of your personal data by Aria Grace.

About Aria Grace

Aria Grace Law CIC (“Aria Grace”) is a legal practice and a Community Interest Company (“CIC”). A CIC is a special type of limited company which exists to benefit the community rather than private shareholders.

The Companies House number for Aria Grace is 13927967 and its registered office is 167-169 Great Portland Street, 5th Floor, London, England, W1W 5PF.

Aria Grace is a Controller of personal data registered with the Information Commissioner under registration number ZA824380.

As a law firm, in most situations, Aria Grace is a Controller. This means that Aria Grace determines why and how the personal data it collects is processed. In very limited circumstances, Aria Grace may act as a Processor, in which case it will process personal data only on the written instructions of another Controller.

Where this Notice refers to “Aria Grace”, “we”, “our” or “us” below, unless it mentions otherwise, it is referring to the subject company that is the Controller of your personal data.

How we collect your data

When we refer to (“personal data”), we mean information that could identify you directly, such as your name, or indirectly by a certain characteristic combined with information we already hold about you.

We may receive information about you from you or third parties, when we are acting for you or a client and we are required to obtain information about you, which is acquired during our activities as a legal practice.

Where we receive information about you from a third party, we will only use that information for the purposes of the legal matter and to comply with any regulatory or legal obligations that we are subject to.

Scope of this Notice

By using and interacting with our website, or by using our services, (including where you register to receive our emails) we collect and process certain information about you.

Information that you give to us

You give us information about yourself when you make an enquiry to Aria Grace, or engage us to provide legal services, or when entering information via our website, opt-in/consent forms, apps or by communicating with us by phone, post, e-mail, live chat, social media or otherwise. It includes additional information that you provide to us during consideration of any legal matter.

Such information may include your name and job title, contact information including email address and/or demographic information such as postcode may be voluntarily provided by you.

Information that we may automatically collect from you

We may also automatically collect information about you which we may observe, detect, or create without directly asking you to provide the information to us. In common with most other businesses, this will mainly include information gathered automatically through your use of our website or services, such as your IP address, telephone number or the pages of our website that you have visited.

Information we may receive from you or other sources

​

  • Personal data

  • Your contact details;

  • Identification information;

  • Financial or billing information;

  • Employment information;

  • Any details from correspondence and information regarding a matter on which we advise our client, including for example:

    • ​Biographical;

    • Personal/circumstantial details.

    • In transactional matters;

    • Law firms, accountants and other professional advisors acting for you where our client is a party.

    • In dispute resolution

      • ​Witnesses, law firms, counsel, experts, and other professional advisors acting for you or for us on your behalf, or for third parties, where you or our client is a party.

    • By customers of financial institutions

      • Banks, building societies and finance companies, where you are their customer/debtor, who are clients of ours or from whom we are given or request information.

    • By clients acting in a representative capacity

    • Personal representatives, attorneys, trustees, deputies, and litigation friends who may provide us with information in connection with a matter including litigation which we are conducting for a client.

    • Recruitment

      • ​Recruitment consultants or Employers who may provide information about you to us in relation to a potential role at Aria Grace.

    • From regulators and enforcement authorities

      • ​Regulatory bodies when making regulatory enquiries. Enforcement authorities when making enquiries into potential criminal offences.

    • Referrals

      • ​Professional advisers who may refer your case or matter to us.

      • Any other introducer of a case or matter to us.


We may supplement the personal data collected from you with information from publicly available sources, such as information to validate your identity or address, or to perform a credit or an identity check.

Information we automatically collect about you

We may automatically collect information about you which we may observe, detect or create without directly asking you to provide the information to us. In common with most other businesses, this will mainly include information gathered automatically through your use of our website or online services. The settings on our website allow you to reject the non-essential cookies.

Please see our Cookies Notice for further details.

Mandatory information

Please note that your provision of documents for identity verification purposes is necessary for us to comply with our legal and statutory obligations. Failure to provide these documents will mean that we are unable to undertake identity verification as required by Money Laundering Regulations 2017, as amended and the Money Laundering and Terrorist Financing (Amendment) (EU Exit) Regulations 2020, and, subsequently, we will not be able to act for you or the organisation instructing us, as applicable.

Types of personal data we process about you

As a law firm dealing with legal matters and cases, we may process a range of personal data about you.

To make it easier to understand the information that we use about you, we have divided this information into categories in the table below and provided a short explanation of the type of information each category covers (please note that not all categories may be applicable to you).

Category and Personal data included in this category

 

  • ​Banking/Billing..

  • Information used to send/receive funds to/from you or that appears on your bill or invoice.

  • Behavioural.

  • Your activities, actions, and behaviours.

  • Biographical

  • Your life experiences and circumstances.

  • Cardholder

  • Your payment card details.

  • Contact

    • ​Information which can be used to address, send, or otherwise communicate a message to you (i.e., email address, postal address, employer name and job title).

  • Correspondence

    • Information contained in our correspondence or other communications with you or about you, or about our products, services, or business.

  • Employment

    • ​Your previous, current, or future employment details.

  • Financial

    • ​Information of financial transactions, history, standing, and forecasts including credit and other references.

  • Geo-location

    • Information which contains or reveals the location of your electronic device.

  • Identification

    • Information contained in a formal identification document or social security or other unique reference relating to you.

  • Insurance

    • ​Your insurance applications, policies and any information relating to your insurance claim.

  • Legal

    • ​Information from public and other records including Companies House, Land Registry, HM Courts & Tribunals Service, Government and Local authorities, Regulators and Enforcement agencies including relating to legal claims made by you or against you or the claims process

  • Monitoring

    • We may record phone or video calls and meetings and retain transcripts of dialogue i.e., live chat conversations, for our records or for training purposes.

  • Sensitive/Special Categories of Personal Data

    • ​Your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, any personal data that relates to your health, sex life, sexual orientation or criminal offences or records or any genetic or biometric data about you.


Why and how we use your personal data?

We may use the information we collect about you in the following ways;

 

  • Where it is necessary for us to perform a Contract with you.

    • We may use and process your personal data where we have supplied you (or continue to supply you) with any services, where we have arranged for the supply of another firm’s services to you, or where you are in discussions with us about a particular matter on which you are considering taking advice.

    • We will use your information in connection with the contract for the provision of services when it is needed to carry out that contract or for you to enter into it.

    • We may also use and process your personal data in connection with our recruitment activities if you apply for a position with us (whether directly or through a third party) or send your details to us on a speculative basis.

  • Where we have a Legitimate Interest

    • We may use and process your personal data where it is necessary for us to pursue our legitimate interests as a business for the following purposes:

      • to carry out our conflict checks to ensure that we can provide our services to you;

      • to enter and perform the contract we have with you or your business (where you are an employee or an owner of that business);

      • to carry out work when instructed by another firm who is representing you;

      • to assess and improve our service to clients or our clients’ customers (where applicable) through recordings of any calls and live chat sessions;

      • to pursue a legal claim on behalf of our clients (including debt recovery);

      • for the prevention of fraud and other criminal activities;

      • to verify the accuracy of the data that we hold about you and to create a better understanding of you as a client and our clients’ customers (where applicable);

      • to create a profile of you based on any preferences you have indicated to us to enable us

      • to decide what products and services to offer to you for marketing purposes;

      • to undertake analysis to inform our business and marketing strategy (this may include the use of your data once it has been anonymized);

      • to inform you about relevant events, products, news updates and announcements you may be interested in;

      • to manage and deliver internal projects for business improvement or network and information security purposes to enable us to take steps to protect your personal data against loss or damage, theft or unauthorized access;

      • to comply with a request from you in connection with the exercise of your rights (e.g., where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists to be able to comply with your request);

      • to assist in the management of queries, complaints or claims;

      • to notify you or your business of changes in the law that might affect you or your business; and

      • for the establishment, exercise or defence of our legal rights.

  • Where required by Law

    • ​Where you engage us to provide our legal services to you, we will need to process your personal data and the personal data of third parties to comply with our legal obligations, for example under the Civil Procedure Rules. We also have a legal obligation to comply with the SRA’s Codes of Conduct, the Law Society of Scotland rules, and the Law Society of Northern Ireland rules.

    • It is also a legal requirement for you to provide us with information to verify your identity in connection with anti-money laundering and criminal financing legislation. We will use that information for the purpose of complying with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, as amended and the Money Laundering and Terrorist Financing (Amendment) (EU Exit) Regulations 2020, (or such other legislation that may replace or supersede these Regulations from time to time) unless we have obtained your consent to use it for any other purpose.

    • We may use and process your personal data to comply with other legal obligations to which we are subject, as follows:

      • ​​for network and information security purposes to enable us to take steps to protect your personal data against loss or damage, theft or unauthorised access;

      • to comply with a request from you in connection with the exercise of your rights (e.g., where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);

      • to assist in the management of queries, complaints, or claims;

      • to notify you or your business of changes in the law that might affect you or your business; and

      • for the establishment, exercise, or defence of our legal rights.

      • to maintain a register of corporate gifts and hospitality to comply with anti-bribery laws.

      • to maintain a record of undertakings where you are either a beneficiary of an undertaking or the person obliged to perform it.

      • In the vital Interests of the individual

        • From time to time in the course of representing individuals who may be troubled, in danger, very young or otherwise unable to exercise due care for their own safety or where we genuinely believe there is an immediate risk of harm to an individual, we may in extreme circumstances use information about our client, or a person connected with them or a client’s customer in order to take action to protect them.

  • Where you have provided consent

    • We will seek consent from you where we wish to feature your identity in a published case study, press release, advertisement or testimonial or wish to include your image in a photograph or video in connection with public relations or promotional activities.

    • You have the right to withdraw your consent at any time.


Special categories of personal data

We may need to use more sensitive personal data (known as “special categories of personal data”) about you, or others associated with you, e.g. your family/carers). We will only use this kind of information where:

 

  • we have your explicit consent; or

  • it is necessary for us to use this information to protect your vital interests or those of another person where it is not possible to obtain consent; or

  • it is necessary for us to do so in connection with the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; or

  • in exceptional circumstances, another of the grounds for processing special categories of personal data are met, such as protecting the economic well-being of an individual at economic risk.

  • to comply with our other legal and regulatory obligations, e.g., undertaking conflict checks
    and for the prevention of fraud and other criminal activities;

  • to maintain a record of undertakings where Aria Grace is the giver or receiver of an undertaking


Where you have provided us with explicit consent to use special categories of personal data about you, you may withdraw your consent for us to use this information at any time.

Please note that if you choose to withdraw your consent for us to use special categories of personal data about you, this may impact our ability to provide legal or support services to you which may not be in your best interest.

Use of anonymised data

We may use data derived from the personal data we process for our legitimate business purposes including our commercial research after it has been anonymised.

Anonymised data is data from which individuals cannot be identified or made identifiable neither by us nor anyone else. Anonymised data is not subject to data protection laws.

Others who may receive or have access to your personal data
;

  • Our suppliers and service providers

  • Our work for you may require us to provide information to third parties who will use your information for the purposes of providing services to us or directly to you on our behalf. Such third parties may include for example insurers, payment processing, software providers and mailing services.

  • When we use third party service providers, we only disclose to them any personal data that is necessary for them to provide their services and we have an agreement in place that requires them to keep your data secure and not to use it other than in accordance with our specific instructions.

  • Others involved in your case or matters

    • Our work for you may require us to provide information to third parties such as law firms, accountants, counsel, expert witnesses, medical professionals, and other professional advisers, who will use your information in connection with your case or matter. They may provide their own services directly to you.

  • Where we are engaged by a third party such as a bank or lender in connection with your contract with them, we may share information you provide to us with that third party about the progress of the case.

  • Any third party to whom we disclose information about you will be under an obligation to keep your information secure and not to use it for any purpose other than that for which it was disclosed unless you agree with them otherwise.


Other ways in which we may share your personal data

We may transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganization.

We may also transfer your personal data if we are under a duty to disclose or share it to comply with any legal obligation, to detect or report a crime, to protect your vital interests, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and clients. However, we will always take steps to ensure that your privacy rights continue to be protected.

Where we store your personal data

All information you provide to us for our use is stored on our secure servers which are located within the UK.

When we do transfer your personal data to other countries, we have in place appropriate safeguards.

How long will we keep data for?

We keep personal data in accordance with our internal retention procedures, which are determined in accordance with our regulatory obligations and good practice.

Your rights

You have a number of rights in relation to your personal data under data protection legislation.

In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, or clarification to enable us to find your personal data.

Except in exceptional cases, we will respond to you within one calendar month from:

  • the date that we have received your clarification; or

  • we have confirmed your identity; or

  • where we do not need to do this because we already have this information, from the date we received your request.


Accessing your personal data

You have the right to ask for a copy of the data that we hold about you by emailing or writing to us at the address at the end of this Notice. We may not be able to provide you with a copy of your personal data if it concerns other individuals or we have another lawful reason to withhold that data.

We may charge you a reasonable fee based on administrative costs if you request a copy of data, we have previously provided to you or if your request is manifestly unfounded or excessive.

In line with our environmental commitments, we will try to provide you with a copy of your data by electronic means where this is possible, unless you have specified otherwise in your request.

Correcting and updating your personal data

The accuracy of your data is important to us, therefore if you change your name or address/email address, or you discover that any of the other data we hold is inaccurate or out of date, please let us know by contacting us using the details set out at the end of this Notice.

Withdrawing your consent

Where we rely on your consent as the lawful basis for processing your personal data, you may withdraw your consent at any time by emailing or writing to us at the address at the end of this Notice.

If you withdraw your consent, our use of your personal data up until you’re the date you withdrew your consent is still lawful.

Objecting to our use of your personal data

Where we rely on our legitimate interests as the lawful basis for processing your personal data for any purpose(s), as set out under How we use your personal data, you may object to our using your personal data for these purposes by emailing or writing to us at the address at the end of this Notice.

Except for the purposes for which we are sure we can continue to process your personal data and where our interests override yours (e.g., in debt recovery), we will temporarily stop processing your personal data in line with your objection until we have investigated the matter.

If we agree that your objection is justified in accordance with your rights under data protection legislation, we will permanently stop using your data for those purposes. Otherwise, we will provide you with our justification as to why we need to continue using your data.

You may object to us using your personal data for direct marketing purposes and we will immediately comply with your request.

If you would like to do so, please write to us on the contact details below.

You may also contest a decision made about you based on automated processing by emailing or writing to us at the address at the end of this Notice.

Erasing your personal data or restricting its processing

In certain circumstances, you may ask for your personal data to be removed from our systems by emailing or writing to us at the address at the end of this Notice. Please note that this right is not an absolute right. Provided we do not have any continuing lawful reason to continue processing or holding your personal data, we will make reasonable efforts to comply with your request.

You may also ask us to restrict processing your personal data where you believe our processing is unlawful, you contest its accuracy, you have objected to its use and our investigation is pending, or you require us to keep it in connection with legal proceedings.

We may only process your personal data whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.

Transferring your personal data in a structured data file

Where we rely on your consent as the lawful basis for processing your personal data or need to process it in connection with your contract, you may ask us to provide you with a copy of that data in a structured data file. We will provide this to you electronically in a structured, commonly used and machine-readable form, such as a CSV file.

You can ask us to send your personal data directly to another service provider, and we will do so if this is technically possible. We may not be able to provide you with a copy of your personal data if this concerns other individuals or we have another lawful reason to withhold that data.

Complaining about the use of your personal data

If you wish to complain about the way we use your personal data, you can e-mail us using the details set out at the end of this notice. If you are dissatisfied with our response to your complaint and remain concerned about the way we have processed your personal, you have the right to complain to the Information Commissioner’s Office (ICO) data or seek to enforce your rights through a judicial remedy. Please visit the ICO’s website for further details.

Security

 

  • How we protect your personal data

    • We take reasonable steps to hold information securely in electronic or physical form and to prevent unauthorised access, modification, or disclosure.

    • Our information security policy is supported by security standards, processes and procedures and we store information in access-controlled premises or in electronic databases requiring logins and passwords. We require our third-party data storage providers to comply with appropriate information security industry standards. Client data is stored on an industry standard document management system which permits secure file sharing inside and outside of our firm. All partners and staff and third-party providers with access to confidential information are subject to confidentiality obligations.

    • When we receive your personal data, we have appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.

    • Where we have given you (or where you have chosen) a password which enables you to access any of our online or electronic resources, you are responsible for keeping this password confidential. You should not share your password with anyone.


Links to other websites


Our website may contain links to other websites run by other organisations. This Notice does not apply to those other websites‚ so we encourage you to read their privacy statements. We are not responsible for the privacy policies and practices of other websites even if you access them using links that we provide, and their security cannot be guaranteed.

If you linked to our website from a third-party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party website and recommend that you check the policy of that third-party website.

Marketing

You will only receive tailored marketing information from Aria Grace (including information about our products and services, relevant insights, webinar and event invitations and other news or announcements) if you are a client of the firm (or associated with a client of the firm), or where we have your express consent to do so.

We also reserve the right to email you with marketing information if you fall outside of the groups specified above, if we believe it is in your interest to receive the communication.

You may be invited by email to opt-in online as a result of:

 

  • You or your employer becoming a client of Aria Grace;

  • Your attendance at an event, seminar or webinar hosted, or co-hosted, by or with Aria Grace;

  • Your attendance at a ‘public’ event organised or co-hosted by Aria Grace that has been promoted via social media or other advertisement;

  • You provide a business card directly to an employee of Aria Grace at a trade or networking/business event;

  • You register your brief contact details to obtain information or free downloads from Aria Grace.


By unsubscribing from our marketing information will not remove our right to contact you regarding the work we carry out for you or on behalf of our clients.

If you are a client or contact of Aria Grace, we may contact you personally to notify you of changes in the law that might affect you or your business, or specific events/information that may benefit you or your business.

We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. Any such recipients will be contractually bound to safeguard the data we entrust in them and will not contact you to offer other services.

International Transfers of Personal Data

All information that you provide to us is stored on servers within the United Kingdom (“UK”). We may use third party suppliers who may be located outside of the UK.

We provide our services internationally to clients who are located both inside and outside of the European Economic Area (“EEA”). Our partners and support staff may also be located outside the EEA.

Whenever we transfer your personal data out of the EEA and/or the UK, we will ensure that there is a similar degree of protection provided by ensuring that at least one of the following safeguards is provided.

We will only transfer your personal data to countries that have been accorded an adequate level of protection for personal data by the European Commission (“EC”) (in the case of transfers out of the EEA) or by the UK Government;

Where we use certain service providers, we will ensure that either EC or UK Government approved contracts are in place, which provides personal data the same protection it has within the EEA or the UK as applicable.

Updates

This Notice may be updated from time to time in accordance with changing privacy and data protection laws, so please re-visit this page occasionally to ensure that you are happy with any changes. If any amendments have an impact on how we process your personal data, the Notice will say so.

Our contact details


Please write to the Head of Data Protection at Aria Grace Law CIC, 167-169 Great Portland Street, 5th Floor, London, England, W1W 5PF. Our email address is privacy@aria-grace.com.

Last updated: 13th May 2024

bottom of page