Infolegal Privacy Policy

Key Details

1. In this policy:
   1. “You” means all users of the main Infolegal website at www.infolegal.co.uk (“the Website”) and Infolegal Compliance Hub at www.myinfolegal.net (“the InfoHub”) both registered and unregistered.
   2. “We”, “us” and “our” means and refers to Infolegal Limited whose registered office is at 2 Crown Lane, Four Oaks, Sutton Coldfield, West Midlands, B74 4SU – company registration number 7851850
   3. “UK GDPR” means the UK General Data Protection Regulation.
   4. “PECR” means the Privacy and Electronic Communications Regulation.
   5. “DPA” means the Data Protection Act 2018.
   6. “ICO” means the Information Commissioner’s Office.
2. The purpose of this policy is to explain to you how we control, process, handle and protect your personal information while browsing or using the Website and the InfoHub, including your rights under current laws and regulations. If you do not agree to the following policy you may wish to cease viewing and or using the Website and the InfoHub.
3. If you are asked to provide information when using either the Website or the InfoHub, it will only be used in the ways described in this privacy policy.
4. This policy is updated from time to time. The latest version is published on this page.
5. This website privacy policy was updated on 2 July 2021.
6. If you have any questions about this policy, please email us at help@infolegal.co.uk or write to us at 2 Crown Lane, Four Oaks, Sutton Coldfield, West Midlands, B74 4SU.
7. We are registered with the ICO in the Data Protection Register under number Z3201252
8. The person responsible for data protection issues is Duncan Finlyson who is a director of Infolegal and who can be contacted on duncanfinlyson@infolegal.co.uk.

Introduction

1. We are committed to protecting your right to privacy as a user of our online services. It is our policy to respect the privacy of all private information. To the extent that the information which is supplied to us constitutes personal data as defined by the UK GDPR and DPA, we will take all steps required of us by law to protect that data. To the extent that such information does not constitute personal data we will also take such steps as are necessary to protect that data.
2. The information you provide to us will be held on servers based in the UK, and, except as explained below, we will not transfer it, or authorise its transfer, outside the UK.
3. We need to gather and use certain information about you in order to provide our products and services and to enable certain functions on the Website and InfoHub.
4. We also collect information to better understand how visitors use our website and services and to present timely, relevant information to them.

The data we gather

1. We may collect the following information:
   1. The name of your firm and the name and role of a contact within that firm,
   2. Contact information including postal and email address, telephone number and mobile number,
   3. Demographic information, such as postcode, preferences and interests,
   4. Website usage data including which documents you or other registered users within your firm are downloading, which training courses have been accessed and where a test has been completed the results of that test. Please note that we may process that data in combination with information about you and/or your firm in order to maintain and improve the facilities and services we offer and to send you alerts about important updates to such content,
   5. Data relating to training plans, other training undertaken and notes made by you or other users in your firm on the website (these will never be accessed by us but the data is held on our servers). Only those who have inputted training data, the nominated Course Managers and other relevant managers and department heads within the firm can access the data inputted through the web site. It may, however, be shared with others within their firm if the user so elects,
   6. Data relating to your firm that you have stored on the InfoHub in any of the sections designed for the storage of the information.  This information is confidential to your firm and can only be accessed by those whom the firm selects to share the information with.  In particular, Infolegal will not access this information unless there is a problem and only then with the prior written authority of the firm’s administrator,
   7. Other information relevant to your enquiries of us, including enquiries relating to regulatory, management, personnel and other similar matters which you may make either by telephone, email or using the helpdesk functionailty to be found on the InfoHub,
   8. Details in relation to the provision of any other services or products,
   9. Other information pertaining to special offers and surveys.
2. We do not collect or store information about your bank account, credit or debit cards or other payment information. This is all dealt with through secure third party payment gateways which are accessible through the Administration function on the InfoHub and hich are managed by the idividual users.
3. We do not keep a record of the passwords for users of the InfoHub other than the initial passwords that were sent out to those firms who transferred from the previous version of the website to the new InfoHub.  All users have been recommended to change those passwords.  Passwords are stored on our server (so as to allow users to access the services) which are encrypted using RSA 2048-bit encryption.  Users are encouraged to use the auto-reset functions for passwords or to rely on the administrator in their firm to provide passwords so that we do not become privy to those passwords.

How we use data

1. Collecting data about the use of the Website and InfoHub helps us understand what you are looking for from us and enables us to deliver services to you through the InfoHub and to provide improved products and services to you in the future.
2. Specifically, we may use data:
   1. For our own internal records;
   2. To improve the products and services we provide;
   3. To contact you in response to a specific enquiry;
   4. To customise the website for you;
   5. To send you the Infolegal Compliance Bulletin and other information relating to management, regulatory or disciplinary issues;
   6. To send you a newsletter dealing with management, regulatory or disciplinary issues;
   7. To send you emails about products, services and other things we think might be relevant to you and the work you undertake;
   8. To contact you via email, telephone or mail for the purposes of alerting you to issues as and when they arise.
3. Please note that you can control your email preferences in relation to the Compliance Bulletin and newsletter and to opt out of receipt of them. If you do not wish to receive them then either opt out using the link on the bulletin or newsletter or alternatively email us at help@infolegal.co.uk and we will remove you from future mailings. Note that we will never send you any spam and that we always aim to ensure that our emails will be genuinely useful to their recipients.

Lawful bases for processing

1. The legal bases for processing upon which we primarily rely are contractual, consent and legitimate interests.
2. Contractual – We shall continue to process your information until the contract between us ends or is lawfully terminated in order to:
   1. engage with you,
   2. process your payment for our services and provide access to our systems,
   3. manage our relationship with you,
   4. provide you with information relating to the management and regulation of a legal practice,
   5. update you with information concerning issues which we believe will be of interest or benefit to you, and
   6. deal with any requests we receive from you.

   We will retain your data until such time as our contract with you comes to an end or, if there is a valid legitimate interest in retaining the data for longer (see below), until that legitimate interest ceases to exist. Please note that after that period the data will then be deleted and should you wish to re-subscribe any previously held data will not be available to you. We will not share this data with any third parties unless instructed by you to do so or in connection with the provision of any services which you have requested.

3. Consent – If you have requested that we send you a newsletter dealing with legal and regulatory issues then we will process your data until such time as you instruct us not to do so. We will only use the data provided for this purpose. We will retain your data until such time as you withdraw consent or it is determined your consent no longer exists. We will not share this data with any third parties.
4. Legitimate Interest – we shall process your data as necessary for our legitimate interest, that is to say for the purposes of:
   1. running our business,
   2. providing services,
   3. network security,
   4. the prevention of fraud,
   5. analysing the use to which information is put,
   6. tailoring and improving our services,
   7. testing our systems,
   8. delivering relevant content through the Hub,
   9. re-engaging with you at, or towards, the end of a contractual period,
   10. the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure,
   11. obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice including the proper protection of our business against risks.

   We will retain your data until such time as there is no longer a legitimate interest in doing so and we will not share that data unless it is necessary to do so as part of any claim that is being legitimately brought or defended.

5. Please note that we may need generally to process your data for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
6. If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
7. Generally, personal data that we process for any purpose or purposes will not be kept for longer than is necessary for that purpose or those purposes. However, we may need to retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
8. Note that we will not access the data that you have stored on the InfoHub unless requested to do so by you and with the written consent of your administrator or other senior person in your firm.

Your rights

1. Under the UK GDPR and DPA you have certain rights in respect of your data. More information about those rights, many of which are quite complex, can be found on the ICO website. If you are unsure as to what your rights are in relation to any of the following issues, you should seek independent legal advice.
2. The UK GDPR provides the following rights for individuals:
   1. The right to be informed – i.e. the right to information about the collection and use of your personal data including the purposes for processing your data, the retention periods for that personal data, and who it will be shared with (see the information set out above under “Lawful bases for processing”)
   2. The right of access – i.e. a right to request and receive details of the data that is held about you including the purposes of your processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data is disclosed; the retention period for storing the personal data or, where this is not possible, the criteria for determining how long it will be stored; the existence of a right to request rectification, erasure or restriction or to object to such processing; the right to lodge a complaint with the ICO or another supervisory authority; information about the source of the data, where it was not obtained directly from the individual; the existence of automated decision-making (including profiling); and the safeguards provided if personal data is transferred to a third country or international organisation. In most circumstances no charge is made for such a request and we are under a duty to comply with the request within pre-defined time limits.
   3. The right to rectification – i.e. the right for you to request that incorrect data held is corrected.
   4. The right to erasure – i.e. the right in some circumstances for you to request that data about you be destroyed.
   5. The right to restrict processing – i.e. the right in some circumstances for you to request that the processing of your data is restricted or halted.
   6. The right to data portability – i.e. the right in some circumstances for you to obtain and reuse your personal data for your own purposes across different services.
   7. The right to object – i.e. the right in certain circumstances for you to object to the processing of your personal data.
   8. Rights in relation to automated decision making and profiling

Cookies and how we use them

1. A cookie is a small file placed on your computer’s hard drive. It enables our websites to identify your computer as you view different pages on them.
2. Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the Website and the InfoHub and what pages they tend to visit.
3. We may use cookies to:
   1. Analyse our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content and functions.
   2. Identify whether you are signed in to our InfoHub. A cookie allows us to check whether you are signed in to the site.
   3. Test content on our websites. For example, 50% of our users might see one piece of content, the other 50% a different piece of content.
   4. Store information about your preferences. The website can then present you with information you will find more relevant and interesting.
   5. To recognise when you return to our website. We may show you relevant content, or provide functionality you used previously.
4. Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.
5. The cookies that we use include:
   1. authentication – we use cookies to identify you when you visit our website and as you navigate our website;
   2. status – we use cookies to help us to determine if you are logged into our website;
   3. personalisation – we use cookies to store information about your preferences and to personalise the website for you;
   4. security – we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally;
   5. analysis – we use cookies to help us to analyse the use and performance of our website and services; and
   6. cookie consent – we use cookies to store your preferences in relation to the use of cookies more generally.
6. You can use your web browser’s cookie settings to determine how our website uses cookies. If you do not want our website to store cookies on your computer or device, you should set your web browser to refuse cookies. However, please note that doing this will affect how our website functions and the hub and other parts of the site and our services may become unavailable to you.
7. Unless you have changed your browser to refuse cookies, our website will issue cookies when you visit it.

Controlling information about you

1. Our Compliance Newsletters are a specific aspect of the services that we offer and as such signing up is taken to include a desire that these be sent to you.  They are primarily for informational purposes. You may if you wish opt-out of receiving our compliance newsletters. You can do this by clicking on the link at the foot of the newsletter or by emailing us at help@infolegal.co.uk. If you elect to opt out then we will be unable to keep you up-to-date with changes in compliance as it affects your firm or changes to the facilties and services offered thrugh the InfoHub.
2. We will not use your information for sending you details of other services and products not directly linked to the InfoHub or the regulation or management of your practice. We will never lease, distribute or sell your personal information to third parties unless we have your permission or the law requires us to do so.
3. Any personal information we hold about you is stored and processed under our data protection policy, in line with the Data Protection Act 2018.

Security

1. We ensure the security of any personal information we hold by using secure data storage technologies. Our methods meet the UK GDPR compliance requirement.  Details can be found in the Security Arrangements page on the InfoHub or we will send those details to you upon request to help@infolegal.co.uk
2. We will always hold your information securely.
3. To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards.
4. We also follow stringent procedures to ensure we work with all personal data in line with the the UK GDPR, PECR and DPA.

Sponsored and affiliate links

1. Our website may, from time to time, contain adverts and sponsored and affiliate links on some pages. These may be served through external agencies such as Google Adsense or Amazon Affiliates or be served by us through our own system.
2. Please be assured that we will only ever use trusted advertising partners who each have high standards of user privacy and security.
3. However we do not control the actual adverts seen / displayed by our advertising partners and our advertising partners may collect data and use cookies for ad personalisation and measurement.
4. Clicking on any adverts, sponsored or affiliate links may track your actions by using a cookie saved to your device. You can read more about cookies elsewhere on the web. If you have any concerns about this we suggest you do not click on any adverts, sponsored or affiliate links found throughout the website.

Email marketing

1. Under the UK GDPR we use consent as the lawful basis for anyone subscribing to any general newsletters that we may produce. This does not apply to the Compliance Bulletins sent to subscribers of the InfoHub which are offered as part of our service and thus come under the lawful base of contract. In relation to general newsletters we collect only the minimum amount of data required to send out those newsletters – namely recipient name, firm and email address. Any email newsletters (as well as our Compliance Bulletin) are sent out either through a third party service called Email Blster (their terms and policies can be accessed on their web site at https://www.emailblasteruk.com/privacy-policy) or direct from our own system.
2. Email newsletters that we send usually contain tracking beacons / tracked clickable links or similar server technologies in order to enable us to track subscriber activity within those newsletters. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations, will show the activity each subscriber made for that newsletter campaign.
3. Any email marketing messages we send are in accordance with the UK GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. We do not share that data with third parties.

Links from our site

1. Our website may contain links to other websites.
2. Please note that we have no control of websites outside the infolegal.co.uk domain. If you provide information to a website to which we link, we are not responsible for its protection and privacy.
3. Always be wary when submitting data to websites. Read the site’s data protection and privacy policies fully.

Further Information

1. If you have any questions or complaints relating to how we use your personal data, or if you wish to exercise any of your rights regarding your personal data, please contact Duncan Finlyson, Infolegal Limited, 2 Crown Lane, Sutton Coldfield, B74 4SU. We will respond to you as soon as is possible. The length of time will depend on the type and complexity of the request, but you will receive a response no later than one month from the initial request.
2. In the event that you are not satisfied with how Infolegal has dealt with your enquiry, you have the right to complain to the Information Commissioner’s Office (ICO), who is the regulator for data protection in the United Kingdom. Their website is www.ico.org.uk.