Your right to privacy is very important. Rushton Hinchy LLP (referred to below as "we", “our” or "us") recognise that when you choose to provide us with information about yourself, you trust us to act in a responsible manner. We believe this information should only be used to help us provide you with a better service. That's why we have put a policy in place to protect your personal information.
Your agreement to our Terms and Conditions of Business amount to acceptance of us processing your data for the performance of our contract with you. This is our legal basis for processing your data to which you consent to in accepting our Terms and Conditions of Business.
In addition to the above, by using our website, you give your consent that all personal data you submit may be processed in the manner and for the purposes described below.
For the purposes of the Data Protection Act 1998 ("the Act"), the data controller is Rushton Hinchy LLP (Co Reg No. OC377539), registered office at 1 Millbrook Business Park, Mill Lane, Rainford, WA11 8LZ.
1) What personal information do we collect and process?
We may collect and process the following data about you:
Your personal information including your name, address, date of birth, your identification in accordance with the Money Laundering Regulations 2017, your contact telephone number(s) and email address;
Details of your matter including the details of your incident, your medical records, details of your employment and income;
Your bank account details; and
Any other information which may be relevant to your matter.
2) How we use your information
We use information about you in the following ways:
To help us identify you and any accounts you hold with us;
To enable us to review, develop and improve the website and services;
To provide customer care;
To carry out marketing and statistical analysis;
To notify you about changes to our website and services;
To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
To act for you in respect of your personal injury claim(s) and or for any other matter we may be instructed to act for you;
To deal with any complaints we may receive;
To deal with any statutory or regulatory issues;
We may use third parties to process your data, for example, when sending and receiving emails from or to you or third parties;
In dealing with the courts in the event you matter becomes litigated; and
In dealing with other third parties, such as medical experts, hire purchase, storage and repair specialists.
3) Information we receive from other sources
We work alongside third parties (including business parties, service providers and fraud protection services) and we may receive information from them about you. These third parties may collect information about you including, but not limited to, your IP address, device-specific information, server logs, device event information, location information, unique application numbers, storage facilities (both digital and paper or hard copy data).
4) With whom is the information shared?
We may disclose your personal information to third parties:
Our bank for the purpose of processing payments;
Any employees, agents or service providers of Rushton Hinchy LLP to deal with any accounts or to deliver specific services to you;
Any associated company who are our business partners and/or with whom we work;
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets, subject to their entering into appropriate confidentiality undertakings;
If Rushton Hinchy LLP or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or to protect the rights, property, or safety of our customers, or others. This includes but is not limited to exchanging information with other companies and organisations for the purposes of fraud protection, credit risk reduction and dispute policies as well as our regulator, the Solicitors Regulation Authority (SRA) and complaints handling body, the Legal Ombudsman; and
Other third parties include, medical experts, counsel, auditors, external consultants, services providers, off site storage facilities, external IT support services including processors and controllers.
Introducers and refers.
the Internet domain and IP address from which you access the web site;
the type of browser (Internet Explorer or Netscape) and operating system (Windows, UNIX) you may use;
the date and time of your visit;
the pages you visit; and
the address of the web site from which you linked to us (if applicable).
This is solely statistical data that enables us to analyse customer trends and does not identify personally identifiable information.
We work closely with third parties who may also supply us with analytical services. These third parties may provide us with analytical cookies for us to review.
For further information about cookies, you may like to visit www.allaboutcookies.org.
6) Where we store your Personal Data
All information you provide to us is stored on our secured servers within Europe, including the United Kingdom. Bank account and card details are used for processing payments only and are not retained for marketing purposes.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7) Links on our website
We may provide links to third party sites. Since we do not control those websites, we encourage you to review the privacy policies of these third party sites. Any information you supply on such sites will not be within our control.
8) How can you update the personal information you have provided to us?
We must maintain the accuracy of your information and ensure all your details, including but not limited to, name, address, title, phone number, e-mail address and payment details are kept up to date at all times. In order for this to be achieved, you may update your personal details by contacting us:
The personal information we collect and maintain will be subject to the version of the Privacy Notice in effect at the time of collection. We reserve the right to change this Privacy Notice from time to time and will provide notice of these changes on the Privacy Notice on our website . You should make sure you periodically review the Privacy Notice to make sure it meets your needs.
9) Your rights
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by e-mailing us at .
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request is not subject to a fee to meet our costs in providing you with details of the information we hold about you. However, we may charge you a fee where your request is disproportionate or unreasonable. When considering any such requests we will consider the purpose and reasonableness of the request and whether or not it is proportionate in all the circumstances. Any such requests will be dealt with within the statutory time frame of 1 month.
In addition to the above, your rights also include:
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.
Where we may be instructed by a ‘Child’ (someone under the age of 18), we will seek a parent or guardian’s consent to process such data.
10) Contacting us
Rushton Hinchy LLP
Millbrook Business Park
T: 0845 054 0564
F: 0845 054 0565
11) Who is responsible for Data Protection at Rushton Hinchy LLP?
Steve Rushton has overall responsibility for data protection at Rushton Hinchy LLP. You may contact Steve Rushton using the contact details as set out above.
12) Recording and reporting data breaches
Steve Rushton is responsible for all data breaches. Where a data breach is identified, you will be notified as soon as practicable and no later than within 5 working days once a full investigation has been conducted. You will be notified in writing and what the data breach included, how it happened and what personal data belonging to you has been compromised.
All data breaches will be recorded in a central register maintained by the firm. Any material data breaches will be reported to the Information Commissioner’s Office (ICO) and or the Solicitors Regulation Authority (SRA). We may not be able to notify you as to whether or not we have made a report to these regulators due to the fact that other individuals and or companies may have been affected too.
Rushton Hinchy LLP is registered as a data controller with the ICO under registration number ZA003306.
The ICO contact details are:
Information Commissioner's Office
Tel: 0303 123 1113
Fax: 01625 524 510
13) Data retention
Once your matter has concluded, we will maintain your data both electronically and or in hard copy format for a period of 7 years. The reason for retaining your data for this period of time in in the event you wish to make a complaint or a claim of negligence against Rushton Hinchy LLP, we will need to have access to your file.
In addition to the retention of your file, we are also obliged to keep a copy of your identification for a minimum statutory period of 5 years in accordance with the Money Laundering Regulations 2017. This is the same for where we have carried out online verification of your identity with a third party provider. As your identity and file are stored together, both will be destroyed within 7 years. The reason for this is that it would be commercially too complicated to implement two different destruction dates, one for 5 years regarding the destruction of your identification and one for 7 years for the destruction of your file.
14) Consent to process your data
If we act for you in your matter, our legal basis to process your data is in the performance of our contract with you. Similarly, we may offer to you other services intrinsic to the provision of legal services where we feel you may be interested in such services and they are similar to the services you already receive.
When we wrote to you at the outset, we provided you with an option to give you consent to receive such communications. The consent you may have provided was given on the basis that what you were consenting to was freely given, specific, informed and unambiguous. In the event you wish to withdraw that consent, you may do so by emailing . Alternatively, additional contact details can be found at section 10 above.
15) Data Protection Impact Assessment (DPIA)
The new data protection legislation requires data controllers to carry out an impact assessment on the way in which it processes data subject’s personal data. As a formality, we have carried out a DPIA as a matter of course in order to implement the new data protection legislation. An annual DPIA will be carried out annually given that we do processes sensitive data in providing the provision of legal services.