Burgess Okoh Saunders Limited (BOS) is committed to protecting and respecting your privacy. This privacy policy provides important information about who we are, how we collect, store, use, and share your personal data, whether through our website or when you instruct us directly. It also explains your rights concerning your personal data and details how to contact us or the relevant supervisory authorities if you have a complaint.

BOS collects, uses, and is responsible for personal information about you. In doing so, we are regulated under the General Data Protection Regulation (GDPR), which applies across the European Union (including the United Kingdom (UK)). For the purposes of these laws, we act as the ‘controller’ of your personal information.

By using or accessing the BOS website, you indicate your acceptance of this privacy policy and the terms and conditions as they apply from time to time.

Our use of your personal data is subject to your instructions, the GDPR as applied in the UK (tailored by the Data Protection Act 2018), other relevant UK and EU legislation, and our professional duty of confidentiality.

What information we collect, use, and why:

The personal date we will or may collect while advising and/or acting for you is as follows:

  • Names and contact details (including your telephone number and mobile number)
  • Addresses
  • Gender
  • Occupation
  • Date of birth
  • National Insurance Information
  • Third party information (such as family members or other relevant parties)
  • Payment details (including card or bank information for transfers and direct debits)
  • Financial data (including income and expenditure)
  • Transaction data (including details about payments to and from you and details of products and services you have purchased)
  • Employment details (including salary, sick pay and length of service)
  • Credit history and credit reference information
  • Information relating to compliments or complaints
  • Records of meetings and decisions
  • Account access information
  • Website user information
Where we get personal information from:
  • Directly from you
  • Regulatory authorities
  • Legal bodies or professionals (such as courts or solicitors)
  • Publicly available sources (e.g. Companies House, HM Land Registry)
  • Previous employment
  • Suppliers and service providers
  • From a third party with your consent, e.g. your bank or building society, another financial institution or advisor;
How we use your information:

We recognise that your information is valuable and we will only use your personal information if and to the extent that applicable law allows. We will therefore only process your personal information if:

  • It is necessary for the performance of a contract with you or the organisation you work for;
  • It is necessary in connection with a legal obligation;
  • you have given your consent (where necessary) to such use or the organisation you work for has obtained your consent (where necessary) to share your information with us; or
  • If we (or a third party) have a legitimate interest which is not overridden by your interests or your rights and freedoms. Such legitimate interests include the provision of legal services, running the firm’s business and marketing relevant services directly to you.
      • We may use your personal information to:
      • To provide legal services to you;
      • For the performance of our contract with you or to take steps at your request before entering into a contract;
      • Conducting checks to identify our clients and verify their identity; Screening for financial and other sanctions or embargoes;
      • Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety regulation or rules issued by our professional regulator.
      1. To comply with our legal and regulatory/statutory obligations: • Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies; • To comply with our legal and regulatory obligations; • Ensuring business policies are adhered to, e.g. policies covering security and internet use; • For our legitimate interests or those of a third party; • Operational reasons, such as improving efficiency, training and quality control; • For our legitimate interests or those of a third party; • Ensuring the confidentiality of commercially sensitive information; • For our legitimate interests or those of a third party; and/or to comply with our legal and regulatory obligations; • Statistical analysis to help us manage our practice, e.g. in relation to our financial performance, client base, work type or other efficiency measures; • For our legitimate interests or those of a third party; • Preventing unauthorised access and modifications to systems; • For our legitimate interests or those of a third party; • and/or to comply with our legal and regulatory obligations Updating and enhancing client records 2. Updating and enhancing client records • For the performance of our contract with you or to take steps at your request before entering into a contract, and/or to comply with our legal and regulatory obligations; • Ensuring safe working practices, staff administration and assessments; • To comply with our legal and regulatory obligations; and/or for our legitimate interests or those of a third party; 3. Credit reference checks via external credit reference agencies • For our legitimate interests or a those of a third party; • External audits and quality checks, and the audit of our accounts; including lenders • For our legitimate interests or a those of a third party; and/or to comply with our legal and regulatory obligations; The above does not apply to special category personal data, which we will only process with your explicit consent. 4. Promotional communications We may use your personal data to send you updates (by email, text message, telephone or post) about legal developments that might be of interest to you and/or information about our services, including exclusive offers, promotions or new services or products. We have a legitimate interest in processing your personal data for promotional purposes This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly. We will always treat your personal data with the utmost respect and never sell or share it with other organisations outside BOS for marketing purposes. We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business Transferring your personal information internationally To provide our services, we may need to transfer your personal information to locations outside the UK, as outlined in this privacy policy. These transfers may arise from cross-border legal cases, collaboration with international clients, partners, or law firms, or the use of cloud-based storage or service providers located outside the EEA. We acknowledge that the level of data protection in some countries outside the EEA may not match the standards within the EEA. In such cases, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws. For instance, when our third-party service providers process personal data outside the EEA while delivering services to us, our agreements with them will include robust safeguards, typically through the use of standard contractual clauses approved by relevant authorities. How long we keep your information for: We will retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, regulatory, accounting, or reporting obligations. Personal information processed in connection with our business acceptance procedures and/or the provision of legal services will be retained in line with the firm’s retention and destruction policy, unless otherwise agreed with you in writing. If you would like more information about the firm’s retention and destruction policy or details of specific retention periods, please contact Aaron Burgess at aaron.burgess@bos-solicitors.com. Keeping your information secure: We recognise the value of your personal information and employ a range of technical and organisational measures to ensure its security, whether in electronic or physical form. We take appropriate steps to safeguard your personal information against unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction, or accidental loss, in compliance with applicable laws. Our premises are access-controlled, and access to our electronic databases is protected through login credentials and password authentication. All partners, staff, and third-party service providers with access to confidential information, including personal data, are bound by strict confidentiality obligations. However, please note that the transmission of information via the internet cannot be guaranteed to be completely secure. While we take appropriate and proportionate measures to protect your confidential information, we cannot guarantee the absolute security of information transmitted electronically and therefore accept no liability for any loss or damage resulting from such transmissions. Your rights Subject to certain safeguards and limits or exemptions you have the following rights in relation to the information that we hold: • the right to request rectification of information that is inaccurate or incomplete; • the right to erasure of your information (often referred to as the “right to be forgotten”); • the right to object to or restrict the way in which we are dealing with and using your information; and • the right to request that your information be provided to you in a format that is secure and suitable for re-use (known as the “right to portability”). You also have the right to request details of the information that we hold about you, and the uses to which it is put, which is known as a Subject Access Request. Such requests have to be made in writing. To make a request, please contact us aaron.burgess@bos-solicitors.com. If you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once the firm has received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so. You will not, in general, have to pay a fee to exercise any of your individual rights set out in this Privacy Policy. However, we may refuse to provide access and may charge a fee for access if the relevant data protection legislation allows us to do so, in which case we will provide reasons for our decision as required by the law. Links to other sites Our website may contain links to other websites controlled by third parties. You should review these other sites’ privacy policies. We do not accept any responsibility for their use of your personal information. How to complain If you are not happy with the way in which we have processed or dealt with your information or responded to your question, you can complain to the Information Commissioner’s Office. Further details about how to complain can be found at https://ico.org.uk/concerns or telephone 0303 123 1113. We may update this policy from time to time. Please check the website occasionally to make sure you are happy with any changes. Updated January 2025

Privacy Policy