Privacy and Cookie Policy
Introduction
Bigelaw Compliance Consultancy Services ("we," "our," or "us") is committed to protecting the privacy and security of personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR).
This policy outlines how we collect, use, store, and protect personal data, including information obtained through our website, electronic communications (such as WhatsApp and social media), and client interactions.
Legal Basis for Processing
We process personal data under the following lawful bases in accordance with Article 6 of the UK GDPR:
Consent: When individuals provide explicit permission for communication or data processing.
Contractual Necessity: When processing is required to fulfil a contractual obligation.
Legal Obligation: When required to comply with legal or regulatory duties.
Legitimate Interests: When necessary for operational and business functions, provided it does not override individual rights.
For special category data (e.g., health information, criminal records), we rely on Article 9 of the UK GDPR, which permits processing under circumstances such as legal claims, substantial public interest, or explicit consent.
Although we are not an SRA regulated entity, nor do we provide legal regulatory services, for the purposes of reliance, all our data handling complies with SRA Codes of Conduct, particularly:
Principle 6: Confidentiality and Information Security – Ensuring data remains confidential and protected.
Professional Conduct Requirements – Safeguarding legally privileged information using secure systems.
Data We Collect
We collect personal data to provide legal and consultancy services, including:
Identification Data: Name, contact details (email, phone, address).
Communication Data: Emails, social media interactions, WhatsApp messages.
Website Usage Data: IP addresses, browser type, device details (via cookies).
Client Information: Information necessary for our consultancy services, which may include legally privileged and special category data.
Employee and Supplier Data: Where applicable, to manage contractual relationships.
How We Use Your Data
We use personal data strictly for legitimate purposes, including:
· Providing consultancy services.
· Managing relationships and responding to enquiries.
· Ensuring regulatory and legal compliance.
· Improving website functionality and user experience.
· Conducting internal security audits and staff training.
· For marketing purposes with your consent.
Data Security & Retention
To safeguard personal data, we implement:
Encryption: Protecting sensitive information from unauthorized access.
Multi-Factor Authentication (MFA): Enhancing system security.
Secure Storage Solutions: Using GDPR-compliant cloud providers.
Regular Staff Training and Audits: Ensuring compliance with data protection laws.
Retention Policy:
Data is retained for six (6) years post-engagement, unless legal or regulatory requirements dictate a longer retention period.
Data is stored only as long as necessary for business or legal purposes.
Third-Party Data Processing
We use third-party services to facilitate our operations, including:
Communication Platforms: Secure messaging services such as WhatsApp, Facebook and other social media platforms.
Customer Relationship Management (CRM) Systems: For managing client data securely.
Cloud Storage Providers: Ensuring GDPR compliance.
Regulatory Bodies: Where required by law or regulatory bodies.
No personal data is shared for direct marketing without explicit consent, and any international data transfers comply with Standard Contractual Clauses (SCCs).
Cookies Policy
Our website uses cookies to improve functionality and enhance user experience. These include:
Essential Cookies: Required for website operation.
Analytics Cookies: Used to track website usage (requires consent).
Marketing Cookies: Employed for targeted advertising (requires consent).
Users can manage cookie preferences via our Cookie Consent Tool or browser settings.
WhatsApp Communications
If you contact us via WhatsApp, please note:
Messages are end-to-end encrypted, but Meta processes metadata (e.g., timestamps, contact details).
Clients should avoid sharing highly sensitive data over WhatsApp.
By messaging us, you acknowledge our data processing practices. Alternative communication channels are available.
Your Rights Under UK GDPR
You have the right to:
Access: Request a copy of your personal data.
Rectification: Correct inaccurate or incomplete data.
Erasure: Request deletion of personal data under certain circumstances.
Restriction: Limit how your data is used.
Data Portability: Request transfer of data to another service provider.
Objection: Challenge processing based on legitimate interests.
For rights requests, please email us at enquiries@bigelaw.co.uk with the subject line ‘GDPR Request’ using the details below.
Data Breach Procedures
If a data breach occurs, we will:
Contain the breach and assess the impact.
Notify affected individuals and the Information Commissioner's Office (ICO) within 72 hours, if required.
Implement remedial measures to prevent recurrence.
Maintain an internal record of the incident and corrective actions.
Policy Review and Updates
We periodically review this policy to reflect legislative updates and best practices. Any significant changes will be communicated via our website or direct notifications.
Dated: 06/03/2025
Version: 1
Bigelaw Compliance Consultancy Services is a compliance consultancy service provider offering support to law firms and legal professionals. We are not a law firm and do not provide legal advice or representation. Our services are focused on compliance, regulatory guidance, and best practice consultancy. We are not regulated by the Solicitors Regulation Authority (SRA) and do not undertake any activities reserved for regulated legal professionals. Clients should seek independent legal advice where necessary.