Website Privacy Policy – Last updated (08/07/2024)

This Privacy Policy

As the controller of your data, Legal Eye will comply with UK General Data Protection Regulation (UK GDPR). This Privacy Policy details how Legal Eye processes your personal data.

We keep our Privacy Notice under regular review and we will place any updates on this web page. Historic versions can be obtained by contacting us.

This website may contain links to other websites. This Privacy Policy applies to this website only and we are not responsible for the privacy practices of other websites (other than other websites we operate). We recommend that you read the privacy policies of those other websites if you visit them.

The personal data we collect about you

Personal data collected, used, stored and transferred by us may include:

Type of personal information	Description
Identity	Names, and usernames or similar identifiers, including national identifier details (a government issued number or code that is used to identify who you are, such as a National Insurance number or social security number).
Contact	Correspondence address, email address and telephone numbers.
Financial	Bank and payment card details as well as information about your financial circumstances, including personal assets and proof of income.
Contractual	Details about the products or services we provide to you.
Locational	Details about your internet protocol (IP) address, time zone setting and location from the devices used to access our websites.
Technical	When you visit our website, we collect certain data automatically. This may include (but is not limited to) the following: how you connect to the internet (including your IP address) how you use our site, for example your screen resolution and browser data stored on your device (such as cookies – see our Cookies policy for more on this) information about the device software you use, such as your internet browser type, version, browser plug-in types and versions location data such as the city or region of the IP address you used when accessing our online services.
Social Relationships	Information about your family, lifestyle and social circumstances (such as dependents and marital status).
Visual, Personal Appearance and Audio Data	Uploaded profile pictures, passports, driving licence, CCTV images. This also includes call recording on any calls we have with you on the telephone or via Microsoft Teams.
Profile and Usage Data	Details about purchases made by you, feedback and survey responses, and how you use our websites, products and services.
Transaction Data	Details about payments made to you or for products and services you have purchased from us.
Education and Employment Data	Details about your employment, employment history, and educational qualifications.
Marketing and Communication	Details about your preferences in receiving marketing from us and our business partners and your communication preferences.
Public Records	Details about you that are available in the public domain like the Companies House Register, Solicitors Register (SRA), Financial Services Register (FCA), and information about you that is openly available on the internet.

How do we collect your personal data?

Personal data is collected by us using the following methods:

• Direct interactions with one of our customer service or sales staff by post, phone, email, O365 Teams or otherwise when sourcing and applying for conveyancing products, processing Identity, Contact and Financial categories of personal data.
• Automated technologies or interactions with our website, by using any web enquiry form or quotation engine, processing Identity, Contact, Financial and Technical categories of personal data
• Third parties or publicly available sources (processing Identity, Contact and Financial categories of personal data) such as:
  • Estate agents with whom you may be interacting, but only with your consent;
  • New home builders, with whom you may be interacting, but only with your consent;
  • Mortgage advisers or providers, with whom you may be interacting, but only with your consent;
  • Enquiries you may perform on third-party lender websites.

How do we use your personal data?

We use your personal data in the following circumstances and relying on the following lawful basis for processing:

Purpose/Activity	Type(s) of data may include	Lawful basis for processing
When you make an enquiry with us about any of the services we offer.	Identity, Contact	Legitimate interests – To initially engage with you when you interact with us or our systems. We will use specific pieces of your information to help us identify you and verify that we are dealing with the right person.
To create and register your customer account.  To manage, run and administer your account.	Identity, Contact, Financial, Marketing & Comms	Performance of a contract – we are processing your personal information to provide you with our Services.
To process your application: to join our panel of Conveyancing firms. to register an account for estate agents and other intermediaries. To manage, run and administer your account.	Identity, Contact, Financial, Marketing & Comms	Performance of a contract – we are processing your personal information to provide you with our Services that include helping their customers compare and then instruct a vetted, approved, and regulated solicitor or licensed conveyancer.
To get you the best quotes, and instructions. To process any transaction between you and a third party. To pass your instruction to your chosen service provider on one of our panels.	Identity, Contact, Financial, Marketing & Comms	Performance of a contract – we are processing your personal information to provide you with our Services. Legitimate interests – to keep you informed about your use of the Services for example sending you a confirmation email of your quotes and instructions.
To manage our relationship with you which will include: Notifying you about changes to our terms of use or privacy policy. Re-engagement when existing products near expiry.	Identity, Contact, Financial, Marketing & Comms	Performance of a contract – to re-engage with you and to maintain and improve customer standards.
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).	Identity, Contact, Technical	Legitimate Interests – for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise.
To use data analytics to improve our website, products/services, customer relationships and experiences.	Technical, Profile & Usage	Legitimate Interests – To analyse website usage, update our website and to develop our business.
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.	Identity, Contact, Profile & Usage, Marketing & Comms, Technical	Legitimate interests – to study how you use our products/services, to develop them, to grow our business and to inform our marketing strategy.
To invite users to participate in marketing research and ask you for your opinions and feedback.	Identity, Contact, Profile & Usage	Legitimate Interests – To invite you to participate in the marketing research. We use this to produce reports and advice that helps us understand your point of view, so that we can improve the way we work as a business.
To record phone calls.	Identity, Contact	Legitimate Interests – To help us train our staff to provide a quality service, check that we have done what you asked us to do correctly and resolve any queries or issues, we record and monitor our phone calls with you. We also monitor phone calls for regulatory purposes and to help detect and prevent fraud and other crimes.

Change of purpose

We will only use your personal data for the purposes stated above, unless we reasonably consider that we need to use it for another reason and it is compatible with the original purpose. Please contact us for an explanation as to how any new processing compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Marketing communications

We can only use your personal information to send you marketing messages if we have either your Consent or we have a ‘legitimate interest’, such as a business or commercial reason to use your information and it does not conflict unfairly with your own interests.

We use marketing to let you know about products, services and offers that you may want from us. We may also use your personal information to make decisions about what products, services and offers we think you may be interested in.

We may contact you to take part in market research. If you take part, we will use any feedback you give us to improve the way we communicate with you and the service we offer. From time to time, we may run prize draws, competitions, promotions and surveys. If you take part in these promotional activities, we will use the personal data you provide for these activities.

By knowing more about who our customers are, we can improve the services we offer. We will use your data for reporting and analytical purposes. We will also collect data on how you use our website, so we can better understand your interests and improve its performance and our overall service.

You can opt-out of receiving these types of communications at any time by:

• Clicking on the relevant link in email communications you receive from us to unsubscribe.
• Logging in to your account and updating the marketing preferences.
• Contacting us .

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We also limit access to your personal data to only those Legal Eye employees, appointed representatives, advisers, business partners and suppliers who have a business need to know. They are also subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Cookies

When using our websites, you can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our websites may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy.

Sharing of personal data outside of the UK and European Economic Area

Some of our external suppliers may process personal data outside the UK. If we do transfer your personal information outside the UK to our suppliers, we will take all appropriate steps to ensure Personal Data is protected and handled in accordance with applicable UK Data Protection Legislation. We will use one of these safeguards:

• Transfer it to a non-EEA country with privacy laws that give the same protection as the UK and EEA. Learn more on the Adequacy decisions declaring that a country provides an adequate level of protection for personal data , passed by the European Commission and the UK Information Commissioner’s Office (ICO).
• Put in place a contract with the recipient that means they must protect it to the same standards as the UK and EEA. For countries where no adequacy decision is in place, Article 46 of the GDPR lists some “appropriate safeguards” like the UK International Data Transfer Agreement (IDTA) and the International Data Transfer Addendum (the “UK Addendum”) to the European Commission’s new standard contractual clauses (the “new EU SCCs”).

Who we disclose personal data to

Your personal data may be shared with third parties for the following purposes:

Type of recipient	Reason
Affiliates	We may share your information with our Affiliates that include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
Third party organizations that provide IT services and applications	We use third parties to support us in providing our services and to help run and support our internal IT systems. For example, providers of information technology, cloud-based software as a service provider, identity management, website hosting and management, data back-up, security and storage services.
Auditors and other professional advisers	We engage auditors and professional advisers to perform specific work that helps us meet our legal, regulatory and statutory responsibilities. Any auditors or professional advisers that we use will have contractual arrangements and security mechanisms in place to protect data and to comply with our data protection, confidentiality and security standards.
Service Providers	We share information your information with any service providers who are selected to act on your behalf and about the progress of your cases with the firm of estate agents and other intermediaries with whom you are interacting with .
Law enforcement or other government and regulatory agencies	Sharing of information may be necessary to verify your identity and comply with Anti Money Laundering legislation. We may disclose your personal information if we are asked to do so by the police or any other regulatory or Government authority.
Others	Third parties to whom we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

These companies are required to ensure appropriate security measures are in place and maintain the confidentiality of your personal data, and to use your personal data only in the course of providing such services and in accordance with Legal Eye instructions.

How long is your personal data retained?

We will keep your personal information securely stored for as long as it necessary and we need it to provide you with the services you want from us. We also keep it to comply with our legal and regulatory obligations, to help us to resolve any issues or disputes that may arise.

Depending on what information we hold and what products or services you are signed up to, we may need to retain certain details for longer than others. In every case, we regularly reassess whether we need to hold your personal information and securely dispose of any information that we no longer need.

Managing, reviewing, and updating your information

To ensure we conform to UK GDPR’s principle of data accuracy, you can control the personal data that you provide to Legal Eye and exercise your data protection rights. If there is a change required or an error in any of the personal information you have put into our systems, you may be able to amend your details by logging in to your account, or notify us, and we will update your records in our systems.

Where we have introduced you to another organisation, we are unable to update your details with them and you will need to contact them personally to notify them of these changes.

Your legal rights regarding your personal data

After these retention periods if there is no other on-going client relationship your personal data will either be securely deleted or anonymised so that it can be used for statistical purposes but without any method of identifying you individually. You have the right to:

• Request access to your personal data.
  This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data.
  This enables you to have any incomplete or inaccurate data corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data.
  This enables you to ask us to delete personal data where there is no good reason for us continuing to process it. You can also to ask us to delete your personal data where you have successfully objected to the processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to delete the data for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Object to processing of your personal data
  Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• Request restriction of processing of your personal data.
  This enables you to ask us to suspend the processing of your personal data in the following scenarios:
  • if you want us to establish the data’s accuracy;
  • where our use of the data is unlawful but you do not want us to erase it;
  • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  • you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Request the transfer of your personal data to you or to a third party.
  We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw consent at any time where we are relying on consent to process your personal data.
  However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Questions

If you have any questions or complaints relating to how we use your personal data, or if you wish to exercise any of your rights regarding your personal data, please contact the Data Protection Officer:

In writing: Data Protection Officer

Masters Court
Church Road
Thame
Oxon
OX9 3FA

We will respond to you as soon as is possible. The length of time will depend on the type and complexity of the request, but you will receive a response no later than one month from the initial request.

What if I am still not satisfied?

If you are not satisfied with how Legal Eye has responded to your enquiry, you have the right to complain to the Information Commissioner’s Office (ICO), who is the regulator for data protection in the United Kingdom. Their website is https://ico.org.uk.