NLS Legal privacy notice
A privacy notice is a public statement of how an organisation applies data protection principles to processing data and provides information about how information is collected.
NLS Legal (“the firm”) is integrated into Nottingham Law School, which is one of the schools within Nottingham Trent University (“NTU”), and a wholly owned subsidiary of NTU. NLS Legal, an exempt charity, is fully regulated as an Alternative Business Structure (ABS) by the Solicitors Regulation Authority.
NLS Legal is committed to protecting the privacy and security of your personal information. This Privacy Notice provides important information about the firm and its associated entity NTU. NLS Legal is physically located within the NTU city campus. For the purpose of this Privacy Notice references of “we” or “us” relate to both NLS Legal and NTU. This Privacy Notice identifies and manages how we deal with our Data Protection responsibilities in accordance with our legal and regulatory obligations.
NLS Legal encourages you to review the privacy statements of any websites you choose to navigate to from the firm’s website (or navigate from to our website) or digital services that we provide links to so that you can understand how those websites collect, use and share your information as well. Any third party sites that you can access through the website are not covered by this Privacy Notice and we accept no responsibility or liability for these sites.
Nothing in this Privacy Notice will alter NLS Legal’s obligation to our clients under the Solicitors Regulation Authority rules and procedures.
Who we are
NLS Legal and NTU are data controllers which means we are responsible for deciding how we hold and use personal information about you.
This Privacy Notice applies to any NLS Legal enquirers, clients or users (“you” or “your”) or services that link to it (collectively, our “Services”). Occasionally, a Service will link to a different Privacy Notice that will outline the particular privacy practices of that Service. Such as:
Please read this Privacy Notice carefully and contact our Data Protection Officer if you have any questions about our privacy practices or your personal information choices.
Data Protection Officer
Nottingham Trent University Address: 50 Shakespeare Street, Nottingham, NG1 4FQ
Alternatively, please contact the NLS Legal Compliance Officer for Legal Practice (COLP) firstname.lastname@example.org who may be able to assist.
We may need to update this Privacy Notice from time to time. When changes made to this Privacy Notice are considered to be material, we will notify you of such changes.
NLS Legal is committed to the responsible handling and protection of personal information.
Personal Data, or personal information, means any information about an individual from which that person (a “Data Subject”) can be identified. It does not include data where the identity has been removed (anonymous data). The information will be Personal Data if a person can be identified either directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. For example, personal data may include names, addresses, email addresses and telephone numbers; it may also include images in photographs or films and recorded telephone conversations.
Why we process your data
We collect, use, disclose, transfer, and store personal information to provide Services to you and for our operational and business purposes as described in this Statement. We want to be clear about our privacy practices so that you are fully informed and can make choices about the use of your information, and we encourage you to contact us at any time with questions or concerns. You can email the Data Protection Officer at DPO@ntu.ac.uk or COLP at email@example.com.
The types of personal information we collect
The categories of personal information that we may collect, store and use about you include (but are not limited to):
- Name, address, phone number, email address, date of birth and gender; *
- If you are contacting us on behalf of a legal enterprise your job title;
- National Insurance number
- Driving license and/or passport details;
- Information relating to the matter in which you are seeking advice or representation from us;
- Existing legal representation and details of previous legal matters;
- Bank statements or utility bills for verification purposes.
In some circumstances, we may need to process sensitive personal information or Special Category Data which includes: racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and Personal Data relating to criminal offences and convictions.
How we collect your data
We typically collect personal information about students of NTU, clients, users and enquirers to our Services either directly or through our legal entity, our partners or service providers to offer Services we think may be of interest and to help us maintain data accuracy and provide and enhance the Services we provide. Apart from the data that you provide to us, we may also process data about you from a range of sources, which include:
- Email and telephone correspondence you have with us;
- Client notes made by our staff or students, relating to your case;
- Records of any potential conflict of interests;
- Through third parties such as referral agents, or NTU and our partners;
- Contact and identity information available from public records (such as Companies House or HM Land Registry);
- Through our Digital Services: which are the NTU website at www.ntu.ac.uk and any other NTU-authorised internet services, websites, products, social media, mobile phone apps and/or software applications that enable you to use, access, view, listen to and/or download NTU content or to interact with us online (or through any other digital means) on any device. We collect information that you provide to us by filling out forms on the website or by corresponding with us through the Digital Services. It includes information that you provide when you participate in discussion boards or other social media functions within the Digital Services, enter a competition, promotion or survey, and when you report a problem with the Digital Services.
We will collect additional personal information in the provision of Services to you throughout the period we act on your behalf.
Our servers, logs, and other technologies automatically collect certain information to help us administer, protect, and improve our Services; analyse usage; and improve users’ experience.
Sometimes personal data is collected by both NLS Legal and NTU. As part of NTU, NLS Legal uses NTU’s IT and other systems, and has appropriate arrangements in place to enable this. This means that, whilst you may deal directly with NLS Legal, some of your personal data will technically be stored on servers of NTU
NTU uses CCTV around campus, and will collect and store information. For full details of our CCTV use, please refer to our CCTV Policy.
How we use data about you
When processing personal data, we rely on a combination of the grounds permitted by data protection law, depending on whether you are a client or member of NTU (including students undertaking activities for and on behalf of NLS Legal):
- The processing is necessary for our legitimate interests (for example, we have a legitimate interest in being able to perform our services optimally and efficiently), or the legitimate interests of a third party, and there is no reason to protect your personal data which overrides those legitimate interests. Examples of processing include: to notify you about changes to our services; to provide management statistics through research using student and client data which may be used by us to enhance the student experience at NTU and enhance our service provision; and to provide you with information on products or services that you may request from us, or which we feel may be of interest to you.
- The processing is necessary for us to comply with any statutory or legal obligation to which we are subject. Examples of processing include: to ensure we comply with our obligations to the Solicitors Regulation Authority and other regulatory or statutory bodies (as applicable) and to ensure compliance with legislation (eg the Prevent Duty under the Counter Terrorism & Security Act 2015).
- The processing is necessary for us to “perform” a contract we have with you, or because you have asked us to take specific steps before entering a contract. Examples of processing include: in the case of NLS Legal clients, the operation and delivery of any services you have requested, including dealing with requests and enquiries; and in the case of NTU students, for the administration of your studies.
- Where you have given consent for us to process your personal data. Examples of processing include to provide tailored advertising and marketing information to you, or to permit selected trusted partners or third parties to provide you with information about goods or services we feel may interest you, where the “legitimate interests“ condition for processing does not apply.
- In limited cases, we may also process data where is it necessary to protect someone’s “vital interests” (either the data subject, or another person). Disclosures may be made to external parties to ensure the safety and wellbeing of individuals; for example, we may share your contact details with emergency health services if you are taken unwell while on the premises.
Where special categories of personal data (see above) are processed, the permitted legal bases for doing so will include:
- Explicit consent of the data subject.
- Processing necessary for employment law or social security law.
- Processing necessary to protect vital interests (see above).
- The processing of personal data manifestly made public.
- The establishment, exercise or defence of legal claims.
- Purposes specified in data protection law as being in the substantial public interest.
- The processing is necessary for reasons of public interest in the area of public health.
- For archiving, statistical and research purposes
Who we share your data with
We may share or disclose personal information when necessary to provide Services or conduct our business operations. When we share personal information, we do so in accordance with data privacy and security requirements. We may occasionally share non-personal, anonymised or pseudonymised, and statistical data with third parties.
Below are the parties with whom we may share personal information and why:
- With His Majesty’s Courts and Tribunals Service, to provide representation for your case;
- With external organisations providing additional legal supervision or support for our Services;
- With Clio (Themis Solutions Inc). Clio, as the case management system provider, will store your data in their cloud (which will only be accessed by authorised NLS Legal staff and students and a limited number of NTU staff that provide support services to NLS Legal);
- With external venues or service providers for the purpose of delivering the Services and NLS Legal organised events;
- We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud;
- We may also use personal information to meet our internal and external audit or governmental requirements, information security purposes, and as we otherwise believe to be necessary or appropriate:
- Under applicable law, which may include laws outside your country of residence;
- To respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence;
- To enforce our terms and conditions; and
- To protect our rights, privacy, safety, or property, or those of other persons.
How long we keep your data for
We will not store your personal information for longer than is necessary. NTU will ensure that our trusted partners and selected third parties with whom we share your personal information in accordance with this Privacy Notice will delete your personal information when they no longer require it.
In determining data retention periods, NTU takes into consideration local laws, contractual obligations, and the expectations and requirements of our data subjects. NLS Legal also takes into consideration regulatory and best practice requirements. When we no longer need personal information, we securely delete or destroy it.
How we secure your data
We have appropriate security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition we limit access to your personal information to those employees, agents, contractors and other third parties who have a business requirement to know.
NTU takes data security seriously, and we use appropriate technologies and procedures to protect personal information.
- Policies and procedures – measures are in place to protect against accidental loss and unauthorised access, use, destruction, or disclosure of data.
- Business Continuity and Disaster Recovery strategies that is designed to safeguard the continuity of our service to our clients and to protect our people and assets.
- Appropriate restrictions on access to personal information.
- Monitoring and physical measures, to store and transfer data securely.
- Data Privacy Impact Assessments (DPIA) in accordance with legal requirements and our business policies.
- Periodic training on privacy, information security, and other related subjects for employees and contractors.
- Vendor risk management.
- Contracts and security reviews on third-party vendors and providers of services.
How we keep your data secure in other countries
Your personal information may be transferred by us or our trusted partners outside of the UK and the European Economic Area (the “EEA”).The trusted partners that may do this are organisations who process data for analysis or marketing purposes, including a marketing automation hub where the email address of recipients will be logged and a record of email delivery, opening, click-through and bounce-backs will be kept. Our partner uses Microsoft’s Windows Azure data centres located in East US (Virginia), West Europe (Netherlands), and Australia East (New South Wales).
NLS Legal has networks, databases, servers, systems, and support located throughout the world. NLS Legal collaborates with third parties such as cloud hosting services, suppliers, and technology support located around the world to serve the needs of NTU, workforce, and students. Your personal information may be shared with record matching and customer targeting partners, including Google, Facebook, Snapchat and LinkedIn. Some of these partners process personal data in Canada and the United States of America.
In some cases, we may need to disclose or transfer your personal information within NLS Legal or to third parties in areas outside of the UK. The areas in which these recipients are located will vary from time to time, but may include the United States, Europe, Canada, Asia, Australia, India, and other countries.
We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. When we transfer personal information from the UK to other countries in which applicable laws do not offer the same level of data privacy protection as in the UK, we take measures to provide an appropriate level of data privacy protection.
In other words, your rights and protection remain with your data, i.e. we use approved contractual clauses, multiparty data transfer agreements, intragroup agreements, and other measures designed to ensure that the recipients of your personal information protect it. If you would like to know more about our data transfer practices, please contact DPO@ntu.ac.uk or the COLP at firstname.lastname@example.org.
We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
- Request erasure of your personal information in limited circumstances. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are processing your personal information on the basis of our legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction or suspension of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Object to any direct marketing (for example, email marketing or phone calls) by us, and to require us to stop such marketing.
- Object to any automated decision-making about you which produces legal effects or otherwise significantly affects you.
- Request the transfer of your personal information to another party.
How to contact us
If you are concerned about any aspect of the service we provide to you, you can use our complaints procedure. Please contact email@example.com asking for the complaints procedure in the subject header. The procedure enables investigation of the concerns with the aim of satisfactory resolution.
Please contact our Data Protection Officer with any requests related to your personal information.
If you are not satisfied with how we manage your personal data, you also have the right to make a complaint to a data protection regulator. The ICO contact details are: https://ico.org.uk/global/contact-us/
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
Whether you are an applicant, client, or a visitor to our website, your privacy is important to us. Our privacy notices will provide you with information on how we collect, use, retain and store your data.
NLS Legal encourages you to review the privacy statements of any websites you choose to navigate to from the NLS Legal website (or navigate from to our website) or digital services that we provide links to so that you can understand how those websites collect, use and share your information as well.
Website cookies and privacy
Student Privacy Notice