Preston Legal Privacy Policy

Introduction and purpose

Preston Legal (we, our, us, the Firm) is committed to protecting the privacy and security of personal information. This policy describes how we collect and use personal information about you.

The Firm is a ‘data controller’. This means that we are responsible for deciding how we hold and use personal information. We are required under data protection laws to notify you of the information contained in this policy.

For the purposes of this policy:

Clients includes natural persons who have engaged us to provide legal advice to them in their personal capacity;

Instructing officers includes natural persons who have instructed us on behalf of a company, partnership, trust, estate, agency, department, corporate body of any description or any other group or organisation; and

Subscribers includes natural persons that have signed up to one of our newsletters or bulletins, have attended or registered to attend one of our events or follow us on social media or are a contact of the Firm or client intermediary.

This policy applies to the personal information of past and present clients, instructing officers and subscribers. Please note that you may fall in to more than one of these categories so we may hold your personal information in a number of capacities.

Data protection contact

All questions, requests and communications in relation to this policy should be sent to info@prestonlegal.co.uk or sent by post to Preston Legal, 27 Hill Street, St Helier, Jersey, JE2 4UA.  If you have any concerns about the way in which we monitor, store and use your information, or for more information concerning your rights in relation to the information we hold, you may contact the Office of the Information Commissioner in Jersey (email: enquiries@jerseyoic.org; telephone: +44 (0)1534 716530).

We reserve the right to make changes to this policy. Any changes to this policy will be posted on our website and will only apply prospectively and not retrospectively.

  • The Data Protection Principles

We will comply with data protection law. The law says that the personal information that we hold must be:

  • processed lawfully, fairly and in a transparent manner;

  • collected for specified, explicit and legitimate purposes and once collected, not further processed in a manner incompatible with those purposes;

  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

  • accurate and, where necessary, kept up to date, with reasonable steps being taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

  • kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed; and

  • processed in a manner that ensures appropriate security of the data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

  • The kind of information that we hold about clients and instructing officers

Personal data, or personal information, means any information about an individual from which that person can be identified, directly or indirectly, by reference to (but not limited to) an identifier such as (a) a name, an identification number or location data; (b) an online identifier; or (c) one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the person.

There are some ‘special categories’ of more sensitive personal data which require a higher level of protection.

We collect, store and use some or all of the following categories of personal information about clients and instructing officers:

  • Client on-boarding information: name, title, job title, address, telephone number, email address, photographic identification, date of birth, credit or compliance checks.

  • Client file information: name, title, job title, address, telephone number, email address, bank account details. Information may be provided by the relevant individual to whom the information relates, or by a family member or employer or business associate of such person, or by intermediaries (such as the person’s other legal, tax or other advisers).

  • Matter file information: The categories of personal information that we hold about you for the purposes of specific matters that we are providing advice on will vary according to the type of matter. Where we have collected this information other than from you, we will always ask you to confirm its accuracy. By way of example this category may include, amongst other things: tax details, marriage details, employment details, directorships, shareholding details or personal correspondence.

  • Relationship information: name, title, job title, address, telephone number, email address, client relationship details (length of relationship, Firm contacts engaged with, meetings, calls and other engagement with the Firm), services details (departments used, number of engagements, references, reviews and testimonials) and dietary preferences.

  • Marketing information: name, title, job title, address, telephone number, email address, company, engagement details (click-throughs, open rates, bounce rates, return to sender notifications) event attendance history, dietary preferences, payment details and marketing preferences.

  • Social media information: username, company details and engagement details (likes, retweets, shares, reactions, comments).

  • Monitoring: CCTV footage, vehicle details, swipe/fob records, PC login details, use of our IT and communications systems.

We may also collect, store and use the following ‘special categories’ of more sensitive personal information about clients and instructing officers:

  • Relationship information (sensitive): special access requirements, allergies.

  • Matter information (sensitive): The categories of personal information that we hold about you for the purposes of specific matters that we are providing advice on will vary according to the type of matter. Where we have collected this information other than from you, we will always ask you to confirm its accuracy. By way of example this category may include, amongst other things: race or ethnicity, political opinions, philosophical or religious beliefs, trade union membership, genetic or biometric data, medical conditions, prescriptions, surgeries, therapies, medical history, disabilities, and details of sex life and sexual orientation.

  • Criminal records: criminal convictions and offences and alleged criminal activity.

  • How we collect clients’ and instructing officers’ personal information

We collect personal information in categories (a) and (b) directly from clients and instructing officers as part of our file opening process.

We collect personal information in categories (c), (i) and (j) directly from clients and instructing officers as we take instructions in relation to specific matters. We may also obtain further information about specific matters from other sources including publicly available registers, court transcripts, credit and compliance searches.

We collect personal information in categories (d) and (e) directly from clients and instructing officers over the course of our relationship. We may also collect further information from public sources such as companies’ registries or market information providers.

We collect personal information in category (f) and (h) either from clients and instructing officers directly or from social media platforms when clients engage with our social media accounts such as Linkedin.

We collect personal information falling within category (g) when clients or instructing officers visit our premises or use our IT or communications systems.

We do not permit the provision of personal information through our website through any registration or subscription functionality or other means. The website may, however, use cookies (as to which please see the statement “Cookies” on the website), which may provide us with anonymous information about a user’s visits to the website and how the user uses it (for example, their IP address, browser type, number and length of visits and the referral source, ie the path they took to reach the website).

Our website contains links to websites of certain third parties who we consider may be of interest to or relevant to users of our website. If a user accesses other websites through such links, they should review and consider the privacy policies of the relevant third party. Preston Legal does not endorse and is not responsible for such privacy policies or the storage, monitoring or use of information by such third parties.

  • How we use clients’ and instructing officers’ personal information

We will only use personal information when the law allows us to. The law says that we must identify a lawful basis for each use of personal data. We rely on a number of lawful bases, including:

  • Where we have obtained specific consent from you to use your personal information in certain ways.

  • Where we need to perform a contract that we have entered into with you or to take steps you have requested with a view to entering into a contract.

  • Where we need to comply with a legal obligation.

  • Where it is necessary for us to use personal information to pursue our legitimate interests (or those of a third party) and we believe that using personal information in that way is not unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the individual concerned.

Below, we have set out the purposes for which we use each category of personal data and the lawful bases which are relevant to those purposes.

We use your client on-boarding information to conduct certain compliance checks that we are required to carry out by law, these include conflict of interest, ‘know your client’ and anti-money laundering searches. Our lawful basis for this is that we have a legal obligation to conduct these checks.

We use your client file information for communicating with you in the course of our engagement, this includes taking your instructions, providing legal advice and invoicing our fees and disbursements. For clients, our lawful basis for this is that it is necessary in order to perform the contract for legal services that we have with you. For instructing officers, our lawful basis for this is that it is necessary in order to pursue the legitimate interest of the entity you represent in seeking legal advice.

We use your matter file information to provide legal advice to you. For clients, our lawful basis for this is that it is necessary in order to perform the contract for legal services that we have with you. For instructing officers, our lawful basis for this is that it is necessary in order to pursue the legitimate interest of the entity you represent in seeking legal advice.

We use your relationship information to manage and strengthen our relationship with you, this includes linking the work that we do across different practice areas to ensure that you receive a seamless, streamlined service at all times. Our lawful basis for this is necessary in order to pursue our legitimate interests in creating deep and lasting relationships with our clients and with instructing officers.

We use your marketing information for marketing purposes, this includes contacting you with relevant newsletters, bulletins and other information about our services, inviting you to events and measuring engagement with our communications to ensure that the content that we create is relevant and useful. Our lawful basis for this is your consent. You have the right to withdraw this consent or amend your marketing preferences at any time by contacting info@prestonlegal.co.uk.

We hold your social media information in the course of operating our social media accounts on LinkedIn and other social media outlets. Our lawful basis for this is that it is necessary in order to pursue our legitimate interest in maintaining a visible, engaging and relevant social media presence.

We use monitoring to ensure network and information security, including preventing unauthorised access to our systems and preventing malware distribution and to ensure compliance with our IT and communications policies. Our lawful basis for this is our legitimate interests in securing our information and systems.

‘Special categories’ of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. Below we have identified the further justification on which we are relying to process clients’ and instructing officers’ special category personal data. We have in place an appropriate policy and safeguards which we are required by law to maintain when processing such data.

We use relationship information (sensitive) to ensure that our offices and events are inclusive and accessible to all our clients. Our lawful basis for this is our legitimate interest in ensuring that clients and instructing officers can access and make use of our offices and events. Our further justification is that any information that we use to ensure accessibility is information that you have manifestly made public.

We use matter information (sensitive) to provide legal advice to you. For clients, our lawful basis for this is that it is necessary in order to perform the contract for legal services that we have with you. For instructing officers, our lawful basis for this is that it is necessary in order to pursue the legitimate interest of the entity you represent in seeking legal advice. Our further justification is that it is necessary for the establishment, exercise or defence of legal claims.

We use criminal records to provide legal advice to you. For clients, our lawful basis for this is that it is necessary in order to perform the contract for legal services that we have with you. For instructing officers, our lawful basis for this is that it is necessary in order to pursue the legitimate interest of the entity you represent in seeking legal advice. Our further justification is that it is necessary for the purpose of obtaining legal advice.

  • The kind of information that we hold about subscribers

We collect, store and use some or all of the following categories of personal information about subscribers:

  • Relationship information: name, title, job title, address, telephone number, email address, client relationship details (length of relationship, Firm contacts engaged with, meetings, calls and other engagement with the Firm), services details (departments used, number of engagements, references, reviews and testimonials) and dietary preferences.

  • Marketing information: name, title, job title, address, telephone number, email address, company, engagement details (click-throughs, open rates, bounce rates, return to sender notifications) event attendance history, dietary preferences, payment details, reviews, case studies, testimonials and marketing preferences.

  • Social media information: username, company details and engagement details (likes, retweets, shares, reactions, comments).

  • Monitoring: CCTV footage, vehicle details, swipe/fob records, PC login details, use of our IT and communications systems.

We may also collect, store and use the following ‘special categories’ of more sensitive personal information about subscribers:

  • Relationship information (sensitive): special access requirements, allergies.

  • How we collect subscribers’ personal information

We collect personal information in categories (k), (l) and (o) directly from you over the course of our relationship, this may be when you introduce us to a prospective client, or sign up to a newsletter, when you instruct us on a matter, when you attend one of our events, or some other time when you engage with us directly. We may also source some of this information from other sources such as your organisation’s website.

We collect personal information in category (m) either from you directly or from social media platforms when you engage with our social media accounts on Linkedin and other social media outlets.

We collect personal information falling within category (n) when you visit our premises or use our IT or communications systems.

  • How we use subscribers’ personal information

We will only use personal information on the same basis as that for clients and instructing officers

Below, we have set out the purposes for which we use each category of personal data and the lawful bases which are relevant to those purposes.

We use your relationship information to manage and strengthen our relationship with you, this includes linking the work that we do across different practice areas and offices to ensure that you receive a seamless, streamlined service at all times. Our lawful basis for this is necessary in order to pursue our legitimate interests in creating and maintaining deep and lasting relationships with our contacts.

We use your marketing information for marketing purposes, this includes contacting you with relevant newsletters, bulletins and other information about our services, inviting you to events and measuring engagement with our communications to ensure that the content that we create is relevant and useful. Our lawful basis for this is your consent. You have the right to withdraw this consent or amend your marketing preferences at any time by contacting info@prestonlegal.co.uk.

We hold your social media information in the course of operating our social media accounts. Our lawful basis for this is that it is necessary in order to pursue our legitimate interest in maintaining a visible, engaging and relevant social media presence.

We use monitoring to ensure network and information security, including preventing unauthorised access to our systems and preventing malware distribution and to ensure compliance with our IT and communications policies. Our lawful basis for this is our legitimate interests in securing our information and systems.

We use relationship information (sensitive) to ensure that our office and events are inclusive and accessible to all our clients. Our lawful basis for this is our legitimate interest in ensuring that clients and instructing officers can access and make use of our offices and events. Our further justification is that any information that we use to ensure accessibility is information that you have manifestly made public.

  • If you fail to provide personal information

If you fail to provide certain personal information when we request it, we may not be able to perform our contract with you properly (such as providing you with legal advice) or we may be prevented from achieving our legitimate interests (such as engaging with you on social media).

We have a statutory obligation to conduct the checks that we use for the client on-boarding information of clients and instructing officers. If you choose not to provide that information, we will not be able to engage you as a client of the Firm.

  • Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the lawful basis which allows us to do so.

  • Automated decision-making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making without your explicit written consent where: it is necessary for entering into, or the performance of, a contract between you and the Firm; is authorized by a different relevant law to which the Firm is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests.

We may use an electronic system that will automatically select certain clients, instructing officers and subscribers for certain marketing communications.

  • Data sharing

We share your data with third parties, including third-party service providers, courts and other lawyers. We require all third parties to respect the security of your data and to treat it in accordance with the law.

Third-party service providers require access to your personal data in the course of providing their services to us. We engage third parties to provide the following services: public relations and marketing, IT support, dictation services, practice management systems, document management systems, case management systems, printing and reprographics support, event hosting services, email marketing management systems, survey and polling services and market insight services.

All third parties are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow third parties to use your personal data for their own purposes. We only permit them to access your personal data for specific purposes and in accordance with our instructions.

We may share your personal information with other third parties, for example with a potential purchaser in the context of a potential sale or restructuring of the business. We may also need to share your personal information with a regulator to comply with the law.

Information provided to us by any means (including in hard copy, email or other electronic means) may include personal information and data. Use of email and the internet is not secure. While we are committed to safeguarding your privacy, we cannot ensure and do not warrant the security of any information provided to us electronically.

We use cloud-based document management, IT and accounting systems which involve the transfer of information to certain countries outside the EU. To ensure that personal information receives an adequate level of protection we have put in place appropriate measures to ensure that personal information is treated by third parties in a way that is consistent with and which respects the EU and Jersey laws on data protection.

[Many of our third party service providers are based in the United States of America and host their services on servers based there. This means that your data may be transferred to the US as part of a technical process or for storage. The European Commission has issued an adequacy decision in relation to transfers to the US made under the EU-US Privacy Shield framework.]

  • Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal accounting, or reporting requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Where you have chosen to unsubscribe from marketing communications, we will retain your contact details to ensure that you are not sent any further communications. This information will be held indefinitely.

  • Changes to your data

It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes during your working relationship with us. If your personal information changes, please let us know by emailing info@prestonlegal.co.uk.


Cookie Policy

Your privacy is important to us. 

Upon entering the Preston Legal website your computer may automatically be issued with a Cookie. This is a file that identifies your computer (but not your individual identity) to our server. The information we obtain may include your Internet Protocol or "IP" address (a unique number assigned to each computer connected to the Internet), the date, time and duration of your visit. 

Cookies are small text files that are placed on your computer by websites that you visit.  They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.  Unless you have set your browser to block cookies, this site will place the following cookies on your computer.

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information for internal purposes only. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual by name.

To contact Preston Legal with a data protection query regarding the processing of your personal data, please use the contact us or email info@prestonlegal.co.uk.

Refusing Cookies

You have the option to deactivate Cookies at any time by changing the Cookie settings on your computer. Further guidance on reviewing and amending settings can be found on the help section of your internet browser.