Privacy Policy

1. Introduction

This Privacy Notice (“Notice”) – together with any other privacy information we may provide on specific occasions – applies to the processing of personal data by KP Law in the course of providing legal services and carrying out its business operations. The Notice sets out the types of personal data KP Law collects, explains how KP Law collects and processes that data, who it shares it with and certain rights and options that you have in this respect.

We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

2. Who we are

When we refer to “KP Law” or “we” in this Notice we mean KP Law Limited, a company incorporated in England & Wales with registered number 11937792 and registered address at 81 Chancery Lane, London, England, WC2A 1DD. We are registered with the Information Commissioner’s Office under registration number ZA653311. KP Law is a 100% subsidiary of Asertis Ltd

3. How we collect and use (process) personal information

We collect and process personal data for following categories of data subjects: 

  • Job applicants
  • Clients, counterparties, and other litigants
  • Business contacts which include suppliers, consultants, advisors
  • Visitors to our website 
  • Recipients of our marketing activities

4. Job Applicants

All of the information you provide during the application process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the United Kingdom or the European Union unless we have appropriate contractual clauses with the entity with whom we share such information. We verify that any data transfer outside of the UK or EEA is subject to UK or EU adequacy requirements, Standard Contractual Clauses or other transfer tools which comply with data protection legislation. The information you provide will be held securely by us whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

4.1.1    Application Stage

At the application stage, we ask you for

  • Contact details- name, address, phone number and email address
  • Your previous experience- details of your education, work history, referees and answers to questions relevant to the role you have applied for

You may also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information will not be made available to any staff outside of our recruitment and HR team in a way which can identify you. Any information you do provide, will be used only to produce and monitor equal opportunities statistics.

4.1.2 Selection Stage

Our hiring managers shortlist applications for interview. They will not be provided with your equal opportunities information if you have provided it.

We might ask you to attend an interview or take a written test. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by us.

At this stage we will ask you to provide contact details of previous employers/colleagues, their details and their answers and/ or opinions will be retained by us. We will also conduct an ID verification and check your right to work in the UK if appropriate.

4.1.3 How long is the information retained?

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 12 months from the first receipt. Information generated throughout the assessment process, for example interview notes, is retained by us for 12 months following the closure of the campaign.

If you are successful in your application, we will retain your information in accordance with our Privacy Notice for Employees, Workers and Contractors. A copy of this Notice will be provided to you with your offer letter.

Our lawful basis for processing your personal data are article 6(1)(b) of the UK GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract, and article 6(1)(f) for the purpose of our legitimate interests.

4.2 Clients including potential clients, litigants and counterparties

If you are a client or potential client, we will collect personal information about you in the course of our services, including the provision of legal advice and representation of our clients in legal matters.

 We may collect the following information about you:

  • Contact details – name, postal address, email address, contact numbers
  • Identity data– date of birth, civil status, passport (or other ID) number, photographic identification, your live image (when required to confirm your identity), gender, tax/NI number and status, driving licence
  • Depending on the case we will collect-
    • Vehicle ownership details– period of ownership, bank statement, lease agreement
    • Work information– earnings, job title and employment history, educational and professional background, leave records, travel history
    • Financial and payment data: your bank account details and other data necessary for payment processing and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information, financial assets owned by you and your family,
    • Details about your family, names, age, contact details of spouse, children, dependents, financial assets owned by them
    • Pension & Investment information – including details of historic and current pensions and any investments held
  • Transaction data including details about services purchased from us
  • Call recordings taken in order to monitor the quality of calls and for training purposes.
  • Special category data
    • Health information– physical and mental health, medical history, leave and sickness records, disability information
    • Other sensitive personal data– information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, sexual life and sexual orientation or details of criminal offences

We may also receive personal information from third parties including lead generators, other law firms or business contacts. Any such information provided to us is used solely for providing our services and is handled strictly as per our data protection procedures.

Only information that is relevant to the case is collected. As a counterparty or litigant, information about you may be provided to us by our clients or other third parties because you are the subject of, or otherwise included in, legal advice or representation we have been asked to provide to such clients.

4.2.1 How do we process this data?

We use this data for following purposes:

  • To fulfil a contract with you or to take steps to enter into a contract with you at your request. This includes:
    • to register you as a client of KP Law
    • to provide and administer legal services or other services or solutions, as instructed by you or your organisation
    • to provide legal advice to our clients
    • to communicate with you as required for the purposes of providing our legal services and responding to your enquiries, by post, phone, SMS, email or other digital, electronic and social media messaging services, using the contact details you have provided to KP Law
    • to process payments, billing and collection
  • To carry out conflict of interest checks, risk and compliance checks and background checks, where permitted and where we consider it appropriate
  • For the purpose of preventing money laundering or terrorist financing unless such processing is permitted by law or the client consents to any alternative use of the data.

Our lawful basis for processing your personal data is article 6(1)(b) of the UK GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract.  

4.3 Business contacts

If you are a supplier, service provider, advisor, or consultant, we may process following data about you:

  • Contact details – name, work email address, contact numbers
  • Professional details- name of employer, job role, educational or professional background
  • If you have access to any of our web-based platforms- username and password

We use this information to enter into and fulfil a contract with you, to administer and manage our relationship with you including accounting, payment processing activities.

4.4 Visitors to our website

When you visit our website, we use third-party services to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to various parts of the website. The information is only processed in a way which does not identify any individual.

When you complete a contact form on our website or use the email for enquiries, we will use the information provided by you only for the purpose of providing you with an appropriate response.

Visitors to our office premises – we may retain information about your visit as will reception staff whether employed by us or otherwise. We work across a variety of buildings and our landlords may record CCTV images as well as physical access logs. These details may be shared with us from time to time.

Our lawful basis for processing your personal data is either Article 6(1)(a) of the UK GDPR, for example when we require your consent for the optional cookies we use, or Article 6(1)(f) which allows us to process personal data for our legitimate interests.  

4.5 Marketing Data

We hold name and contact details of individuals who have expressed interest in hearing from us about our services or have engaged with us for supply of our services in the past. All direct marketing activities to such individuals shall comply with relevant privacy and regulatory requirements.

4.5.1 How is your personal data collected?

You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • engage us to provide services
  • subscribe to our publications
  • request marketing material to be sent to you
  • when you participate in our events
  • complete one of our enquiry forms or
  • provide us with feedback

We may also receive your information indirectly from third party partners.

Our lawful basis for processing your personal data is Article 6(1)(f) which allows us to process personal data when it’s necessary for our legitimate interests.  You can at any time opt out from receiving marketing communications from us.

5. When and how do we share your personal data?

We may share your personal data in following circumstances:

  • Internally with staff members who require your information to provide our services and who have received training in data protection
  • With our professional advisors, including our legal advisors, financial advisors, insurers, accountants, auditors or other consultants to the extent they require this information to provide their services to us
  • With barristers, consultants, mediators and other experts when this is necessary for them to perform their tasks in relation to the establishment, exercise or defence of legal claims or other legal or regulatory proceedings
  • With courts, law enforcement authorities, regulators, government officials or attorneys or other parties where it is legally required or it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, for the purposes of a confidential alternative dispute resolution process, or in the context of similar proceedings
  • With third parties providing IT support and maintenance services, marketing and client support services, data storage services, services for ID checks, money laundering checks, sanctions screening, and checks for credit risk reduction and other fraud and crime prevention purposes; and other financial institutions and credit reference agencies providing services to us
  • With our parent company Asertis Ltd with whom we have a data sharing agreement in place
  • Any third parties with whom you require or permit us to correspond.
  • If we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.

6. Transfers of personal data outside the EEA

There may be occasions where we will need to share your data with entities in third countries, such as when we are using cloud software providers or outsourced contractors which enable us to provide you with the services. We verify that any data transfer outside of the UK or EEA is subject to EU adequacy requirements, Standard Contractual Clauses or other transfer tools which comply with data protection legislation.

7. Automated decision-making

We do not use automated decision-making in relation to your personal data.

8. Security of your personal information

To help protect the privacy of data and personally identifiable information you provide to us, we maintain physical, technical and organisational controls. We update and test our security technology and controls on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

We are certified to IASME governance standard which demonstrates our commitment to security and privacy of your personal information.

9. Data storage & retention

Your personal data is stored by KP Law on the servers of the cloud-based services and IT service providers we engage, as well as in physical forms in our office and at backup and archive facilities.

We will continue to keep your personal data for as long as this is necessary to fulfil the purposes for which we collect and use it, as these are explained in this Notice, including for complying with our legal and regulatory obligations (for example auditing, reporting and accounting requirements), for the provision of legal services and for the establishment or defence of legal claims.

Where data is stored on basis of consent, we provide such information at the time consent is taken.

For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at dataprotection@kpl.co.uk

10. Data Subject Rights and how to contact us

We have appointed a Data Protection Officer for you to contact if you have any questions or concerns about our personal data policies or practices. If you are concerned about an alleged breach of privacy law or any other regulation by us, please contact our Data Protection Officer at dataprotection@kpl.co.uk who will ensure that your complaint is investigated.

You have the right to ask if KP Law is processing your personal data, and to have access to the personal data we may have about you.

Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent, this will not affect any processing which has already taken place.

You also have a right to request correction of inaccurate information, deletion of information in certain circumstances, and to instruct us to stop processing your information. We are obliged to honour such requests as per the regulatory requirements unless we are unable to do so for legal reasons. If you’d like more information or would like to make such a request, please contact our DPO as stated above.

If you are concerned about how we handle your personal data you can contact us in the first instance at dataprotection@kpl.co.uk. If after our review you are still not satisfied you have a right to complain to the Information Commissioner’s Office (ICO).  The ICO can be contacted here:

Information Commissioner’s Office
Wycliffe House
Water Lane

Telephone: 0303 123 1113

Last Updated: March 2024