Imperia Law Ltd ("we", "our", "us") are committed to safeguarding your personal data. This Privacy Policy explains how we collect, use, store, and share your data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and our obligations under the Solicitors Regulation Authority (SRA) Codes of Conduct. We handle your data with transparency and integrity, ensuring that we respect your privacy and data rights.

Data Controller: Imperia Law Ltd
SRA Number:  8011859
Registered Office: Office 109, The Shed, Sergeants Yard, Bordon, Hampshire, GU35 0DJ
Email: dataprotection@imperia-law.com

Telephone:  01252 958 731

Term

Personal Data

Special Category Data

Data Controller

Data Processor

UK GDPR

Definition

- Any information that identifies or can identify an individual.

- Sensitive data such as health information, racial or ethnic origin, religious beliefs, or trade union membership.

- The entity responsible for deciding how and why personal data is processed.

- A third party that processes data on behalf of the Data Controller.

- The UK General Data Protection Regulation, which governs data protection in the United Kingdom.

1. What Personal Data We Collect

We collect various types of personal data to provide legal services, manage operations, and meet legal obligations.

  • Identity Data: Name, date of birth, gender, nationality, passport details.
  • Contact Data: Home and business addresses, email addresses, telephone numbers.
  • Financial Data: Bank account details, payment history, source of funds for AML checks.
  • Case-Related Data: Documentation, contracts, and other relevant information related to your legal matters.
  • Special Category Data: Data relating to racial or ethnic origin, religious beliefs, or health information, where necessary.
  • Technical Data: IP addresses, browser type, operating system, and website usage data.

2. How We Collect Your Data

We collect personal data through multiple channels, including:

  • Direct Interactions: Consultations, emails, phone calls, and in-person meetings.
  • Forms and Documents: Completion of forms, both physical and online.
  • Third Parties: Other professionals (e.g., barristers, courts, AML/KYC providers), and regulatory bodies.
  • LEAP CMS: Our case management system stores client data, case files, and time tracking records securely.
  • Website Interactions: Use of cookies and analytics tools.

3. Lawful Basis for Processing Personal Data

We process your personal data based on the following lawful grounds:

Purpose

Providing legal advice and representation

Compliance with legal obligations

Managing client relationships and operations

Marketing legal services

Sharing with external parties (e.g., courts)

Conducting AML/KYC checks

Lawful Basis

- Performance of a contract

- Legal obligation (e.g., AML regulations, SRA compliance)

- Legitimate interests

- Consent or legitimate interests (opt-out available)

- Performance of a contract or legal obligation

- Legal obligation

4. How We Use Your Personal Data

We use your data to:

  • Provide legal advice, representation, and related services.
  • Conduct identity verification and AML/KYC checks, Process payments and manage financial records.
  • Manage client records via LEAP CMS, including document management, time tracking, and billing.
  • Communicate with courts, tribunals, barristers, and external legal professionals
  • Conduct internal audits and regulatory compliance checks.
  • Improve website functionality and user experience.
  • Send relevant updates and marketing materials (where consent has been provided)

5. Data Sharing with Third Parties

We may share your data with trusted third parties where necessary to provide legal services or comply with legal obligations.

Third Parties We May Share Data With:

  • Barristers, Counsel, and Expert Witnesses for case support.
  • Courts, Tribunals, and Government Agencies for legal proceedings.
  • AML/KYC Providers for identity verification and due diligence checks.
  • Outsourced Administrative Services (e.g., transcription, file archiving) bound by confidentiality agreements.
  • IT Providers supporting our LEAP CMS, secure email servers, and cloud storage.
  • PII Insurers and Regulatory Authorities (e.g., SRA, ICO) when legally required.

All third parties are contractually obligated to maintain data confidentiality and comply with UK GDPR.

6. Data Retention

We only retain your personal data for as long as necessary to:

  • Fulfil the purposes outlined in this Privacy Policy.
  • Comply with legal, tax, and regulatory obligations.
  • Defend against potential legal claims.
  • Standard Retention Period: 6 years post-closure of a legal matter, unless longer retention is legally required (e.g., trust-related cases)

7. Data Security Measures

We implement strict data security protocols to prevent unauthorised access, data breaches, and loss of data.

  • Encryption: All data stored within LEAP CMS and our email systems is encrypted.
  • Access Controls: Data access is limited based on user roles and responsibilities.
  • Two-Factor Authentication (2FA): Applied to critical systems.
  • Regular Security Audits: Ensuring compliance with data protection best practices.
  • Data Breach Response Plan: Immediate containment and notification protocols in line with ICO guidelines.

8. International Data Transfers

We may transfer data outside the UK or EEA if necessary (e.g., for cloud storage or international legal matters).

Safeguards Implemented: Standard Contractual Clauses (SCCs), Adequacy Decisions recognised by the UK Government, Data Processing Agreements with non-UK service providers.

9. Your Data Rights Under UK GDPR

You have the following rights regarding your personal data:

Right

Access

Rectification

Erasure ("Right to be Forgotten")

Restrict Processing

Data Portability

Object to Processing

Withdraw Consent

Lodge a Complaint

Description

Request a copy of your personal data.

Correct inaccurate or incomplete personal data.

Request deletion of your data under certain circumstances.

Limit how your data is used in specific situations.

Receive your data in a structured, machine-readable format.

Object to data processing based on legitimate interests or for direct marketing.

Withdraw consent at any time where processing is based on consent.

File a complaint with the ICO if you believe your rights have been infringed.

To exercise any of these rights, contact: dataprotection@imperia-law.com

10. Green Practices & Environmental Responsibility

At Imperia Law Ltd, we are committed to sustainable and environmentally responsible practices.

  • Paperless Operations: Wherever possible, we use electronic case files and limit paper usage.
  • Secure Digital Communication: Encouraging the use of encrypted emails and online document sharing over physical mail.
  • Cloud Storage: Reducing on-premise energy consumption through secure cloud-based storage solutions.
  • Eco-Friendly Office Practices: Recycling policies, energy-efficient office equipment, and reducing waste.

11. Cookies & Website Usage

Our website uses cookies to enhance user experience and analyse website traffic.

Cookies We Use:

Essential Cookies: For core site functionality.

Analytical Cookies: To track site usage and improve performance.

Marketing Cookies: For targeted advertisements (only with consent).

You can manage your cookie preferences via our Cookie Banner. For more details, refer to our Cookie Policy.

12. Data Breach Protocol

In the event of a data breach:

  • We will investigate and contain the breach immediately.
  • Affected parties will be notified within 72 hours if there is a high risk to rights and freedoms.
  • The breach will be reported to the ICO if required.

12. How to Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact:

Data Protection Officer
Tel: 01252 958 731

Email: dataprotection@imperia-law.com
Office 109, The Shed, Sergeants Yard, Bordon, Hampshire, GU35 0DJ

13. Complaints

If you are dissatisfied with how we process your data, you can contact the Information Commissioner’s Office (ICO):

Website: www.ico.org.uk
Phone: 0303 123 1113

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect legal changes or operational updates. The latest version will always be available on our website