Novum Law recognised in prestigious Chambers & Partners Guide 2024
The team at Novum Law are delighted to be once again recognised as one of the best personal injury law firms in the South West by the leading, independent legal...
You can read our Cookies Policy here.
Novum Law, is a ‘data controller’, which means that we are responsible for deciding how we hold and use your personal information. When we say ‘we’, ‘us’ or ‘our’ in this policy, we are referring to NHLEX Limited, its subsidiaries and all affiliated entities. When we say “you” or “your” in this policy, we refer to any individual whose data we process, including but not limited to:
We are registered as a data controller with the Information Commissioner’s Office as follows:
6 Drakes Meadow, Penny Lane, Swindon SN3 3LL – Registration number: ZA013437.
Personal data we collect about you
How your personal data is collected
Legal grounds for using your personal information
How we use your personal information
How we use your special category data
Who we share your personal data with
Transferring your personal data out of the EEA
Keeping and storing your personal data
Withdrawing your consent
Keeping your personal data secure
Processing of data belonging to children or young people
How to contact us
How to complain
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are ‘special categories’ of more sensitive personal data which require a higher level of protection. The personal data about you which we collect, store, and use may include but is not limited to the following categories:
We collect most of your personal data from you directly. However, we may also collect information via/from third party sources. Those third party sources include but are not limited to:
We will only process your personal information where we have a lawful basis for doing so. Under the General Data Protection Regulation, there are six lawful bases, four of which are applicable to our business and the processing of your personal information. We have given some examples of where each basis applies, as follows:
Some of the above grounds for processing can overlap and there may be several grounds which justify our use of your personal information.
We may use your data in the following ways:
‘Special category data’ requires higher levels of protection. We may only process your special category data if we have a lawful basis and a specific condition for doing so. The following four conditions are most relevant to how we process your special category data:
In limited circumstances, where we need to process your special category data and we cannot rely on any of the four conditions set out above, we will only process it with your explicit, written consent.
We may use your special category data in the following ways:
In the course of carrying out our work and your instructions we sometimes need to share your personal data with third parties, including but not limited to:
We only allow third parties to handle your personal data if we are satisfied they take appropriate measures to protect it. If we share personal data with them, they will process that data as a data controller or a data processor, dependent upon how they will process that data, and in accordance with the data-sharing requirements of the GDPR. We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share personal data with other third parties, such as potential buyers of some or all of our business, or during a restructuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
In delivering our services to you, it is sometimes necessary for us to share your personal data outside the EEA. This might arise where, for example, you are domiciled overseas, your matter has an international dimension or where our service providers are located outside the EEA. Any transfers of personal data outside the EEA are subject to special rules under the GDPR. We will, therefore, put in place appropriate safeguards where we transfer your information outside of the EEA by either:
The security of your personal data is of paramount importance to us. The majority of the personal data we hold is stored electronically, in our secure IT systems, or in hard copy, either at our secure office premises or at a secure offsite archive provider. It may also be stored by third parties processing your data on our behalf (see who we share your data with) but in accordance with a data-sharing agreement.
We retain your personal data in accordance with our Terms of Business and our Retention Policy (a copy of these policies can be requested by contacting us directly). We do so for one (or more) of the following reasons:
Different retention periods apply for different types of data. Please contact us if you would like to see a copy of our Retention Policy (a copy of this policy can be requested by contacting us directly).
Where we process your personal data on the lawful basis of having obtained your specific consent, you are welcome to withdraw that consent at any time. Please contact us to let us know (see the How to contact us section below).
Under the GDPR you can exercise a number of rights, as follows:
You will not have to pay a fee to exercise any of your rights, however, we may charge a reasonable fee if a request for access is clearly unfounded or if it is deemed to be excessive. Alternatively, we may refuse to comply with a request in such circumstances. We will ask for proof of identity before we provide any personal information, to prevent any unauthorised access.
If you would like to exercise any of these rights, please contact us — see below ‘How to contact us’.
We have security measures which strive to prevent personal data from being accidentally lost, or used or accessed unlawfully. We follow strict procedures as to how your personal information is processed, to prevent any unauthorised person obtaining access to it. All personal information you register on our website will be located behind a firewall and we will use our strict procedures and security features to try to prevent unauthorised access to our systems. Unfortunately, the transmission of information via the internet is not completely secure and although we strive to protect your personal data, we cannot absolutely guarantee the security of your data. Those processing your information within our business and on our behalf, will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We may find it necessary to process the data of children or young people for whom we act or where their data is relevant to a matter on which you have instructed us.
Children under the age of eleven are unlikely to be able to grasp the concepts involved in their data rights and so we have produced a separation introduction to those concepts. Please contact us for a copy of that document.
Children who are able to understand the relevant concepts, or with whom we are engaging online and are over the age of 13, control the rights to their own data. For those young people, we have produced a separate document which summarises their rights. Please contact us for a copy of that document.
If you would like to contact us to discuss any aspect of this Policy, please contact us directly. Our contact details are displayed prominently on this site.
We will work to resolve any query or concern you may raise about our use of your information. However, the General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at telephone: +44 0303 123 1113.
This policy will be regularly reviewed and updated.
Dated: 16 December 2019
Why choose us?
As expert solicitors focusing on serious personal injury and medical negligence, you can trust us to get the best results for you and your family.
We understand what you are going through, and we will be there for you every step of the way throughout your claim and beyond.
Our No Win No Fee guarantee means you can make a risk-free compensation claim with no legal costs or charges if your claim is unsuccessful.
Specialist rehabilitation, medical care and support can make a huge difference in your life. We work with the best providers to get the treatment you need.
The professionalism with which you have handled my claim put my mind at ease and was less stressful than I could have imagined.
Going with Novum Law was the best thing I’ve ever done.
Novum won the case for me, and helped me get my life back together
I would have no hesitation in recommending Novum Law and your services.
Are you happy to give your consent?
Contact our office
Make an enquiry