We, being Karen Eckstein Ltd (also referred to as ‘us’ and ‘our’ for the purposes of this notice), are committed to protecting and keeping confidential all information you provide to us, subject to certain legal responsibilities set out below.

We ask that you read this Privacy Notice carefully, as it contains important information about us, how and why we collect, store, use and share Personal Data and your rights in relation to your Personal Data. It also explains how to contact us if you have any questions or concerns.

Our client confidentiality obligations are described in our Terms of Business and are not addressed in this Privacy Notice.

By signing the Letter of Engagement which accompanies this Privacy Notice, you are indicating that you understand and accept that your Personal Data may be used by us as described below and within our Terms of Business and, if acting in a representative capacity, you agree to advise your principal that their Personal Data will be dealt with on these terms.

About Us

Karen Eckstein Ltd is a company registered in England and Wales (No. 12498649) and our registered office is at 1 Chapel Lane, Esholt, BD17 7RD.

We collect, use and are responsible for certain personal information (Personal Data) about you. When we do so, we are also regulated under the Data Protection Act 2018 (DPA) and UK General Data Protection Regulations (UKGDPR), by the Information Commissioner, and we are responsible as a controller of that Personal Data.

What is Personal Data?

Personal Data includes name, address, telephone number, email address and any other information which identifies a living person.

How we collect Personal Data

In the course of your matter, we collect, use, store and transfer Personal Data when you provide it to us including:

• Name, address, date of birth, contact information (telephone and email where appropriate), National Insurance Number (where appropriate) and financial data (where appropriate).
• Identity information and documentation.
• Additional information required to enable us to provide the services requested, which may include transaction data; marketing communications and usage data; and/or family, lifestyle, social circumstances and business activities of the person whose details we are processing; and
• Sensitive personal information. If this is the case, the exact nature of this will be dependent on the type of work that you instruct us to undertake. This could include health details, racial or ethnic origin, religious beliefs or beliefs of a similar nature, criminal convictions and sexual orientation.

You are responsible for ensuring the accuracy of all the Personal Data you supply to us, and we will not be held liable for any errors, unless you have advised us previously of any changes in your Personal Data.

If you do not provide information requested by us from time to time, we may not be able to provide services to you or otherwise fulfil the purpose for which we have requested the information.

In some circumstances, we may also collect Personal Data about you from a third party source. For example, we may collect Personal Data from a company for whom you work, other organisations with whom you have dealings, government agencies, a credit reporting agency, a recruitment agency, an information or service provider or from a publicly available record.

How we use Personal Data 

We, our subsidiaries, employees, agents, consultants, and subcontractors, may use your Personal Data and disclose it on a confidential basis to third parties, such as IT suppliers or law firms we work with or our insurers for the following purposes:

• To enable us to provide you with a service in accordance with your instructions and performance of our contract with you.
• For fraud prevention, anti-bribery purposes and/or generally for the prevention or detection of crime, which may include disclosure to relevant third parties.
• To administer your file with us, including credit and conflict searches, providing e-billing services such as invoices and reminder notices, and tracing and collecting any debts, which may include disclosure to relevant third parties where our invoices are overdue for payment.
• Updating existing records if you have instructed us previously.
• Disclosure to other third-party advisers working for you on the same matter as we feel is appropriate and necessary unless you notify us otherwise.
• To improve our services and communications to you. We may record telephone calls and emails to enable us to provide services to you and manage your matter, for training purposes, and to improve client service.
• To manage our business performance, to assess client satisfaction (such as by asking you to participate in surveys), and generally to help improve our services, which may include disclosure to relevant third parties.
• To send you information on news, publications, seminars and events and provide you with further information about our products and services.
• For advertising, marketing and public relations, including sending you direct marketing communications.
• To conduct specific tests on our existing or new systems, networks, applications or software, which may include disclosure to relevant third parties.
• To ensure the safety and security of our people and premises (where we may also use CCTV) which may include disclosure to relevant third parties.
• For disclosures to our auditors, our own legal and other professional advisors, our insurers and insurance brokers.
• Where we are the subject ofa merger or acquisition (M&A) bid in whole or in part, whether an asset or share sale and whether or not the M&A bid completes. If the M&A bid is completed the Personal Data will be owned by the merging or acquiring party.
• Where you have given written consent to such use and/or disclosure.
• Where we are permitted by or as otherwise required by law to do so. This includes circumstances where you have expressly or impliedly consented to such use; and
• Any other purpose for which this information was provided to us or for any purpose related or ancillary to any of the above.

We may share your personal data internally, or with external third parties, but normally only for the purposes of properly progressing your instructions. When your Personal Data is shared with parties with whom we have a business relationship (such as our IT providers, law firms we provide services through, or if we enter into merger, acquisition or sale discussion with a third party), we will ensure that they operate under similar confidentiality requirements or will require them to enter into a confidentiality agreement with us to ensure that any information provided by us to them is kept secure and confidential.

We will not sell, resell, lease or license your Personal Data to any third parties.

There may be occasions when we are under a legal obligation to share Personal Data with law enforcement or other authorities, including the Information Commissioner, our insurers to deal with professional indemnity claims, and accountancy organisations for accounts related work.

Occasionally some of our client files may be audited strictly confidentially by external auditors, consultants or examiners to ensure we meet our legal, quality and financial management standards. We may also disclose information to H M Land Registry, H M Revenue and Customs and other government agencies and organisations that carry out online identity searches. Where we collect your Personal Data specifically for the purpose of online identification searches, we will only use this to verify your identity and address together with any person authorised to act on your behalf to ensure that we have correctly identified the contracting party and are entering into a valid contract with you.

We will not share your Personal Data with any other third party and will not issue any publicity material or information to the media about our relationship and the work we are doing for you without your explicit or implied consent.

Where your information is stored and keeping information it secure

We use a secure cloud computing service to assist us in processing and protecting your information and keeping it secure from the risks of fraud and cyber-crime. All IT providers we use are subject to strict confidentiality agreements and we will ensure that they meet data protection obligations in relation to the service they provide to us.

Your information is generally stored on servers and filing systems in the European Economic Area, which includes the UK. We will take appropriate technical and organisational measures to keep your information confidential and secure in accordance with our internal procedures covering the storage, access and disclosure of information.  Information may be kept on our information technology systems or in paper files.

From time to time, it may be stored in or accessed from countries outside the EEA. Where this may happen, we always make sure that there are appropriate safeguards in place, such as the model contract clauses, binding corporate rules or the EU-US Privacy Shield, to guarantee that your information – and your rights – are protected to the same high standard as under the law of England and Wales.

Why we collect and use Personal Data.

We intend to rely on the following lawful bases to collect and use your personal or sensitive personal data:

• Your consent
• Contractual obligations
• Legal obligations
• Legitimate interests

In deciding this we have taken the following into consideration:

• We understand our responsibility to protect your individual 
• We only use your Personal Data in ways you would reasonably expect (described above).
• We are not using Personal Data in ways you would find intrusive, or which could cause harm.
• We have considered safeguards to reduce the impact where possible.
• We have considered whether we can offer an opt out (see Your Rights below).

Marketing our services

Information about us and resources which may be of interest to you are available on our website and LinkedIn.

We would like to keep in touch with you after we have concluded your matter(s) and let you know periodically about any changes that may affect our business relationship or services we have provided, including information that we think may be of specific interest to you or to tell you about events or developments in the firm.

We will only do this where we feel it would be of benefit to you, or where we need to update you in relation to our Terms of Business or information about our firm.

We may rely on legitimate interest to contact you in this way as you have engaged us to provide services and/or we have an ongoing business relationship with you. We also provide the option for you to inform us if you do not want future contact from us in relation to promotional material, news, articles etc. (and you may also inform us of this at any time), however please be aware this may prevent us from advising you of any changes that may be relevant to our engagement, or ongoing business relationship to you.

We may use third party software and services to assist us in relation to the processing of our marketing communications, but we will ensure we have confidentiality agreements in place and will never disclose your information to third parties for them to use for their own marketing purposes.

If you prefer not to receive promotional material from us, please email us at the address below (Contact Information).

We reserve the right to use any feedback given to advance our business needs and to help deliver services including and not limited to marketing, promotional materials and website content and formulation.

Keeping your Personal Data secure

We have appropriate security measures in place to prevent Personal Data from being accidentally lost, used or accessed in an unauthorised way. We limit access to your Personal Data to those who have a genuine business reason to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Please note that the internet and Information Systems are not completely secure and although we will do our best to protect your Personal Data the transmission of your data to us is done so at your own risk.

If you want to protect your information, computers and devices against fraud, identity theft, viruses and other online issues, please visit www.getsafeonline.org for further details.

How long your Personal Data will be kept.

• We will hold your personal data including your name, address and contact details plus your file of papers/electronic records for a period of time, depending on the nature of your matter. This is generally for a period of seven years after the conclusion of your matter, but for some matters this may be longer. Documentation and information obtained to verify your identity and address, or other due diligence will also be retained in line with our file storage timescales. We may also hold original documents per your instructions, or until such documents are required by you, or persons properly authorised to retrieve them on your behalf. If this is applicable, we will confirm this to you at the end of your matter. After this period of time, your file (including any documentation relating to identification and due diligence checks) will be destroyed confidentially, without reference to you, unless we contact you to confirm other arrangements, or you contact us to request your file of papers at an earlier date. Further details about our file storage and destruction arrangements are provided in the Terms of Business and any file closure letter.

About your rights

Under the data protection rules, you have several rights in respect of your information, which include the right to:

• Access your information, which is referred to as a “data subject access request”. This allows you to receive a copy of the Personal Data we hold about you and check we are processing it lawfully.
• Withdraw your consent to the processing of your information at any time.
• Ask us to make changes to the information we hold about you to make sure that it is accurate and up to date.
• Request we remove your Personal Data (sometimes called the right to be forgotten). This enables you to remove or erase your Personal Data where there is no good reason for us to continue to process it. Please note we may be unable to erase personal data where we have an ongoing legal obligation to process it (see “How we use Personal Data” above). Where we do erase your Personal Data, we will retain a record of your name, the date of your request and the date the data was erased.
• Stop or restrict our processing of your Personal Dada. This enables you to request a suspension in processing your Personal Data.
• Object to processing your Personal Data (where we rely on legitimate interest or those of a third party) and there is a particular reason regarding your situation for you to object. Where we process your Personal Data for direct marketing, you also have a right to object.
• Not be subject to automated decision-making; and
• Request the transfer of your Personal Data to another party.

If you would like to exercise any of your rights, please contact Karen Eckstein, whose details are below under “Contacting us”. You have the right to request a copy of the information we hold about you by sending your request in writing to us at the above address.

If you are requesting access to your Personal Data, please also let us have sufficient information to identify you (including proof of your identity and address – e.g., a copy of your passport, driving licence and a recent utility bill or bank or credit card statement). You should also let us know the information to which your request relates, including any matter or reference numbers if you have them. This request is free of charge unless the request is manifestly unfounded or excessive.

Please note in some cases we may not be able to delete, correct, restrict or grant an objection to processing your Personal Data if we have a legal obligation, legitimate interest or contractual reason to process it. If we process it for our legitimate interests, we will check that the processing is necessary and there is no less intrusive way to achieve the same result.  We will also conduct a balancing test to decide whether your interests do not override our legitimate interests.

If we refuse a request, we will advise you, together advising you of your right of appeal.

Please note that an archive copy of any information provided to us may be retained by us for our records and for audit purposes.

Making a complaint

We hope that we can resolve any query or concern you raise about our use of your information.

Data protection law also gives you the right to lodge a complaint with the Information Commissioner, who is the supervisory authority for data protection in the UK. They may be contacted at www.ico.org.uk or telephone 0303 123 1113.

Changes to this Data Protection Privacy Notice

We may change this notice from time to time. When we do, we will inform you via our website or by direct communication with you (if there is a substantial change).

Contacting us

Please contact Karen Eckstein, Karen Eckstein Ltd, 1 Chapel Lane, Esholt, BD17 7RD. Telephone 07973 627 039. Email: [email protected] if you have any questions about this notice or the information we hold about you.

If you would like this notice in a different format, please let us know.

Dated: February 2025