Consumer Credit Breach
(The phrase ‘the issue of proceedings’ refers to the formal commencement of litigation against the defendant and involves the payment of a court fee and the issue of a claim form. Once this is done, your claim will be subject to a court process.)
We may request documents from third parties to help with your case. By electronically signing this letter of engagement, you agree and accept the terms of our engagement and you authorise us to send a letter of authority, substantially in the same form as the enclosed template (the ‘Letter of Authority’), to any such third parties of which we are currently aware or become aware of during the course of the case, and to make a data subject access request to them on your behalf. You further agree that your electronic signature may be used by us on all Letters of Authority without further permission.
If you have any questions or comments about this letter, or about our services or during the period for which we act for you, then please let us know.
We would be grateful if you would confirm your agreement to the terms of this agreement by giving your electronic consent to it.
We are delighted to have the opportunity to work for you.
Sandstone Legal LimitedFraser HouseWhite Cross Industrial Estate South RoadLancaster, LA1 4XQ 0161 470 1511
In clause 15.12 an “Insolvency Event” means:
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR).
Data is collected, processed, and stored by Sandstone Legal Limited, trading as “Sandstone Legal”. Sandstone Legal Limited is a limited company, incorporated in England and Wales, authorised and regulated by the Solicitors Regulation Authority under number 808140.
We are what is known as the “Data Controller” of the personal information you provide to us. We handle and store your personal information in accordance with the law, including the UK GDPR and the Data Protection Act 2018.
Sandstone Legal is registered with the UK Information Commissioner’s Office (ICO) under registration number ZA518143.
We will only collect information from you that is relevant to the matter we are dealing with, which shall depend on what you have asked us to do or what we are contracted to do for you.
There are two types of personal data (personal information) that you may provide to us, which include:
Personal data is generally restricted to basic personal data and any information needed to complete identity checks. Where we process special category personal data, we will ensure we are permitted to do so under data protection laws, e.g.:
While acting for you we may receive information about you from various sources including the following:
Please be assured that this information will be treated confidentially at all times and will only be used where necessary.
Under data protection law, we can only use your personal data if we have a proper reason, e.g.:
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
The primary reason for asking you or others to provide us with your personal information is to provide legal services to you so we may perform our contract.
The following are some other examples of what we may use your information for:
We may use your information for the following purposes:
We may use your personal information for legitimate interests such as direct marketing or under reasonable expectation to provide you with information you would expect to receive or that would benefit and enhance our relationship. This information will help us review and improve our products, services and offers. You have the right to object to this processing and should you wish to exercise that right (see ‘How to contact us’ below).
Sandstone Legal have robust data protection procedures in place to oversee the effective and secure processing of your personal data. We will not sell or rent your information to third parties, nor will we share your information with third parties for marketing purposes outside of Sandstone Legal.
Usually, we will only use your information within Sandstone Legal. However, there may be circumstances, in carrying out your legal work, where we ned to disclose some information to third parties, for example:
Your personal information will be retained only for as long as necessary to fulfil the purposes for which the information was collected, or as required by law, or as long as is set out in any relevant contract you may hold with us. For example:
In some cases, we may retain your information for a longer period. Where this applies, we will advise you of this at the time, for example:
As a general rule, if we are no longer providing services to you, we will delete or anonymise your account data after seven years. However, as above, different retention periods apply for different types of personal data and for different services.
Following the end of the relevant retention period, we will delete or anonymise your personal data. More information is set out in our data retention policy, which is available on request.
We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your personal data and other information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
The countries outside of the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.
It is sometimes necessary for us to transfer your personal data to countries outside of the UK. In those cases, we will comply with the applicable UK laws designed to ensure the privacy of your personal data.
We may use outsourcing companies located outside of the UK for administrative services and may have outsourcing agreements with companies based in South Africa and India.
Under data protection laws, we can only transfer your personal data to a country outside of the UK where:
Where we transfer your personal data outside the UK, we do so on the basis of an adequacy regulation or (where this is not available) by ensuring the use of legally-approved standard data protection clauses recognised or issued further to Article 46(2) of the UK GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law and reflected in an update to this policy.
If you would like further information about data transferred outside of the UK, or a copy of the standard data protection clauses we use please contact us (see ‘How to contact us’ below).
You have the following rights under the UK GDPR:
For more information on each of those rights, including the circumstances in which they apply, please contact us (see ‘How to contact us’ below) or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
If any of the information that you have provided to us changes, for example if you change your name or e-mail address, please let us know (see below ‘How to contact us’).
We will use your personal data to send you updates (by email, text message, telephone, or post) about
our services, including exclusive offers, promotions, or new services.
The following are examples, although not exhaustive, of how we might collect your personal information:
We handle enquiries at different stages and therefore group those enquiries in three distinct ways. We shall take the following steps in each instance:
We appreciate that you may decide that you do not wish to receive marketing communications and we shall respect that choice. We have a legal obligation pursuant to the Data Protection Act 2018 and the UK GDPR to stop sending marketing communications if you object. If you do not want us to use your personal data in this way, please let us know (see below ‘How to contact us’).
Legitimate interest will be the legal basis for using your personal data for marketing purposes, as described within the ‘Retainer Clients’ section immediately above.
We use publicly available social media platforms to promote our services, to provide updates and to share any news and promotional updates. We may collect personal information from these social media platforms, for example, if you post a message on our Facebook page. By providing any of your information to us through these platforms you should be aware that:
We do not have any control over the advertisements you see on other third-party websites, however you can request to opt out or customise these advertisements by using the Google Ads Preference Manager.
We may from time to time, record calls that you make to us or we make to you or any other third party. This is for training, monitoring and quality purposes. Some calls may be observed by staff for training and development purposes.
If you are unhappy about how we are using your information or how we have responded to your request, then you should contact us in the first instance (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.
You also have the right to lodge a complaint with the Information Commissioner’s office. The UK’s Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.
If you have any queries about this policy please contact us in writing, by post or email at the following addresses:
Sandstone LegalFirst Floor Fraser House South Road Lancaster LA1 4XQ
Telephone: 0161 470 1511
The date of this agreement is the date upon which you click to accept its terms.
This is an agreement made between:
If, before your Claim is finally dealt with, there is a court decision or agreement that requires a Defendant to pay all or part of your costs and/ or Disbursements, then you shall be liable in those circumstances for your Proportionate Share (as defined in the Management provisions relating to collective action) of:
but you shall be liable for i) and ii) immediately above if and only to the extent that such costs and/or Disbursements are recovered from another party to your Claim in that respect.
If your Claims end without a Win, then (subject to clause 10 above) you will not be required to pay the Firm anything apart from the Disbursements, and the Firm will in that event indemnify you for the costs of Disbursements on your behalf.
It is expressly anticipated that the Firm and you will enter a replacement Damages-Based Agreement or agreements (a ‘Replacement DBA’) in the event that:
Subject to the court’s jurisdiction to award costs against the Firm under the wasted costs jurisdiction or otherwise under Section 51 of the Senior Courts Costs Act 1981, you agree to use your best endeavours not to do any act so as to cause Sandstone to become liable for the costs of any opponent in the Claim.
If any of the provisions of this Agreement are found by a court or other competent authority to be void or unenforceable, such provision shall be deemed to be deleted from this Agreement and the remaining provisions of this Agreement shall continue in full force and effect. Notwithstanding the foregoing, the parties shall thereupon negotiate in good faith in order to agree the terms of a mutually satisfactory provision to be substituted for the provision so found to be void or unenforceable.
This Agreement is governed by and is to be construed in accordance with the law of England and Wales.
Leave this empty:
Your legal name
Your email address
If you have questions about the contents of this document, you can email the document owner.
Document Name: Consumer Credit Breach
Agree & Sign