CM Costing Ltd is registered in England and Wales with company number 9446158. Our registered office is at 132 High Road, Carlton in Lindrick, Nottinghamshire, S81 9DT. The Company’s Managing Director, Christine Middleton, is regulated by the Costs Lawyers Standards Board.
We are committed to maintaining high standards of confidentiality in relation to the information provided to us in the course of our business.
This privacy notice is designed to provide information about our practices concerning the collection, use and disclosure of personal information in the course of providing legal, advisory and/or consultancy services.
Personal information is any data from which an individual can be identified.
This privacy notice may change from time to time so we recommend that you review it periodically. This
version of the privacy notice was last updated on 25/05/18.
Who this privacy notice applies to
This privacy notice applies to all persons whose personal information we collect and process. This includes individuals in the categories below or who work for any of the following:
⦁ our clients
⦁ other lawyers and law firms, including barristers
⦁ people who are involved in court or other legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations, investigations and regulatory actions) or the provision of related or other legal, advisory and/or consultancy services, or people who are involved in insurance claims we are handling for clients. This may include claimants, defendants, witnesses, experts and service providers related to such court or other legal proceedings, services or claims, such as investigators, mediators, costs lawyers and costs draftsmen.
⦁ people who are involved in contracts and transactions we are working on, such as other businesses or individuals our clients are contracting with
⦁ our regulators, insurers, auditors, professional advisers and certification/accreditation bodies
Information we may collect and process
In the course of our business, we will need to collect and process various types of personal information for various purposes. Given the nature of our business and the services we provide, it is impractical to list all the categories of personal information that may be collected and processed. We will however only process and collect personal information where necessary for the provision of our services and where we have a legal basis to do so. We most commonly collect and process:
⦁ contact information for individuals (such as full name, date of birth, address, email address and telephone number). We may collect additional information to enable the identity of individuals to be verified
⦁ information regarding an individual’s legal requirements and personal or professional situation;
⦁ information about individuals employed by or associated with our clients, advisers or the organisations involved in a matter on which we are instructed
⦁ Health information as necessary for the provision of our services where the services we provide involve or relate to medical matters
How we use and disclose personal information
Where we receive personal data in connection with the provision of legal, advisory and/or consultancy services, we process that data for the purposes of the provision of those services only. This includes:
(a) Providing legal and related services, such as:
⦁ managing court or other legal proceedings (including legal claims, arbitrations, mediations, investigations and regulatory actions)
⦁ providing legal advice
⦁ providing consultancy services
⦁ providing claims handling services
When we hold and use personal information in the course of providing legal, advisory and/or consultancy services to a client, that client is also entitled to access that personal information. They may in turn use that information in accordance with their own privacy notice or equivalent.
(b) Complying with our legal obligations or making disclosures to government, regulatory or other public bodies where in our reasonable opinion the disclosure is appropriate and permitted or required by law. This includes:
⦁ disclosures required by law or court order
⦁ disclosures to our regulators, ombudsman or other government, public or regulatory authority, including any data protection supervisory authority or regulator of legal services, where, in our reasonable opinion, the disclosure is required or permitted by law.
(c) Providing access to our files for audit, review or other quality assurance checks, by our clients, regulators, auditors, professional advisers and certification/accreditation bodies.
(d) Processing required in connection with the day to day operation of our business such as billing and payments, complaints handling and internal record keeping. For this we may use third party service providers such as IT service providers.
Where we share personal information with third parties, we will only do so where in our reasonable opinion that information will be adequately protected. Any other service providers with whom we share information are approved by us and subject to contractual obligations designed to ensure that those providers comply with data protection legislation.
How we protect personal information
We are strongly committed to data security and we take reasonable appropriate steps to protect the personal information we hold from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic and managerial procedures to safeguard and secure that information.
The legal basis on which we process personal information
Data protection law requires us to have a legal basis for processing your information. In most cases we will only process your personal information:
⦁ so we can carry out our contract with you, or take any steps you ask us to before entering into a contract with you
⦁ as necessary to comply with any legal obligations we have
⦁ where necessary for our legitimate purposes in providing legal, advisory and/or consultancy services and/or for the legitimate purposes of our clients in receiving those services.
When processing personal data we comply with the data protection principles and our own data protection policy. By doing so, and given that we are bound by professional obligations of confidentiality when providing legal services, we consider that the interests and fundamental freedoms of people whose personal data we process do not override the pursuit of our legitimate interests and/or those of our clients.
Rights of data subjects
If we process your personal data, you have a number of rights. You may request a copy of the personal data we hold about you (and request that data be provided in a portable format) and you may object to our processing of it or ask us to rectify it, restrict the way in which we process it or erase it from our records.