Privacy Policy

Privacy 

KL Heritage LLP, formerly knows as Kemp Little LLP, (“we“, “us“, “our“) is committed to protecting and respecting your privacy. This privacy policy (“Privacy Policy”) sets out how we process personal data about you if you are an individual client (“Individual Client”) or a representative of a client (including a prospective client) (“Client Representative”) to whom we have provided legal services (“Services”). Our website at [www.klheritage.com] (“Site“) does not collect any information about you as a user.  In this Privacy Policy, references to “you” or “your” may mean an Individual Client, Client Representative (and depends on the context). 

Please read this Privacy Policy carefully to understand our practices regarding the personal data that we collect about you, how and why we use it and your rights in relation to it. 

For the purposes of data protection law in the UK, KL Heritage LLP is the controller of your personal data. 

Use of your personal data 

We use personal data about you for various purposes, as described below, which are connected with our previous provision of Services. In order to use your personal data we must have a legal basis for doing so. The legal bases that we rely upon are explained further in the “find out more” section below. We will only use your personal data where it is necessary: 

• to fulfil our contract for Services with you (or the client whom you represent); 
• to comply with a legal obligation to which we are subject; or 
• for our legitimate business interests that are not overridden by your interests, rights and freedoms. 

Where none of the above applies, we will request your consent (which we will ask for before we process your personal data). 

find out more… 

We set out further information about the purposes for which we use personal data about you and legal basis that we rely upon for its use. In some instances, we may intend to use your personal data in ways that are not described below. However, we will inform you before doing so and if necessary seek your consent.

Individual Clients and Client Representatives 

Purpose 

To satisfy our legal and regulatory obligations 

• to comply with our legal and regulatory obligations,  
• to submit documentation or responses as required by law.  

Legal basis for processing 

We use your Client Contact Information, Client Financial Information and Client Onboarding Information (as described above) for this purpose. 

We process your personal data to satisfy legal and regulatory obligations to which we are subject. 

Purpose 

For our business management and administrative purposes 

• to administer and manage our business in an efficient and proper way, including accounting, billing, client management. 
• to manage how we work with third parties which provide services to us. 
• to ensure our business policies and procedures are satisfied and enforce them if they are not. 
• to protect our business and establish, defend or exercise our legal rights. 
• to manage or administer our relationship with you or the client whom we represented up until 29 January 2021. 
• to respond to any correspondence, enquiries or feedback that you send to us. 

Legal basis for processing 

We use your Client Contact Information, Client Onboarding Information, Client Financial Information and Client Matter Related Information (as described above) for these purposes. 

We process your personal data on the basis of our legitimate business interests to manage, administer, protect our business. 

Purpose 

To share information with trusted third parties  

• see the section Sharing of your personal data for more information 

Legal basis for processing 

We use your Client Contact Information, Client Financial Information, , Client Matter Related Information, and Client Onboarding Information (as described above) for this purpose. 

It is in our legitimate business interest to share your personal data with  our service providers which act on our behalf. 

Site Users

Purpose 

To communicate with you 

to respond to any enquiries that you send to us 

Legal basis for processing 

It is in our legitimate business interest to process your personal data to consider and respond to communications that you send to us. 

Sharing of your personal data

We may disclose your personal data to third parties as described below: 

• where we are under a legal, regulatory or professional obligation to disclose your personal data to the Solicitors Regulation Authority or other regulatory authorities, courts, tribunals, government agencies or law enforcement agencies; 
• as necessary in order to uphold the terms of our engagement with our client or to exercise, defend or protect our legal rights; 
• our banks, professional advisers, debt collectors, insurers and brokers, credit reference agencies and auditors to manage and administer our business; 
• third party service providers which provide us with services, including IT providers, , , debt collection agencies, credit checking companies. 

If you would like to receive a full list of our service providers and other third parties with whom we share your personal data, please get in touch with us using the details provided below. 

Transfers of your personal data 

Your personal data may be transferred to and stored at a destination outside the UK or European Union (“EU“) depending on the nature of the Services we have provided to you prior to and including 29 January 2021. It may also be processed outside the UK or EU by one of our service providers. Where this occurs, we will ensure that your personal data is protected by implementing appropriate safeguards, such as a European Commission adequacy decision, or the EU Commission approved Standard Contractual Clauses or the equivalent transfer mechanism as may be deemed adequate by the UK. If you would like more information about any of the transfer safeguards we implement please contact us using the details as set out below in this Privacy Policy.

How we protect your personal data

We implement appropriate technical and organisational measures to protect personal data that we hold from unauthorised disclosure, use, alteration or destruction. Where appropriate, we use encryption and other technologies that assist in securing personal data. We also contractually require our service providers to comply with strict data privacy requirements. 

How long we keep your personal data for 

The period for which we may retain your personal data will depend on the type of personal data collected, the purposes for which it was collected, applicable limitation periods for the exercise of legal rights and whether any legal or regulatory obligations require the retention of the personal data. 

Your rights 

You may have some or all of the following rights in respect of the personal data about you that we process. We explain your rights in more detail in the “find out more” section below. You may: 

• request us to give you access to it; 
• request us to rectify or update it; 
• request us to restrict our using it, in certain circumstances; 
• request us to erase it, in certain circumstances; 
• object to our using it, in certain circumstances; 
• withdraw your consent to our using it; 
• data portability, in certain circumstances; 
• opt out from our using it for direct marketing; and 
• lodge a complaint with the relevant supervisory authority. 

You are able to exercise these rights by contacting us at suzi.andrews@bm-advisory.com . 

find out more… 

You may have some or all of the rights set out in the table below: 

Right in respect of the personal data about you that we hold 

• to request us to give you access to it 

Further detail (certain legal limits to all these rights apply) 

This is confirmation of: 

• whether or not we process personal data about you; 
• our name and contact details; 
• the purpose of the processing; 
• the categories of data concerned; 
• the categories of persons with whom we share your personal data and, where any person is outside the EU, the appropriate safeguards for protecting your personal data; 
• (if we have it) the source of your personal data, if we did not collect it from you; 
• (to the extent we do any, which will have been brought to your attention) the existence of automated decision-making, including profiling, that produces legal effects concerning you, or significantly affects you in a similar way, and information about the logic involved, as well as the significance and the envisaged consequences of such processing for you; and 
• the criteria for determining the period for which we will store your personal data. 
• On request, we will provide you with a copy of your personal data we hold about you. 

Right in respect of the personal data about you that we hold 

• to request us to rectify or update it 

Further detail (certain legal limits to all these rights apply) 

This applies if your personal data we hold is inaccurate or incomplete. 

Right in respect of the personal data about you that we hold 

• to request us to restrict our using it 

Further detail (certain legal limits to all these rights apply) 

This right applies, temporarily while we look into your request, if you: 

• contest the accuracy of your personal data we use; or 
• have objected to our using your personal data on the basis of legitimate interest, 

and if you make use of your right in these cases, we will tell you before we use your personal data again. 

This right applies also if: 

• our use is unlawful and you oppose the erasure of your personal data; or 

we no longer need your personal data, but you require it to establish a legal case. 

Right in respect of the personal data about you that we hold 

• to request us to erase it 

Further detail (certain legal limits to all these rights apply) 

This applies if: 

• your personal data we hold is no longer necessary in relation to the purposes for which we use it; 
• we use your personal data on the basis of your consent and you withdraw your consent (in this case, we will remember not to contact you again, unless you tell us you want us to delete all personal data about you in which case we will respect your wishes); 
• we use your personal data on the basis of legitimate interest and we find that, following your objection, we do not have an overriding interest in continuing to use it; 
• your personal data was unlawfully obtained or used; or 
• to comply with a legal obligation. 

Right in respect of the personal data about you that we hold 

• to object to our using it 

Further detail (certain legal limits to all these rights apply) 

You have two rights here: 

• if we use personal data about you for direct marketing: you can “opt out” (without the need to justify it) and we will comply with your request; and 

if we use personal data about you on the basis of legitimate interest for purposes other than direct marketing, you can object to our using it for those purposes, giving an explanation of your particular situation, and we will consider your objection. 

Right in respect of the personal data about you that we hold 

• to withdraw your consent to our using it 

Further detail (certain legal limits to all these rights apply) 

This right applies to any personal data which we have collected and process based on your consent. 

You have the right at any time to withdraw the consent you have provided to us. 

Right in respect of the personal data about you that we hold 

• to data portability 

Further detail (certain legal limits to all these rights apply) 

This right applies: 

• to personal data that you have provided to us; and 
• if we use your personal data on the basis either of your consent, or on the basis of discharging our contractual obligations to you. 

If both apply, you have the right to receive your personal data from us in a commonly used format, and the right to require us to transmit your personal data to someone else if it is technically feasible. 

Right in respect of the personal data about you that we hold 

• to lodge a complaint with the relevant supervisory authority and seek a remedy from a national court 

Further detail (certain legal limits to all these rights apply) 

Each European Union country has a supervisory authority responsible for upholding data protection rights. In the UK, this is the Information Commissioner’s Office. 

You can find contact details of other supervisory authorities here: 

http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm 

You also have the right to take your complaint to a national court and obtain a remedy from a national court. 

Contact us 

If you have any questions, would like to exercise any of your rights in relation to your personal data or need further information about our privacy practices, please contact us at  suzi.andrews@bm-advisory.com  or write to us at KL Heritage LLP, Cheapside House, 138 Cheapside, London, EC2V 6BJ. 

Changes to this policy 

We may update this Privacy Policy (and any supplemental privacy policy), from time to time. We will notify you of the changes where we are required to do so by applicable law. 

This Privacy Policy was last modified on 15 October 2021. If you would like a copy of a previous version of this Privacy Policy, please contact us. 

Third party websites, plug-ins and applications 

Our Site does not  include links to third-party websites, plug-ins and applications.