Legal Quest PLC are devoted to the continued protection of your privacy.

Privacy Statement – Please Read Carefully

1. Introduction

This statement (along with our General Terms and Conditions) outlines the basis of which any Personal Data we collect from and about you, or that you provide to us, will be processed by us. Please ensure you read this carefully to understand our practices regarding your personal data and how we use and protect it.


2. Your Personal Data

Information you provide:

This is about information and data about you that you give us voluntarily by corresponding with us by phone, email, text or through our website and/or by signing up for our services. This information you provide to us may include, but is not limited to: your name, your date of birth, mortgage address, correspondence address, email address and phone number.

If you are applying for a position with us, this information may also include details of your career and/or qualifications as outlined in your CV or completed application form.

Information we collect about you:

As our services include the submission of a Data Subject Access Request to your Bank/Building Society, we also obtain personal data about you from this third-party company. This data could include, but is not limited to: Mortgage Offer, Financial Information, Mortgage Statements and Account History.

We may also use aggregate information and statistics for the purposes of monitoring website usage in order to help us develop our website and our services and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual.

You are not obliged to provide us with your personal information. However, if you do not, we might not be able to carry out the services you have requested of us.


3. Processing your Personal Data

We may process your personal data for the following purposes:

  • To provide you with updates in relation to the service you have instructed us to carry out.
  • To provide you with information in relation to our business, products, promotions, competitions and events (if your consent is given).
  • To improve our Services.
  • To carry out our obligations as a result of a contract between us and you.
  • To help us to continue to improve our websites.
  • To respond to your questions and comments.
  • For internal record keeping purposes.

Please note that, when you use our website, we automatically collect and store certain information about your computer or device and your activities, including, but not limited to:

  • Your IP Address (in the interest of security when accessing your online case management profile)
  • Details of your visits to our website, including, but not limited to: location data, traffic data, referral data.

We do note hold more information than is necessary. We do not collect or keep your personal information for any longer than is required, for the purposes for which it was collected or as required by law. You can learn more about the Retention Periods for your data by reading our Data Protection Notice.


4. Sharing your Personal Data

We may disclose your personal data to third parties (as outlined in our Data Protection Notice) for the following reasons:

  • For audit purposes
  • To ensure compliance with any legal obligations
  • To apply or enforce our General Terms and Conditions, as well as the Validation Terms and Conditions and Dispute Terms and Conditions where relevant.
  • To allow our Affiliates to provide support and guidance throughout the process of the services we provide.
  • To allow our appointed Legal Advisors to conduct any authorised activity for and on your behalf.

We would only share your personal data with a third-party if that party has agreed to comply with the terms of this Privacy Statement. Please note that by providing any personal data to us, you fully understand and clearly consent to such use, as set out by this Privacy Statement.


5. Ensuring the Security of your Personal Data

We are dedicated in taking our data security responsibilities seriously. By deploying the most appropriate physical and technical measure, we can ensure the continued security of your personal data. Procedures are always in place, including staff training and awareness to assure the continued safety and security of your Personal Data.

We also continually complete audits and reviews of our data security measures and procedures, to ensure we are compliant with data protection law. Although we will do our utmost to protect your personal data, we cannot guarantee the safety of your data transmitted to or from us by means of e-mail. Any such transmission is at your own risk. If you believe your sharing of data with us is no longer secure, we would advise that you notify us immediately.

Paper/Physical Documents:

All physical files are scanned and stored securely within our online system. Physical documents are kept securely within a secure area for the outlined period of Retention. All physical documents are then shredded by a Regulated Shredding Company. Shred-it UK is a NAID Member, adhering to the stringent security practices and procedures established by the National Association for Information Destruction.

Electronic Documents:

All electronic files that contain any personal data are stored securely and encrypted, using our online Case Management System. We adhere to the highest level of security practices, to ensure the continued safety and security of your Personal Data.


6. Retaining your Personal Data

We retain your personal data for the time period required to fulfil the obligations to you. You can learn more about the Retention Time periods for types of personal data by reading our Data Protection Notice.


7. Storing your Personal Data

We may store your Personal Data in various places. Physical Files are stored only in our office, in locked drawers for added security. Electronic files are stored on our secure servers, as-well as third party servers, which provide the highest level of encryption and security. Whenever we transfer your data, we ensure appropriate safeguards are in place, in order to ensure the continued safety and protection of your Personal Data.


8. Marketing

Under the new General Data Protection Regulation GDPR (2018), we must gain your written consent in order to continue to provide you with marketing material, through such methods of communication as: email, telephone and post. You also have the right to opt out at any time, even after you have given your consent.


9. Links to external Websites

Our website contains links to other websites, in order to provide information of interest. Where this occurs, you should be aware that we have no control over these websites. Therefore, we cannot be held responsible for the protection of your Personal Data you may provide whilst using such websites.


10. Your Rights

Please be aware that you have the right to the following:

  • Right to be informed about whether we process your personal data
  • Right of access to your personal data
  • Right to rectification by us of your personal data where inaccurate or incomplete
  • Right to erasure of your personal data (including withdrawal of consent)
  • Right to restrict processing of your personal data
  • Right to data portability – obtain and reuse your personal data for own purposes across different services
  • Right to object to direct marketing

Where data is process solely on the basis of your consent, you are entitled to withdraw that consent at any time.
You may exercise your rights, at any time by emailing us at info@legalquest.co.uk

We are obligated to respond within one calendar month. If we are unable to respond to your request or provide an adequate response within the time period, we may extend this period by a further two calendar months. Should this be the case, we will always explain the reason why.

You also have the right submit a complaint with the Data Protection Commissioner (DPC) at any time.


11. Changes to our Privacy Statement

We may update this Privacy Statement from time to time, to ensure our continued compliance with the General Data Protection Regulation GDPR (2018).