Privacy Policy

Home > Privacy Policy

BTO Solicitors LLP (“BTO”) is a Scottish law firm providing legal advice and services to individual and corporate clients. This privacy notice explains how we process personal data in delivering our services.

Much of the personal data we process is subject to client confidentiality, which may exempt us from providing fair processing information to some data subjects. This privacy notice applies in cases where confidentiality obligations do not restrict our processing.

We also outline the rights individuals have concerning personal data that BTO holds.

This policy was updated on the 4 November 2024.

Who we are

BTO acts as a data controller when determining how and why we collect and process your data. You can contact us using the details below:

Data Protection Manager
One Edinburgh Quay, 133 Fountainbridge, Edinburgh EH3 9QG
gdpr@bto.co.uk
+44 (0)131 222 2939

BTO’s Data Protection Officer is RGDP LLP:
Data Protection Officer
RGDP, One Edinburgh Quay, 133 Fountainbridge, Edinburgh EH3 9QG
info@rgdp.co.uk
+44 (0)131 222 3239

This Privacy Notice may be amended, and we will notify you of any significant changes.

What personal data do we process?

As a full-service law firm, BTO collects, stores, uses, and transfers information, including personal and special category data, necessary for our services. For your convenience, we divide this information by department.

When we provide legal services

Anti-Money Laundering Obligations

We collect identification documents (e.g., passport, driving licence, and address verification) to comply with anti-money laundering regulations. We use Amiqus, a third-party provider, to conduct identity checks. These records are securely stored and retained for five years post-verification or at the end of the transaction before being securely disposed of.

Provision of Legal Services

We collect your contact details and any additional information required to provide legal services. This may include financial data or special category data specific to your legal matter.

Credit Card Payments

Occasionally, we accept payments by credit or debit card, either online or by phone. Our processes comply with the Payment Card Industry Data Security Standard (PCI DSS), and we do not store card details. Bank details may be stored if required for your matter.

Call and Video Recordings

We may record calls conducted via Microsoft Teams, which may include video recording, for quality assurance, training, or documentation purposes. Such recordings will be securely stored and accessed only by authorised personnel.

Basis for Processing Data

Our processing bases include:

Contractual necessity: To provide legal services under our contract with you.
Legal obligation: To meet regulatory requirements, such as anti-money laundering checks.
Legitimate interests: To process data necessary to deliver services, such as financial details, even where the data subject is not a client.

For special category data (e.g., health, ethnicity, religious beliefs), we process it as necessary to establish, exercise, or defend legal claims. Criminal conviction or offence data is processed similarly for legal purposes.

We retain personal data for at least twenty years post-case completion per the Law Society of Scotland’s guidelines and BTO’s data retention policy.

If you apply for a position with BTO

A separate Recruitment Privacy Notice is available on request.

When you work with BTO

A specific Privacy Notice for employees is available on request.

If you are one one of our suppliers

We collect and process contact details of third parties or their employees to provide services, relying on our legitimate interest in managing business relationships. Typically, this data includes corporate contact information.

If you visit our premises

We may collect CCTV images at certain premises for staff and client security and to aid in crime prevention and detection. Notices are placed in areas where CCTV operates.

When you visit our website

We may place cookies on your device to enhance your website experience. For more details, please refer to our Cookie Policy.

Links to Other Websites

Our website may contain links to other sites. This notice only applies to our site, so please review the privacy notices on any linked websites.

Social Media

Interactions with BTO on social platforms (e.g., LinkedIn, Twitter) may allow us to obtain certain information depending on your platform privacy settings.

Keeping in touch

If you become a client, show interest in our services, or attend an event, we may use your email to send updates, legal news, and event information. You can opt out at any time by emailing marketing@bto.co.uk or unsubscribing via the link in our emails.

Even if you opt out, we may still contact you for service-related purposes.

Collecting your data

We collect data directly from you and from third parties involved in your legal matter, such as Settify Pty Ltd, referring organisations, healthcare providers, employers, HMRC, insurers, or your appointed representatives.

If you enter into a legal services contract with us, failure to provide data may prevent us from fulfilling our obligations.

Sharing your data

Third Parties

BTO uses third-party providers for IT support, case and document management, cloud services, payment processing, identity verification, email marketing (such as MailChimp), and document storage. Contractual arrangements ensure these third parties do not misuse data, maintain confidentiality, and implement security measures.

We also share data with other parties as necessary to provide services, including solicitors, medical professionals, employers, expert witnesses, insurers, advocates, translators, and agents.

Other Situations

In a sale or restructuring of BTO’s business or where required by law, we may transfer data to a third party. We will take steps to protect your privacy rights in such transfers.

Data security

BTO uses appropriate security standards to protect personal data from unauthorised loss, use, or access. Access to data is limited to trained, authorised personnel bound by confidentiality obligations.

For international data transfers, we ensure adequate safeguards, such as adequacy agreements or appropriate contractual clauses.

Your rights

Under data protection law, you have several rights regarding your personal data, which are briefly outlined below. A full explanation is available in BTO’s Data Protection Policy:

Access: Obtain a copy of your personal data.
Rectification: Request corrections to inaccurate or incomplete data.
Erasure/Restriction: Request data deletion or restriction in certain situations.
Objection: Object to data processing where we rely on legitimate interests as the legal basis.

To exercise these rights or for concerns about your data, please contact: