Privacy & cookies


Berrymans Lace Mawer LLP (also known as ‘BLM’) is a Data Controller who processes personal data and special categories of data, which we will refer to as personal information.

At BLM we understand the importance of data protection. We know that excellent data protection practice is necessary to meet our legal obligations and essential to meet our obligations to the individuals whose personal information we protect and handle and the clients we serve. 

We have built strong data protection controls supported by robust information security standards to ensure that we use personal information lawfully and responsibly and that we afford it the necessary safeguards at all times whilst it’s in our possession. Our control environment enables us to provide the highest assurances around protection and handling to our Senior Management Boards, our clients and our regulators when processing personal information as part of the services we provide.

BLM always respects privacy of the individuals whose personal information we handle by using it for specified and lawful purposes as provided for under the General Data Protection Regulation (GDPR), UK, Irish and other applicable laws.

 Key Terms

  • We, us, our - Berrymans Lace Mawer LLP also known as BLM
  • Personal information - any information relating to an identified or identifiable living individual
  • Special categories - personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, data concerning health, sex life or sexual orientation
  • Processing - any action or operation including collecting, storing, using, sharing or destroying of personal information
  • Data Controller - the person or organisation who determines the purpose and means of processing personal information
  • Data Processor - the person or organisation who processes personal information on behalf of a Data Controller
  • Data Subject - the person to whom the personal information relates

What we use personal infomation for

Provide Legal Services

BLM is an insurance risk and commercial law firm with establishments in the UK and Ireland. We work with large number of clients, across a wide range of sectors. The legal services we provide help our clients to reduce the time and money spent on managing risk and resolving disputes, whilst offering a practical, commercial and solutions driven approach to non-contentious business law.

The legal services we provide require that we process a variety of personal information for:

  • Handling legal claims.  This includes referring to our network of legal, medical, accounting and other experts, constructing witness statements, registering with the CRU and gathering intelligence from a range of sources, particularly to assess fraudulent claims
  • Reviewing settled claims and monitoring trends of claims we handle
  • Carrying out AML (anti-money laundering) checks to detect and prevent crime and producing invoices when services are rendered.
  • Providing legal advice

The types and volumes of personal information and the manner in which we process it varies between the different sectors in which we operate. More information on the sectors we operate in can be seen on the SECTORS page of our website. 

Our approach is to handle the minimum personal information necessary in a responsible and proportionate manner in order to preserve the rights and freedoms of data subjects and achieve the best outcome for our clients.

The primary legal basis we will use to provide our legal services is legitimate interests of ourselves or our clients.

If any special category or criminal personal information is handled then we will look to use for the exercise, establishment or defence of a legal claims and/or a substantial public interest as further defined by the Data Protection Acts in the UK and Ireland.

Promote the firm

We may process personal information to carry out a range of marketing and promotional activities about the services we offer to current, former and prospective clients and their customers. Such activities include providing legal updates, communicating services via mobile device applications and sending invitations to events we are holding or involved in. Our primary channels of communication are email, text, and post.  We may track and analyse the use and interest in any of our marketing and legal services in order to refine and focus our marketing activities.

We will ensure any personal information we hold for marketing purposes is stored securely and is not shared with any other person without the individual’s awareness and permission.  For example, if attending events we may need to share some personal information with carefully selected third parties in order to manage attendance.  In which case we shall ensure that individuals are informed in advance and that those third parties keep the information secure and use it for these purposes only.

For our mobile device applications, we partner with third parties who provide IT services and infrastructure for those applications and may also process personal information collected through use of them.  For further information on these please contact our Data Protection Officer.

We will only hold personal information to promote the firm for as long the individual wishes to receive marketing from us. We offer individuals the opportunity to unsubscribe from marketing at any point and will remove their details from our marketing lists where they wish for us to do so.

If you are currently receiving direct marketing from BLM and no longer wish to do so you can let us know by contacting:

Business Development & Marketing Team
Two New Bailey Square
6 Stanley Street
M3 5GS


You can learn more about what marketing activities we carry out on the INSIGHTS page of our website. 

The legal basis we use to market to will be on legitimate interest grounds of ourselves or a third party unless we are directly marketing to you via e-communications such as email, text and so on, in which case, we will use your consent.

Support our colleagues

We also process personal information in order to fulfil our obligations as a responsible employer.  We will process candidate information to recruit new colleagues by assessing their applications, shortlisting and interviewing them, performing and validating background checks and drawing up contracts.

We will process employees’ and Partners’ personal information to help produce sickness and absence reports, support them during disciplinary and grievance processes, provide them with a benefits package, pay their salaries, train them and answer any queries they may have about their career.  We also process personal information about our employees and Partners to help us support, develop and manage them.

Personal information is also key to keeping our employees and Partners safe and protects their wellbeing. To achieve this we protect and handle personal information undertake risk assessments of our buildings and display screens and desks, process eye care vouchers and insurance claims, identify and train fire wardens and first aiders, make adjustments to support disabilities and equalities, and review, as appropriate, CCTV footage to detect and prevent crime.

The legal basis we use to support candidates and our colleagues will be on legitimate interest grounds of ourselves or a third party we are partnered with or that is supporting us to assist potential, existing and former employees and Partners..

If we need to process any special category personal information we will use employment law or occupational health to support the wellbeing of our colleagues.

Maintain and improve our business

We handle personal information to raise invoices for services we provide, process payments for services we procure and produce our accounts.

We will also consistently look to improve our firm through the performance of our processes and technology by researching our competitors and understanding the sectors we work in, managing our networks and carefully assessing and managing changes to our systems and processes to maximise their efficiency and effectiveness.

The legal basis we use to maintain and improve our business is the legitimate interests of ourselves or a third party.

We will use legitimate interests of ourselves or our clients’ when engaging with our network of expert witnesses.

Comply with our legal obligations

We may need to protect and handle personal information where necessary to comply with professional, legal and regulatory obligations that apply to our business.  That processing may include gathering and providing personal information as required by or relating to audits, enquiries or investigations by regulators, law enforcement agencies or judicial bodies.  For example those under health and safety regulations or rules issued by the Solicitors Regulation Authority (SRA), the Information Commissioner’s Office (ICO) and the Data Protection Commissioner (DPC) in Ireland.

The legal basis we use to comply with our legal obligation will be legal requirement or legitimate interest of ourselves or a third party.

What personal information do we handle?

We shall handle the minimum personal information necessary to fulfil the needs of the firm as outlined above. Below is a list of the personal information and special category personal information we collect, store, use, share, and delete securely when no longer necessary.

About those outside the firm


About those inside the firm

Address (Email)


Address (Email)

Address (Postal)


Address (Postal)

Bank account details


CCTV footage images

Capital Loans



Car Details


Date of birth

Children's details



CCTV footage images


Employee No



Employment history

Date of birth


Eye care voucher preferences

Employment history


Fixed capital contributions

Financial history



Identity documents



Individual Lawyer targets


NOK details

Medical History


Other deductions



Pension contributions

National Insurance Number



NOK details


Retained profits

Tax Liabilities


Salary details

Telephone Nos


Telephone Nos

Third party staff (Court, Client, Barrister etc.)


Training undertaken

Unique Tax Reference


Travel preferences




In addition to the above personal information we may handle special category and criminal history information, known as sensitive personal information.

  • personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs;
  • trade-union membership;
  • genetic data, biometric data processed solely to identify a human being;
  • health-related data;
  • data concerning a person’s sex life or sexual orientation.

Who is the personal information about?

The categories of individuals we protect and handle personal information about could be from within the firm or outside it:

Outside the firm


Inside the firm






Consultant/Temporary worker

Crown Prosecution Service staff


Employees and Partners



Relatives of colleagues




Court staff



Barrister/ Queen’s Counsel



Employers of the claimant or defendant






Insured and insurer staff



Insurance Brokers






Private Investigator



Relatives of the claimants or defendants



Third party solicitors for claimants or defendants



Witnesses – experts or members of the public



Visitors to the firm



 With whom do we share personal information?

As well as sharing information internally between colleagues on a need to know basis, we sometimes need to share personal information with others outside of the firm where necessary and proportionate. Below is a description of the types of organisations and individuals with whom we might share we may need to share the personal information for one or more purposes:








Barristers/Queen’s Counsel

Court staff

Central government agencies e.g. CRU , DWP, HMRC


Health care professionals


Insurers and insureds

Local authorities

Members of BLM’s Global Insurance Connect network

Previous employers of claimants or defendants


Regulators and Ombudsmen


Third party solicitors for claimants and defendants

 How long do we keep personal information?

We implement a proactive approach to retention and disposal of personal information whereby it is retained for the minimum period necessary and only where there is a legitimate reason or legal obligation to do so. We have a Retention Standard that sets out how long record types should be kept. The retention periods are determined by a combination of legal obligations, regulatory guidance or industry practice or a firm wide business case. Where a finite period is applied  record types are securely destroyed once the period ends. Where records have been deemed to be archived indefinitely we will periodically review them to ensure their retention remains necessary and proportionate.

Record types

Length of time in archive

Family Law; Probate; Domestic conveyancing (not under seal)

10 years

Commercial and capital files; and working documents on LPAs and EPAs; and non-motor property damage

12 years

Construction and environmental; Domestic conveyancing (under seal) and Real estate purchase and property documents (Residential and Commercial)

15 years

Deeds; Global Insurance Law Connect files; Abuse cases; Prenuptial agreements; Wills; Estate administration; original EPA or LPA; criminal cases.


Indefinitely with periodic reviews

All other legal files


7 years

Former employees

7 years

 How do we protect personal information?

We recognise and respect the importance and sensitivity of personal information and so we take great care to make sure we protect and handle it responsibly and we afford it the necessary safeguards whilst it’s in our possession. To achieve this we have implemented a control environment with specific controls around how we protect and handle personal information.  Our aim is to protect it from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to make sure that we meet our obligations.

Organisational measures: We have implemented a suite of polices, standards, guidelines and  procedures to support clear desks and screens to keep information confidential, acceptable use of IT equipment, and to allow access only on a need to know basis. These requirements are applied wherever we collect, store, use, share or destroy personal information. We also provide regular information security and data protection training and awareness for everyone at BLM  and undertake systematic monitoring, audits, risk assessments and inspections of our people, processes and technology.

Technical measures: We adhere to, and are regularly audited on, our ISO27001:2013 certification.  To maintain this certificate we are required to implement and maintain secure data exchange methods; user access controls; secure electronic data storage facilities; secure document storage and disposal processes; firewalls; antivirus software and regular system vulnerability and penetration testing.

When do we make international transfers?

BLM’s offices are located within the UK and Ireland.  The vast majority of personal information we protect and handle is held in those offices or within data centres located within the UK, EU or European Economic Area.

From time to time there are instances where transfer of personal information outside of the European Economic Area (EEA) is necessary. Where the need for an international transfers of personal information arises we shall secure methods that offer sufficient assurances and guarantees that the information is afforded the necessary safeguards to prevent it from accidental or unlawful loss, disclosure, access, alteration or destruction.

The transfer process itself will include establishing a legal basis for the transfer to take place and that the receiving party and country within which they reside offers an adequate level of protection for the rights and freedoms of data subjects through methods including:

  • obtaining the informed and explicit consent of the data subject for the transfer to take place
  • the transfer being necessary for the establishment, exercise or defence of legal claims
  • using the services of third parties based within counties that have been approved by the European Commission as providing adequate safeguards
  • conducting our own adequacy assessments against the receiving party to ensure they can offer sufficient assurances, protections and legal mechanism to uphold the rights and freedoms of data subjects;
  • implementing contracts with the receiving party, within which will be defined terms and conditions (based on the EU Commission’s approved model clauses), which impose upon the party obligations and responsibilities with regards to processing of the personal information

 How do we protect your rights and how to contact us

Under data protection laws individuals have a number of rights that enable them to control when and how their personal information is used, and, to make organisations accountable for use of their information.

If you believe BLM protects and handles your personal information and you wish to exercise any of your rights, such as gaining access to the information we hold about you, where information may be incorrect or incomplete, where you wish to restrict or object to processing, or, if you are dissatisfied with the way in which BLM has used your information in any way you can report the matter to us using the following contact details:

Data Protection Officer, BLM
Risk and Compliance Team
King's House
42 King Street West
M3 2NU


You also have the right to refer any concerns you may have regarding BLM’s use of your information to our regulators. 

In the UK - Information Commissioners Office (ICO) -

In Ireland – Data Protection Commissioner (DPC) -

Summary of data protection rights:

You can make a data protection rights request to BLM at any time. There will be no charge for this but we may need to see proof of your idenity before we can provide you with access. To make a request for your personal information you can contact us using the details provided above. The types of request you can make are summarised below.

  • Right to be informed: this provides individuals with the right to be told about when and how their personal data is used now and in the future. You can see this in our privacy notice held on our websites.  If you wish to query this notice please use the details provided above.
  • Right of access: this enables individuals to gain access to and be given a copy of the personal information that we hold about them. You may not be entitled to see all the information held about you if an exemption applies. Examples of exemptions include information that: is about another person; may prejudice our regulatory work; is subject to legal privilege. If an exemption applies we will explain the reason for it and tell you if we have removed any information from what we send you.
  • Right to erasure (aka right to be forgotten): this enables individuals to request that we erase the personal information we hold about them. We implement a proactive approach to retention and disposal of personal information whereby it is retained for the minimum period necessary and only where there is a lawful basis to do so.
  • Right to rectification: this enables individuals to have any incorrect, inaccurate or incomplete personal information corrected, or, ‘rectified’. Our quality assurance processes aim to ensure the personal information we hold is as accurate and up to date as possible.  However, if you believe that any information we hold about you is incorrect or incomplete then please let us know.  
  • Right to restrict: this enables individuals to restrict an organisation from processing their personal information for certain purposes and in certain ways. Should you have any concerns over how BLM may be using your personal information then please let us know.  Where we are required to restrict our use of personal information as prescribed by Article 18 of GDPR we will do so at the very earliest opportunity and we’ll also inform any third parties we may have shared information with to do so too.
  • Right to object: this enables individuals to object to their personal information being processed in certain ways and in certain circumstances where the conditions set out in the regulation apply. Where we receive an objection, any processing based on the conditions shall cease unless a relevant exception applies, most relevantly where processing is necessary for the establishment, exercise or defence of legal claims.
  • Right to portability: this gives individuals a right to have their personal information transferred or ‘ported’ to another organisation in a reusable electronic format. The conditions in which the right to data portability applies as prescribed in the GDPR generally do not apply to the processing undertaken by BLM. However, where we have the functionality and capability to provide personal information in an electronic, structured and commonly used machine readable format we will endeavour to do so in the event that we receive such a request.
  • Rights related to automated decision making: we currently do not operate any practices or processes that constitute automated decision making as defined within the GDPR. Should we develop any automated decision making capabilities in the future we will ensure that they comply with the requirements of the regulation and that we implement suitable safeguards to protect the rights and freedoms of data subjects.

 Managing and using cookies


We use Google Analytics software to collect information about how our visitors browse and visit our site. We use the information to compile reports and to help us to improve our service. The Google Analytics cookies collect information anonymously, including the number of visitors to our site, where visitors originated from and the links they click within the site. No personal information is collected or stored (for example your name or address) so this information can’t be used to identify who you are. Click here [] for an overview of privacy from Google.



Expiration time


Used to distinguish users, incl. number of visitors and if you’ve visited before.

2 years


 Used to distinguish users, incl. number of visitors and if you’ve visited before.

24 hours


 Used to manage the rate at which page view requests are sent to the analytics server.

10 minutes


You may see a pop-up cookies message when you first visit A cookie is used to log that you have seen this message, so that it doesn’t show again.



Expiration time


This cookie is used to hide the cookies information banner when you have seen it.

No expiry date


We and our advertising partners use cookies and similar technologies on this site and around the web to select and deliver measurable personalised advertising from this site and other advertisers in NextRoll's network.

Google sets the following cookies:



Expiration time


Allows Google Website Call Conversions - This registers if the visitor has clicked on call within the "contact us" sub-page. This information is used for statistics and marketing purposes.

3 months


 Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

1 year


To distinguish between bots and humans.SessionCollect and r/collect

Sent to Google Analytics. Tracks visitors across multiple sites based on visitor and device behaviour.Session

1 day



To check if the user's browser supports cookies.1 day



Facebook sets the following cookies:



Expiration time



Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.

180 days

LinkedIn sets the following cookies:



Expiration time


Identifies language and when you are on LinkedIn.Session



Tracks embedded services.2 years

2 years


Tracks embedded services.

2 years


Tracks embedded services.

1 day


Identifies language and when you are on LinkedIn.Session

29 days

AdRollsets  the following cookies:



Expiration time



 Registers visits to multiple site to measure advisement efficiency of the adverts sent



BLM uses a web chat software from Olark Live Chat on our ‘Join us’ page to allow visitors to ask us questions about working at BLM.  Olark Live Chat sets the following cookies:



Expiration time



 Identifies a unique visitor between visits

2 years


Maintains message history across pages

2 years






These are session only cookies used for security purposes, session tracking, software state information and to improve the caching of the software.




Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit or

To opt out of being tracked by Google Analytics across all websites visit


If you have any comments about using this site, then please e-mail

Changes to this privacy statement

Technology and data privacy best practice are continuously developing. We therefore reserve the right to revise this Privacy Statement at any time. If this Privacy Statement changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it and under what circumstances we may share it with other parties.