Privacy and Transparency Notice 01 May 2018


Data Controller - is a trading name of who is the data controller.

Purposes of Processing - Your data will be processed in order to:

  1. market services to you;
  2. provide services under contract to you and others;
  3. comply with regulatory and other legal obligations; and
  4. protect against potential claims.


Legal Basis - Your data will be processed on the basis that has a legitimate interest in being able to achieve the aims of processing set out above. Where special category data is provided, the provider of the data warrants that they consent to processing that data or that they have obtained written consent from the data subject.

Personal Data Held - As a minimum, is required to positively identify its clients (including directors or its equivalent in the case of corporate clients). The information we collect may include may include your name, address and contact details, including email address and telephone number. In addition, holds whatever information is provided to it by its clients and others. may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief in order to monitor diversity in recruitment.

Failure to Provide Data – If you fail to provide with the data required you will not receive services or marketing.

Data Sources - obtains most personal data from its clients and those who have indicated that they have an interest in services. also obtains some personal data from other correspondents. also collects some data from publicly available sources (e.g. Companies House).

Recipients - Any data provided by a client is treated as confidential to that client and will only be shared with others in so far as is necessary in order to provide the services contracted for by the client, to comply with regulatory and other legal obligations and to protect against a potential claim. In order to provide its services, relies on the services of certain data processors. These include secure cloud storage for files and emails. In each case, ensures that data is processed in compliance with this policy.

Third Countries and Safeguards - Other than where required in order to provide services as required in individual client matters, data is rarely sent to third countries. Where it is, we will ensure that adequate safeguards have been put in place to protect your personal information. This means that we will:

  1. ensure that the country in which your personal information will be handled has been deemed "adequate" by the European Commission under Article 45 of the General Data Protection Regulation (GDPR);
  2. include standard data protection clauses approved by the European Commission for transferring personal information outside the EEA into our contracts with those third parties (these are the clauses approved under Article 46.2 of the GDPR); or
  3. (in the case of transfers from the EEA to the USA), ensure that the recipient of the personal information is certified with the US-EU Privacy Shield Framework, as permitted by Article 46.2 of the GPDR;
  4. devices we send to third countries are password protected and equipped with tracking and remote wipe software.


Retention Period - Data is held for six years from the end of the relevant matter or for six years where not associated with a particular matter.

Data Subject’s Rights – Where relevant, you have the right (subject to client confidentiality) to:

  1. withdraw consent to the processing of your data;
  2. complain to a supervisory authority regarding the processing of your data (; and
  3. obtain a copy of the data held on you and to correction of any errors in that data.


Automated Decision Making – None.

Your rights

You have the following rights regarding your information:

  1. Right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we’re providing you with the information in this Privacy Notice.

  1. Right of access

You have the right to obtain access to your personal data (if we’re processing it) and certain other information (similar to that provided in this Privacy Notice). This is so you’re aware and can check that we’re using your personal data in accordance with data protection law.

  1. Right to rectification

You are entitled to have your personal data corrected if it’s inaccurate or incomplete.

  1. Right to erasure

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there’s no compelling reason for us to keep it. This is not an absolute right to erasure; there are exceptions.

  1. Right to restrict processing

You have rights to ‘block’ or suppress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further. [We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future.]

  1. Right to data portability

You have the right to obtain and reuse your personal data in a structured, commonly used and machine readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.

  1. Right to object to processing

You have the right to object to certain types of processing, in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests or on public interest

  1. Right to withdraw consent.

If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw.