Privacy & Cookie Policy.

We are committed to protecting personal data and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable professional obligations, including those imposed by the Solicitors Regulation Authority (SRA).

Personal data we collect

While providing legal services, we may collect and process the following personal data:

Client and matter data

• Name, date of birth, title
• Postal address, email address, telephone number
• Identification documents (e.g. passport or driving licence)
• Financial information relevant to a matter
• Case-related information, correspondence, and documentation
• Court records, witness statements, and evidence

Special category data

Where necessary for the provision of legal services, we may process special category personal data, including:

• Health information
• Racial or ethnic origin
• Religious or philosophical beliefs
• Data concerning allegations or convictions

Such data is processed strictly in accordance with UK GDPR safeguards and legal professional obligations.

Anti-Money Laundering (AML) data

To meet legal and regulatory requirements, we collect and verify information for:

• Client due diligence (CDD)
• Identity verification
• Source of funds and source of wealth checks

How we use personal data

We process personal data for the following purposes:

• To provide legal advice and representation
• To manage client relationships and legal matters
• To comply with legal, regulatory, and professional obligations, including SRA and AML requirements
• To communicate with clients, courts, counterparties, and third parties
• To maintain accurate accounting and billing records
• To manage risk, insurance, and professional compliance
• To improve our legal services and internal processes

Lawful basis for processing

We rely on the following lawful bases under Article 6 UK GDPR:

• Performance of a contract: providing legal services and advice
• Legal obligation: compliance with AML, regulatory, and court requirements
• Legitimate interests: management of our practice and client relationships
• Consent: where required, such as for marketing communications

For special category data, processing is carried out as necessary for:

• The establishment, exercise, or defence of legal claims
• Compliance with professional and legal obligations

Legal professional privilege and confidentiality

All client information is subject to legal professional privilege and strict duties of confidentiality. Personal data is accessed only by authorised personnel and used solely for lawful and professional purposes.

Data sharing and third parties

We may share personal data with:

• Courts, tribunals, and regulatory bodies
• Barristers, expert witnesses, and opposing legal representatives
• AML and identity verification providers
• IT, document management, and secure hosting providers
• Professional advisers and insurers

All third parties are contractually required to protect personal data and act only on our documented instructions.

International transfers

Where personal data is transferred outside the UK, we ensure appropriate legal safeguards are in place, including:

• UK adequacy regulations
• Standard Contractual Clauses
• Contractual confidentiality and security obligations

Data security

We apply robust technical and organisational measures to protect personal data, including:

• Secure case management systems
• Access controls and role-based permissions
• Encrypted storage and communications
• Staff confidentiality obligations and training
• Regular reviews of security arrangements

Data retention

Personal data is retained in accordance with:

• Legal and regulatory requirements
• SRA guidance on file retention
• Limitation periods for legal claims

Files are securely archived or destroyed once retention periods expire.

Your data protection rights

Individuals have the right to:

• Request access to personal data
• Request correction of inaccurate data
• Request restriction or objection to processing
• Request erasure where legally permitted
• Withdraw consent where consent is relied upon
• The right to raise a complaint with us regarding the processing of your personal data
• Lodge a complaint with the Information Commissioner's Office (ICO)

Certain rights may be limited where data is subject to legal professional privilege or legal obligations.

Data protection complaints

Under the Data (Use and Access) Act 2025, you have the right to raise a complaint directly with us if you have concerns about how your personal data has been processed.

You can submit a complaint using the contact details set out in this Privacy Policy.

We will:

• Acknowledge your complaint within 30 days
• Investigate the issue appropriately
• Respond without undue delay
• Inform you of the outcome

We may contact you to request further information where necessary and will keep you informed of progress where appropriate.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

However, we encourage you to contact us first to allow us the opportunity to resolve your concerns.

Cookies: how we use them

Our website uses cookies to:

• Ensure the site works properly
• Improve website performance and user experience
• Understand how visitors use our website

Cookies are small text files stored on your device. We do not use cookies to identify you personally.

You can manage or disable cookies at any time through your browser settings. Some parts of the website may not function correctly if cookies are disabled.

Contact details

For data protection queries or requests, contact:

Updates to this policy

This Privacy Policy may be updated from time to time. The current version will always be available on our website.

Version 2 · June 2026 · Review June 2027