Privacy Policy
Confidentiality and Data Protection
​
We have professional duties to keep your information confidential and secure. We also have legal obligations that govern how we handle personal information.
We are committed to applying high standards when handling all personal information. Information about the General Data Protection Regulation (“GDPR”), including definitions such as personal data, data controller, and data processor, is available on the ICO website. Even where the GDPR may not apply, our policy is to apply the same high standards to all client information we handle.
​
Keeping Your Information Confidential
We treat all information about our clients as confidential. While the GDPR may not apply to all client information, our professional obligations as solicitors do.
In general, your information will only be shared where:
(a) You have given consent; or
(b) We are legally required to disclose it.
​
(a) Client Consent
In some situations, your consent may be assumed where sharing information is a necessary or obvious part of providing legal services, or where the information is already publicly available. For example, you will understand that certain information must be disclosed during litigation when corresponding with the other party, the court, or a barrister.
However, if information is to be used in a way that you would not reasonably expect, such as a press release identifying you as a client, we will seek your explicit consent in advance. If there is any doubt, particularly where information is sensitive or where we are working with vulnerable individuals, we will always check with you first.
Where we propose to use third-party suppliers as part of our legal work, for example for photocopying files, storing documentation in cloud systems, or providing access to client-related materials, this will only occur where appropriate approvals are in place. We ensure that suitable agreements exist to protect confidentiality and data security and that third parties use your information only in accordance with our instructions. We maintain a record of approved suppliers with compliant arrangements in place.
​
(b) Legal Requirements
In certain circumstances, we may be required by law to disclose client information.
For example, suspicious activity reports may be made by our Money Laundering Reporting Officer (“MLRO”). In such cases, clients cannot be informed, as doing so may constitute a criminal offence known as “tipping off”. Further information is available in our Anti-Money Laundering Procedures.
Any other disclosure made to comply with a legal obligation without client consent will be reviewed and approved by our Compliance Officer for Legal Practice (COLP) and Information Officer. This ensures compliance with the SRA Code of Conduct and the GDPR, and legal advice will be sought where necessary.
​
How We Use Client Information
​
Using Personal Information for Specific Purposes
We handle all personal information fairly. Our standard retainer includes a privacy statement explaining who we are and how we use your information in connection with providing legal services.
Your information will not be used for any other purpose unless permitted by this policy or approved internally. In particular, we do not:
• access client information without a legitimate professional reason; or
• use client contact details to market products or services that are not our own legal services.
Where consent is required to use personal data in a new way, we will seek clear and specific agreement and will not rely on silence or pre-ticked boxes.
From time to time, we may organise marketing events or initiatives. Client data will only be used for such purposes where legal requirements are met, including those under the GDPR and the Privacy and Electronic Communications Regulations.
Where new projects or IT systems involve the use of personal data and present potentially high data protection risks, a formal Data Protection Impact Assessment may be carried out in accordance with legal requirements.