Privacy Notice

Last updated: April 2024

We take your privacy very seriously. Please read this privacy notice carefully as it contains important information on who we are and what personal data (information) we hold about you, how we collect it and how we may use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or make a complaint.

We collect, use and are responsible for certain personal data about you. When we do so we are subject to data protection law, including the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. This privacy notice is in a layered format so you can click through to the specific areas set out below.

It is important that you read this privacy notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

Trethowans LLP is a ‘controller’ for the purposes of your personal data. This means that we determine the purpose and means of the processing of your personal data. You will find our contact details at the end of this notice.

The following are some key terms used in this document:

We, us, our	Trethowans LLP
Criminal offence data	Data relating to criminal convictions and offences, allegations and proceedings
Our Website	www.trethowans.com
Personal data	Any information relating to an identified or identifiable individual
Special category data	Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data and data concerning health, sex life or sexual orientation

The type of personal data we collect depends on our relationship with you (for example you may be our client or an individual with whom we have a business relationship) and the method by which we collect the personal data.

The tables below set out the personal data (including special category and criminal offence data) we will or may collect about you.

Individual clients – in the course of advising and/or acting for you

Personal data we will collect

Identity data	Your name and title Information to enable us to check and verify your identity e.g. – your date of birth; – information obtained from an online identity check with an anti-money laundering service provider e.g. number of credit/store cards or unsecured loans held; – your national insurance number; – your passport, photocard drivers’ licence, bank statement or recent utility bill
Contact data	Your address (postal and/or email) and telephone number (landline and/or mobile)
Legal Matter Data	Information that you (or a third party) gives us (including special category data) relating to the matter in which you are seeking our advice or representation Your financial details so far as relevant to your instructions e.g. the source of your funds if you are instructing us on a property transaction or your bank details if we need to return money to you

Personal data we may collect

Financial Data	Including your bank account and payment card details and transaction information
Legal Matter Data	This may include:Details of relevant court orders if you instruct us e.g. on a family matter or in litigationDetails about your education and/or qualifications e.g. if you instruct us on a matter in which your education and/or qualifications are relevantYour employment status and details including salary and benefits if you instruct us e.g. on a matter related to your employment or in which your employment status or income is relevantYour employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances (including relevant special category data), e.g. if you instruct us on matter related to your employment or in which your employment records are relevantYour wills and arrangements for your estate e.g. if you instruct us to update your willsYour financial details (e.g. pension arrangements, bank/ building society details, assets, valuations, borrowings, investments, tax details) if you instruct us e.g. on a matter to which your financial situation is relevant, in a business transaction or in relation to financial arrangements following the breakdown of a relationshipInformation relating to your housing (e.g. tenancy/lease) e.g. if you instruct us on a property litigation matterYour National Insurance number or NHS number e.g. if you instruct us on a matter in which those details are relevantYour nationality and immigration status and information from related documents, such as your passport or other identification and immigration information e.g. if you instruct us on an employment matterPersonal identifying information, such as your hair or eye colour or your parents’ names e.g. if you instruct us to incorporate a company for youAccident records or other records (e.g. DWP/HMRC records) e.g. if we are acting for you in a personal injury claimCCTV/video/photographs e.g. if we are acting for you in a personal injury claim, in criminal proceedings or other litigationInformation about your health/medical records e.g. if we are acting for you in a personal injury or clinical negligence claimYour racial or ethnic origin, gender and sexual orientation, religious or similar beliefs e.g. if you instruct us on a discrimination claimYour trade union membership e.g. if you instruct us on a discrimination claim or your matter is funded by a trade unionYour political opinions e.g. if we are acting for you in a matter in which this is relevantCriminal offence data e.g. if we are acting for you in criminal proceedings or an employment or family related matter in which criminal matters are relevant
Marketing Data	Marketing and communications information, which may include your communication preferences
Other Data	Information we ask for or that you volunteer to us when you correspond with us by email, post, telephone or text or information from social media accounts when interacting with us via a personal profile (e.g. Facebook, Instagram, Twitter or LinkedIn)

Personal data we will collect

Identity Data	Your name and title
Contact Data	Your telephone number (landline and/or mobile)
Legal Matter Data	Information that you (or a third party) gives us (including special category data) relating to the matter in which you are seeking our advice or representation

Personal data we may collect

Contact Data	Your address (postal and/or email)
Marketing Data	Marketing and communications information, which may include your communication preferences
Other Data	Information we ask for or that you volunteer to us when you correspond with us by email, post, telephone or text or information from social media accounts when interacting with us via a personal profile (e.g. Facebook, Instagram, Twitter or LinkedIn)

Personal data we will collect

Identity Data	Your name and title
Contact Data	Your address (postal and/or email) and telephone number (landline and/or mobile)
Other Individual Data	Information (including special category data) relevant to the matter in which you are involved e.g. if you are a witness, beneficiary or an opponent or to our business relationship with you or the organisation you work for

Personal data we may collect

Identity Data	Your date of birth/age Information to enable us to check and verify your identity e.g. – your date of birth; – information obtained from an online identity check with an anti-money laundering service provider e.g. number of credit/store cards or unsecured loans held; – your national insurance number; – your passport, photocard drivers’ licence, bank statement or recent utility bill
Other Individual Data	Financial information e.g. if you are providing a deposit for a family member in a property transaction Details about your education and/or qualifications (including CV) Employment information Other professional information e.g. job title Your bank details and VAT number The name of the organisation you work for Information relating to you that you (or a third party) gives us (including special category data) in connection with our client’s legal matter or our business relationship with you or the organisation you work for
Marketing Data	Marketing and communications information, which may include your communication preferences
Other Data	Information we ask for or that you volunteer to us when you correspond with us by email, post, telephone or text or information from social media accounts when interacting with us via a personal profile (e.g. Facebook, Instagram, Twitter or LinkedIn)

Personal data we may collect

Identity Data	Your name and title
Contact Data	Your address (postal and/or email) and telephone number (landline and/or mobile)
Website Enquiry Data	Information you give us by filling in forms on our Website. This includes information you provide when you subscribe to our services, request further services, make an enquiry on our Website, request a call back, sign up for news or events, complete surveys undertaken by us for research purposes, enter a competition and report a problem with our Website
Technical Data	This includes your internet protocol (IP) address, browser type and version, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Website
Usage Data	This includes information about how you use our Website

We collect and use this personal data for the purposes described in the sections: ‘How and why we use your personal data’ and ‘How and why we use special category and criminal offence data’ (see below).

We also collect, use and share aggregated data such as statistical data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate data to calculate the percentage of users accessing a specific page on our Website. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

If you are our client, we will ask you for the personal data we reasonably require to enable us to act for you and provide legal advice. If you do not provide the personal data we ask for, this may delay or prevent us from acting or continuing to act for you. Depending on the circumstances, we may have to stop acting for you but you will still have to pay any unpaid fees and disbursements incurred on your behalf up to that point as set out in our General Terms of Business.
We collect most personal data from you. However, we may also collect information:
- - from publicly accessible sources e.g. Companies House or HM Land Registry;
- - from an anti-money laundering service provider;
- - directly from a third party e.g.
    - your bank or building society, another financial institution or advisor;
    - consultants and other professionals we may engage in relation to our client’s matter;
    - your employer and/or trade union, professional body or pension administrators;
    - your doctors, medical and occupational health professionals;
    - DWP, HMRC;
    - from a referrer (e.g. your accountant); and
    - other parties involved in the legal proceedings (e.g. other solicitors, witnesses or courts);
- - via our information technology systems e.g. our case management, document management and time recording systems; and
- - from cookies on our Website – for more information on our use of cookies and other similar technologies, please see our cookie policy which you will find on our Website.
Under data protection law, we can only use your personal data if we have a proper reason for doing so, for example:
- - for the performance of our contract with you or to take steps at your request before entering into a contract;
- - to comply with our legal and regulatory obligations;
- - for our legitimate interests or those of a third party; or
- - where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests

The table below explains what we use your personal data for and our lawful basis for doing so, depending on our relationship with you.

Our purpose for using your personal data	What we do with your personal data	Lawful basis relied on under the UK GDPR	What personal data we use (the terms used in this column are taken from the table “Personal data we collect and use”)
For our individual clients – to provide legal services	We will collect personal data relevant to your legal matter and use it to advise and represent you. We will store your personal data on our IT systems and destroy it in accordance with our data retention and other business policies	Necessary for the performance of our contract with you or to take steps at your request before entering into a contract with you: Article 6(1)(b) UK GDPR	Identity Data Contact Data Legal Matter Data Financial Data Other Data
For individuals who work for corporate clients – to provide the organisation you work for with legal services	We will collect your personal data and use it to correspond with you about the legal matter involving the organisation you work for. We will store your personal data on our IT systems and destroy it in accordance with our data retention and other business policies	Necessary for the legitimate interests of the organisation you work for or represent and our legitimate interests e.g. to provide the organisation you work for or represent with legal services: Article 6(1)(f) UK GDPR	Identity Data Contact Data Other Individual Data Other Data
For individuals who work for prospective corporate clients – e.g. for corresponding with you about the services we offer, to provide a fee estimate and to respond to your queries	We will collect your personal data and use it to correspond with you about e.g. the services we offer, fee estimates and to respond to your queries about the legal matter involving the organisation you work for. We will store your personal data on our IT systems and destroy it in accordance with our data retention and other business policies	Necessary for the legitimate interests of the organisation you work for and our legitimate interests e.g. to deal with pre-engagement enquiries or issues: Article 6(1)(f) UK GDPR	Identity Data Contact Data Other Individual Data Other Data
For individuals with whom we deal (and/or whose personal data we handle) during the course of our business e.g. witnesses, opponents, experts – for the purposes of our client’s legal matter	We will collect your personal data and use it in connection with our client’s legal matter. We will store your personal data on our IT systems and destroy it in accordance with our data retention and other business policies	Necessary for our client’s legitimate interests and our legitimate interests e.g. to progress our client’s legal matter: Article 6(1)(f) UK GDPR	Identity Data Contact Data Other Individual Data Other Data
For other individuals with whom we have contracts e.g. suppliers, for corresponding with you and for taking steps under the contract with you	We will collect your personal data and use it for entering into and managing the contract with you. We will store your personal data on our IT systems and destroy it in accordance with our data retention and other business policies	Necessary for the performance of our contract with you or to take steps at your request before entering into a contract with you: Article 6(1)(b) UK GDPR	Identity Data Contact Data Other Individual Data Other Data
For other individuals who work for organisations with whom we have contracts e.g. suppliers, for corresponding with you and for taking steps under the contract with your organisation	We will collect your personal data and use it to correspond with you about the contract with the organisation you work for. We will store your personal data on our IT systems and destroy it in accordance with our data retention and other business policies	Necessary for the legitimate interests of the organisation you work for and our legitimate interests e.g. to manage and take steps under the contract with your organisation: Article 6(1)(f) UK GDPR	Identity Data Contact Data Other Individual Data Other Data
For other individuals who work for organisations with whom we do not have contracts e.g. prospective suppliers – e.g. for corresponding with you about the services your organisation offers and to obtain a price quote	We will collect your personal data and use it to correspond with you about e.g. the services your organisation offers and to obtain a price quote. We will store your personal data on our IT systems and destroy it in accordance with our data retention and other business policies	Necessary for the legitimate interests of the organisation you work for and our legitimate interests e.g. to raise pre-contractual enquiries or issues: Article 6(1)(f) UK GDPR	Identity Data Contact Data Other Individual Data Other Data
To prevent and detect fraud against you or us	We will check and monitor the security of our email and IT systems which hold your personal data and undertake other verification checks of your personal data (as necessary)	Necessary for your and our legitimate interests i.e. to minimise fraud that could be damaging for us and for you: Article 6(1)(f) UK GDPR	Potentially any personal data held
To conduct checks to identify our clients and others and verify their identity	We will collect relevant personal data and pass it to our anti-money laundering service provider for the purposes of an online identity check. If we need to undertake enhanced due diligence to verify your identity, then we may need to collect further information from you e.g. a copy of your passport	Necessary for compliance with a legal obligation to which we are subject (e.g. anti-money laundering legislation): Article 6(1)(c) UK GDPR	Identity Data Contact Data Other Data
For enquiries or investigations by regulatory bodies (e.g. the Solicitors Regulation Authority or the Information Commissioner’s Office) or law enforcement agencies	We will extract your personal data from our IT systems and disclose it as required by law or further to a court order	Necessary for compliance with a legal obligation to which we are subject (e.g. data protection law, solicitors’ professional rules or a court order): Article 6(1)(c) UK GDPR	Potentially any personal data held
To ensure our business policies are adhered to e.g. policies covering security and internet use	We will check our use of your personal data against our business policies	Necessary for our legitimate interests i.e. to make sure we are following our own internal procedures so we can deliver the best service we are able to: Article 6(1)(f) UK GDPR	Potentially any personal data held
To ensure the confidentiality of commercially sensitive information	We will put in place reasonable and appropriate security measures to protect the integrity of our systems that hold your personal data	Necessary for our legitimate interests i.e. to protect trade secrets and other commercially valuable information: Article 6(1)(f) UK GDPR Necessary for compliance with a legal obligation to which we are subject (e.g. solicitors’ professional rules): Article 6(1)(c) UK GDPR	Potentially any personal data held
For statistical analysis to help us manage our practice e.g. in relation to our financial performance, client base, work type or other efficiency measures	We will use relevant personal data in data analysis software and also for manual analysis	Necessary for our legitimate interests i.e. to be as efficient as we can so we can deliver the best service we are able to at the best price: Article 6(1)(f) UK GDPR	Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Marketing Data Website Enquiry Data Other Data
To prevent unauthorised access and modifications to our systems	We will put in place reasonable and appropriate security measures to protect the integrity of our systems that hold your personal data	Necessary for compliance with a legal obligation to which we are subject (e.g. data protection law): Article 6(1)(c) UK GDPR Necessary for our legitimate interests or those of a third party i.e. to prevent and detect criminal activity that could be damaging for us and for you: Article 6(1)(f) UK GDPR	Potentially any personal data held
To update and maintain client and other records	We will enter and hold your personal data in the relevant parts of our IT systems and we may hold your personal data in manual records	For individual clients – necessary for the performance of our contract with you or to take steps at your request before entering into a contract with you: Article 6(1)(b) UK GDPR Necessary for compliance with a legal obligation to which we are subject (e.g. data protection law and solicitors’ professional rules): Article 6(1)(c) UK GDPR Necessary for our legitimate interests or those of a third party i.e. to make sure we can keep in touch with you where necessary: Article 6(1)(f) UK GDPR	Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Website Enquiry Data Marketing Data Other Data
For staff management, training and administration	We will access and use your personal data held in our IT systems and may use it in emails between our staff and for training purposes	Necessary for our legitimate interests i.e. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service that we are able to: Article 6(1)(f) UK GDPR	Potentially any personal data held (excluding Technical Data)
To deal with complaints or legal claims against us	We will review your personal data held in our IT systems and may collect other information relevant to the complaint/legal claim. We will review any information collected and assess the merits of any complaint or legal claim. We may also communicate with third parties as necessary to seek advice/representation and/or in connection with legal or prospective legal proceedings	Necessary for our legitimate interests i.e. to ensure that we are able to respond to any complaints or legal claims made against us: Article 6(1)(f) UK GDPR	Potentially any personal data held
For the external audit of our accounts	We will provide access to such personal data held on our IT systems as is required by our auditors in connection with their audit of financial transactions	Necessary for compliance with a legal obligation to which we are subject (section 475 Companies Act 2006): Article 6(1)(c) UK GDPR	As required by our auditors in connection with the statutory audit of our accounts
For our Lexcel assessment and accreditation	We will provide access to such personal data held on our IT systems and manual records as is required by our Lexcel assessor in connection with our Lexcel assessment	Necessary for our clients’ legitimate interests and our legitimate interests i.e. to maintain our Lexcel accreditation so we can demonstrate we operate at the highest standards: Article 6(1)(f) UK GDPR	As required by our Lexcel assessor in connection with our Lexcel assessment (excluding special category data)
To enforce or apply our Website terms and conditions or any other agreements	To enforce or apply our Website terms and conditions or any other agreements	Necessary for our legitimate interests i.e. to enforce our legal rights and protect our business: Article 6(1)(f) UK GDPR Necessary for the performance of our contract with you: Article 6(1)(b) UK GDPR	Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Website Enquiry Data Other Data
To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	We will use your personal data held in our IT systems	Necessary for our legitimate interests i.e. for running our business, network security, to prevent fraud and in the context of a business reorganisation: Article 6(1)(f) UK GDPR Necessary for compliance with a legal obligation to which we are subject (e.g. data protection law): Article 6(1)(c) UK GDPR	Potentially any personal data held
To improve our Website and your experience (through the use of data analytics)	We will use personal data collected via cookies and other similar technologies on our Website	With your consent: Article 6(1)(a) UK GDPR	Technical Data Usage Data
To inform you about legal developments, services or events which we think may be of interest to you	We will use your personal data to assess what legal developments, services or events we think may be of interest to you and to correspond with you	Necessary for the legitimate interests of clients, contacts and referrers and our legitimate interests i.e. to promote our business to existing and former clients and contacts and deliver the optimum experience for our clients: Article 6(1)(f) UK GDPR	Identity Data Contact Data Legal Matter Data Other Individual Data Marketing Data Other Data
To provide personal data to other parties that have or may acquire control or ownership of our business or part of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition or asset sale or in the event of our insolvency	We will extract your personal data from our IT systems and disclose it as necessary	Necessary for your and our legitimate interests (e.g. to ensure continuity of legal services): Article 6(1)(f) UK GDPR	Potentially any personal data held Usually information will be anonymised during a transaction and until completion of the transaction but this may not always be possible

Under data protection law, we can only use special category or criminal offence data where:
- - we have a proper reason for doing so (see above: ‘How and why we use your personal data’); and
- - one of the ‘grounds’ for using special category or criminal offence data applies.
There are a number of potential grounds for using special category or criminal offence data under data protection law.

Generally, where we use special category or criminal offence data, we will do so on the grounds that this is necessary for establishing, exercising or defending legal claims. This includes using special category or criminal offence data, where necessary, for:
- - actual or prospective court proceedings;
- - obtaining legal advice; or
- - establishing, exercising or defending legal rights in any other way.
Where this does not apply, we will only process special category or criminal offence data where processing is necessary for reasons of substantial public interest or with your explicit consent.

Where we rely on consent as a lawful basis to process your personal data, you have the right to withdraw your consent at any time. To do this, please telephone, email or write to us (see below: ‘How to contact us’).

Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
We may use your personal data to send you updates (by email, telephone or post) about legal developments that might be of interest to you, details about events and/or information about our services, including new services.

We have a legitimate interest in processing your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you information about legal developments, events or our services. However, where consent is needed, we will ask for this consent separately and clearly.

We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.

You have the right to opt out of receiving marketing communications at any time by:
- - emailing [email protected], writing to us at The Pavilion, Botleigh Grange Business Park, Southampton, SO30 2AF (for the attention of marketing) or calling us on 0845 302 4695; or
- - using the ‘unsubscribe’ link in our emails.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

Depending on the circumstances, we may share your personal data with:

Category of recipient	Further details of recipients	Use by recipient	Relevant categories of personal data that may be transferred to recipient (depending on service provided/reason for transfer) (The terms used in this column are taken from the table “Personal data we collect and use”)
Professional advisers whom we instruct on your/our client’s behalf	Professional advisers e.g. barristers, medical professionals, accountants, tax advisers or other experts	To assist and advise in your/our client’s legal matter and/or represent you/our client	Identity Data Contact Data Legal Matter Data Other Individual Data Website Enquiry Data Other Data
Other third parties where necessary to carry out your/our client’s instructions	e.g. a mortgage provider or HM Land Registry in the case of a property transaction or Companies House	To provide e.g. the information, documentation, advice, lending facility requested	Identity Data Contact Data Legal Matter Data Other Individual Data Website Enquiry Data Other Data
Third parties where necessary for your/our client’s legal claim	e.g. third party solicitors, opponents, insurers, courts	To deal with your/our client’s claim	Identity Data Contact Data Legal Matter Data Other Individual Data Website Enquiry Data Other Data
Our insurers, brokers and professional advisers in the event of a complaint or legal claim against us or where we require external advice or assistance	Professional advisers e.g. solicitors, barristers, IT specialists	To assist, advise and represent us as necessary	Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Website Enquiry Data Technical Data Other Data
An anti-money laundering service provider		To undertake identity and anti-money laundering checks	Identity Data Contact Data
Our regulator	The Solicitors Regulation Authority	To assess our compliance with our regulatory and professional obligations	Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Website Enquiry Data Other Data
The legal services providers’ complaints body	The Legal Ombudsman	To deal with a complaint made against us	Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Website Enquiry Data Other Data
External auditors	Auditors of our accounts and Lexcel assessor	To undertake the statutory audit of our accounts or Lexcel accreditation assessment	As required by our auditors/Lexcel assessor in connection with our audit/assessment (see above: ‘What we use your personal data for’)
Our bank	Handelsbanken	To process financial transactions	Identity Data Contact Data Financial Data
External IT service providers	e.g. IT platform hosting provider, website hosting provider, IT support, email security, email service provider, document management providers, application software providers	To provide the relevant IT service to us	Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Website Enquiry Data Other Data
Other external service providers	e.g. telephone answering service, typing services, data analytics providers	To provide the relevant service to us	Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Other Data Technical Data
Law enforcement/regulatory agencies		To carry out their investigations	Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Website Enquiry Data Other Data
Other parties that have or may acquire control or ownership of our business or part of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition or asset sale or in the event of our insolvency			Potentially any personal data held Usually information will be anonymised during a transaction and until completion of the transaction but this may not always be possible

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us. Other recipients, such as our professional advisers are bound by confidentiality obligations.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including;
- - to respond to any questions, complaints or claims made by you/our client or on your/our client’s behalf;
- - to show that we treated you fairly;
- - to keep records required by law to comply with our legal and regulatory obligations.
We will not retain your data for longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of personal data. For client matters, generally we will not keep personal data for longer than seven years, although this depends on factors such as the type of case and in a personal injury case, the age of the claimant.
It is sometimes necessary for us to share your personal data outside the UK e.g.
- - with your and/or our service providers located outside the UK;
- - if you are based outside the UK; or
- - where there is an international dimension to the matter in which we are advising.
We will ensure the transfer complies with relevant data protection law by ensuring that e.g.:
- - the country to which the personal data is being transferred is subject to an adequacy regulation further to Article 45 of the UK GDPR i.e. it has been decided by the UK government that the particular country ensures an adequate level of protection of personal data;
- - the transfer is necessary for the performance of a contract between you and us further to Article 49 of the UK GDPR;
- - the transfer is necessary to establish, exercise or defend legal claims further to Article 49 of the UK GDPR;
- - there are appropriate safeguards in place between us and the organisation receiving it together with enforceable rights and effective legal remedies for you (e.g. by the use of approved data protection contractual terms); or
- - you have provided explicit consent to the proposed transfer after being informed of any potential risks under Article 49 of the UK GDPR.
Where we transfer your personal data outside of the UK, we do so on the basis of an adequacy regulation or (where this is not available) by way of legally-approved standard data protection clauses recognised or issued further to Article 46(2) of the UK GDPR. In the event that we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by data protection law and reflected in an update to this privacy notice.

Any changes in the transfer mechanisms we rely on to transfer personal data internationally will be notified to you in accordance with the section: ‘Changes to this privacy policy’ (see below).

Please contact us (see below: ‘How to contact us’) if you want further information on the specific mechanism used by us when transferring your personal data outside of the UK.

You have the following rights, which you can exercise free of charge:

Access	The right to be provided with a copy of your personal data and certain other information
Rectification	The right to require us to correct any mistakes in your personal data
To be forgotten	In certain situations, the right to require us to delete your personal data
Restriction of processing	In certain situations, the right to require us to restrict processing of your personal data e.g. if you contest the accuracy of the data
Data portability	In certain situations, the right to ask us to transfer any personal data you provided to us to another organisation
To object	The right to object at any time to your personal data being processed for direct marketing and in certain other situations to our continued processing of your personal data e.g. where processing is carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims
To withdraw consent	If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time. To do this, please telephone, email or write to us (see below: ‘How to contact us’) Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn

We do not use personal data for automated decision making.

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the Information Commissioner’s Office (ICO) on individuals’ rights.

If you would like to exercise any of those rights, please email, write or telephone our Privacy Officer (see below: ‘How to contact us’) and let us have enough information to identify you e.g. your full name, address and client/matter reference number as well as what right you want to exercise and the personal data to which your request relates.

We have put in place reasonable and appropriate security measures to endeavour to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

For users of our Website, unfortunately, the transmission of information via the internet is never completely secure. We cannot therefore guarantee the security of your data transmitted via our Website; any transmission is at your own risk. Our Website may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a data security breach where we are legally required to do so.
We hope that we can resolve any query or concern you may raise about our use of your personal data. If you want to complain about how we have used your personal data, please email or write to our Privacy Officer (see below: ‘How to contact us’). However, if we are not able to resolve your complaint to your satisfaction, you can complain to the UK’s data protection authority, the Information Commissioner’s Office (ICO). Further information about how to make a complaint to the ICO can be found on the ICO website www.ico.org.uk.
We may change this privacy notice from time to time and when we do so, we will inform you via our Website. If any changes are likely to have an adverse impact on your rights under data protection law, we will use reasonable endeavours to notify you of the changes in advance in writing or by alternative means.

Please contact us by email, post or telephone if you have any questions about this privacy notice or the information we hold about you.

Our contact details are shown below:

Our contact details	Our Privacy Officer’s details
Trethowans LLP 1 London Road, Salisbury, Wilshire, SP1 3HP 01722 412512	Sarah Wheadon [email protected] The Pavilion, Botleigh Grange Business Park Hedge End, Southampton SO30 2AF 023 8032 1000

If you would like this notice in another format (for example large print) please contact us (see above ‘How to contact us’).

Make an enquiry