Last updated: May 2023
We take your privacy very seriously. Please read this privacy notice carefully as it contains important information on who we are and what personal data (information) we hold about you, how we collect it and how we may use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or make a complaint.
We collect, use and are responsible for certain personal data about you. When we do so we are subject to data protection law, including the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. This privacy notice is in a layered format so you can click through to the specific areas set out below.
It is important that you read this privacy notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
Who we are
Trethowans LLP is a ‘controller’ for the purposes of your personal data. This means that we determine the purpose and means of the processing of your personal data. You will find our contact details at the end of this notice.
Key terms
The following are some key terms used in this document:
| We, us, our | Trethowans LLP |
| Criminal offence data | Data relating to criminal convictions and offences, allegations and proceedings |
| Our Website | www.trethowans.com |
| Personal data | Any information relating to an identified or identifiable individual |
| Special category data | Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data and data concerning health, sex life or sexual orientation |
Personal data we collect and use
The type of personal data we collect depends on our relationship with you (for example you may be our client or an individual with whom we have a business relationship) and the method by which we collect the personal data.
The tables below set out the personal data (including special category and criminal offence data) we will or may collect about you.
Individual clients – in the course of advising and/or acting for you
Personal data we will collect
| Identity data | Your name and title Information to enable us to check and verify your identity e.g. – your date of birth; – information obtained from an online identity check with an anti-money laundering service provider e.g. number of credit/store cards or unsecured loans held; – your national insurance number; – your passport, photocard drivers’ licence, bank statement or recent utility bill |
| Contact data | Your address (postal and/or email) and telephone number (landline and/or mobile) |
| Legal Matter Data | Information that you (or a third party) gives us (including special category data) relating to the matter in which you are seeking our advice or representation Your financial details so far as relevant to your instructions e.g. the source of your funds if you are instructing us on a property transaction or your bank details if we need to return money to you |
Personal data we may collect
| Financial Data | Including your bank account and payment card details and transaction information |
| Legal Matter Data | This may include: Details of relevant court orders if you instruct us e.g. on a family matter or in litigation Details about your education and/or qualifications e.g. if you instruct us on a matter in which your education and/or qualifications are relevant Your employment status and details including salary and benefits if you instruct us e.g. on a matter related to your employment or in which your employment status or income is relevant Your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances (including relevant special category data), e.g. if you instruct us on matter related to your employment or in which your employment records are relevant Your wills and arrangements for your estate e.g. if you instruct us to update your wills Your financial details (e.g. pension arrangements, bank/ building society details, assets, valuations, borrowings, investments, tax details) if you instruct us e.g. on a matter to which your financial situation is relevant, in a business transaction or in relation to financial arrangements following the breakdown of a relationship Information relating to your housing (e.g. tenancy/lease) e.g. if you instruct us on a property litigation matter Your National Insurance number or NHS number e.g. if you instruct us on a matter in which those details are relevant Your nationality and immigration status and information from related documents, such as your passport or other identification and immigration information e.g. if you instruct us on an employment matter Personal identifying information, such as your hair or eye colour or your parents’ names e.g. if you instruct us to incorporate a company for you Accident records or other records (e.g. DWP/HMRC records) e.g. if we are acting for you in a personal injury claim CCTV/video/photographs e.g. if we are acting for you in a personal injury claim, in criminal proceedings or other litigation Information about your health/medical records e.g. if we are acting for you in a personal injury or clinical negligence claim Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs e.g. if you instruct us on a discrimination claim Your trade union membership e.g. if you instruct us on a discrimination claim or your matter is funded by a trade union Your political opinions e.g. if we are acting for you in a matter in which this is relevant Criminal offence data e.g. if we are acting for you in criminal proceedings or an employment or family related matter in which criminal matters are relevant |
| Marketing Data | Marketing and communications information, which may include your communication preferences |
| Other Data | Information we ask for or that you volunteer to us when you correspond with us by email, post, telephone or text or information from social media accounts when interacting with us via a personal profile (e.g. Facebook, Instagram, Twitter or LinkedIn) |
Prospective individual clients
Personal data we will collect
| Identity Data | Your name and title |
| Contact Data | Your telephone number (landline and/or mobile) |
| Legal Matter Data | Information that you (or a third party) gives us (including special category data) relating to the matter in which you are seeking our advice or representation |
Personal data we may collect
| Contact Data | Your address (postal and/or email) |
| Marketing Data | Marketing and communications information, which may include your communication preferences |
| Other Data | Information we ask for or that you volunteer to us when you correspond with us by email, post, telephone or text or information from social media accounts when interacting with us via a personal profile (e.g. Facebook, Instagram, Twitter or LinkedIn) |
Other individuals with whom we deal or whose data we handle during the course of our business (e.g. individuals who work for corporate clients, opponents, witnesses, contacts, beneficiaries, experts and suppliers)
Personal data we will collect
| Identity Data | Your name and title |
| Contact Data | Your address (postal and/or email) and telephone number (landline and/or mobile) |
| Other Individual Data | Information (including special category data) relevant to the matter in which you are involved e.g. if you are a witness, beneficiary or an opponent or to our business relationship with you or the organisation you work for |
Personal data we may collect
| Identity Data | Your date of birth/age Information to enable us to check and verify your identity e.g. – your date of birth; – information obtained from an online identity check with an anti-money laundering service provider e.g. number of credit/store cards or unsecured loans held; – your national insurance number; – your passport, photocard drivers’ licence, bank statement or recent utility bill |
| Other Individual Data | Financial information e.g. if you are providing a deposit for a family member in a property transaction Details about your education and/or qualifications (including CV) Employment information Other professional information e.g. job title Your bank details and VAT number The name of the organisation you work for Information relating to you that you (or a third party) gives us (including special category data) in connection with our client’s legal matter or our business relationship with you or the organisation you work for |
| Marketing Data | Marketing and communications information, which may include your communication preferences |
| Other Data | Information we ask for or that you volunteer to us when you correspond with us by email, post, telephone or text or information from social media accounts when interacting with us via a personal profile (e.g. Facebook, Instagram, Twitter or LinkedIn) |
Visitors to our Website
Personal data we may collect
| Identity Data | Your name and title |
| Contact Data | Your address (postal and/or email) and telephone number (landline and/or mobile) |
| Website Enquiry Data | Information you give us by filling in forms on our Website. This includes information you provide when you subscribe to our services, request further services, make an enquiry on our Website, request a call back, sign up for news or events, complete surveys undertaken by us for research purposes, enter a competition and report a problem with our Website |
| Technical Data | This includes your internet protocol (IP) address, browser type and version, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Website |
| Usage Data | This includes information about how you use our Website |
We collect and use this personal data for the purposes described in the sections: ‘How and why we use your personal data’ and ‘How and why we use special category and criminal offence data’ (see below).
We also collect, use and share aggregated data such as statistical data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate data to calculate the percentage of users accessing a specific page on our Website. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
If you do not provide personal data
If you are our client, we will ask you for the personal data we reasonably require to enable us to act for you and provide legal advice. If you do not provide the personal data we ask for, this may delay or prevent us from acting or continuing to act for you. Depending on the circumstances, we may have to stop acting for you but you will still have to pay any unpaid fees and disbursements incurred on your behalf up to that point as set out in our General Terms of Business.
How your personal data is collected
We collect most personal data from you. However, we may also collect information:
- from publicly accessible sources e.g. Companies House or HM Land Registry;
- from an anti-money laundering service provider e.g. SmartSearch;
- directly from a third party e.g.
- your bank or building society, another financial institution or advisor;
- consultants and other professionals we may engage in relation to our client’s matter;
- your employer and/or trade union, professional body or pension administrators;
- your doctors, medical and occupational health professionals;
- DWP, HMRC;
- from a referrer (e.g. your accountant); and
- other parties involved in the legal proceedings (e.g. other solicitors, witnesses or courts);
- via our information technology systems e.g. our case management, document management and time recording systems; and
- from cookies on our Website – for more information on our use of cookies and other similar technologies, please see our cookie policy.
How and why we use your personal data
Under data protection law, we can only use your personal data if we have a proper reason for doing so, for example:
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- to comply with our legal and regulatory obligations;
- for our legitimate interests or those of a third party; or
- where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
What we use your personal data for
The table below explains what we use your personal data for and our lawful basis for doing so, depending on our relationship with you.
| Our purpose for using your personal data | What we do with your personal data | Lawful basis relied on under the UK GDPR | What personal data we use (the terms used in this column are taken from the table “Personal data we collect and use”) |
| For our individual clients – to provide legal services | We will collect personal data relevant to your legal matter and use it to advise and represent you. We will store your personal data on our IT systems and destroy it in accordance with our data retention and other business policies | Necessary for the performance of our contract with you or to take steps at your request before entering into a contract with you: Article 6(1)(b) UK GDPR | Identity Data Contact Data Legal Matter Data Financial Data Other Data |
| For individuals who work for corporate clients – to provide the organisation you work for with legal services | We will collect your personal data and use it to correspond with you about the legal matter involving the organisation you work for. We will store your personal data on our IT systems and destroy it in accordance with our data retention and other business policies | Necessary for the legitimate interests of the organisation you work for or represent and our legitimate interests e.g. to provide the organisation you work for or represent with legal services: Article 6(1)(f) UK GDPR | Identity Data Contact Data Other Individual Data Other Data |
| For individuals who work for prospective corporate clients – e.g. for corresponding with you about the services we offer, to provide a fee estimate and to respond to your queries | We will collect your personal data and use it to correspond with you about e.g. the services we offer, fee estimates and to respond to your queries about the legal matter involving the organisation you work for. We will store your personal data on our IT systems and destroy it in accordance with our data retention and other business policies | Necessary for the legitimate interests of the organisation you work for and our legitimate interests e.g. to deal with pre-engagement enquiries or issues: Article 6(1)(f) UK GDPR | Identity Data Contact Data Other Individual Data Other Data |
| For individuals with whom we deal (and/or whose personal data we handle) during the course of our business e.g. witnesses, opponents, experts – for the purposes of our client’s legal matter | We will collect your personal data and use it in connection with our client’s legal matter. We will store your personal data on our IT systems and destroy it in accordance with our data retention and other business policies | Necessary for our client’s legitimate interests and our legitimate interests e.g. to progress our client’s legal matter: Article 6(1)(f) UK GDPR | Identity Data Contact Data Other Individual Data Other Data |
| For other individuals with whom we have contracts e.g. suppliers, for corresponding with you and for taking steps under the contract with you | We will collect your personal data and use it for entering into and managing the contract with you. We will store your personal data on our IT systems and destroy it in accordance with our data retention and other business policies | Necessary for the performance of our contract with you or to take steps at your request before entering into a contract with you: Article 6(1)(b) UK GDPR | Identity Data Contact Data Other Individual Data Other Data |
| For other individuals who work for organisations with whom we have contracts e.g. suppliers, for corresponding with you and for taking steps under the contract with your organisation | We will collect your personal data and use it to correspond with you about the contract with the organisation you work for. We will store your personal data on our IT systems and destroy it in accordance with our data retention and other business policies | Necessary for the legitimate interests of the organisation you work for and our legitimate interests e.g. to manage and take steps under the contract with your organisation: Article 6(1)(f) UK GDPR | Identity Data Contact Data Other Individual Data Other Data |
| For other individuals who work for organisations with whom we do not have contracts e.g. prospective suppliers – e.g. for corresponding with you about the services your organisation offers and to obtain a price quote | We will collect your personal data and use it to correspond with you about e.g. the services your organisation offers and to obtain a price quote. We will store your personal data on our IT systems and destroy it in accordance with our data retention and other business policies | Necessary for the legitimate interests of the organisation you work for and our legitimate interests e.g. to raise pre-contractual enquiries or issues: Article 6(1)(f) UK GDPR | Identity Data Contact Data Other Individual Data Other Data |
| To prevent and detect fraud against you or us | We will check and monitor the security of our email and IT systems which hold your personal data and undertake other verification checks of your personal data (as necessary) | Necessary for your and our legitimate interests i.e. to minimise fraud that could be damaging for us and for you: Article 6(1)(f) UK GDPR | Potentially any personal data held |
| To conduct checks to identify our clients and others and verify their identity | We will collect relevant personal data and pass it to our anti-money laundering service provider, SmartSearch for the purposes of an online identity check. If we need to undertake enhanced due diligence to verify your identity, then we may need to collect further information from you e.g. a copy of your passport | Necessary for compliance with a legal obligation to which we are subject (e.g. anti-money laundering legislation): Article 6(1)(c) UK GDPR | Identity Data Contact Data Other Data |
| For enquiries or investigations by regulatory bodies (e.g. the Solicitors Regulation Authority or the Information Commissioner’s Office) or law enforcement agencies | We will extract your personal data from our IT systems and disclose it as required by law or further to a court order | Necessary for compliance with a legal obligation to which we are subject (e.g. data protection law, solicitors’ professional rules or a court order): Article 6(1)(c) UK GDPR | Potentially any personal data held |
| To ensure our business policies are adhered to e.g. policies covering security and internet use | We will check our use of your personal data against our business policies | Necessary for our legitimate interests i.e. to make sure we are following our own internal procedures so we can deliver the best service we are able to: Article 6(1)(f) UK GDPR | Potentially any personal data held |
| To ensure the confidentiality of commercially sensitive information | We will put in place reasonable and appropriate security measures to protect the integrity of our systems that hold your personal data | Necessary for our legitimate interests i.e. to protect trade secrets and other commercially valuable information: Article 6(1)(f) UK GDPR Necessary for compliance with a legal obligation to which we are subject (e.g. solicitors’ professional rules): Article 6(1)(c) UK GDPR | Potentially any personal data held |
| For statistical analysis to help us manage our practice e.g. in relation to our financial performance, client base, work type or other efficiency measures | We will use relevant personal data in data analysis software and also for manual analysis | Necessary for our legitimate interests i.e. to be as efficient as we can so we can deliver the best service we are able to at the best price: Article 6(1)(f) UK GDPR | Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Marketing Data Website Enquiry Data Other Data |
| To prevent unauthorised access and modifications to our systems | We will put in place reasonable and appropriate security measures to protect the integrity of our systems that hold your personal data | Necessary for compliance with a legal obligation to which we are subject (e.g. data protection law): Article 6(1)(c) UK GDPR Necessary for our legitimate interests or those of a third party i.e. to prevent and detect criminal activity that could be damaging for us and for you: Article 6(1)(f) UK GDPR | Potentially any personal data held |
| To update and maintain client and other records | We will enter and hold your personal data in the relevant parts of our IT systems and we may hold your personal data in manual records | For individual clients – necessary for the performance of our contract with you or to take steps at your request before entering into a contract with you: Article 6(1)(b) UK GDPR Necessary for compliance with a legal obligation to which we are subject (e.g. data protection law and solicitors’ professional rules): Article 6(1)(c) UK GDPR Necessary for our legitimate interests or those of a third party i.e. to make sure we can keep in touch with you where necessary: Article 6(1)(f) UK GDPR | Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Website Enquiry Data Marketing Data Other Data |
| For staff management, training and administration | We will access and use your personal data held in our IT systems and may use it in emails between our staff and for training purposes | Necessary for our legitimate interests i.e. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service that we are able to: Article 6(1)(f) UK GDPR | Potentially any personal data held (excluding Technical Data) |
| To deal with complaints or legal claims against us | We will review your personal data held in our IT systems and may collect other information relevant to the complaint/legal claim. We will review any information collected and assess the merits of any complaint or legal claim. We may also communicate with third parties as necessary to seek advice/representation and/or in connection with legal or prospective legal proceedings | Necessary for our legitimate interests i.e. to ensure that we are able to respond to any complaints or legal claims made against us: Article 6(1)(f) UK GDPR | Potentially any personal data held |
| For the external audit of our accounts | We will provide access to such personal data held on our IT systems as is required by our auditors in connection with their audit of financial transactions | Necessary for compliance with a legal obligation to which we are subject (section 475 Companies Act 2006): Article 6(1)(c) UK GDPR | As required by our auditors in connection with the statutory audit of our accounts |
| For our Lexcel assessment and accreditation | We will provide access to such personal data held on our IT systems and manual records as is required by our Lexcel assessor in connection with our Lexcel assessment | Necessary for our clients’ legitimate interests and our legitimate interests i.e. to maintain our Lexcel accreditation so we can demonstrate we operate at the highest standards: Article 6(1)(f) UK GDPR | As required by our Lexcel assessor in connection with our Lexcel assessment (excluding special category data) |
| To enforce or apply our Website terms and conditions or any other agreements | To enforce or apply our Website terms and conditions or any other agreements | Necessary for our legitimate interests i.e. to enforce our legal rights and protect our business: Article 6(1)(f) UK GDPR | Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Website Enquiry Data Other Data |
| To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | We will use your personal data held in our IT systems | Necessary for our legitimate interests i.e. for running our business, network security, to prevent fraud and in the context of a business reorganisation: Article 6(1)(f) UK GDPR Necessary for compliance with a legal obligation to which we are subject (e.g. data protection law): Article 6(1)(c) UK GDPR | Potentially any personal data held |
| To improve our Website and your experience (through the use of data analytics) | We will use personal data collected via cookies and other similar technologies on our Website | Necessary for your and our legitimate interests i.e. to understand how our Website is used, keep our Website updated and relevant, improve your user experience and to develop our business: Article 6(1)(f) UK GDPR | Technical Data Usage Data |
| To inform you about legal developments, services or events which we think may be of interest to you | We will use your personal data to assess what legal developments, services or events we think may be of interest to you and to correspond with you | Necessary for the legitimate interests of clients, contacts and referrers and our legitimate interests i.e. to promote our business to existing and former clients and contacts and deliver the optimum experience for our clients: Article 6(1)(f) UK GDPR | Identity Data Contact Data Legal Matter Data Other Individual Data Marketing Data Other Data |
| To provide personal data to other parties that have or may acquire control or ownership of our business or part of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition or asset sale or in the event of our insolvency | We will extract your personal data from our IT systems and disclose it as necessary | Necessary for your and our legitimate interests (e.g. to ensure continuity of legal services): Article 6(1)(f) UK GDPR | Potentially any personal data held Usually information will be anonymised during a transaction and until completion of the transaction but this may not always be possible |
How and why we use special category and criminal offence data
Under data protection law, we can only use special category or criminal offence data where:
- we have a proper reason for doing so (see above: ‘How and why we use your personal data’); and
- one of the ‘grounds’ for using special category or criminal offence data applies.
There are a number of potential grounds for using special category or criminal offence data under data protection law.
Generally, where we use special category or criminal offence data, we will do so on the grounds that this is necessary for establishing, exercising or defending legal claims. This includes using special category or criminal offence data, where necessary, for:
- actual or prospective court proceedings;
- obtaining legal advice; or
- establishing, exercising or defending legal rights in any other way.
Where this does not apply, we will only process special category or criminal offence data where processing is necessary for reasons of substantial public interest or with your explicit consent.
Where we rely on consent as a lawful basis to process your personal data, you have the right to withdraw your consent at any time. To do this, please telephone, email or write to us (see below: ‘How to contact us’).
Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
Marketing communications
We may use your personal data to send you updates (by email, telephone or post) about legal developments that might be of interest to you, details about events and/or information about our services, including new services.
We have a legitimate interest in processing your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you information about legal developments, events or our services. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.
You have the right to opt out of receiving marketing communications at any time by:
- emailing [email protected], writing to us at The Pavilion, Botleigh Grange Business Park, Southampton, SO30 2AF (for the attention of marketing) or calling us on 0845 302 4695; or
- using the ‘unsubscribe’ link in our emails.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
Who we share your personal data with
Depending on the circumstances, we may share your personal data with:
| Category of recipient | Further details of recipients | Use by recipient | Relevant categories of personal data that may be transferred to recipient (depending on service provided/reason for transfer) (The terms used in this column are taken from the table “Personal data we collect and use”) |
| Professional advisers whom we instruct on your/our client’s behalf | Professional advisers e.g. barristers, medical professionals, accountants, tax advisers or other experts | For the purposes of assisting and advising in your/our client’s legal matter and/or representing you/our client | Identity Data Contact Data Legal Matter Data Other Individual Data Website Enquiry Data Other Data |
| Other third parties where necessary to carry out your/our client’s instructions | e.g. a mortgage provider or HM Land Registry in the case of a property transaction or Companies House | For the purposes of providing e.g. the information, documentation, advice, lending facility requested | Identity Data Contact Data Legal Matter Data Other Individual Data Website Enquiry Data Other Data |
| Third parties where necessary for your/our client’s legal claim | e.g. third party solicitors, opponents, insurers, courts | For the purposes of your/our client’s claim | Identity Data Contact Data Legal Matter Data Other Individual Data Website Enquiry Data Other Data |
| Our insurers, brokers and professional advisers in the event of a complaint or legal claim against us or where we require external advice or assistance | Professional advisers e.g. solicitors, barristers, IT specialists | For the purposes of assisting, advising and representing us as necessary | Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Website Enquiry Data Technical Data Other Data |
| An anti-money laundering service provider | SmartSearch, for the purposes of an online identity check | To provide the results of an identity search | Identity Data Contact Data |
| Our regulator | The Solicitors Regulation Authority | For the purpose of assessing our compliance with our regulatory and professional obligations | Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Website Enquiry Data Other Data |
| The legal services providers’ complaints body | The Legal Ombudsman | For the purpose of dealing with a complaint made against us | Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Website Enquiry Data Other Data |
| External auditors | Auditors of our accounts and Lexcel assessor | For the purposes of the statutory audit of our accounts or Lexcel accreditation assessment | As required by our auditors/Lexcel assessor in connection with our audit/assessment (see above: ‘What we use your personal data for’) |
| Our bank | Handelsbanken | For the purposes of processing financial transactions | Identity Data Contact Data Financial Data |
| External IT service providers | e.g. IT platform hosting provider, website hosting provider, IT support, email security, email service provider, document management providers, application software providers | For the purpose of providing the relevant IT service to us | Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Website Enquiry Data Other Data |
| Other external service providers | e.g. telephone answering service, typing services, data analytics providers | For the purpose of providing the relevant service to us | Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Other Data Technical Data |
| Law enforcement/regulatory agencies | For the purpose of their investigations | Identity Data Contact Data Legal Matter Data Financial Data Other Individual Data Website Enquiry Data Other Data | |
| Other parties that have or may acquire control or ownership of our business or part of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition or asset sale or in the event of our insolvency | Potentially any personal data held Usually information will be anonymised during a transaction and until completion of the transaction but this may not always be possible |
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us. Other recipients, such as our professional advisers are bound by confidentiality obligations.
How long your personal data will be kept
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including;
- to respond to any questions, complaints or claims made by you/our client or on your/our client’s behalf;
- to show that we treated you fairly;
- to keep records required by law to comply with our legal and regulatory obligations.
We will not retain your data for longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of personal data. For client matters, generally we will not keep personal data for longer than seven years, although this depends on factors such as the type of case and in a personal injury case, the age of the claimant.
Transferring your personal data outside of the UK
It is sometimes necessary for us to share your personal data outside the UK e.g.
- with your and/or our service providers located outside the UK;
- if you are based outside the UK; or
- where there is an international dimension to the matter in which we are advising.
We will ensure the transfer complies with relevant data protection law by ensuring that e.g.:
- the country to which the personal data is being transferred is subject to an adequacy regulation further to Article 45 of the UK GDPR i.e. it has been decided by the UK government that the particular country ensures an adequate level of protection of personal data;
- the transfer is necessary for the performance of a contract between you and us further to Article 49 of the UK GDPR;
- the transfer is necessary to establish, exercise or defend legal claims further to Article 49 of the UK GDPR;
- there are appropriate safeguards in place between us and the organisation receiving it together with enforceable rights and effective legal remedies for you (e.g. by the use of approved data protection contractual terms); or
- you have provided explicit consent to the proposed transfer after being informed of any potential risks under Article 49 of the UK GDPR.
Where we transfer your personal data outside of the UK, we do so on the basis of an adequacy regulation or (where this is not available) by way of legally-approved standard data protection clauses recognised or issued further to Article 46(2) of the UK GDPR. In the event that we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by data protection law and reflected in an update to this privacy notice.
Any changes in the transfer mechanisms we rely on to transfer personal data internationally will be notified to you in accordance with the section: ‘Changes to this privacy policy’ (see below).
Please contact us (see below: ‘How to contact us’) if you want further information on the specific mechanism used by us when transferring your personal data outside of the UK.
Your rights
You have the following rights, which you can exercise free of charge:
| Access | The right to be provided with a copy of your personal data and certain other information |
| Rectification | The right to require us to correct any mistakes in your personal data |
| To be forgotten | In certain situations, the right to require us to delete your personal data |
| Restriction of processing | In certain situations, the right to require us to restrict processing of your personal data e.g. if you contest the accuracy of the data |
| Data portability | In certain situations, the right to ask us to transfer any personal data you provided to us to another organisation |
| To object | The right to object at any time to your personal data being processed for direct marketing and in certain other situations to our continued processing of your personal data e.g. where processing is carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims |
| To withdraw consent | If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time. To do this, please telephone, email or write to us (see below: ‘How to contact us’) Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn |
We do not use personal data for automated decision making.
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the Information Commissioner’s Office (ICO) on individuals’ rights.
If you would like to exercise any of those rights, please email, write or telephone our Privacy Officer (see below: ‘How to contact us’) and let us have enough information to identify you e.g. your full name, address and client/matter reference number as well as what right you want to exercise and the personal data to which your request relates.
Keeping your personal data secure
We have put in place reasonable and appropriate security measures to endeavour to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
For users of our Website, unfortunately, the transmission of information via the internet is never completely secure. We cannot therefore guarantee the security of your data transmitted via our Website; any transmission is at your own risk. Our Website may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a data security breach where we are legally required to do so.
How to complain
We hope that we can resolve any query or concern you may raise about our use of your personal data. If you want to complain about how we have used your personal data, please email or write to our Privacy Officer (see below: ‘How to contact us’). However, if we are not able to resolve your complaint to your satisfaction, you can complain to the UK’s data protection authority, the Information Commissioner’s Office (ICO). Further information about how to make a complaint to the ICO can be found on the ICO website www.ico.org.uk.
Changes to this privacy notice
We may change this privacy notice from time to time and when we do so, we will inform you via our Website. If any changes are likely to have an adverse impact on your rights under data protection law, we will use reasonable endeavours to notify you of the changes in advance in writing or by alternative means.
How to contact us
Please contact us by email, post or telephone if you have any questions about this privacy notice or the information we hold about you.
Our contact details are shown below:
| Our contact details | Our Privacy Officer’s details |
| Trethowans LLP 1 London Road, Salisbury, Wilshire, SP1 3HP 01722 412512 | Sarah Wheadon [email protected] The Pavilion, Botleigh Grange Business Park Hedge End, Southampton SO30 2AF 023 8032 1000 |
Do you need extra help?
If you would like this notice in another format (for example large print) please contact us (see above ‘How to contact us’).