Timbrell Law Limited is committed to protecting the privacy of those individuals for whom we hold personal data. Such individuals include our existing clients, prospective clients, suppliers and other third parties. This Privacy Notice sets out how we collect and use your personal data and the rights that you have concerning that data.

What do we mean by personal data?

Personal data, or personal information, means any information about you which allows you to be identified directly or indirectly.

What personal information do we collect?

During the course of business, we may process any of the following types of personal information:

  • contact information such as your name, postal and email addresses and telephone numbers;
  • identity information including any personal information required by us to verify your identity for our anti-money laundering checks;
  • familial information such as your family tree and the details of any dependants;
  • health information including your medical history and details of any current medical conditions;
  • financial information such as the details of your assets, including the address and value of any property you own and how you own it, your savings and investments and personal possessions and any liabilities, such as your mortgage or other outstanding debts owed by you;
  • business information including the financial information of any businesses you may be involved with and governance information relating to the formation or running of that business;
  • third-party information that you may provide us with about individuals or companies connected to you;
  • payment information such as your bank account details
  • analytical information such as your IP address and how you are using our website; and
  • marketing information such as whether you wish to receive marketing from us.

We may also process personal information that falls within the special categories of personal information. These special categories may include personal information about your race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation or certain types of genetic and bio-metric data.

Where do we obtain your personal information?

We collect personal information about you from:

  • our interactions with you;
  • information collected through our website; and
  • information obtained from third parties, such as family members, other professional advisers and official bodies such as Companies House, HM Land Registry, the Court of Protection and the Office of the Public Guardian.

For what purposes do we use your personal information?

It is a vital principle of the new data protection legislation that we are required to set out the purposes for which we use your personal information and the lawful bases behind those purposes which allow us to act in this way.

Fundamentally we only use your personal information where you have given us your consent or where it is necessary:

  • to perform an existing contract, we have with you or are about to enter into with you;
  • to comply with legal or regulatory obligations; or
  • to pursue our own legitimate interests or those of a third-party in circumstances where your interests and/or fundamental rights and freedoms do not override those legitimate interests.

We may be using your personal information for more than one purpose either from the outset or as your matter with the firm progresses and your instructions to us and our relationship with you changes.

We will only use special categories of personal information, in the following circumstances:

  • you have given us your explicit consent;
  • where it is necessary to use your personal information to protect your interests (or the interests of another person) where you are not capable of giving your consent;
  • where the personal information we hold has been made public by you;
  • where it is necessary for the establishment, exercise or defence of legal claims; or
  • where it is needed in the public interest.
PurposeLawful basis for processing
To address initial inquiries from prospective clients.It will be necessary for our legitimate business interests.
For marketing communications.Where you have specifically asked us to provide you with marketing communications, then it will be necessary for our legitimate business interests.
To add you as a client.It will be necessary for the performance of a contract with you and for the firm to comply with its legal and regulatory obligations.
To provide the legal services that you have requested.It will be necessary for the performance of a contract with you.
To notify you about changes to our terms of business or this notice.It will be necessary for our legitimate business interests.
To manage our business dealings with you including processing payments, billing, recovery and support services and other contractual arrangements.It will be necessary for our legitimate business interests.
To comply with our legal obligations, such as record keeping and our obligations to the SRA.It will be necessary to comply with the legal obligations to which we are subject to.
Protecting and managing risks to our IT systems and website by helping us prevent and detect security threats.It will be necessary to comply with our compliance obligations to manage IT Security Risks and our obligations to ensure security under the data protection legislation.
For monitoring compliance with internal policies and procedures.It will be necessary for our legitimate business interests to ensure that the law firm is managed efficiently and to ensure that the day to day practice is compliant with the legal and regulatory obligations to which we are subject to.
For insurance purposes.It will be necessary for our legitimate business interests to provide details of any legitimate claims to our insurers.
To enforce or defend our legal rights.It will be necessary for our legitimate business interests to provide evidence of the service provided.

When collecting your personal information, we will limit our enquiries to what is necessary to fulfil our underlying purpose for using your personal information.

Furthermore, we will only use your personal information for the purpose(s) for which we have collected it unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose. If we need to use your personal information for a new unrelated purpose, we will explain this to you.

How long will your personal information be kept?

We have policies in place to ensure that your personal information is only kept for as long as it is necessary to fulfil the purposes for which it was collected.

In setting a retention period for your personal information, we have considered the nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of your data, the purposes for which we are processing your data, whether we can achieve those purposes through other means and the applicable legal requirements.

To safeguard and protect the personal information in our possession, we have conducted a thorough risk analysis and have implemented systems and controls to protect against accidental or unlawful destruction, loss and unauthorised disclosure of, or access to, personal information.

Your data protection rights

Under data protection law, you have rights in respect of your personal information. The rights available to you depend on our reason for processing your information and may be limited dependant on the circumstances.

Further information about your rights can be found on the Information Commissioner’s Office website. The Information Commissioner is the UK supervisory authority for data protection issues.

    • Your right of access

You have the right to ask us for copies of your personal information and to be told how we use your personal information and how it was collected.

    • Your right to rectification

You have the right to ask us to rectify any personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

  • Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.  

  • Your right to the restriction of processing 

You have the right to ask us to restrict the processing of your information in certain circumstances.  

  • Your right to object to processing 

You have the right to object to processing if we are able to process your information because the process forms part of a task carried out by us in the public interest or is in our legitimate interests.  

  • Your right to data portability 

You have the right to ask that we transfer the information that you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract. 

  • Your right to withdraw consent 

We do not need your consent to process your personal information where we have another legal basis to do so.  However, if we rely on your consent as the legal basis for our processing, you have the right to withdraw your consent at any time.   

  • Your right to lodge a complaint with the supervising authority  

You have the right to make a complaint to the Information Commissioner’s Office about any organisation which holds your personal information.  

Sharing your personal information 

We will not share your personal information with any third parties for direct marketing. 

We may share your personal information with the following individuals and organisations: 

  • our data processors, who are third parties who provide elements of services for us such as storage; 
  • government or other official bodies, such as HM Revenue and Customs, HM Land Registry, Companies House and the Office of the Public Guardian; 
  • regulatory authorities such as the Solicitors Regulation Authority; 
  • institutions within the British legal system and those working within these institutions; 
  • if you are our client, third parties engaged in the course of providing legal services to you, such as other legal professionals, foreign law firms, witnesses, mediators, costs draftsman, experts, translators or other professional advisers such as accountants or financial advisers;  
  • professional indemnity or other relevant insurers; and 
  • third party postal or courier providers who assist us in delivering documents related to your matter or marketing materials.  

Please note this list is indicative only and there may be other circumstances where it is necessary to share your personal information to fulfil the purpose for which we hold and use it. 


Our website uses a number of cookies. A cookie is a small file of letters and numbers that we put on your computer if you agree.  These cookies allow us to distinguish users to ensure that we provide visitors to our website with a good online experience.

The cookies we use are analytical cookies provided by Google Analytics. They allow us to recognise and count the number of unique visitors to our website and see how they move around the site. These cookies help us improve our service and the usability of our website; for example, by helping us make sure visitors can easily find the information they want.

By using the Timbrell Law website, you are consenting to our use of cookies in accordance with this notice. When you first visited the site a pop-message will have appeared to confirm your consent.  If you do not agree to our use of cookies, you can set and change your cookie preferences within your browser.

Changes to this Privacy Notice 

We may amend this Privacy Notice from time to time to accommodate changes in our service as well as changes in the law.   

Further information 

If you have any questions about this Privacy Notice or would like to discuss how we handle your personal information, please email contact@timbrell-law.com or call us on 01242 420744.  

Timbrell Law (October 2018)