Privacy Policy

Last updated: 12/11/2025

At Leonard Solicitors LLP, we take your privacy very seriously. This Privacy Policy explains how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or the relevant authorities if you have a concern.

Useful short links

  1. Who we are
  2. Key terms
  3. Personal data we collect
  4. How we collect data
  5. How and why we use data
  6. Who we share data with
  7. Where personal data is held
  8. How long we keep data
  9. Transferring data outside the UK
  10. Keeping personal data secure
  11. Data breach procedure
  12. Rights under UK GDPR
  13. How to make a complaint
  14. Website forms and enquiries
  15. Cookies
  16. Embedded content from other websites
  17. Marketing communications
  18. Updates to this policy

1. Who we are

When using your personal data, we are regulated under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We act as the ‘controller’ of your personal data for the purposes of data protection law. We use personal data subject to your instruction, our duty of confidentiality, UK GDPR and other relevant UK legislation.

2. Key terms

We, us, our Leonard Solicitors LLP
GDPR & Data Protection Liaison Officer Asad Khan
Personal data Information relating to an identified or identifiable individual
Special category personal data
  • Personal data revealing racial or ethnic origin, religious beliefs, opinions, or trade union membership
  • Genetic and biometric data
  • Data concerning health, sex, or sexual orientation

3. Personal data we collect about you

Personal data we collect Personal data we may collect depending on your instructions
  • Your name, address and occupation
  • Information to to verify your identity (e.g. passports or driving licence)
  • Contact information (e.g. telephone number, email, and postal address)
  • Information relating to the matter in which you are or may in the future be seeking our advice or representation
  • Information to enable us to undertake a credit or other financial checks on you
  • Your financial details so far as relevant to your instructions
  • Information about your use of our IT, communication and other systems, and other monitoring information
  • Your National Insurance, tax details and citizenship
  • Your various bank and/or building society details
  • Details of your personal or professional online presence, e.g. Google, Facebook, LinkedIn, Twitter, Instagram profiles, professional registers and publicly available information
  • Details of your spouse/partner and dependants or other family members
  • Your employment status and details including salary and benefits
  • Your nationality and immigration status and information from related documents, such as your passport or other identification, and immigration information
  • Your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances (including relevant special category personal data)
  • We do not ordinarily collect any Special category personal data such as your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs but on occasion, this may be required if relevant to your instructions and/or you’re applying for legal aid
  • Your trade union membership, if relevant to your instructions
  • Personal identifying information, such as your eye colour or your parents’ names, if relevant to your instructions
  • Your medical records, if relevant to your instructions 

We may request data to process as a legal obligation in order to provide our services to you, the data subject. If you do not provide personal data we require, it may delay or prevent us from providing our services to you. It is your obligation to ensure you keep us informed of the accuracy of all relevant data when prompted to confirm your identity.

4. How we collect your personal data

We collect data subject information from you on initial contact and throughout your matter. However, we also collect information from:

  • Publicly accessible sources such as HMRC and Companies House
  • Directly from a third party
  • Our website when using our online enquiry forms
  • Information technology systems

5. How and why we use your personal data

We only use your personal data where there is a lawful basis for doing so, such as:

Purpose Lawful basis under UK GDPR
To provide legal services to you (including an initial conflict of interest check) For the performance of our agreement with you or to take steps as your request before entering a contract
  • Conducting checks to identify our clients and verify their identity
  • Screening for financial and other sanctions or embargoes
  • Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. by our professional regulator, the SRA and/or Law Society, HMRC, the courts and/or law enforcement agencies
 Compliance with our legal and regulatory obligations
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies such as the SRA, Law Society, HMRC, courts and/or law enforcement agencies Compliance with our legal and regulatory obligations
Ensuring business policies are adhered to, e.g. privacy, data protection, anti-money laundering and counter terrorist financing and policies covering security and internet use In compliance with our contractual obligations, legal and regulatory requirements as well as for our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you
Operational reasons, such as improving efficiency, training and quality control and practical matters such as document storage on or off site To comply with our contractual obligations, legal and regulatory requirements as well as for our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you at the best price
Ensuring the confidentiality of commercially sensitive information To comply with our contractual obligations, legal and regulatory requirements as well as for our legitimate interests or those of a third party, i.e. to protect our intellectual property and other commercially valuable information
Statistical analysis to help us manage our practice For our legitimate interests or those of a third party
Updating client records
  • To comply with our contractual obligations, legal and regulatory obligations
  • For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our clients about existing and new services
Statutory and regulatory returns e.g. to HMRC, SRA and/or our Professional Indemnity Insurers To comply with our contractual obligations, legal and regulatory obligations
Ensuring safe working practices, staff administration and assessments
  • To comply with our legal and regulatory obligations and for the performance of our contract with you or to take steps at your request before entering a contract
  • For our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you
Credit reference checks via external credit reference agencies For our legitimate interests or those of a third party, i.e. for credit control
 

External audits and quality checks
  • To fulfil our contractual obligations and for our legitimate interests or those of a third party, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards
  • To comply with our legal and regulatory obligations

The above does not apply to special category personal data mentioned in the Key Terms. Special category data is only processed with your explicit consent in accordance with the legal requirements relating to the consent and circumstances.

6. Who we share your data with

We may share your information with:

  • Professional advisers acting on your behalf (barristers, experts, accountants, medical professionals)
  • External auditors, regulators, or accreditation bodies such as the SRA, Law Society, or Legal Aid Agency
  • External service providers who support our operations (e.g. secure cloud storage, IT systems, email hosting, document management, or marketing analytics)
  • Other third parties where necessary to your instructions

All third-party providers are bound by strict confidentiality and data processing agreements and only process information on our instructions.

If you apply for Legal Aid, we must share your information with the Legal Aid Agency.

7. Where your personal data is held

Your data is stored securely at our offices or on servers operated by trusted UK or GDPR-compliant providers.

Some service providers may store data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions recognised under UK law.

8. How long we keep your data

We keep personal data only as long as necessary to fulfil the purposes for which it is collected and the following reasons:

  • To keep records for legal, regulatory, and accounting requirements
  • To respond to any questions, complaints or claims made by you or on your behalf
  • For evidence of fair treatment
  • We do not retain your personal data longer than what is necessary for the purposes set out in this policy

We destroy, delete or anonymise personal data when it is no longer necessary to retain. Information is normally retained for a minimum of 6 years unless the information is based on a person under the age of 18, where the 6 year period will begin when the person reaches 18.

After this time, information is securely destroyed or anonymised.

9. Transferring your data outside the UK

In order for us to provide legal services, it may sometimes be necessary to transfer your personal data outside the United Kingdom.

This may occur in the following circumstances:

  • Where you are based outside the UK and we need to communicate with you or relevant parties in your location.

  • Where service providers we use (such as IT, cloud storage, or document management systems) are located or store data outside the UK.

  • Where your case or instructions involve international aspects, such as cross-border transactions, immigration matters, or overseas evidence.

When we transfer your personal data outside the UK, we ensure that appropriate safeguards are in place to protect it, as required under the UK GDPR. These safeguards may include:

  • Transfers to countries that have been deemed to provide an adequate level of data protection by the UK government.

  • Use of Standard Contractual Clauses (SCCs) approved under UK law, which require the recipient to protect your data to the same standard as within the UK.

  • Binding contractual agreements with our service providers to ensure they maintain robust data security and confidentiality.

If none of these safeguards are available, we will transfer data only with your explicit consent or where the transfer is necessary for the performance of your contract with us.

You may contact our Data Protection Liaison Officer if you would like further information about the safeguards we apply when transferring your personal data outside the UK.

10. Keeping your personal data secure

We use appropriate technical and organisation measures to:

  • Prevent personal data from being accidentally lost, used or accessed unlawfully
  • Ensure data processors process your personal data lawfully
  • Have appropriate procedures in place to deal with any suspected data security breach. Data subjects and regulators are notified of any suspected data security breach as legally required to do so.

11. Data breach procedure

We have appropriate technical and organisational measures in place to protect personal data. If a data breach occurs that may compromise your rights or freedoms, we will notify both you and the Information Commissioner’s Office (ICO) where legally required.

12. Your rights

You have the following rights under UK GDPR:

Your right to… Rights explained
Access, known as a Subject Access Request The right to be provided with a copy of your personal data in accordance with the provisions of the law which you can reference on the ICO website
Rectification The right to require us to correct any mistakes in your personal data. We rely on you to inform us in the first instance of any amendments to your data that are required
To be forgotten The right to require us to delete your personal data in certain situations
Restriction of processing The right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data
Data portability The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations
Withdraw consent At any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent
To object The right to object:

 

at any time to your personal data being processed for direct marketing (including profiling);

in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests if these are superseded by your legitimate interests
All Other Investments and Protection The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

If you wish to exercise any the rights under UK GDPR, please contact:

Asad Khan, GDPR & Data Protection Liaison Officer on asad.khan@leonarsolicitors.co.uk or telephone 023 8023 4433.

You will need to:

  • Provide us with enough information to identify you (your full name, address, and client or matter reference number)
  • Provide proof of your identity and address (driving licence or passport and a recent utility bill)
  • Let us know what right(s) you want to exercise

13. How to make a complaint

If you have concerns about how we handle your data, please contact our GDPR & Data Liaison Protection Officer in the first instance. You should also see our Complaints Policy.

Failing to satisfy your concerns or complaint, UK GDPR gives you the right to log complaints with the Information Commissioner’s Office (ICO). You can contact the ICO with the details below:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk/concerns

14. Website forms and enquiries

When you submit an enquiry through our website, we collect your name, contact details, and the information you provide in the form. This information is used only to respond to your enquiry and will not be used for marketing purposes unless you expressly request or consent to receive updates.

15. Cookies

Our website uses cookies to help us understand how visitors use our site and to ensure certain features function properly.

We use:

  • Essential cookies required for the website to operate.

  • Analytics cookies (Google Analytics) to collect anonymous information about how visitors use our site. This helps us improve performance and content.

Cookies are small text files stored on your device when you visit our site. You can control or delete cookies at any time by adjusting your browser settings. More detailed information is available in our Cookie Policy.

We do not:

  • Collect personal information through cookies.

  • Use cookies for targeted advertising.

  • Store payment or client login information.

Our site does not provide client login access or online payment facilities.

16. Embedded content from other websites

Pages on this site may include embedded content such as videos, images, maps, or articles (for example, YouTube videos). Embedded content from other websites behaves in the same way as if you had visited the external website directly.

These websites may collect data about you, use cookies, or embed additional third-party tracking. This may include monitoring your interaction with that embedded content, such as playing a video or clicking a link, even if you do not have an account with that website.

We have no control over the data collected by third-party platforms and recommend reviewing their individual privacy and cookie policies. For example:

If you prefer that these services do not collect data about you, you can disable third-party cookies in your browser settings or decline non-essential cookies when prompted on our website.

17. Marketing communications

We may occasionally contact existing or past clients with legal updates or firm news relevant to their previous instructions, relying on our legitimate interests in maintaining client relationships.

You can opt out at any time by emailing info@leonardsolicitors.co.uk.

If you are not a past or existing client, we will only contact you with marketing materials if you have given your explicit consent.

18. Updates to this policy

This Privacy Policy was last updated on 12/11/2025.

We review our privacy practices regularly to ensure compliance with the law and best practice.

Any updates will be published on our website, and where appropriate, communicated to clients directly.