We are solicitors, and we provide our clients with legal advice on a range of topics, including trying to resolve disputes and complaints before they turn into litigation, as well as helping them handle requests made under the data protection framework (such as requests for access to personal data, or for erasure). This notice applies to the data we process about customers or employees of clients (or someone else whose data we are processing to advise our client).
This page was last updated on 22nd February 2021, to change references to the EEA to the UK
The information we hold inevitably depends on the advice we are being asked to give. It commonly includes:
References to the basis of processing (e.g. "(Basis: Art. 6(f).)") are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.
We use the information we hold about you to give our client the best legal advice and service we can. This often includes reading through all the materials, working out what has happened and what needs to be done, and often writing a response for them to send on to you.
(Basis: Art. 6(f): this is necessary for our client's legitimate interests.)
We keep records of our advice, to help us deal with follow-up questions, and also so we can demonstrate to our clients that we have given them the correct advice if they ask in the future.
(Basis: Art. 6(f): this is necessary for our own legitimate interests.)
As solicitors in a regulated law firm, we have a whole host of professional regulatory obligations. If we have to process personal data to fulfil them — for example, if our regulator, the Solicitors Regulation Authority, demanded information — we will do so.
(Basis: Art. 6(c): we have to do this processing to comply with legal and regulatory obligations.)
We do not transfer or process data outside the UK.
Occasionally, to provide a high quality of service, we may work on our clients' matters when we are outside the UK (for example, when on business or even if we are on holiday). If we do this, your data will be stored securely on our devices (which all have full disk encryption), and any access back to our servers in the UK will be encrypted.
The data protection framework gives you lots of rights in respect of processing of your personal data, but then it takes some away again where the processing relatins to the giving of legal advice. The relevant remaining rights are:
If you want to exercise any of these rights, please just contact us.
You also have the right to lodge a complaint about our processing with a supervisory authority — you probably want the UK's Information Commissioner's Office.
As a general principle, we will not transfer your personal data without your permission to anyone other than the client to which the processing relates.
There are two exceptions to this:
All our computers are full-disk encrypted, as are our phones and tablets.
Our preference is to use PGP/GPG-encrypted email, but not all of our clients use this. We still offer opportunistic TLS encryption on our mail servers, so even if your data are not end-to-end encrypted, they are still likely to be encrypted in transmission between us and our client.
We have a secure document transfer portal, which we use to transfer data which is either too sensitive or too large for email.
"Normal" phone calls are not encrypted.
Data about clients' matters (e.g. records of advice): duration of the client's relationship with us, then seven years
Please contact us via email:
Please encrypt it end-to-end, if you can. Here is our PGP/GPG key. You can also find our keys on keys.openpgp.org, and via Web Key Directory.
Drop us an email telling us a bit about you and what help you need. If we're likely to be a good fit for you, we're more than happy to take it from there by audio or video call.
We offer "normal" phone calls, unencrypted SIP, and encrypted audio/video call.
We record calls.
We'll never spam you or sell your information. Ever. More info here.
decoded.legal is: