Pattern

Privacy Notice

General Privacy Notice for Clients

We are committed to protecting your privacy when you use our services and we ask that you read this Privacy Notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

This Privacy Notice was last updated and published on 1 June 2026. We may change this Privacy Notice from time to time without notice to you. You should check this notice occasionally to ensure you are aware of the most recent version.

Who are we?

Ellisons Legal LLP (‘Ellisons’) is a Limited Liability Partnership (LLP) registered in England and Wales under partnership number OC441111 authorised and regulated by the Solicitors Regulation Authority, SRA number: 8001031.  We are a ‘controller’ of personal information under the UK General Data Protection Regulation (“UK GDPR”) and other relevant UK and EU legislation. Ellisons Legal LLP’s ICO registration number is: Z5427063.

We comply with the Data Protection Act 2018, the UK GDPR and the Data (Use and Access) Act 2025, together with other applicable data protection laws (“Data Protection Laws”).

We are subject to strict duties of confidentiality and legal professional privilege. This means that information you provide to us in connection with legal advice is protected in accordance with our professional obligations in addition to Data Protection Laws.

What information will we collect from you?

We will only collect information from you that is relevant to the matter that we are dealing with. In particular, we may collect the following information from you which is defined as ‘personal data’:

  • personal details;
  • family, lifestyle and social circumstances;
  • financial details;
  • business activities of the person whose details we are processing; and
  • any other personal information that might relate to your matter and your instructions.

In relation to Personal Injury and Medical Negligence services, we may also collect information relating to injuries and losses suffered and apply to obtain police records, rehabilitation records, expert medical reports, insurer correspondence, and any other details relating to liability and/or quantum.

We may obtain accident or incident-related personal data from medical experts, police forces, hospitals and medical treatment providers, employers, insurers, witnesses, case managers, and rehabilitation providers.

If you do not provide personal data where it is required as part of our engagement, we may not be able to act for you or may need to cease acting.

We may also collect information that is referred to as being in a ‘special category’.  This could include:

  • Physical or mental health details;
  • Racial or ethnic origin;
  • Religious beliefs or other beliefs of a similar nature;
  • Criminal convictions;
  • Sexual orientation; or
  • Trade Union membership.

In the context of the legal services that we provide, this may include medical records, criminal offence data and other sensitive personal data required to advise on, or pursue, legal claims.

How do we obtain your personal data?

We may obtain your personal data from:

  • you directly;
  • third parties connected with your matter, including courts, opposing parties, legal representatives, experts and witnesses;
  • public registers, regulators and government bodies; and/or
  • identity verification, credit reference and anti-money laundering providers.

How will we use your information?

We will mainly use your information for the provision of legal advice, and this is necessary for the performance of the contract between us. We may also use it for:

  • administering any accounts;
  • processing your bank/credit card details to obtain payment;
  • the prevention and detection of fraud;
  • market research;
  • marketing; and
  • credit reference checks (where appropriate).

In relation to Personal Injury and Medical Negligence litigation, we will also use your information for investigating liability, assessing damages, obtaining expert evidence, pursuing litigation, securing interim payments, and negotiating settlement.

We may anonymise personal data so that it can no longer be linked to you and use this information for our own business purposes.

We will only send marketing communications where permitted by law, including where you have provided consent or where we are permitted to do so in a business-to-business context. You can opt out at any time.

We do not carry out automated decision making or profiling which produces legal or similarly significant effects on you.

On what basis will we process your data?

We process your personal data and rely on the following legal bases depending on the nature of the services we provide:

  • providing legal advice and representation – legal basis: contractual necessity and legitimate interests; special category condition: establishment, exercise or defence of legal claims (where relevant);
  • investigating and progressing legal matters, including litigation – legal basis: legitimate interests; special category condition: establishment, exercise or defence of legal claims;
  • complying with regulatory obligations including anti-money laundering and sanctions checks – legal basis: legal obligation;
  • managing client relationships and communications – legal basis: legitimate interests;
  • billing, accounting and financial administration – legal basis: contractual necessity and legal obligation; and
  • risk management, insurance and professional compliance – legal basis: legitimate interests and legal obligation.

We will process your ‘special category’ data on the following additional conditions:

  • for the purposes of carrying out the obligations and exercising specific rights;
  • for the protection of vital interests of persons where they are physically or legally incapable of giving consent;
  • for the establishment, exercise or defence of legal claims;
  • for statistical purposes, doing so proportionately and anonymising your data where possible; and/or
  • where necessary for the provision of legal advice.

How do we keep your personal information secure?

Ellisons is committed to ensuring that your information is secure. We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. These measures include access controls, encryption where appropriate and regular review of our security practices. We limit access to your personal information to those who have a genuine business need to know it

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Who will we share your information with?

Under the SRA Code of Conduct, there are very strict rules about who we can share your information with, and this will normally be limited to other people who will assist with your matter. This may include:

  • Barristers
  • Medical experts
  • Private investigators
  • Courts and tribunals
  • Healthcare professionals, social and welfare organisations
  • Defendants and/or their solicitors and/or insurers
  • Legal Expenses Insurers

Third party service providers who assist us in securely screening and/or processing documents, including the use of artificial intelligence (AI) based tools for tasks such as document review, organisation, indexing or pagination. These providers act strictly as our data processors and only process personal data on our instructions, under contract, and in compliance with Data Protection Laws. They are required to maintain confidentiality and implement appropriate technical and organisational security measures. We ensure that any use of artificial intelligence or automated tools is subject to appropriate human oversight. We do not use such tools to make decisions that have a legal or similarly significant effect on you.

Where you authorise, we may also disclose your information to your family, associates or representative.  We may also disclose your information to debt collection agencies if you do not pay our bills.

In certain circumstances we may need to disclose personal information about you to relevant authorities, if there is a legal obligation to do so. For further details on this, please refer to our Terms and Conditions .

We may sometimes also need to make a disclosure for the purpose of our business (this includes our auditors, external assessors and our insurers and when we outsource legal activities or any operational functions. We will always seek a confidentiality agreement with these outsourced providers and ensure that they are compliant with Data Protection Laws.

How long will we keep your information for?

We retain personal data in accordance with legal, regulatory and professional obligations. This will typically include:

  • client matter files – generally at least six years from closure, or longer depending on the type of matter;
  • identity verification and anti-money laundering records – as required by law; and
  • financial and accounting records – in line with tax requirements.

We may retain personal data for longer where necessary to defend legal claims or comply with regulatory obligations.

Transfers outside the EEA

We may transfer your personal data outside the United Kingdom or the European Economic Area where necessary for your matter or our business operations.

Where we do so, we ensure appropriate safeguards are in place, including:

  • transfers to countries subject to a UK adequacy regulation;
  • the use of International Data Transfer Agreements or the UK Addendum to Standard Contractual Clauses; and
  • risk assessments where required.

What rights do you have?

You have the following rights:

  • to request access to your personal data;
  • to request correction of inaccurate or incomplete data;
  • to request erasure where there is no lawful basis;
  • to object to processing based on legitimate interests;
  • to request restriction of processing;
  • to request data portability where applicable;
  • to withdraw consent; and
  • to object to direct marketing.

To exercise your rights, please contact our Data Protection Officer.

In relation to the right to see the information that we hold about you, you need to provide a request in writing to our Data Protection Officer together with proof of identity. We will usually process your request free of charge and within 30 days, however, we reserve the right to charge a reasonable administration fee and to extend the period of time by a further two months if the request is manifestly unfounded or vexatious and/or is very complex.

Who can you complain to?

If you have concerns about how we use your personal data, please contact us in the first instance.

We are committed to handling complaints in a clear and accessible way.

We will:

  • acknowledge your complaint within 30 days;
  • investigate and respond without undue delay; and
  • keep you informed of the progress and outcome.

You can submit a complaint using our electronic complaints form at www.ellisons.com or at Annex A of this Privacy Notice.

You should raise your complaint with us before contacting a supervisory authority, such as the Information Commissioner’s Office.

If you are not satisfied with our response, you have the right to make a complaint at any time with a supervisory authority, in particular in the EU (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the ICO who can be contacted at via their website at www.ico.org.uk or by telephone on 0303 123 1113.

 

 

Data Protection Officer
Name:Ryan Cracknell (Partner)
Email:dataprotection@ellisons.com
Postal Address:The Bath House, Le Cateau Rd, Colchester, Essex, CO2 7NA

Ellisons is a trading name of Ellisons Legal LLP. Ellisons Legal LLP is authorised and regulated by the Solicitors Regulation Authority (SRA Number 8001031) | © Ellisons