This notice applies to all our clients, prospective clients and business contacts about whom we hold personal information.
References to we, our or us in this notice are to C&R Legal Limited of High Street, Lechlade, Gloucestershire, GL7 3AE and 62 Park Road, Faringdon, Oxfordshire, SN7 7BZ.
We are a “data controller" for the purpose of Data Protection Legislation. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the Data Protection Legislation (GDPR) to make available to you the information contained in this notice. We are committed to respecting your privacy. This notice explains how we may use your personal information that we collect before, during and after your relationship with us has ended.
We may update this notice at any time.
Our contact details are set out in the “Contact us” paragraph at the end of this notice.
We control the process of special category data (racial or ethnic origin, biometric data, political opinions, religious or philosophical beliefs, trade union membership, genetic data, data concerning health, data concerning a natural person’s sex life or sexual orientation).
We may collect and process the following types of personal data:
- Identity data (e.g. passport, driving licence and other official identification details, information from a third party, anti-money laundering (AML) checks to include eCOS (electronic AML) and Companies House
- Contact data (e.g. address, email, telephone number)
- Financial data (e.g. bank details, payment history)
- Case-related data (e.g. documents, correspondence, court papers, estate planning information, details of assets and liabilities, information about executors, trustees and beneficiaries, marital and relationship status, information about children or dependents and in some cases – health information for capacity assessments)ate of the likely costs and expenses before you formally instruct us to act. Please do telephone to arrange such a meeting.
We collect data:
- Directly from you when you when you provide AML information, complete forms and documents that we send to you and when you contact us by letter, telephone, email or when you communicate with us directly is some other way.
- From third parties such as credit reference agencies, AML processors, Companies House, LinkedIn and other web platforms and your employer or the organisation you work for.
We process your data on the following legal bases:
- To perform our contract with you
- To comply with legal obligations
- For our legitimate interests (e.g. conflict checks, improving services)
- Where applicable, based on your consent
We use your data to:
- Identity and AML checks and performing credit checks to include bankruptcy searches and to distribute funds to you in accordance with a deceased’s Will
- Provide legal advice and representation
- Manage our relationship with you
- Comply with legal and regulatory obligations- Communicate with courts, tribunals, and third parties as required
We may share your data with:
- Courts and tribunals
- Opposing parties and their legal representatives
- Regulators, legal ombudsmen, police, law enforcement agencies and security services, the government, HMRC, land registry, investment advisors (authorised and regulated by the Financial Conduct Authority), insurance companies
- Our professional advisers and service providers (e.g. IT support, accountants)We ensure all third parties respect the security of your data.
We do not typically transfer your data outside the UK/EEA. If we do, we will ensure appropriate safeguards are in place.
We retain your data in accordance with our data retention policy, typically for 6–10 years after your matter concludes, unless a longer period is required by law.
You have the right to:
- Access the data that we hold for you
- Rectify inaccurate data
- Request erasure (in certain limited circumstances)
- Restrict or object to processing
- Transfer elements of your personal data to you or another service provider
- Complain to the Information Commissioner’s Office (ICO)
In the event of a sale, merger, acquisition, insolvency or other change in ownership or control of the business or its assets, personal data, including special category data, may be transferred to a third party as part of that transaction. Any such transfer will only take place where it is necessary for the continuation of business operations and will be subject to appropriate safeguards, in full compliance with GDPR. We will take all reasonable steps to ensure your personal data is handled securely, lawfully, and in accordance with this Privacy Policy. Where legally required, we will notify you of the transfer and provide relevant details about the new data controller.
We have security measures in place to protect misuse of information under our control. We cannot however guarantee that these measures are or will remain adequate. We do however take data security very seriously and will use all reasonable endeavours to protect the information you have provided. Be advised however that the transmission of information over the internet is inherently insecure and we cannot guarantee the security of the data over the internet.
We take appropriate technical and organisational measures to safeguard your data, including secure servers and restricted access protocols.
We operate CCTV at our premises which may record you and your activities. We display notices to make it clear what areas are subject to surveillance. We will only release footage where there is a legal obligation, to protect the vital interests of the data subject or other person.
We use this information as necessary for our legitimate interests in administering your visit, ensuring site security and visitor safety.
We use:
- Measurement (ie analytics) via Google Analytics
- Required design items (google fonts, adobe fonts)
- Required functionality (google tag manager, webflow services/hosting)
For more information, visit our Cookie Policy.
In the event that you have any query or complaint in connection with the information we hold about you please email Rachel Phillips at rachel@candrlegal.co.uk or write to us: Rachel Phillips, C&R Legal Limited, High Street, Lechlade, Gloucestershire, GL7 3AE.
Dated - 16th April 2025
