Skip to content

Data Protection – our obligations under our Engagement Terms

This section has 2 parts.

The first is where you’re a business, public body or charity (a ‘corporate’ client).

The second for you as an individual.

  • You may be an ‘individual client’, engaging with us in a personal capacity (if so, you’ll normally be paying our fees yourself).
  • Or you may work for our corporate client. If you do, please bring this section to the attention of any of your colleagues who may give us instructions or otherwise interact with us.

Part 1: Notice to you as our corporate client

You (our client) are responsible for your own data protection compliance and we’re responsible for ours. In legal speak, we’re a separate ‘controller’ from you. (A ‘controller’ decides why and how to process personal information.)

It’s very important that where our processing overlaps, for example where you send us personal information or we send you personal information, appropriate security is in place. Please ensure that you use appropriate security to send us personal information, particularly sensitive personal information.

By “sensitive personal information” we mean ‘special categories of personal data’ or ‘criminal data’ as defined in data protection law. For example racial/ethnic origin, religious beliefs, political opinion, health data, trade union membership and sex life/sexual orientation are all sensitive. Our website privacy notice has a full definition.

Part 2: Notice to you as an individual

In this part, “you” means you as an individual. You may be an individual client. Or you may work for our corporate client.

Personal information we collect

As well as collecting your name and contact details, we may also collect other personal information or sensitive personal information from you if it’s relevant to the services we’re providing.

If you’re an individual client or an officer or beneficial owner of our corporate client, we may ask you for identity documents, and check your identity with credit reference agencies (these aren’t credit checks). We also check sanctions lists and other public registers. We keep records of the results of those checks. This is to prevent money laundering and similar offences.

Our use of personal information

Here’s why we’ll use your personal information.

  • To provide services to you as an individual client. To enter into a contract with you and provide agreed services to you; this may include use to establish, exercise or defend legal claims or to meet other regulatory requirements.
  • To provide services to our corporate client. For the legitimate business reason of providing agreed services to our corporate client; this may include use to establish, exercise or defend legal claims or to meet other regulatory requirements.
  • For email marketing. We may, if you don’t object, send you marketing newsletters (such as legal updates by email) and invite you to marketing events (such as seminars). Please see below.
  • For back office functions. To keep accounts and records, comply with legal obligations and regulatory requirements, operate and improve our business, manage client relationships, or for other legitimate business reasons.

Email marketing

If you already receive marketing emails from us with updates and events, that will continue unless you object by opting out. If you’ve objected in the past, we won’t add you to our lists.
If you aren’t on our lists and want to subscribe, please email and ask for a list of the areas we cover. Our marketing team will send you details so that you can select and return your areas of interest. This can also be done through our website. Subscribers can change their minds at any time by using the opt-out in the email or by emailing

We track whether marketing emails are opened and whether links in the emails are clicked on. This is built into the emails, so to stop this happening you’ll need to unsubscribe.

Why we share personal information

Here’s why we share personal information.

1. To provide services

We share personal information where it’s relevant to the services we’re providing. There are two main categories of recipient.

Independent suppliers. This could be experts, counsel, enquiry agents, cost draftsmen, accountants and other professionals. They are required to respect and preserve the confidentiality of your personal information. This is often in accordance with their own professional code of practice.

Official bodies. For example the Land Registry or Companies House, the courts or tribunals.

We’ll normally mention any sharing of your personal information with independent suppliers and official bodies as and when it becomes relevant to the work we’re doing. However please ask us at any point if you want to know exactly who will be involved.

2. So we can run our business

Our business suppliers (e.g. for IT systems) may have incidental access to your personal information. They will be obliged to keep it confidential, act only on our instructions, to keep it secure and to support us with our data protection compliance where appropriate.

3. So we can comply with our reporting obligations

We are obliged to report suspicions of terrorist financing or money laundering (please see paragraph 7 of our Engagement Terms for details).

4. If there’s a complaint or claim

We may also share your personal information with our insurers and/or with the legal ombudsman and or the Solicitors Regulation Authority in connection with any complaint or claim (please see paragraph 15 of our Engagement Terms for details).

5. When we’re audited

Our auditors may access your personal information in our files.

Our financial auditors may review our files as part of checking our compliance with accounting rules.

Our quality auditors will only review our files with our client’s consent.

6. If we’re involved in corporate activity

We may also share your personal information in the context of a merger or acquisition involving us and another law firm, and with any successor firm to Ward Hadaway.

7. For other legitimate reasons

Any other sharing will only be where required or permitted by law.

Storage of your personal information

Please see our full privacy notice for details. It’s referred to in Further information at the end of this section.

International transfers

To carry out your instructions as an individual client, or to carry out our corporate client’s instructions, we may need to make an international transfer of your personal information. If we do, we’ll mostly rely on exceptions to the general data protection rule that prohibits international transfers of personal information.

To give a couple of examples, we may rely on an exception that the international transfer is necessary:

  • for the establishment, exercise or defence of legal claims, or
  • to perform a contact with you or another contract which is in your interests.

Reliance on these exceptions creates possible risks for individuals. In Europe, individuals have certain rights and remedies if the use of their personal information is unlawful. Individuals may not have the same rights and remedies if their personal information is used in a third country.

Your data protection rights

You have rights to make a request to us:

  • for access to your personal information
  • for rectification or erasure of your personal information
  • for restriction of processing concerning you
  • to object to our processing which is based on legitimate interests
  • to object to direct marketing
  • to port (transfer) data you have provided to us, either to you or to another provider.

To opt out of direct marketing, please contact To exercise your other rights please contact

Data protection complaints

You have a right to complain to the Information Commissioner. The telephone number is 0303 123 1113 and website

Further information

For our website privacy notice please see If you need a printout or PDF, please tell us and we’ll send you one. For queries, please email