This Policy is intended only for our clients and prospective clients.
Veitch Penny LLP is a limited liability partnership, authorised and regulated by the Solicitors Regulation Authority under number 523544.
We collect store process and use data and so are known as Data Controllers. We are registered with the Information Commissioner’s Office under ref: Z7565550.
Our Data Processing officer is Andrew Harris who can be contacted on 01392 288 355 or by email to
We may update this policy from time to time by publishing a new version on our website. We may also notify you of changes to this policy by email or letter.
Our website and services are not aimed at Children because lawyers generally work for children only upon the instruction of their parent(s) or legal guardian(s). If you are a child and need advice or explanation about the use by us of your data please email Andrew Harris on including (if known) our reference or information about you so that he knows who you are.
The type of work you ask us to undertake will usually dictate the type of data we need to secure and hold. However, there are three main types of personal information that we may hold about you:
5. Where does our data come from?
Data may reach us from yourself or persons on your behalf, or from organizations or on-line sources during the course of our work for you.
Our website software may also track your IP address, location, browser information, operating system, referral source, and length of visit.
6. The legal basis for this processing
We are permitted by one or more of the following, as appropriate:
7. Providing your personal data to others
We may disclose personal data in the course of working for you when needed and in your best interests. This may include disclosing financial, health and employment data insofar as reasonably necessary.
We may also need to disclose data to your or our insurers and/or professional advisers in regards insurance cover, compliance reporting, auditing, securing professional advice and/or the operation of our complaints process.
Banking, card payments and Paypal transactions will require that we share transaction data with our service provider necessary in processing payments or refunds, and queries regarding those payments.
We may disclose your personal data where needed to comply with a legal or professional obligation, or in order to protect your vital interests or the vital interests of another person.
8. International transfers of your personal data
It is not our practice to transfer or process data outside the UK and EEA. However, we cannot control whether banks or email providers route data outside those zones. We will try but cannot prevent the use (or misuse) of such personal data by others.
9. Retaining and deleting personal data
We must comply with our legal and professional obligations in relation to the retention and deletion of personal data. This may require a minimum file retention period (eg: 6 years for an Adult or Business instruction).
Sensitive Personal data received in paper format during the course of undertaking your matter (such as financial or healthcare information) will normally be returned to you or (if copies) shredded upon the conclusion of the matter entrusted to us. Digital versions held by us can be identified within our case management system as "data sensitive" but may be retained for longer. For example, our periodic digital back-ups are preserved for up to a year on a rotation basis.
Paper files are normally assigned a destruction date at the conclusion of the matter. We aim to inform you of that date when known.
Other (digitally held) Personal data may be retained for business monitoring, to increase efficiency if re-instructed by you or you make later enquiries, and to ensure we can identify any conflicts of interests should we be instructed by others in a matter where you are involved.
Any computer hardware drives which may once have contained your data will be destroyed after replacement.
`10. Your rights
Before processing a request relating to personal data we hold about you; we may require any permitted fee, and evidence confirming your identity (a certified photocopy of your passport or photo driving license plus an original copy of a utility bill showing your current address will normally suffice).
Your principal rights under data protection law include:
You may also instruct us at any time not to process your personal information for marketing purposes.
11. Email security
Emails generated from our offices via our mail servers use SSL certificates
12. Further information
May be obtained from https://ico.org.uk/ or by asking your file handler at Veitch Penny LLP.