Data Protection Policy

Our Data Protection Policy tells you what data we collect from our clients and third parties, and how we collect and process that data.

Clients are provided detailed information about this during the engagement process.

1. Introduction

Martinsons Legal LLP (“we”, “us”, or “our”) is committed to protecting personal data and respecting the privacy rights of individuals in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect personal data when providing legal services, including personal data relating to individuals who are not our clients but are connected to a transaction or matter.

2. Data Controller

Martinsons Legal LLP is a data controller for the purposes of the UK GDPR.

If you have any questions about this policy or how we handle personal data, please contact us using the details published on our website.

3. Personal Data We Collect

Depending on the nature of the matter, we may collect and process the following categories of personal data:

  • Identity data: name, date of birth, nationality, identification documents

  • Contact data: residential address, email address, telephone numbers

  • Financial data: bank statements, income records, source of funds and source of wealth documentation

  • Transaction data: information relating to property or other legal transactions

  • Compliance data: information required to meet anti-money laundering, counter-terrorist financing, sanctions, and regulatory obligations

  • Third-party data: personal data relating to individuals providing funds, guarantees, or financial support in connection with a transaction

4. How We Collect Personal Data

We may collect personal data:

  • Directly from clients

  • Directly from third parties connected to a transaction

  • From our clients where they provide third-party information

  • From publicly available sources and registers

  • From third parties where required to comply with legal or regulatory obligations

5. Personal Data Relating to Third Parties

In certain matters, particularly property transactions, we are required to collect and process personal data relating to individuals who are not our clients or who are not party to our retainer, such as family members or other third-party funders.

This information is collected solely for the purposes of:

  • Complying with our legal and regulatory obligations, including anti-money laundering, counter-terrorist financing, and sanctions legislation

  • Verifying the source of funds and source of wealth connected to a transaction

  • Preventing fraud and financial crime

  • Ensuring the proper and lawful provision of legal services

Although we do not have a contractual relationship with such third parties, we are legally required to obtain and verify certain information directly from them. The absence of a contractual relationship does not affect the protections afforded to personal data under the UK GDPR.

6. Lawful Basis for Processing

We process personal data on one or more of the following lawful bases under Article 6 UK GDPR:

  • Performance of a contract (Article 6(1)(b))

  • Compliance with a legal obligation (Article 6(1)(c)), including obligations under anti-money laundering and professional regulations

  • Legitimate interests (Article 6(1)(f)), including the prevention of fraud, financial crime, and the proper conduct of legal services

Where special category data is required, it is processed in accordance with Article 9(2) UK GDPR and applicable statutory exemptions.

7. Confidentiality and Data Security

All personal data is treated as confidential and handled in accordance with our professional duties as solicitors.

We implement appropriate technical and organisational measures to safeguard personal data against unauthorised access, loss, misuse, alteration, or disclosure. Access to personal data is restricted to authorised personnel only.

8. Data Minimisation and Retention

We collect only the personal data that is necessary for the purposes for which it is processed.

Personal data is retained only for as long as required to comply with our legal, regulatory, and professional obligations, after which it is securely deleted.

9. Data Sharing

We do not share personal data with third parties except:

  • Where required by law or regulation

  • Where necessary to comply with our professional obligations

  • With the informed consent of the data subject

We do not sell personal data.

10. Data Subject Rights

Individuals whose personal data we process, including third parties, have rights under the UK GDPR, including the right to:

  • Request access to their personal data

  • Request rectification of inaccurate data

  • Request erasure or restriction of processing, where applicable

  • Object to processing based on legitimate interests

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Further information about these rights can be obtained from the ICO.

11. Failure to Provide Information

Where personal data is required to satisfy our legal or regulatory obligations, failure to provide such information may prevent us from acting or require us to cease acting on a matter.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or regulatory guidance. The most current version will always be available on our website.