Data Protection Policy

  1.   Overview

The firm must comply with the Data Protection Act 1998 (‘the Act’). It is the responsibility of Samantha Bushell to ensure that:

  • the firm is registered for all necessary activities under the Act;
  • there is a process of continual review to determine whether any changes in the firm’s registration are required as a result of changes in the nature of the business;
  • appropriate staff training is carried out;
  • the details of the firm as registered are kept up to date.

The data controller is Brown Turner Ross Limited whose contact details can be found on our website at

2.   Data protection principles

We must observe the principles underpinning the Act, namely that all data which is covered by the Act (which includes not only computer data but also personal data held within a filing system) is:

  • fairly and lawfully processed;
  • processed for limited purposes;
  • adequate, relevant and not excessive;
  • accurate;
  • not kept longer than necessary;
  • processed in accordance with the data subject’s rights;
  • secure;
  • not transferred elsewhere without confirmation of compliance with Data Protection and Client Confidentiality and as such providers have policies and procedures in place to comply with any risk.

3.   Codes of practice

We must observe any codes of practice provided under the Act. These may be altered or added to by the Information Commissioner, who is responsible for the administration of the Act.   This information can be found at:

4.   Subject access requests

Any individual whose data is held by the firm may make what is called a ‘subject access request’, i.e. a request to see what data is held about them. All such requests should be addressed in writing to a director who will arrange for the firm to comply promptly with the request.

5. Security of data

We will ensure that we hold your data securely.  All personnel must comply with all policies and must observe secrecy in respect of any password or user name.   Access to any part of the firm’s network or premises must not be given to any unauthorised person. This may be a matter for particular concern where someone is teleworking, or carrying out the firm’s work on a computer at home.  If an employee needs to take data offsite the security measures must then be agreed with a director for storage of the firm’s data within a secure and protected area of that computer’s memory.

6. Your rights as a client

a)   Data we may hold

The Data that we may hold for you and our right to hold that data:

  • your contact details and date of birth, which we require to meet our obligations to you, to check conflict with other clients or prospective clients and for statutory anti-money laundering rules;
  • the contact details for anyone who you give us consent to discuss your case with, if you and that person have given consent.
  • your gender (if this is appropriate to your case);
  • your marital status and family details (if appropriate to your case or in respect of a legal aid application);
  • your bank details and information in relation to your finances including your national insurance number (If your case requires it, such as a divorce or a claim for loss of earnings or if we are required by statute to hold this information in respect of other statutory duties, for example, for anti-money laundering procedures or in connection with a means assessment for legal aid);
  • your identification documents including passport and driving licence in order that we may meet statutory anti-money laundering requirements;
  • your images if these are required for the preparation of your case (whether captured on CCTV, by photograph or video);

We may also need to hold special data if your case requires it, such as:

  • Medical records if your case requires us to hold these.
  • Records of criminal convictions and in respect of a criminal case if your case requires this

To maximise the security of your data in its electronic formats it will be located only on our own servers based in the UK.

b)   Data we may process

The ways that we may process this data:

  • We will use (process) your data if it is beneficial to your case and with your instruction
  • We may use your data to contact your in relation to your case and
  • We may contact you in relation to other services which, during your case, we have identified as appropriate for you based on the information that you have given to us.  We do this because we need to make sure that your interests are met
  • We may contact you about other services that we provide from time to time, if you have indicated that you consent to that contact.
  • We will use your data to check whether we can act for you and whether we can act for other people by checking whether there is a conflict of interest (a conflict of interest is where we cannot act both for your best interests whilst representing someone else.

c)   Transfer of Data

We may have to transfer data to the other party in your case (the defendant if you are a claimant, the buyer if you are a seller etc…).  We will do this only on your instruction or where we are legally obliged to do so.

We may have to transfer your data to certain third parties to perform the services that you have instructed us on, if they need that data to perform the actions in connection with your case.  These third parties are typically experts or barristers who we will have sought your consent to prior to transferring that data, unless we are legally obliged to do so, for instance where the court requires us to instruct an expert.  We cannot give an exhaustive list of these third parties because it will depend on the nature of the work you have asked us to do.

We may have to transfer your data to certain statutory bodies, such as Her Majesty’s Court Service, Her Majesty’s Revenue and Customs, Her Majesty’s Land Registry and the Legal Aid Agency we will do so only where we have statutory responsibility to do so or where you have given us consent.  There may be other statutory organisations where we are legally obliged to transfer your data to but we will tell you this if it arises and whether we need your consent to do this.

We will only transfer this data where we have your consent and where the organisation that we are transferring the data to can confirm that they will hold that data to the same security standard as ourselves (unless we are legally obliged to transfer it).

We will only transfer that data where the third part agrees to process that data only in line with the criteria that we have agreed we will process your data under as set out above.

d)   Consent

In agreeing to this policy you are providing consent for us to hold such data relating to you, subject to our retention policy, as we should require to progress the work that you are requiring us to do and to process that data where it is necessary to progress your case, including transferring of that data.

We do not need your consent where it is a legal requirement for us to retain your data.  A significant amount of work that law firms do is covered by legal requirements and the Solicitors Act

We do not need your consent to process special categories of your personal data when we are processing it for the following purposes, which we may do:

  • where it is necessary for carrying out legal obligations that we might have;
  • where it is necessary to protect your vital interests or those of another person where you/they are physically or legally incapable of giving consent;
  • where you have made the data public;

e)   Retention

Ordinarily, we will keep your data, both hard copy and electronically, for six years from the date that your case finishes, because you may require information from our file, we are required to by our insurers and, if your case is legally aided because the Legal Aid Agency require us to retain the file for this length of time unless:

  • The work we did for you relates to the purchase of property, in which case we will need to retain your file for 15 years because of the possibility that you will need the file when you sell the property
  • The work we did for you relates to a probate matter, in which case we will need to retain your files for 15 years because of the possibility of future actions needed to be taken.
  • The work relates to financial matters in a divorce, in which case we will need to retain your files for 15 years because of the possibility of future actions needed to be taken.
  • We are legally obliged to by law
  • You require us to provide storage facilities for you in relation to wills, deeds or other documents because it is good practice to retain copies, in case of loss or damage and your data will be required to search for the document.
  • Your case is subject of a complaint, investigation or legal claim against this firm, in which case we will hold it for six years after the action has completed
  • You have given consent for us or instructed us to retain your file for a longer period

Your agreement to this policy will be taken as your consent to our retention policy as set out above, unless we are required to retain your file by law, in which case we do not require your consent.

Your file and all electronic data we hold relating to your case and yourself will be destroyed after the deadlines set out above.

a)    Your rights in respect of that data


You have a right to access any data that we hold in connection with you, unless we have a legal obligation to withhold it.   Wherever possible we will tell you why we are withholding data, however, you must be aware that there are certain circumstances where law requires us to do so (for example where there are concerns relating to money laundering, child abuse or terrorist activity). 

Ordinarily you can simply ask for your data and we will make it available to you as soon as possible.  There may be occasions where logistically, it will take time to do this but we will let you know how long we think it will take.

If you are not happy with the timescale for the delivery of that data you may also complain to our Complaints Officer, Samantha Bushell.  Finally if you remain unhappy with the response you have a statutory right to make a Subject Access Request (see Subject Access Request above).

If you request your data we will provide it to you or to a third party that you wish it to be transferred to in a machine-readable format.


You have the right to request that we amend any inaccurate or incomplete personal data we may have.


You have the right to request that any data that we hold is erased, so long as we can without contravening our legal obligations and such that it does not prevent the firm from defending itself against any legal claim.

Restrict our ability to process your data

You have the right to request that we stop processing your data if:

  • There is a dispute about the accuracy of that data
  • There are issues relating to the unlawful use of the data
  • You require the data to make a legal claim

You must be aware that any such request may hinder us in the work we are doing for you.  If a restriction is put in place we will notify you if it is to be lifted.


If we breach this policy we must notify you of this within 72 hours of becoming aware of the breach.  We must also notify the Information Commissioner’s Office and, if appropriate, law enforcement and/or regulatory body, Solicitors Regulation Authority within the same time limit

Below is pdf file version to download and sign.