Privacy Policy

 

Gladstone Solicitors Privacy Notice and Information for Clients


Gladstone Solicitors are committed to protecting and keeping confidential all the information you provide to us, subject to certain legal duties that are explained in our Terms of Business.

Please read this privacy notice carefully. It contains important information about who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information, and how to contact us or the relevant supervisory authority if you have a complaint.

The UK General Data Protection Regulation, known as the UK GDPR, the Data Protection Act 2018 and the Data (Use and Access) Act 2025 govern how we collect, use, store and share personal data. These laws give individuals rights in relation to their personal data and place obligations on organisations that process it. References in this notice to data protection law include these laws as amended or supplemented from time to time.

Who we are

Gladstone Solicitors is a Limited Company registered in England, registration number 09079884. The registered office is at 22 Market Place, Arnold, Nottingham NG5 6ND. It is a legal practice which is authorised and regulated by the Solicitors Regulation Authority, authorisation number 630857. The firm collects, uses and is responsible for certain personal information about you. When it does so, it is regulated under applicable UK data protection law, including the UK GDPR, the Data Protection Act 2018 and the Data (Use and Access) Act 2025, and is responsible as the controller of that personal information.

The personal information we collect, use and share

In the course of acting for you, we collect the following personal information when you provide it to us:

Name, address, date of birth, contact information (telephone and email where appropriate) and National Insurance number (where appropriate).

Identity information and documentation relating to your identification.

Additional information in relation to your legal transaction to enable us to advise you and progress your case. This will depend on the type of legal work you instruct the firm to undertake.

We use your personal information primarily to enable us to provide you with a legal service in accordance with your instructions. We also use your personal information for related purposes including identity verification, administration of files, updating existing records if you have instructed the firm previously, analysis to help improve the management of the firm, for statutory returns and legal and regulatory compliance. The information will be held in hard copy and/or electronic format.

You are responsible for ensuring the accuracy of all the personal data you supply to us, and we will not be held liable for any errors unless you have advised us previously of any changes in your personal data.

We will only take instructions from you or someone you authorise in writing.

Where you are acting as an agent or trustee, you agree to advise your principal or the beneficiary of the trust that their personal information will be dealt with on these terms.

If we are working on your matter in conjunction with other professionals who are advising you, including experts, barristers, banks, building societies, mortgage lenders and estate agents, we will assume, unless you notify us otherwise, that we may share and disclose relevant personal data and information about your matter to them where we consider it appropriate and necessary.

On occasions, we ask other trusted companies to provide typing, costing, photocopying or other support work on our files to ensure that this work can be done promptly. We will always obtain a confidentiality agreement with these outsourced providers to ensure that they keep the information sent to them secure and confidential. All routine typing and photocopying is undertaken in-house. However, occasionally we may need to send your file to an external costs draftsman for some family or criminal matters.

We use private, secure cloud computing services and IT providers to assist us in processing, protecting and storing your information and keeping it secure from the risks of cybercrime and fraud. All IT providers we use are subject to confidentiality and data protection obligations, and we will take appropriate steps to ensure that they meet applicable UK data protection law in relation to the services they provide to us. We aim to keep the personal information you provide to us in the UK wherever practicable. We will not transfer your personal data outside the UK unless there is a lawful basis for doing so and appropriate safeguards are in place, or unless you specifically instruct us to do so. Where international transfers are required, we will assess them in accordance with applicable UK data protection law, including the Data (Use and Access) Act 2025, and will only transfer personal data where the destination provides protection that is not materially lower than the protection provided under UK law or where another lawful transfer mechanism applies.

There may be occasions when we are under a legal duty to share personal information with law enforcement or other authorities, including the Solicitors Regulation Authority or the Information Commissioner’s Office. If we are required to disclose information to the National Crime Agency, we may not be able to tell you that a disclosure has been made. We may have to stop working for you for a period of time and may not be able to tell you why. We cannot be held liable for any loss you suffer due to delay or our failure to provide information in these circumstances.

Occasionally some of our client files may be audited strictly confidentially by external auditors or examiners to ensure we meet our legal, quality and financial management standards. Some information may be disclosed to our professional indemnity insurers and to our financial auditors if required. Unless you tell us otherwise we will assume you have no objection. You may object at any time and refusing your consent will not affect our work for you. We will not submit files for external audit or disclose personal information to directories where there is particularly sensitive material.

We will not share your personal information with any other third party and will not issue any publicity material or information to the media about our relationship and the work we are doing for you without your explicit consent.

How long your personal data will be kept

Your personal data, including your name, address and contact details, together with your file of papers, will be held for a period of time that depends on the nature of your case. We will confirm the applicable retention period to you at the end of your case. After that period, your file of papers, including the electronic file, will be destroyed confidentially without further reference to you unless we contact you to confirm other arrangements or you contact us to request your file of papers at an earlier date.

In order to meet our regulatory requirements, we may be required to retain basic information about you to include your name, address and date of birth on our electronic database for a longer period of time.

Reasons we can collect and use your personal information

We rely on one or more of the following lawful bases to collect and use your personal data, depending on the purpose for which it is processed and in accordance with applicable UK data protection law, including the Data (Use and Access) Act 2025:

(a) Your consent, where we ask for and receive your specific permission to process your personal data for a particular purpose.

(b) Contractual obligations, where processing is necessary to provide legal services to you or to take steps at your request before entering into a contract.

(c) Legal obligations, where processing is necessary for us to comply with legal, regulatory, professional or court obligations.

(d) Public task, where processing is necessary for a task carried out in the public interest or in the exercise of official authority, where this applies to the work we are carrying out.

(e) Legitimate interests, where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms.

(f) Recognised legitimate interests, where applicable under the Data (Use and Access) Act 2025, for example where processing is necessary for certain legal, regulatory, public safety, safeguarding, crime prevention or disclosure purposes.

Where we process special category data or criminal offence data, we will do so only where we have a lawful basis and an additional condition for processing under applicable UK data protection law. This may include processing necessary for the establishment, exercise or defence of legal claims, legal advice, substantial public interest, safeguarding or compliance with legal and regulatory obligations.

Automated decision-making

We do not use automated decision-making, including profiling, to make decisions that produce legal effects or similarly significant effects for you. If this changes in future, we will update this privacy notice and explain the logic involved, the significance and likely consequences of the processing, and any safeguards available to you under applicable UK data protection law.

Marketing

Information about the firm and up-to-date articles which may be of interest to you are available on our website at www.gladstonesolicitors.co.uk. We encourage you to refer to this.

In relation to future marketing, we would like to keep in touch with you and let you know periodically about information that we think may be of specific interest to you or to tell you about events or developments in the firm. We ask you to provide your email address and give specific confirmation that you want to “opt in” to us sending you such information in the future. If you provide your consent, you may withdraw it at any time by contacting us to confirm that you no longer want us to contact you. If you provide your consent, we may use third party software and services to assist us in relation to the processing of our marketing communications, but we will ensure we have confidentiality agreements in place and will never disclose your information to third parties for them to use for their own marketing purposes.

If you are an existing client of the firm, or we are holding documents for you such as Wills or Deeds, we may rely on legitimate interests as the reason for contacting you in future. We will only do this where we consider it would be of benefit to you or where we need to update you in relation to our terms and conditions.

Your rights

Under applicable UK data protection law, including the UK GDPR and the Data (Use and Access) Act 2025, you have a number of important rights, free of charge. These may include the right to request access to your personal data, to ask us to correct inaccurate information, to request deletion of information in certain circumstances, to restrict or object to processing in certain circumstances, and to complain about how we handle your personal data. Further information about these rights can be found on the Information Commissioner’s Office website at www.ico.org.uk/for-the-public/.

If you would like to exercise any of these rights, including making a subject access request, please contact our Lead Data Officer and:

• email, call or write to our Lead Data Officer

• let us have enough information to identify you

• let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and

• let us know the information to which your request relates, including any account or reference numbers, if you have them.

When responding to a subject access request, we will carry out reasonable and proportionate searches for the personal data requested. We may ask you for further information to help us identify the relevant information and locate it efficiently.

We will usually respond to rights requests without undue delay and within one month, unless the law allows us more time because the request is complex or we have received a number of requests from you. If we need more time, we will tell you why and when you can expect a response.

Some rights are subject to exemptions or restrictions under data protection law. In particular, we may be unable to provide information that is protected by legal professional privilege, confidentiality duties, court obligations, crime prevention restrictions or other legal exemptions.

Keeping your personal information secure

We have appropriate technical and organisational security measures in place to prevent personal information from being accidentally lost, used, disclosed or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Anyone processing your information must do so only in an authorised manner and is subject to duties of confidentiality, security and professional responsibility.

We have internal responsibility for data protection compliance and maintain appropriate records relating to personal data processing, data subject requests and data security incidents. Our staff receive appropriate training and guidance so that personal information is handled securely, lawfully and in accordance with applicable UK data protection law.

We also have procedures in place to identify, assess and respond to any suspected personal data breach. Where we are legally required to do so, we will notify you and the applicable regulator. If a breach is notifiable to the Information Commissioner’s Office, we will aim to report it without undue delay and, where required, within 72 hours of becoming aware of it.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

How to complain

If you have a query or concern about how we collect, use, store or share your personal data, please contact our Lead Data Officer in the first instance. We will consider your complaint carefully and aim to respond within 30 days.

You also have the right to lodge a complaint with the UK supervisory authority for data protection matters. This is currently the Information Commissioner’s Office, which may be contacted at www.ico.org.uk/concerns/ or by telephone on 0303 123 1113.

Changes to this privacy notice

This privacy notice was originally published on 21 May 2018 and was last updated in July 2026 to reflect current UK data protection law, including the Data (Use and Access) Act 2025. We may change this privacy notice from time to time. When we do, we will publish the updated notice on our website and, where appropriate, notify you directly if the changes are material or affect how we use your personal data.

How to contact us

Please contact our Lead Data Officer if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact our Lead Data Officer, please send a letter marked for the attention of the Lead Data Officer to Gladstone Solicitors, 22 Market Place, Arnold, Nottingham NG5 6ND.

If you would like this notice in another format please let us know.

Reviewed 10.7.2026