Privacy Notice
Contents
- 1 Introduction
- 2 Who This Notice Applies To
- 3 Information We Collect About You
- 4 How We Collect Your Information
- 5 How We Use Your Information
- 6 We may also use your personal information for the following purposes:
- 7 International Transfers of Data
- 8 How We Use Your Information for Recruitment
- 9 Children’s data
- 10 Complaints Procedure
- 11 Our contact details
- 12 Changes to this Notice
Introduction
Richard Nelson LLP is committed to protecting your privacy. This notice explains how we collect, use and share your personal information when providing legal services, and when carrying out marketing and recruitment activities.
We keep all information you provide to us confidential and apply high standards of security to protect it. We are accredited under the UK Government backed Cyber Essentials Plus scheme.
If you have any questions about this notice, please contact our Data Protection Officer by email at dataprotection@richardnelsonllp.co.uk.
Who This Notice Applies To
This privacy notice applies to anyone whose personal information we collect and process, except for our current or former staff, consultants and partners, who are covered by a separate privacy notice.
This includes the following groups of people, as well as individuals working for them:
- Our clients.
- Other lawyers and law firms, including barristers.
- People involved in legal matters, such as the court, police or the Crown Prosecution Service, (including within family proceedings, criminal cases, inquests, tribunals, arbitrations, mediations, investigations and regulatory matters), or in related legal, advisory or consultancy services. This also includes people involved in claims we handle for clients, such as claimants, defendants, witnesses, experts and service providers (for example investigators, mediators and costs lawyers).
- People involved in contracts or transactions we are working on, including businesses or individuals our clients are dealing with.
- Our regulators, insurers, auditors, professional advisers and certification or accreditation bodies.
- People applying to work with us (prospective employees).
- People whose details we use as part of our marketing activities.
Information We Collect About You
Personal data (or personal information) means any information that can identify a living individual.
As part of our work, we collect and use different types of personal information for a range of purposes. Because of the nature of our services, it is not practical to list every type of information we may collect. However, we will only collect and use personal information where we have a lawful basis to do so.
We most commonly collect and use the following types of personal information:
- Contact details, such as your name, job title, organisation, date of birth, address, email address and telephone number. We may also collect additional information to verify your identity.
- Financial details, including bank account and payment card information.
- Employment information, including professional memberships or registrations, regulatory checks, references, proof of your right to work, security checks and photographs.
- Recruitment information, such as CVs, interview notes and assessment materials.
- Information about your legal needs and your personal or professional circumstances.
- Information about people who work for or are connected to our clients, advisers or other organisations involved in a matter we are dealing with.
- Medical or health information, where needed to provide our services, particularly in matters involving medical issues.
- Information gathered during investigations, which may include surveillance carried out by third parties, online research and checks of subscription databases and publicly available sources. This may be relevant where we are dealing with suspected crime or regulatory or disciplinary matters.
- Information about criminal convictions or offences, where this is necessary for the legal matter we are advising on.
- Special category personal data, where needed for a legal matter. This may include information about racial or ethnic origin, political views, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, or information about a person’s sex life or sexual orientation.
- Marketing and communication information, such as your preferences, interests and any feedback you provide (for example, through surveys). We may also monitor when you receive and read our marketing communications.
For details about information we collect automatically when you use our website, please see our Cookie Notice.
How We Collect Your Information
We use a range of methods to collect personal information about you, including:
- Information you provide to us directly, for example, when you fill in a form on our website, contact us by email or post, speak to us in person or by phone, visit our offices, provide feedback (for example through a survey), share your business card at an event or meeting, or register for our online tools, webinars or events.
- When you use our website, we may automatically collect information about your device and how you use the site. This includes browsing activity and technical data, which we collect using cookies. For more details, please see our Cookie Notice.
- We may collect information that is publicly available online, such as from professional networking platforms (for example LinkedIn), your organisation’s website, the Land Registry and Companies House.
- We may also receive information about you from third parties, including our clients, agents, the courts, the police, professional advisers we instruct, fraud prevention and credit reference agencies, subscription databases, insurance databases and government bodies.
How We Use Your Information
We will only use your personal information where the law allows us to do so. This means we must have a legal basis for using it. We most commonly rely on the following:
- To carry out a contract with you. This includes situations where we are about to enter into a contract with you, are already working with you, or need to take steps at your request before entering into a contract.
- To comply with legal obligations. For example, we may need to use your information to meet requirements under laws such as anti-money laundering regulations.
- With your consent. Where we rely on your consent, we will make this clear at the time we collect your information. You have the right to withdraw your consent at any time. More information about this is set out in the ‘Your Rights’ section below. We do not generally rely on consent for most of our processing.
- For our legitimate interests, or those of our clients or others. This includes:
- providing legal, advisory or consultancy services
- meeting regulatory requirements and maintaining accreditations
- delivering a high standard of service to our clients
- promoting our services
- collecting feedback
- improving our services and developing our business
We will only rely on this basis where we are satisfied that our interests (or those of others) are not outweighed by your rights and interests.
5. Recognised Legitimate Interests. For example, we may need to share your information with another organisation which has requested it from us because they need it for their public task or official functions. We may need to share your information to safeguard national security, protect public security or for defence reasons. We may need to share your information to respond to an emergency, to assist with the prevention, detection or investigation of crimes or to protect the physical, mental or emotional well-being of someone or to protect them from harm or neglect.
6. Special category data. This refers to particularly sensitive personal data, such as information about your health, ethnicity, religious beliefs, sexual orientation, or biometric data. As outlined above, we may collect this type of information where relevant. We will only process special category data in limited circumstances, including:
- Where it is necessary for legal claims or court-related purposes.
- Where we have been instructed to do so as part of legal proceedings.
- Where you have given your explicit consent.
- Where it is necessary to protect your vital interests (for example, in an emergency).
- Where you have clearly made the information public.
7. Criminal convictions and offences data
We may process this type of information where it is relevant to the legal advice or services we are providing. For example, it may arise in criminal matters, employment matters, DBS and caution removal matters or disputes. We only use this information where it is necessary for legal proceedings, for obtaining legal advice, or for establishing, exercising or defending legal claims.
When we use your personal information, we follow this privacy notice and, when providing legal services, we are also bound by strict professional duties of confidentiality. If you would like more information about how we balance our legitimate interests against your rights, you can contact our Data Protection Team on: dataprotection@richardnelsonllp.co.uk.
We may also use your personal information for the following purposes:
- Providing legal, advisory and consultancy services
When we receive personal information as part of our work, we use it to deliver those services. This includes:
- managing legal matters such as court proceedings, claims, criminal cases, tribunals, arbitrations, mediations, investigations and regulatory actions
- giving legal advice and consultancy support
- handling claims
- providing wills and probate services, including contacting beneficiaries
- advising on and negotiating contracts and transactions
- carrying out checks (for example fraud checks and database searches) and sharing information where appropriate to help prevent, detect or investigate crime, including fraud and financial crime
Where we process personal information for a client, that client may also have the right to access and use that information in line with their own privacy arrangements.
2. Meeting legal and regulatory requirements
We may use and share personal information where required or permitted by law. This includes:
- carrying out checks such as conflict checks, anti-money laundering and anti-terrorism checks
- making disclosures required by law or court order
- sharing information with authorities such as the police, tax authorities, the National Crime Agency or other public bodies where appropriate
- providing information to regulators, ombudsmen or other official bodies where required or permitted
3. Audit and quality checks
We may provide access to our files for audit, review or quality assurance purposes. This may involve our clients, regulators, auditors, professional advisers or accreditation bodies.
4. Running our business
We may use personal information for day-to-day business purposes, such as compliance, handling complaints, financial management, billing, business development and keeping proper records.
5. Business changes.
We may process personal information in connection with changes to our business, such as a merger, sale, restructuring, joint venture or transfer of part or all of our business or assets.
International Transfers of Data
In the course of providing our legal services, some of the third parties we work with (such as IT providers, document management systems, or other service providers) may process your personal data outside of the United Kingdom. Where this occurs, we take appropriate steps to ensure your data remains protected and handled securely. This includes carrying out necessary due diligence and putting in place suitable safeguards to ensure that your personal data continues to receive an appropriate level of protection, consistent with the standards we apply within the UK.
How We Use Your Information for Recruitment
We may use your personal information as part of our recruitment processes for the following purposes:
- Recruiting employees, consultants and partners.
- Checking your immigration status and your right to work.
- Carrying out pre-employment/consultancy checks.
- Obtaining references.
- Use of Artificial Intelligence (AI)
We are committed to safeguarding your personal data when using AI. Personal data will only be processed through AI systems that have been formally assessed and approved in line with our policies and procedures. These systems are required to comply with our confidentiality obligations and data protection policies. The AI tools we use do not train on client data. We aim to ensure that our use of AI is fair, transparent, and explainable, and consistent with our firm’s values.
We may use AI tools to support the delivery of our legal and business services and to enhance our internal operations. These tools may include large language models, machine learning technologies, and generative AI systems. Approved third-party tools may also be used where appropriate.
AI is used as a support tool only and does not replace professional judgement.
Children’s data
This refers to personal data relating to individuals under the age of 18. We may process children’s data where we are instructed to act on their behalf or in matters affecting them, for example in criminal cases, youth justice matters, or family proceedings. This privacy notice applies equally to children, and we recognise that organisations such as the Information Commissioner’s Office (ICO) place particular importance on protecting children’s information. We share that commitment and take additional care when handling such data. We will only process children’s data where it is appropriate and lawful to do so, including:
- Where we are instructed to act on behalf of a child in legal proceedings, including criminal or family matters.
- Where processing is necessary for the establishment, exercise or defence of legal claims.
- Where consent has been provided by a parent, guardian, or other authorised individual, where required.
- Where it is necessary to protect the vital interests of the child.
- Where the data has been made public by or on behalf of the child, where appropriate.
Complaints Procedure
You are entitled to raise a complaint with us if you believe we have infringed data protection legislation because of the way we have handled your personal information (or the personal information of someone you are acting on behalf of). For example, you may submit a complaint about:
- The way we have responded to your subject access request (SAR) or other rights request;
- The security measures we have used to store your information (e.g. data breach); or
- How we have collected or used your personal information (e.g. the way in which we have stored it, how long we have kept it for, or its accuracy).
A data protection complaint can be sent to our Data Protection Team at dataprotection@richardnelsonllp.co.uk.
Or by post to our Head Office: Richard Nelson LLP, Priory Court, 1 Derby Road, Nottingham, NG9 2TA.
Our Team will acknowledge your complaint within 30 days. The 30 days will start the day after we receive your complaint.
We will take appropriate steps to respond to your complaint, including by making appropriate enquiries and keeping you informed about our progress and by providing a full response, without undue delay.
If we are unable to resolve your complaint and you remain dissatisfied, you have the right to escalate your concerns to the Information Commissioner’s Office (ICO). Their contact details can be found here: www.ico.org.uk
Our contact details
If you have any questions about this Privacy Notice you can contact us by emailing the team at dataprotection@richardnelsonllp.co.uk or by writing to our Data Protection Officer at our Head Office: Richard Nelson LLP, Priory Court, 1 Derby Road, Nottingham, NG9 2TA.
Changes to this Notice
We review our Privacy Notice regularly and may update it from time to time. We recommend that you check it frequently to stay informed of any changes.
This Notice was last updated in June 2026.