Privacy Policy

1. Introduction

Currey & Co LLP (“we”, “us” or “our”) are committed to protecting the privacy and security of any personal data which we process.

This privacy policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

For the purpose of the UK General Data Protection Regulation (“GDPR”), the data controller is Currey & Co LLP of 33 Queen Anne Street, London W1G 9HY (a Limited Liability Partnership registered in England and Wales under number OC352105 authorised and regulated by the Solicitors Regulation Authority). This means that we are responsible for deciding how we hold and use personal data about you.

2. The personal data we hold

Personal data is information that can be used to identify you or that is about you. The personal data that we process may include the following:

  • identity, contact and background information such as your full name, titles, addresses, telephone numbers, email addresses, and other personal and business information;
  • additional information provided by you or collected by us as part of our client identification processes;
  • financial information, including sources of wealth, assets held and bank account details;
  • our correspondence and communications with you;
  • other information provided to us or generated in the course of us carrying out legal services for you; and
  • in the case of members of staff, employment related information such as salary, benefit and pension details, emergency contact details and other human resources and recruitment records.

3. How we collect personal data

We obtain personal data about you, for example:

  • when you contact us or request information from us;
  • in connection with our provision of legal services:
    • if you are a client you may provide us with personal data and we may collect personal data as necessary for our provision of legal services;
    • if you are not a client, we may collect or be provided with your personal data because you are involved with one or more of our clients’ matters;
  • in connection with your provision of services to us; and
  • if you are a past or present member of staff, or a job applicant.

We may also acquire personal data about you from other professional advisers that you may have instructed to make contact with us, including accountants, brokers, surveyors, land agents and estate agents.

4. How we use personal data

We use personal data primarily for the provision of legal services to our clients and related purposes, which, if you are not a client, may involve our handling of your personal data on behalf of our clients. Please note that we may be required to disclose personal data to third parties if reasonably necessary in connection with our provision of legal services.

We may also process personal data for one or more of the following purposes:

  • to comply with our legal, regulatory and risk management obligations, including maintaining the financial and other personal data we are required to keep on clients under the professional rules to which we are subject and by law;
  • to establish or defend legal claims;
  • to issue invoices, manage accounts and records, and collect payments; or
  • human resources purposes, including recruitment.

As an independent law firm we do not involve ourselves in automated decision making and profiling.

5. Legal basis for processing personal data

The legal bases for our processing personal data are the following:

  • it is necessary for the performance of our contracts, principally to provide legal services to our clients;
  • it is within our legitimate business interests whilst applying appropriate safeguards that protect your privacy; or
  • it is necessary for our compliance with legal and regulatory obligations (such as our anti-money laundering obligations – see paragraph 3 of our terms of engagement).

6. Data sharing

We may share your personal information with trusted third parties who support our practice in some way pursuant to contractual arrangements or regulatory obligations we have with or owe to them, including:

  • third parties engaged in the course of our provision of legal services with our clients’ prior consent, such as counterparties and their solicitors, barristers, accountants, surveyors, family offices and other intermediaries and courts, tribunals and public registrars;
  • third party service providers, such as our IT, cloud and payroll service providers; and
  • our auditors, insurers, brokers, bankers and other professional advisers.

All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third party service providers to process your personal data for specified purposes and in accordance with our instructions.

While it is unlikely, we may be required to disclose your personal data by a court order or to comply with other legal or regulatory requirements. If so, we will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.

7. Data retention

We will retain your personal data for such period as may be required taking into account the purpose for which the information is collected. That period is based on the requirements of data protection law, taking into account legal and regulatory requirements to retain data for a minimum period, limitation periods for taking legal action, best practice and our business purposes.

8. Data security

We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

We do not envisage transferring any of your personal data outside of the UK or the European Economic Area (EEA).

9. Your rights regarding your personal data

Under certain circumstances you may have the right to:

  • request access to the personal data we hold about you and information about how we process it (known as a ‘subject access request’);
  • object to our processing of your personal data;
  • have any incorrect or out of date personal data rectified;
  • request the deletion of the personal data that we hold about you;
  • request the restriction of processing of your personal data; and
  • request the transfer of your personal data to another party.

Please note that the above rights are not absolute and each is subject to our legal and regulatory obligations and certain exceptions, such as any relating to judicial proceedings or the subject of legal professional privilege.

If your provision of your personal data to us is a legal or contractual requirement or necessary for us to fulfil a contract with you and you choose not to provide it, we may not be able to continue to provide legal or other services to you.

10. Complaints

If you are unhappy about the way we are processing your personal data, you have a right to make a complaint to the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (telephone: 0303 123 1113). Please also see your rights to complain to the Legal Ombudsman (see paragraph 12 of our terms of engagement).

11. Changes to this privacy policy

We will keep this privacy policy under regular review. This privacy notice was last updated on 5 April 2023.

12. Contact

If you have any comments, questions or requests regarding this privacy policy or if you would like to speak to us about the manner in which we process your personal data, please email enquiries@curreyandco.co.uk or write to Currey & Co LLP, 33 Queen Anne Street, London W1G 9HY.

Currey & Co LLP
April 2023