Privacy Policy | chelfordlaw.com

Privacy Policy 

We care deeply about delivering an exceptional service to our clients. This includes looking after your data. We want you to know what personal data we process and why.

This privacy notice contains information about what personal data we collect and store about you, how we use it, the legal basis for using it and how long we keep it. It also tells you who we share this information with, what we do to protect your data and how to get in touch with us. We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy notice. If you have any such questions, including any requests to exercise your legal rights or concerns relating to your data, please contact the DPO using the details below (`Get in touch’) or by writing to Data Protection Officer, Finance and Administration Office, Library Building, Sun Street, Tewkesbury, GL20 5NX or by calling 0330 460 9635.You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

WHO WE ARE. 

CLP Group Limited, which trades under various trading names, collects and is responsible for personal information about you. When we do this, we are the ‘controller’ of this personal information for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Our Data Protection Officer is responsible for overseeing all aspects of our data governance.

WORKING WITH YOU.

When working with you, we will have access to and process data. We want to tell you what we have, why we have it and how long we will keep it for.

We may collect the following personal information that you provide to us:

Your name, date of birth and contact details (including your address, email and phone numbers);
Identification documents such as driving license, passport, photo ID, utility statements and bank statements;
Any personal details included in the claim you are instructing us on;
Financial Data: including information on your financial circumstances, the lenders or financial institutions used by you, the financial products you have taken out and the details and status of those financial products

You may also give us personal information that is classified as ‘special categories’ under GDPR:

Health information;
Racial or ethnic origin;
Political opinions;
Religious, philosophical or other beliefs;
Trade union membership;
Sex life or sexual orientation;
Information about any criminal convictions.

HOW WE USE YOUR PERSONAL INFORMATION. 

We use your personal information for the following purposes:

To provide you with legal services;
To comply with our legal responsibilities to the SRA and under relevant regulation;
To engage with partners that supply us with good and services;
To manage any queries or complaints you have about the services you receive;
To train and develop team members in order to provide you with a better service;
To monitor the quality of service we deliver to you, and ensure it meets your expectations;
To comply with legal obligations to act in the public interest and uphold the rule of law.

WHETHER INFORMATION HAS TO BE PROVIDED BY YOU, AND WHY? 

Some of the personal information you may need to give us, such as your personal details and financial information, is so that we can carry out requirements that are statutory obligations for Anti-money Laundering purposes, Solicitors Regulatory Authority (SRA) regulations, HMRC requirements, Land Registry requirements and requirements of the Courts of England and Wales. If you do not give us this information we may not be able to provide you with legal services or complete your claim.

LEGAL REASONS WE COLLECT AND USE YOUR PERSONAL INFORMATION. 

We have a legal basis for all the data we process. We rely on a different legal basis depending on the personal information we are processing and the reason we are processing it. We rely on the following legal basis in these circumstances:

Consent

In some claims you will give us consent to use your personal information in a certain way. If you have given us consent to use your data in a certain way, and we have no other legal basis for doing so, we will rely on your consent. There is more information below on your rights regarding consent. The activities where we rely on your consent are:

Keeping in touch with you and sending you information about how our services can help. We will also let you know about what is going on at our firm and developments in the industry. We will always give you an option to opt-out of future communications.

If you are giving us any special categories of data, we may need your explicit consent to do so. We will let you know if this happens and explain it all to you.

You always have the right to withdraw your consent at any time. If consent relates to electronic communications (such as a newsletter or invitations to events) then we will always give you an `Opt-Out’ option in every communication. You can also contact us using any of the details below Net in touch’) to withdraw consent.

Legal Obligations

As an SRA regulated firm, CLP Group Limited is bound by regulations that we adhere to which will require us to process your personal information. The activities where we have a legal obligation to process data are:

Processing information about you for Anti-money Laundering purposes and to stop terrorist financing.

Running conflict of interest checks when acting for you and for our other clients.

Complying with our obligation to the SRA, which includes the commitment to maintain a high level of service quality, including activities such as file audits, safeguarding the interests of our clients, and compliance with the SRA’s handbook.

Complying with obligations to HMRC regarding records keeping of our financial activity, including information relating to transactions, billing and payments.

Investigating, managing and resolving any expression of dissatisfaction that relates to any of the regulated activity we carry out, or relevant to any regulations we are bound by.

Keeping adequate records of our work with you to satisfy the insurance cover we need to have in place by law, and to defend CLP Group Limited in the unlikely event of a legal claim being brought against us.

Tasks carried out in the Public Interest

There may be some claims when we have a legal obligation to act in the public interest in relation to the detection and reporting of suspected crime. We can’t rely on your consent and may not be able to tell you when we are processing your personal information in this way so as not to prejudice those purposes.

Legitimate Interest

We rely on legitimate interests to engage with talented individuals that may be a great fit for our firm. We may use personal information that you have made public and shown interest to discuss opportunities with you (for instance on CV sites and professional networking sites).

We rely on legitimate interests in some claims to invite you to certain events such as networking events or hospitality events. Our legitimate interest is to thank our clients and bring like-minded people together. We will use your contact information when we do this and can provide more information on the assessments we have gone through to make sure the use of your information in this way is fair on request (see `get in touch’ below).

WHO WILL WE SHARE YOUR PERSONAL INFORMATION WITH? 

We work closely with selected partners and consultants that we share personal information with to deliver you the service you expect from us. We share personal information to:

Perform the services you have instructed us on that may require us to share data with expert consultants, counsel and advisors as required to complete your claim;
Operate our back and middle office services which are managed by Bamboo Platform Services;
Professional services business that helps us to manage CLP Group Limited, maintain business quality and manage compliance with regulations;
Search providers used to perform due diligence searches, anti-money laundering searches and any other searches required by law or to undertake your claim;
Credit reference agencies used to perform searches required by law or to undertake your claim;
Certain processors and providers of services and software that make up the platforms and systems we use at CLP Group Limited to deliver services;
Storage and archiving providers to ensure your personal information is protected securely and backed up.

Any partners, suppliers or third parties we share data with will be bound by strict agreements that meet the requirements of GDPR and will be monitored for performance with those agreements.

We will share personal information with official bodies if required by law including the SRA, ICO, the police, law enforcement and intelligence agencies.

TRANSFER OF YOUR INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA). 

It may be necessary to transfer your personal information outside the EEA or to an international organisation in order to perform your instructions. We do not routinely transfer data outside of the EEA, and when we do we will notify you of the reasons, the legal basis for doing so, any relevant risk assessments that we want to make you aware of, and the appropriate safeguards in place to protect your rights and freedoms.

If you would like any further information on transfers outside of the EEA, or would think as part of your claim you will want us to transfer your data outside of the EEA, then please contact our Data Protection Manager (see `Get in touch’).

HOW LONG WILL WE STORE YOUR PERSONAL DATA? 

We will only keep your personal information for as long as necessary to complete the purposes we have described above. We use the following retention periods and review these periodically to make sure we are only keeping what we need (If information can be kept for two different periods, we will keep it for the longer of those two periods):

Claim information — Information about you and any personal information relating to your claim we will keep for a period of 7 years after the claim has ended, or 1 year after any relevant limitation period, whichever is longer. This is to comply with our requirements to our insurance provider to have records available in the claim we need to defend a legal claim, and to comply with the SRA obligations regarding record keeping.

Identification and Due Diligence — Information relating to Anti-money Laundering checks and due-diligence we will keep for a period of 5 years from the end of the last claim undertaken for you to comply with our Anti-money Laundering obligations.

Financial Transactions — Information about you and any financial transactions, including fees paid and payments for services, we will keep for a period of 7 years to comply with HMRC requirements to keep accurate records that can be audited.

Contact information used in marketing with your consent and to pursue a legitimate interest will be kept for 30 days once you have withdrawn your consent.

Information that we delete may be kept in an encrypted, secure and `beyond reach’ backup for a period of 6 years after deletion. We need to maintain backups of our systems to comply with article 32 of the GDPR (security and resilience).

YOUR RIGHTS. 

Under the General Data Protection Regulation, you have a number of important rights that you can exercise free of charge. In summary, these rights are:

Transparency over how we use your personal data and fair processing of your information (which includes the right to be given the information in this notice);

Access to your personal information and other supplementary information;

Require us to correct any mistakes or complete missing information we hold on you;

Require us to erase your personal information in certain circumstances;

Receive a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format;

Object at any time to processing of your personal information for direct marketing;

Object in certain other situations to the continued processing of your personal information;

Restrict our processing of your personal information in certain circumstances;

Request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way

If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR.

If you want to exercise any of these rights, please contact us (see `get in touch’ for contact details) and let us know who you are and what right you want to exercise. We may need to ask for additional information regarding your identity, and we may also need some information from you on specific categories of data, types of processing activities or periods of processing activities that you wish to focus your request around.

We will respond to you no later than one month from when we receive your request. Please note if you wish to unsubscribe from any email you can do so by emailing our Data Protection Manager (see `get in touch’ for contact details). It may take 10 working days for this to become effective.

FUTURE PROCESSING. 

We do not intend to process your personal information for any reason other than stated within this privacy notice. If this changes, we will update this privacy notice on our website and in any documentation we send you, or tell you by email when we start processing your data in a new way.

CHANGES TO THIS PRIVACY NOTICE. 

This privacy was published in March 2025. We regularly review our internal privacy practices and may change this policy from time to time. When we do, we will inform you by updating our website and telling you in any documentation or messages we send you.

GET IN TOUCH. 

CLP Group Limited uses different trading names for different business units. However, data privacy and complaints are handled by the same managers across all of our trading names. If you wish to get in touch or have any questions about this privacy notice or the personal information we hold about you, please contact us using the relevant details below.

By Post: Chelford Law, One Temple Quay, Temple Back East, Bristol BS1 6DZ

Data Privacy: Our Data Protection Officer can be contacted using the postal address or by email at: Chelford Law, One Temple Quay, Temple Back East, Bristol BS1 6DZ or complaints@chelfordlaw.com