DATA PROTECTION POLICY

Chan Neill Solicitors LLP

Introduction
Chan Neill Solicitors LLP (“we”, “us”, “our”) is committed to protecting your privacy and keeping your personal data secure. This Data Protection Policy (“Policy”) explains how we collect, use, share, and safeguard your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK data protection laws.
Who We Are
We are Chan Neill Solicitors LLP, 5th Floor, 120 Cannon Street, London, EC4N 6AS, United Kingdom.
For data protection purposes, we are the “data controller” of your personal data.
Scope of This Policy
This Policy applies to:

Clients (and potential clients)
Individuals acting on behalf of clients
Professional or business contacts
Job applicants
Visitors to our website

It explains:

What personal data we collect and the sources of data
Why and how we use your data, with the legal basis for each purpose
Our lawful bases for processing
Your rights under UK law and how to exercise them
Who receives your data, including third parties and international transfers
How long we keep your data
How you can contact us

What Personal Data Do We Collect?
We may collect and process the following categories of personal data, as appropriate to your relationship with us and as obtained from you or third parties (such as publicly available sources, referees, regulatory bodies, or background check providers):

Enquiries: Name, contact details (email, phone, address), company/professional information, and your enquiry.
Clients or Potential Clients: Identification and contact details, information relevant to services provided (including, where needed, special category data such as health or criminal record data), financial/payment information, and background check details for regulatory purposes.
Professional or Business Contacts: Business contact information, role/title, records of interactions.
Job Applicants: Application/CV details, interview and references, vetting information where required (with more information provided by HR at application).
Website Users: Data collected via cookies (see Section 11), including IP address, browser type, and website usage.
Other Sources: Personal data may be collected from third parties, including referees, regulatory authorities, or public databases.

We do not knowingly process personal data from children under 18. If we become aware that we have collected such data without appropriate consent, we will promptly delete that information.

Processing Purpose	Legal Basis
Responding to enquiries	Legitimate interests, contract
Providing legal and related services	Contract, legal obligation
Identity and verification checks	Legal obligation, legitimate interests
Fulfilling legal and regulatory obligations	Legal obligation
Business development and marketing	Consent (where required), legitimate interests
Managing business relationships	Legitimate interests
Recruitment and HR management	Contract, legal obligation, consent
Maintaining and managing business records	Legal obligation, legitimate interests
Service and website improvement	Legitimate interests, consent (for cookies)

Lawful Bases for Processing Personal Data
We will only process your data on the following lawful bases in line with UK GDPR and DPA 2018. For each activity, the legal basis is:

If processing is based on “legitimate interests,” these include:

Managing our practice and client relationships
Developing and improving our services
Ensuring network and information security

Special Category & Criminal Offence Data
We only process special category data (e.g., health, racial or ethnic origin, criminal records):

Where you give explicit consent,
Where necessary for the establishment, exercise or defence of legal claims,
Where required by law,
Or where otherwise permitted under Article 9 of the UK GDPR and Schedule 1 of the Data Protection Act 2018.

Additional security measures apply, such as access restrictions, encryption, and audit logging for sensitive data.

We do not sell your personal data under any circumstances.

How We Use Your Information
Your personal data may be processed for the following reasons (see Section 5 for legal bases):

Responding to your enquiries
Providing legal and related services, including due diligence, compliance, and court representation
Carrying out necessary identity and verification checks
Fulfilling our legal and regulatory obligations (including to relevant courts and the Solicitors Regulation Authority)
Business development and, where appropriate, sending marketing communications with your consent
Managing business relationships
Recruitment and candidate assessment
Maintaining and managing business records
Improving our services and website functionality

We do not use your data for automated decision-making or profiling. Should this change, we will inform you in advance and provide further information.

Data Sharing
We may share your personal data with:

Other entities in the same group, where applicable
Third-party service providers (e.g., IT, audit, legal, insurance, cloud storage providers), subject to written contracts that meet UK GDPR Article 28 requirements and mandate appropriate data protection standards
Professional advisors, law enforcement, regulators (including the Solicitors Regulation Authority), courts, or as required by law or court order
Prospective acquirers or merger partners (with appropriate safeguards in place)

All personnel and contractors handling client information are bound by strict confidentiality and legal professional privilege. We operate in line with SRA obligations.

International Data Transfers
If we transfer your personal data outside the UK, we ensure adequate safeguards are in place, such as:

Standard Contractual Clauses (SCCs) or International Data Transfer Agreements (IDTAs) approved by UK authorities
Transfers to countries deemed ‘adequate’ by the UK government

We will inform you if such a transfer takes place and can provide additional details upon request.

Data Retention
We only keep your personal data as long as necessary for the purpose for which it was collected.

Enquiry data: Up to 12 months, unless you become a client.
Client data: For periods required by law, regulatory rules, or longer if needed for legal claims or as agreed with you.
Business contacts: Until you request removal or data is no longer required.
HR/recruitment: In line with legal mandates and best practice.
A summary of our data retention schedules is available on request.

Where deletion is not technically feasible, we will render the data permanently inaccessible.

Your Rights
Under UK law, you have the following rights (subject to legal exemptions):

Access and receive a copy of your personal data
Rectify incomplete or inaccurate data
Erase data in certain circumstances (“right to be forgotten”)
Restrict or object to processing, including objecting to direct marketing at any time
Data portability (where processing is by contract/consent and automated means)
Withdraw consent where processing is based on consent (without affecting lawfulness of processing prior to withdrawal)
Lodge a complaint with the Information Commissioner’s Office (ICO): ico.org.uk or 0303 123 1113

How to exercise your rights:
To exercise your rights, please email our Data Protection Officer or write to the address below, clearly stating your request and including sufficient detail to identify your data. We will respond within one month of receiving your request.

If you have concerns, you can first contact us to resolve them.
If you remain dissatisfied, you have the right to complain to the ICO.

Security Measures
We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect personal data, including secure servers, access controls, encryption, regular staff data protection training, and internal audits of data handling.
Data Breach Notification
In the unlikely event of a data breach likely to result in a risk to your rights or freedoms, we will notify affected individuals and the UK Information Commissioner’s Office (ICO) as required by law.
Cookies
Our website uses cookies and similar technologies to enhance performance and improve user experience. Please see our Cookies Policy (available on our website or on request) for more details and to manage your preferences.
Policy Updates
We may update this Policy to reflect changes in law or our data practices. For material updates, we will notify you (e.g., by email or website notice).
Contact
To exercise any of your rights or report a data protection concern, please contact:

The Data Protection Officer
Chan Neill Solicitors LLP
5th Floor, 120 Cannon Street, London, EC4N 6AS
Email: reception@cnsolicitors.com

HOME

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.