Last Reviewed: 1st March 2024

Introduction

1. In this Notice “us” and “we” means Caytons Law LLP, trading as “Caytons”, which is a limited liability partnership registered in England and Wales (Companies House No. OC43039) and the registered office is 10A, Tower 42, 25 Old Broad Street, London, EC2N 1HQ. A list of designated members is available for inspection at the registered office.
2. In this Notice “you” means any party who reads this Notice.
3. This Notice only applies to Personal Data, including Sensitive Personal Data, of Data Subjects under the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (EU) 2016/679 (GDPR).
4. This Notice is intended to comply with Section 2 and 3 of Part II of the DPA and Articles 12 to 14 of the GDPR.
5. This Notice is not legal advice and must not be relied upon as legal advice. We endeavour to keep the contents of this Notice correct and up to date but we do not accept any liability for mistakes or omissions. To the maximum extent allowable by law we do not accept any liability for damage or loss howsoever arising from this Notice.
6. This Notice does not waive rights of us or our clients or other third parties, including rights of privilege and confidentiality, and is subject to those rights and is also subject to our obligations including those to the Court under Civil Procedure Rules Part 31 and those under the Codes of Conduct of the Solicitors Regulation Authority.
7. We own the copyright and other intellectual property rights in this Notice. Reproduction and distribution of this Notice or any part of it is prohibited.

Data Controller

8. The Information Commissioner’s Office in the United Kingdom is our lead data protection supervisory authority. We are a Registered Data Controller in the United Kingdom (ICO No. ZA643615). See https://ico.org.uk/ESDWebPages/Entry/ZA643615
9. Our nominated representative for the purposes of the DPA is John Cayton.
10. We are a Recognised Body authorised and regulated by the Solicitors Regulation Authority (SRA ID: 667696). Our main establishment is in the United Kingdom where decisions about purposes and means of processing are taken and implemented.

10A, Tower 42, 25 Old Broad Street, London, EC2N 1HQ
T: +44 (0)20 7398 7600
E: info@caytonslaw.com

11. We act for clients including clients who are also Registered Data Controllers

Processing of Personal Data

12. We process Personal Data fairly and lawfully under the DPA and GDPR in all aspects of our practice as a firm of solicitors.
13. We process Personal Data in the conduct of our practice as a firm of solicitors, including:
    • Obtaining and collecting
    • Holding and storing
    • Retrieving
    • Consulting
    • Using
    • Transmitting and disclosing
      Personal Data, which includes:
    • Personal details
    • Family details
    • Lifestyle and social circumstances
    • Goods and services
    • Financial details
    • Business of the Data Subject whose Personal Data we are processing
    • Education and employment details
    • Physical or mental health details
    • Racial or ethnic origin
    • Political opinions
    • Religious or other beliefs
    • Sexual life
    • Trade union membership
    • Offences and alleged offences
    • Criminal proceedings, outcomes and sentences
14. There is no automated decision-making, including profiling, by us using Personal Data.
15. We only process Personal Data for the purposes for which the Personal Data was obtained.
16. The purposes of processing Personal Data include pursuing our legitimate interest, as Data Controller, of conducting a legal practice.
17. We do not routinely transmit Personal Data outside of the United Kingdom.

Acting for Clients

18. We obtain and receive on behalf of our clients Personal Data from Data Subjects and from many sources, including:
    • Our clients
    • Other representatives of our clients such as their insurance brokers and other professional advisers of clients
    • Publicly accessible sources such as HM Land Registry, Companies House and local authorities
    • Factual witnesses contacted by us
    • Expert witnesses instructed by us
    • Parties in dispute with our clients and firms of solicitors acting for them including disclosure and inspection under Civil Procedure Rules Part 31
19. Some Personal Data is obtained by us under relevant statutory or contractual requirements.
20. We use Personal Data as an integral part of all aspects of our practice when acting for clients, including:
    • Receiving instructions from our clients
    • Investigating matters in which we are acting for our clients
    • Advising and reporting to our clients
    • Conducting pre-action correspondence on behalf of our clients with parties in dispute with our clients or solicitors acting for those parties
    • Preparing and serving statements of case in litigation
    • Giving disclosure and inspection under Civil Procedure Rules Part 31 in litigation
    • Preparing and serving witness statements in litigation
21. We transmit and disclose Personal Data to many parties, including
    • Our clients
    • Other representatives of clients such as insurance brokers and other professional advisers
    • Parties in dispute with our clients and firms of solicitors acting for them
    • Counsel and Expert Witnesses instructed by us
    • Courts, arbitrators, adjudicators and mediators
    • Regulators and law enforcement agencies
    • External suppliers of services such as bulk photocopiers and IT specialists
22. We hold and store Personal Data when our retainers with our clients have ended according to criteria agreed with our clients.

Other Aspects Of Our Practice

22. We obtain Personal Data from Data Subjects and from many sources, including:
    • Our employees
    • Individuals applying to be our employees
23. We use Personal Data as an integral part of all aspects of our practice, including:
    • Invitations to marketing events
    • The employment of our employees
    • Creating content for our website
24. We transmit and disclose Personal Data to many parties, including:
    • Regulatory and law enforcement agencies
    • Our accountants and other professional advisors
    • Our insurers
    • Our lenders
25. We hold and store Personal Data according to relevant contractual and statutory and regulatory requirements, including requirements of:
    • Solicitors Regulation Authority
    • HMRC
    • Employment legislation

Rights of Data Subjects

26. Data Subjects have rights under, but subject to, the DPA and GDPR, including:
    • Right to be informed of material breaches of the DPA and GDPR
    • Right to access to Personal Data
    • Right to rectification of Personal Data
    • Right to erasure of Personal Data
    • Right to restrict processing of Personal Data
    • Right to portability of Personal Data
    • Right to object to Personal Data
    • Right not to be subject to automated decision-making, including profiling
    • Right to lodge a complaint with Information Commissioner’s Office
27. Further information regarding rights of Data Subjects are on the website of the Information Commissioner’s Office