Manders Law Limited is committed to protecting and respecting your privacy.

This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand how we will treat it, protect it and to understand more about your rights. By providing your personal information to us you are agreeing to us using your information as described in this policy.


We or Us: Manders Law Limited of 1 Cornhill, London, EC3V 3ND
Personal data: Any data or information, in electronic or organised hard copy, that identifies you personally or which relates to you when you are identifiable.
Special categories of personal data: Sensitive information relating to you, namely: health records; information regarding your sex life, sexual orientation, political opinions, religious or philosophical beliefs, racial or ethnic origin, trade union membership; and genetic and biometric data

Personal data we process

  • Names and contact details
  • ID and other information we require to conduct due diligence
  • Personal and financial information relating to our clients’ legal matters
  • Special categories of personal data, where relevant to our clients’ legal matters

Our lawful basis for processing your personal data and special categories of personal data (sensitive information)

  • If you are a client, processing of personal data is necessary for the performance of our contract to provide legal services and/or in order to take steps at your request prior to entering into such a contract. The solicitor-client relationship is a contractual one, and to perform our contract, it is unavoidable that this requires us to process personal data.
  • We are permitted by law to process personal data where this is necessary to comply with legal duties. We have legal and regulatory duties to process certain personal data, including ID and other information we require to conduct due diligence.
  • We are permitted by law to process personal data where this is necessary for the purposes of pursuing legitimate interest, whether our own or those of third parties such as our clients. We and our clients have a legitimate interest in giving and receiving advice and assistance and in processing personal data in connection with the provision of those services and for the purposes described below.
  • If we have given consent to the processing of your personal data (including special categories of personal data), then we may process that data for the purposes for which you have given consent.
  • For special categories of personal data, we are permitted to process personal data (e.g. health records) where it is necessary for the establishment, exercise or defence of legal claims.

How will we use your personal data

We use personal data processed by us for the following purposes:

  • to identify clients and provide you with the legal services requested;
  • to provide clients with information requested about services we offer;
  • to carry out our obligations arising from any contracts entered into between our clients and us and to provide clients with the information and services that you request from us;
  • to notify you about changes to our service;
  • to deal with your feedback, query or complaint;
  • to market our business;
  • to conduct due diligence on our client, including for money laundering purposes;
  • to carry out checks in relation to conflicts of interests
  • we also use your information to administer, support, improve and develop our business generally and to enforce our legal rights.

Where we get your personal data from

  • Our clients and our clients’ representatives
  • Public records
  • Other parties we are instructed to contact (e.g. doctors, employers, accountants, banks, medical professionals, friends, family, witnesses, other parties with an interest in a particular legal matter (and their representatives), courts, regulatory bodies and other advisors and specialists related to the matter)

Your data rights

Subject to certain exceptions, you may have the right, free of charge, to:

  • Access your personal data (known as a subject access request)
  • Have mistakes rectified
  • Have your personal data erased by us or restrict the way we process your personal data (subject to certain conditions)
  • ‘Port’ your personal data to another provider
  • Object to us using your personal data for direct marketing – simply
  • Not be subject to ‘automated processing’ (often referred to as ‘profiling’).

You simply need to contact us to exercise any of your rights. If we send any marketing emails, there will always be an ‘unsubscribe’ button.

As Solicitors, we have a duty to keep the affairs of our clients confidential. We may not be able to confirm whether we process your personal data or not if doing so may compromise client confidentiality or legal professional privilege.

For more information on your legal rights see the Information Commissioner’s website (

Retention of personal data

We are required by our insurers and regulators to keep files and personal data for minimum periods. We are not however permitted to keep personal data indefinitely or for longer than is necessary.

Our retention policy is that the minimum period we will keep files and other personal data relating to a legal matter is six years.

All our files and other documents containing personal data are destroyed securely.

Sharing your personal data

In providing legal services to our clients, we may need to share personal data with other professionals who we instruct on their behalf (e.g. barristers and doctors), third parties who are vital to a matter (e.g. the courts), providers of services that are necessary to progress a legal matter (e.g. to perform our client due diligence checks on clients). In addition, clients may instruct us to share their personal data with third parties such as family members or other representatives.

We may also need to share personal data with our regulators, insurers, and law enforcement agencies.

We use external auditors to review our files for training, compliance and quality.

Where we share your personal data with third parties, we will ensure that they have appropriate data protection arrangements in place.

Where we hold your personal data

Your data will be stored at our offices and on our IT equipment, or where your information is shared with a third party, at their premises or on their IT equipment.

Transferring your personal data outside of the EEA

Since we do not have offices outside England & Wales, we have no reason to transfer your personal data outside the European Economic Area unless you or a third party with whom we must share your personal data are based outside the EEA.

Where we use third party IT services (e.g. ‘cloud’ based software) we shall ensure that their data centres are either within the EEA or that there are lawful safeguards in place to protect your personal data to the same standard as if it were held within the EEA.

Data Protection Officer

We do not have a Data Protection Officer (DPO) but have appointed a Privacy Manager to implement our data protection policies and procedures. Our Privacy Manager’s is Mary-Ann Wright.

For the purpose of Data Protection legislation, the data controller is Manders Law Limited.

Complaints and questions

If you have a complaint or question about our use of your personal data, please contact in the first instance our Privacy Manager.

You may also make complaints direct to the Information Commissioner’s Office (web: tel: 0303 123 1113).

We are using cookies to give you the best experience. You can find out more about which cookies we are using or switch them off in privacy settings.
AcceptPrivacy Settings


  • Google Analytics

Google Analytics

We use Google Analytics to collect and store certain anonymous information when you use, access, or interact with this website. This information is only used by us to help improve our digital services and user experience.