Farringford Legal Privacy Policy

Effective Date: September 2025

1. Introduction

Farringford Legal (“FL”, “we”, “our”, “us”) is a legal services provider based in the United Kingdom. While FL itself is not regulated by the Solicitors Regulation Authority (SRA), the individual lawyers who work with or are employed by FL are qualified legal practitioners and are each authorised and regulated by the SRA in their personal capacities. We are committed to maintaining the highest standards of privacy, confidentiality, and professional ethics in our handling of personal data, in accordance with the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the European Union General Data Protection Regulation (EU GDPR).

This Privacy Policy explains how we collect, use, store, share, and protect personal data in the course of our business activities. It also outlines the rights of individuals regarding their personal data and explains our use of artificial intelligence (AI) tools in delivering certain legal or business functions. By engaging with us, using our services, or visiting our website, you are deemed to have read and understood the contents of this policy. 

Should you have any questions or require further information, you may contact us at info@farringfordlegal.co.uk or by writing to us at our registered address: 24 Kent Road, East Molesey, Surrey KT8 9JZ.

2. Scope of This Policy

This Privacy Policy applies to all individuals whose personal data is collected or processed by Farringford Legal. This includes clients and prospective clients, representatives of client organisations, suppliers, business contacts, event participants, and users of our website and digital platforms. It applies regardless of whether personal data is provided directly by you, collected automatically through your use of our online services, or obtained from a third party acting on your behalf.

When you access our website, complete an online form, make an enquiry, subscribe to our updates, or otherwise communicate with us electronically, your personal data may be collected and processed. This policy also governs the data we collect in the context of providing legal services, conducting client due diligence, maintaining professional records, and assessing job or internship applications. Furthermore, it extends to personal data that may be collected during our use of AI tools for internal purposes or client support.

We encourage you to read this policy carefully to understand how we manage your data, how we comply with our legal obligations, and how you can exercise your rights.

3. Categories of Personal Data We Collect

Farringford Legal collects a variety of personal data depending on your relationship with us and the nature of our interaction. For individuals who become clients or enquire about our services, we collect identification details such as your full name, date of birth, nationality, and, where applicable, passport or identity documentation. Contact details, including residential and business addresses, telephone numbers, and email addresses, are also recorded.

If you are instructing us in a professional capacity, we may collect information about your employment, including your job title, employer name, professional qualifications, and regulatory credentials. We may also gather information related to your legal matter or transaction, including correspondence, contracts, case documents, and notes from our interactions.

For users of our website, we may collect technical information such as your IP address, browser type, operating system, and usage data regarding how you interact with our site. This helps us understand user preferences and improve website functionality. Cookies and similar tracking technologies may be used, with your consent, to gather information on website navigation patterns and to personalise content.

When you attend events or sign up to receive marketing material, we will retain the information you provide such as your name, business details, and topic preferences. If you apply for a job or placement with us, we collect your curriculum vitae (CV), educational history, work experience, references, and any other information you supply during the recruitment process. In some cases, and only with your consent, we may process special categories of data such as health or criminal record information where required for a specific lawful purpose.

In all cases, we only collect personal data necessary for our legitimate business purposes or as required by law.

4. How We Collect Your Personal Data

We collect personal data through various channels depending on the context of our relationship. When you engage with us directly—either as a client, contact, or job applicant—you may provide information by completing forms, sending correspondence, participating in meetings, or communicating by telephone, email, or video conferencing. Our website also collects data via forms, cookies, and analytics tools when you browse or interact with online content.

We may also receive personal data from third parties acting on your behalf, such as your employer, legal representatives, or financial institutions. In the context of legal services, information may be collected from public sources including Companies House, the Land Registry, the Electoral Register, and legal or regulatory databases. Where required by law, we may perform background checks through regulated providers to ensure compliance with anti-money laundering, anti-bribery, and sanctions obligations.

During recruitment, we may receive personal data from third-party recruitment agencies, referees, academic institutions, and professional accreditation bodies. These third parties are expected to provide your data lawfully and with your knowledge or consent.

If you become our client, we are required to conduct due diligence checks on you in order for us to comply with our anti-money laundering obligations. In undertaking such checks, we may ask individuals to provide personal information, including but not limited to your identification documents such as passport and or driving licence, and your proof of address for the last three months. We will retain such data for five years following the end of the business relationship with you or the date of the occasional transaction, whichever is later, unless a longer retention period is required by law or for the purposes of court proceedings. 

In all cases, we take steps to ensure that the data we collect is accurate, relevant, and limited to what is necessary for the intended purpose. For more information about your legal rights in relation to your personal data, please refer to paragraph Your Data Protection Rights.

5. Use of Artificial Intelligence (AI)

At Farringford Legal, we use artificial intelligence (AI) tools in limited and controlled ways to support the efficient delivery of legal services and business operations. AI is not used to make final legal judgments or decisions, and all outputs generated by AI systems are reviewed by qualified legal professionals prior to any action being taken based on such results.

We may use AI-enabled tools for tasks such as summarising lengthy legal documents, identifying key clauses in contracts, conducting automated due diligence and anti-money laundering checks, categorising correspondence, and supporting internal knowledge management. We may also use natural language processing technologies to conduct legal research or to search case law databases more effectively.

When AI tools process personal data, we ensure that such use is lawful, transparent, and fair. Data input into AI systems is anonymised or pseudonymised wherever possible to reduce the risk of identification. The AI tools we use are subject to rigorous review for accuracy, security, and compliance with UK GDPR standards. We only partner with AI providers who demonstrate adequate safeguards, including data protection agreements and ethical review processes.

We do not use AI to profile individuals or to engage in automated decision-making that produces legal effects or significantly affects data subjects, without meaningful human involvement. Our internal governance framework ensures that AI use is documented, risk-assessed, and continually monitored to protect individual rights and maintain professional accountability.

6. Legal Basis for Processing Personal Data

FL only processes personal data when we have a valid legal basis to do so under applicable data protection legislation. The most common lawful basis for processing is where it is necessary for the performance of a contract to which you are a party. This applies when we are providing legal services to you or your organisation.

We also process data to comply with our legal obligations, such as those arising from anti-money laundering laws, tax regulations, or rules imposed by legal and professional bodies. In some situations, we may rely on your consent—for example, when sending you marketing materials, processing special categories of data, or using certain cookies on our website. You may withdraw your consent at any time without affecting the lawfulness of prior processing.

In addition, we may process personal data on the basis of our legitimate interests or those of a third party, provided that these interests are not overridden by your own rights and freedoms. Examples include preventing fraud, improving service delivery, securing our IT systems, or managing our client relationships. When relying on legitimate interest, we perform a balancing test to ensure that your privacy is not unduly affected.

In rare cases, we may process data to protect vital interests or where it is necessary for the establishment, exercise, or defence of legal claims.

7. Data Retention and Storage

Farringford Legal retains personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements. The specific retention period depends on the type of data and the context in which it was provided.

Client matter files, including correspondence, advice, and supporting documentation, are generally retained for at least seven years from the date of closure of the matter. In some cases—such as those involving trusts, probate, or property transactions—we may retain records for longer periods due to regulatory or legal obligations, or based on the client's instructions.

Personal data collected for marketing purposes will be kept for as long as you remain subscribed to our mailing lists. You may unsubscribe at any time using the link in our emails or by contacting us directly. Once you unsubscribe, we will retain only the minimum information required to ensure your preferences are respected and not re-activated in error.

In recruitment scenarios, applicant data is retained for up to six months following the completion of the recruitment process unless consent is obtained to retain it for future opportunities. If successful, your data becomes part of your personnel record and will be retained in accordance with our employee data policy.

All personal data is securely deleted or anonymised when it is no longer needed. We maintain and regularly review a formal data retention and destruction policy to ensure ongoing compliance.

8. Data Sharing and Disclosure

Farringford Legal may share personal data with trusted third parties to enable us to operate effectively, comply with our legal duties, and deliver legal services to you. All such third parties are subject to strict confidentiality obligations and are required to implement appropriate data protection safeguards.

Personal data may be shared with external professionals, such as barristers, expert witnesses, accountants, translators, or other solicitors, when it is necessary to progress your legal matter. It may also be shared with courts, tribunals, regulators, and governmental authorities where legally required or in support of litigation, investigations, or compliance procedures.

We also work with service providers who help us run our business, including IT service providers, secure cloud storage providers, document automation tools, mailing and event partners, and AI technology vendors. Where these services involve data processing, we enter into written agreements to ensure compliance with data protection laws and limit the provider’s use of your personal data.

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We will never send you unsolicited marketing communications by telephone or SMS without your explicit consent. Any marketing activities are limited to individuals who have opted in or who have an existing client relationship with us that justifies such contact under applicable laws.

In the event that we undergo a business reorganisation, merger, or sale of assets, your personal data may be transferred to another entity within the same corporate group or to a successor organisation. In such cases, we will ensure that the new data controller continues to observe this Privacy Policy and implements appropriate privacy safeguards.

9. International Data Transfers

While Farringford Legal operates primarily within the United Kingdom, some of our service providers may process personal data in countries outside the UK and European Economic Area (EEA). If it becomes necessary to transfer your personal data internationally, we will do so in full compliance with data protection legislation.

In instances where the recipient country has not been deemed to offer an adequate level of protection by the UK Government or European Commission, we will rely on appropriate safeguards. This may include entering into Standard Contractual Clauses (SCCs) approved by the Information Commissioner’s Office (ICO) or using other lawful mechanisms.

We will inform you if your data will be transferred outside of the UK or EEA in the context of providing legal services and will take steps to ensure that your data remains secure, your rights are upheld, and access is limited to only those who need it for legitimate business reasons.

10. Data Security Measures

We take the security of your personal data seriously and have implemented a combination of organisational and technical measures to safeguard it from loss, misuse, unauthorised access, alteration, or disclosure.

Our offices are physically secured with controlled access, and our digital systems are protected by firewalls, intrusion detection, password policies, and multi-factor authentication. All data stored electronically is encrypted both in transit and at rest, and sensitive paper files are stored securely with restricted access.

Our staff and consultants are trained regularly on data protection obligations and confidentiality. All individuals working with or for Farringford Legal must sign confidentiality agreements and are bound by ethical standards. We also conduct regular risk assessments and audits of our IT and data handling practices, particularly in relation to our AI tools and any third-party processors.

Despite these precautions, the transmission of information over the internet can never be guaranteed to be completely secure. We cannot accept responsibility for unauthorised access to data that occurs due to factors beyond our control. However, we continually monitor our systems and update our protocols to respond to emerging threats.

11. Your Data Protection Rights

Under the UK GDPR and, where applicable, the EU GDPR, you have a number of legal rights in relation to your personal data. These rights allow you to maintain control over how your information is used and include:

• The right to request access to the personal data we hold about you and to obtain a copy of it, known as a “subject access request.”
• The right to request correction of inaccurate or incomplete information.
• The right to request deletion of your personal data, commonly known as the “right to be forgotten,” where there is no legal basis for continued processing.
• The right to restrict the processing of your data under certain conditions, such as when its accuracy is disputed.
• The right to object to processing where it is based on our legitimate interests or for direct marketing.
• The right to request the transfer of your data to another organisation in a structured, commonly used, and machine-readable format, where applicable (data portability).
• Where processing is based on your consent, the right to withdraw that consent at any time.
• 
  

To exercise any of these rights, please contact us at info@farringfordlegal.co.uk. We may need to verify your identity before fulfilling your request and will respond within one calendar month, in accordance with legal requirements. In some cases, a small administrative fee may apply, or we may decline a request if permitted under the law.

You also have the right to lodge a complaint with the Information Commissioner’s Office if you believe we have not handled your personal data in accordance with the law. More information can be found at https://ico.org.uk or by calling 0303 123 1113.

12. Third-Party Websites

Our website may contain links to third-party websites, social media platforms, or service providers. These external sites are not controlled or endorsed by Farringford Legal, and this Privacy Policy does not apply to them. We encourage you to review the privacy policies of any third-party sites you visit, as we are not responsible for how they collect, use, or protect your personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our business operations, or our use of technology, including AI. When we make changes, we will update the “Effective Date” at the top of this page and publish the revised version on our website. In cases of material changes, we will provide additional notice where appropriate, such as by email or other means of direct communication.

We recommend that you review this policy periodically to remain informed about how we protect your privacy and uphold your rights.