Privacy Policy

1. Introduction

Hannaford Turner LLP (the “Firm”) is a law firm and limited liability partnership registered in England under number OC412194 and regulated by the Solicitors Regulation Authority under number 630406. Its registered office is 107 Cheapside, London, EC2V 6DN, United Kingdom.

Please read this Privacy Policy carefully to understand why data is being collected and what we do with that data once in our possession.

We may change the privacy policy of the terms of business from time to time by amending this page. Further information about data privacy may be found in our engagement letter with you.

2. What type of information will we collect from visitors to our website and clients?

Information collected electronically and information available on our website

Please note that that we use Google Analytics on our website and further details on the type of information collected can be obtained from  We will record collected in this way automatically if you use our website, regardless of whether you become a client or not.

Our website may also collect “cookies” from your browser for purposes of analysing how are website is being accessed and used, and to provide enhanced functionality on our website.  This information may be disseminated to third party providers.  You may refuse our collection and use of cookies through selection of the appropriate settings on your browser.

Please note that our website may include links to other sites operated by third parties. We are not responsible for information on these sites, nor for services or products offered by them. Use of such sites, including transmitting your personal data to them, is at your own risk. You should check the privacy policies (and other applicable terms and conditions) of these third-party sites.

Personal information and GDPR

The personal data we collect will depend on the nature of the services we are providing and what we are contracted to do for you.

"Personal data" in this Privacy Policy has the same meaning as in the EU General Data Protection Regulation 2016/679/EU (GDPR). Essentially, it means information which is connected to a living individual who can be identified from that information, either by itself or when combined with other data likely to come into our possession. Personal data can include information collected by certain cookies or tracking technologies (see above) if it builds up a profile of you.

If you are under the age of18 you should not send us any personal data, including your email address.  

Information collected

Typically, personal data will include the following:

Where our client is a company, we will nevertheless require the personal data described above in relation to personnel, including but not necessarily limited to directors of the company (including  but not necessarily limited to any director tasked with instructing us) and the ultimate beneficial owner or owners of that company.  We will assess the exact information required when you instruct us and advise you in detail what we require.   

Where necessary to act in your best interests, and for the establishment, exercise, or defence of your legal matter, we may need to process information which is very sensitive in nature such as diversity and health related details. In some circumstances we may need to share this information with third parties, for example barristers, expert witnesses, a court or tribunal. If you volunteer sensitive personal data, you will be allowing us to process it as part of engaging our services.

3. On what basis can we process information you provide to us?

 The legal grounds for processing personal data you provide to us are as follows:


4. Information collected from you about other people

In commercial matters, we will hold and use personal data about you, your officers and/or your employees in the course of providing our legal, financial and other professional services to you.  When you provide personal data to us relating to your officers or employees, you confirm that you are allowed to do so. You should ensure that those individuals understand how their data will be used by us.

In personal matters you may be providing other third party data to us, for example details about your family members, in which case we will use such data as a data controller in our own right and will comply with data protection legislation in relation to use of that data.  You must have, and by using our services you represent to us that you do have, the authority to disclose personal data if it relates to someone else and all data disclosed should be complete, accurate and up to date.

5. What we are going to do with your information?

We will hold and use personal data about you in the following ways:


6. Information we collect about you from others

Information may be passed to us by third parties in the course of providing our legal services. The processing of this information will be necessary for the progression of your legal matter and to enable us to act in your best interests as your legal representative.

As a law firm we have an obligation to make you aware of anything that is relevant to your matter. When we obtain information about you from a third party rather than from you directly, we will notify you of any relevant information within a reasonable period and provide you with details including the type of data and source it came from. Typically these sources may include:


7. How long we keep your data for

We will only retain your information for as long as is necessary:

Typically we will store the information for six years from the date of your final bill.

8. Who your information will be shared with

Based upon the services you need, we may pass your details to selected people or organisations (data processors) to carry out certain activities on our behalf. For example, personal data you provide may be disclosed to our agents, who may keep a record of that information.

We may pass your information to any third parties where required to do so in the course of providing legal services, or where we are obliged by law.  This will include, but is not limited to:

At the outset of your matter we may not be aware of all the other parties involved as this will depend on the specific nature of the work.

We will not share your information with third parties for marketing purposes.

9. Security of your data

Your personal and other data will be held on secure servers within the European Economic Area ("EEA") with all reasonable technical measures put in place to safeguard it from unauthorised access.  Where possible any identifiable information will be encrypted or minimised.  All firm personal computers and laptops are encrypted. All financial transactions are processed via an external cloud based provider which is compliant with all required security standards.

We have a full Business Continuity Plan in place and review it annually. It covers the restoration of the firm's business activities in line with the SRA Code of Conduct.

Our IT and cybersecurity requirements are under continuous review.

If we have given you a username and password which enables you to access certain parts of your matter on our systems, you are responsible for keeping it confidential. Please do not share it with anyone.

10. Measures when transferring your data to others

There may be occasions where we need to send your data outside the EEA. This would cover situations where we need to deal with international aspects of your matter and instruct overseas organisations to assist.

Some organisations may be located in countries outside of Europe where data protection laws are not as strict as they are in the UK. Where your personal data is being transferred outside the EU, we will undertake an assessment of the level of protection in light of the circumstances surrounding the transfer. We will make sure that any transfers are not repetitive and only limited to the minimum amount of information possible. In certain circumstances we may need to seek your consent unless there is an overriding legal need to transfer the information.

11. How you can access and update your information

You have a right to request a copy of the personal data we hold about you, known as a data subject access request. You also have the right to request that information we hold about you be updated or removed (whether because it may be incorrect, or has changed since you first told us or otherwise). These requests are free of charge and can be sent to our Privacy Partner, at

12. How you can object to us using your data

You can ask us to limit the way in which we are using your information or object to certain types of processing. We will do our best to comply with your request unless we have to use the information for legitimate business or legal purposes.

Please note that if you want us to restrict or stop processing your data this may impact on our ability to provide our services. Depending on the extent of your request we may be unable to continue acting for you and be forced to immediately cease acting. In these situations you would remain liable for the fees and disbursements incurred to date.

Any queries or concerns about the way in which your data is being used can be sent to our Privacy Partner at

13. Moving your information to another organisation

You have the right to request that we send a copy of the personal data we hold about you to another organisation for your own purposes, for example when you are dealing with a different service provider. If you would like us to move, copy, or transfer your information to another organisation please let us know. We will respond to you within one month after assessing whether or not this is possible, taking into account the technical compatibility with the other organisation in question.

14. Automated decision making

We do not use your information for automated decision making.

15. Job applications

The information submitted in a job application will be used for recruitment only. It will not be passed on to any third party or be used by us for marketing or other purposes.

Where we receive speculative job applications we retain details of the name of the potential candidate and date of the relevant application, but delete the CV and any other details within 6 months of receipt. However, where a relevant vacancy exists, the Firm’s recruitment and selection policy will be followed.

All data relating to a job application will be retained by us for a maximum of six months after the recruitment process has concluded when, save for details of the applicant’s name and date of the application, it is deleted from our systems.

16. Complaints about the use of your personal data

If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated by writing to our Privacy Partner, at 

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the UK data protection regulator, the Information Commissioner’s Office.  Further details can be found at or 0303 123 1113.

If you have any questions about how your personal data is being used, please contact our Privacy Partner, at