Your privacy

For individuals who are clients of SampsonLegal or are making enquiries with a view to becoming clients

“matter” is the term solicitors use to refer to their client’s project, transaction, dispute, etc.

“SRA” refers to the Solicitors Regulation Authority.

How and why I process personal information



Your rights

The SRA logo: important privacy warning

How and why I process personal information

All information relating to one of your matters is stored in a dedicated matter file on SampsonLegal computers in the UK. This includes recordings of telephone calls, which are recorded in order to provide an accurate record of the conversation. When the matter is finished the file will be removed from those computers and archived offline. The archive will be kept for 15 years in case it is needed in connection with a claim and then it will be deleted.

I will not intentionally transfer your personal information outside the EU without obtaining your explicit consent first, but emails can take any route during transmission and emails exchanged between two people in the UK could appear on equipment in countries outside the EU, where they may not be protected by strong privacy or data protection laws. If you have any concerns about this, please raise them with me so that we can discuss alternative arrangements.

I will process your personal information for the purposes described below. The legal basis for this processing is that I have a legitimate interest in pursuing each of those purposes. If there is an additional basis it is stated below.

Your name and contact details – These come from you and are stored in my contacts database as well as the matter file. As well as using them in connection with the matter, I may use them for telling you about legal issues and services which I believe may be of interest to you. I may also use them to obtain financial information about you from credit reference agencies so that I can feel confident that I will be paid promptly. This credit-related financial information will be deleted once I have decided how much credit to allow you. Your name and contact details will be deleted from my contacts database when our relationship appears to have come to an end.

Other information – This comes from you, other people involved in the matter (your staff, your accountant, other parties to the transaction or dispute, etc), official sources like Companies House, and the internet. I will use this other information for:

  • Providing my service to you and collecting and processing my charges. If you are my client, this is also necessary for the performance of my contract with you.
  • Keeping records of your identity and your matters, assessing the likelihood that money-laundering or terrorism-financing might be taking place, and notifying the appropriate authorities if necessary. This may be required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. Unless there is a change in the law, information kept solely for this purpose will be deleted 5 years after I believe my business relationship with you has come to an end.
  • Avoiding conflicts between your interests and those of my other clients. This is required by the common law and by the SRA code of conduct, and my other clients also have a legitimate interest in this. Your name, a very brief description of the matter, and the names of any third parties involved, will be kept in a register for this purpose. This information will be deleted from the register when the archived matter file is deleted. 
  • Keeping business records (timesheets, accounts, copies of invoices, etc). I need to do this in order to comply with tax legislation and the SRA code of conduct.
  • Dealing properly and fairly with complaints. I need to do this in order to comply with the SRA code of conduct and, if you are my client, for the performance of my contract with you.
  • Obtaining professional indemnity insurance and processing insurance claims. I need to do this in order to comply with the SRA indemnity insurance rules.
  • Dealing with claims against me.

I will only process data concerning or revealing your health, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership if you have already made it public, I have your explicit permission to use it for a specific purpose, or I need to use it to establish, exercise or defend legal claims.

You decide what information you provide, but:

  • My advice may be inadequate or inappropriate if you withhold relevant information, and ultimately I may be unable to continue advising you.
  • If I need information to help me assess the likelihood that money laundering or terrorism financing might be taking place, I will have to stop work until you provide it.

I do not make any decisions based solely on automated processing of personal information.


My duty to keep information about you and your matters confidential is set by law and the SRA’s code of conduct. In summary, I have to keep it confidential unless: (i) I need to disclose it in the course of providing my service to you; (ii) you have given me permission to disclose it; or (iii) I am required to disclose it by law or a court order.

If a claim is made against me, or SampsonLegal closes, I may need to transfer my matter files to another firm of solicitors and/or my insurer so that they can deal with any claims against SampsonLegal and/or the insurer. They will have a legitimate interest in having the files for this purpose and they will process your personal information in accordance with their own data protection policies.


To protect your information:

  • Computer files are backed up twice each day.
  • Precautions are taken to reduce the risk of unauthorised access and changes to matter files. This includes removing them from SampsonLegal computers when my work is complete and transferring them to an offline archive.
  • Data on computers, phones, backups, archives and removable memory of any kind is encrypted using strong passwords.
  • Most papers are shredded as soon as they have been scanned for the computer file. When the matter file is archived, important papers will be sent by tracked-and-signed-for post and the rest will be shredded.
  • It is extremely rare for others to have access to my office, and when they do they are closely supervised, all computers are locked, and all papers are locked away.
  • My office is kept locked whenever it is unattended and it is alarmed whenever the building is unattended.

This is all documented in office policies and procedures and they are reviewed every year.

Your rights

The General Data Protection Regulation governs my processing of your personal information and, subject to various conditions and exemptions, gives you the right:

  • To insist that I stop using your personal information for direct marketing
  • To withdraw your consent to my processing at any time – this is only relevant where your consent is the legal basis for my processing, and I will still have a legitimate interest in retaining the information in my archived matter file and will do so
  • To ask for a written explanation of how and why I am processing your personal information, the legal basis for that processing, and who I have disclosed it to or intend disclosing it to
  • To ask for a copy of the information – where I am processing it on the basis of your consent, or on the basis that it is necessary for the performance of my contract with you, you have the right to ask me to provide it to you or a third party in a common and structured electronic format
  • To ask for the information to be corrected or supplemented
  • To ask me to restrict my processing – you may want to do this if you have asked me to correct the information and I am considering your request
  • To object to my processing
  • To ask me to delete the information – but I will still keep a copy of it in my archived matter file
  • To complain to the Information Commissioner’s Office ( 0303 123 1113) about my processing or my response to your requests and objections – the Office will usually want to know that you have already raised your complaint with me and that I have failed to resolve it to your satisfaction, so please contact me first
  • To take legal action in order to obtain compensation for my breaches of the Regulation.

I will respond appropriately within one month of receiving your request.

Every law firm regulated by the SRA is required to display this logo on its website. If you click on it the device you are using will be connected to the IT systems of Yoshki, the Japanese company that operates this logo scheme for the SRA. I have no relationship with Yoshki and I cannot control what information they or the SRA will collect from your device, how or where that information will be stored, if or how it will be protected, how it will be used, or who they will share it with. Nor can I guarantee that they will respect your rights under UK or EU legislation. If you would like more information about any of these matters you should contact the SRA, but if you simply wish to verify that this website is SampsonLegal’s and that SampsonLegal is regulated by the SRA, I recommend that you use the SRA’s law-firm search facility instead.