Privacy policy

Important information about your privacy

Any personal information we collect from you is processed in line with applicable data protection laws including the EU General Data Protection Regulation (GDPR) and this notice. When you use our website, our Privacy Policy located on our website applies.

Withers LLP (“we”, “us” and “our”) is the ‘data controller’ for the personal information you share with us.

If you have any specific concerns around the privacy of your personal information or require further information about how we manage your personal information, please get in touch with us directly:

By post: GDPR Office, 20 Old Bailey, London, EC4M 7AN

By phone: +44 (0) 20 7597 6303

By email:


As a Withers LLP client, we collect personal information about you in connection with our legal products and services in the following ways:

  • from your application for a Withers LLP product or service; (either for yourself or for our client whom you represent)
  • through analysis of your transactions and activities with us
  • publicly available sources, such as Companies House
  • as part of our new business intake procedures in the course of providing you with legal services
  • your personal interactions with us, such as face to face meetings, telephone calls, correspondence, various forms of electronic communications and your use of our website
  • analysis of your dealings and transactions with us
  • by consulting third parties, such as credit reference agencies, market research, surveys, social networking sites, fraud prevention agencies, government and law enforcement agencies
  • reviewing information about you and third parties from sources which are publicly available, such as Companies House.


Personal information we collect may include:

  • basic data such as your name, surname, title, date of birth and gender and your relationship to other persons
  • contact data such as postal address, email address and telephone numbers
  • financial data such as your bank account details, and payments made to and received from you
  • new business intake data such as the numbers of your identity documents and other data provided by you or collected by us as part of our new business intake and client due diligence procedures
  • marketing and communications data such as your preferences in receiving marketing from us and our third parties and your communication preferences
  • matter related data such as Personal data provided to us by or on behalf of our clients or generated by us in the course or providing services to them, which may include special categories of data such as your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data and criminal convictions and offences
  • business administration and administrative purposes.


We are allowed to use personal information only if we have a suitable legal basis to do so. We will only process your personal data on one of the following legal bases:

  • to fulfil a contract we have with you
  • when it is our legal duty
  • when it is in our legitimate interest and is not overridden by your interests, rights and freedoms
  • when you consent to it.

A legitimate interest is when we have a business or commercial reason to use your information including but not limited to internal administrative purposes, product development and enhancement, preventing fraud, ensuring network and information security. However, this is only where our legitimate interests are not overridden by your interests, rights and freedoms.


We may use your personal information for the following purposes:

  • to create and administer your client account and administer your account to help tailor our services to you
  • to communicate with you, and provide information on specific products and/or services when you request it
  • to help us prevent, detect and investigate fraud and other financial crimes
  • in order to meet our legal obligations, such as conducting Anti-Money Laundering and Know Your Customer checks
  • to maintain the security of our services, as well as to detect and investigate activities that may be illegal or prohibited
  • to send you marketing information. You can unsubscribe from receiving these communications at any time by emailing Please see the section below “What rights and options do you have” for more information.
  • to profile you to enable us to personalise our service offerings and related communications.


We may share your personal information with:

  • our service providers and third parties who provide services on our behalf
  • agents and administrators who we use to help run your accounts (credit referencing agencies, fraud prevention and law enforcement agencies, regulators, governments, courts, dispute resolution bodies, auditors)

We do this to:

  • prevent fraud and other financial crimes respond to enquiries and complaints
  • undertake transactional analysis
  • evaluate the effectiveness of marketing and for market research and training
  • support the provisions of service
  • comply with legal obligations, court orders, laws or regulations.


Your data may be transferred outside of the European Union from time to time to members or businesses within the Withers LLP group of companies or to trusted service providers and third parties.

In all cases, the transfer will be on the basis of a European Commission adequacy decision or we will implement adequate safeguards to protect your personal information, such as the European Commission approved Standard Contractual Clauses or the EU-US Privacy Shield certification if your data is transferred to a Shield certificated organisation in the USA. To obtain further information on the data transfer mechanisms on which we rely, please contact us as set out below.

In some countries the law may require us to share certain information, for example with tax authorities. In these cases, we will only share the data with people who have the legal right to see it.


We take all reasonable precautions to keep your personal information secure, including safeguards against unauthorised access, use, or data loss. This includes ensuring our staff, partners and any third parties who perform work on our behalf comply with security standards as part of their contractual obligations.


We will retain your personal information for as long as is necessary for the purposes described above. Typically, we will retain your data to fulfil our business purposes, to comply with legal and regulatory requirements, or for any legal claims. We may keep your data for longer where this is necessary for statistical and historical research purposes. However, we will ensure all personally identifiable information is removed and at the appropriate time.


As well as our obligations, and commitment, to respect the privacy of your information, you also have certain rights relating to the personal information we hold about you which are outlined below. None of these are absolute and are subject to various exceptions and limitations.
You can exercise these rights at any time by contacting us using the contact details above.

You may have some or all of the following rights in respect of the information about you that we process:

  • request us to give you access to it
  • request us to rectify and update it
  • request us to restrict our using it, in certain circumstances
  • request us to erase it, in certain circumstances object to our using it, in certain circumstances
  • withdraw your consent to our using it
  • data portability, in certain circumstances
  • request us not to use it for direct marketing.


You can exercise these rights at any time by contacting us using the contact details provided.

  • we may need to validate your identity before we can respond to your request
  • if we are unable to confirm your identity, or have strong reasons to believe that your request is unreasonably excessive or unfounded, we may deny it
  • once we have validated your identity, we aim to respond to your requests within 30 days and no later than three months from receipt of complex requests. We will let you know if we need additional time to complete
  • we will always let you know whether we accept, or refuse, your request.


If you have any concerns about the use of your personal data, or the way we handle your requests relating to your rights, you can raise a complaint directly with us using the contact details provided.

If you are not satisfied with the way we handle your complaint, you are entitled to raise a complaint directly with a relevant Supervisory Authority. The UK Information Commissioner’s Office via the details available on their website:


We may update this notice (and any supplemental privacy notice) from time to time. We will notify you of the changes where required by law to do so. This notice was last modified on 24 May 2018.