CLIENT PRIVACY NOTICE
OUR DATA PROTECTION PRIVACY POLICY
Document Control
- Owner: Data Protection Officer – David Pett
- Version: 2.0
Changes made in this version (September 2025):
- Updated references to the Data (Use and Access) Act 2025 (DUAA) alongside UK GDPR and the Data Protection Act 2018.
- Added clarification on reliance on Recognised Legitimate Interests as a lawful basis for processing.
- Included the new power of courts to inspect withheld Personal Data under Subject Access Requests (SARs) and portability requests.
- Clarified individual rights regarding automated decision-making and profiling under DUAA.
- Minor updates to special category data processing grounds and retention/disclosure notes.
Introduction
MJP Conveyancing Limited is authorised and regulated by the Solicitors Regulation Authority (recognised body number 590889). All references to “us” or “we” throughout this statement are to MJP Conveyancing Limited.
This policy is compiled with reference to the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data (Use and Access) Act 2025, and describes our role as a controller and processor of personal data.
What information do we hold about you?
During the course of our business it is necessary for us to obtain and process personal information (“Personal Data”) about a range of individuals. We take the protection of Personal Data seriously, and this policy sets out a summary of how we use it. Please contact us if you have any questions.
Information about our clients
We collect Personal Data from our clients and enquirers only to the extent necessary to provide our services and comply with legal obligations.
We may also receive data from other professionals, parties in a matter, connected individuals, and public sources. To verify data, we may use third-party checks, including ID verification.
If you do not provide required Personal Data, it may not be possible for us to provide services to you.
Information about others
In the course of providing services, we may collect Personal Data relating to third parties such as beneficiaries, witnesses, attorneys, or parties connected to our client’s matter.
Marketing information
We may hold your Personal Data if you enquire with us or request to join our mailing list.
You may withdraw consent or unsubscribe at any time. We will not send you marketing communications without your consent, nor will we share your Personal Data with third-party marketers without explicit consent.
How we use your Personal Data
We use Personal Data for:
- Performing contracts with you
- Complying with legal obligations (e.g. SRA Code of Conduct, anti-money laundering)
- Where you have consented for a specific purpose
- Where it is necessary for our legitimate interests, including service delivery, complaint handling, conflict checks, business administration, and legal rights enforcement
Amendment (DUAA 2025): We may also rely on “Recognised Legitimate Interests” as a lawful basis for processing, in which event we will specifically identity the relevant law.
Special categories of personal data
In limited cases we may need to process special category data (health, ethnicity, beliefs, biometric data, etc.).
We will only process such data if:
- You give explicit consent
- It is necessary to protect vital interests where consent cannot be obtained
- It is needed for legal claims or judicial purposes
Or where new statutory grounds under the Data (Use and Access) Act 2025 apply
Who we may share your Personal Data with
We may share data with:
- Infrastructure and service providers (e.g. search providers, complaint bodies)
- Regulatory bodies and auditors
- Third parties in case of a business sale
- Law enforcement/regulators to prevent unlawful activity or as required by law
- Third parties (e.g. Will providers) where you have consented
Amendment (DUAA 2025): Please note Courts now have the power to inspect Personal Data that has been withheld under Subject Access Requests (SARs) or portability requests. We may be required to disclose such data securely to the courts.
How we keep your data secure
We use appropriate technical and organisational measures to safeguard Personal Data, including secure servers, restricted access, and UK-based storage.
How long do we keep your data?
We retain Personal Data only as long as necessary, in line with our retention policy and legal obligations. Generally, data connected to a legal matter will be kept for a minimum of 7 years.
Your rights
You have rights in relation to your Personal Data, including:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure (“right to be forgotten”)
- Right to restrict processing
- Right to data portability
- Right to object
- Rights relating to automated decision-making and profiling
Amendment (DUAA 2025): If a decision is made solely by automated means, you will be informed and provided with meaningful information about the logic involved. You also have the right to contest such decisions and request human review.
You also have the right to complain to the Information Commissioner’s Office (ICO):
www.ico.org.uk.
Contact
For questions, please contact our Data Protection Officer:
David Pett