Privacy Notice – Clients
Privacy Notice for Clients and Prospective Clients
Effective from: 5 June 2026
1. Purpose of this Privacy Notice
This Privacy Notice explains how Batt Broadbent collects, uses, stores, shares and protects personal data relating to clients, prospective clients and others connected with client matters.
This notice applies to personal data processed by the firm in connection with its legal services.
This notice is intended to meet the transparency requirements under the UK General Data Protection Regulation, the Data Protection Act 2018 and other applicable data protection legislation.
2. Who We Are
Batt Broadbent Solicitors LLP
Minster Chambers, 42-44 Castle Street, Salisbury, Wiltshire, SP1 3TX
www.battbroadbent.co.uk
For data protection purposes, Batt Broadbent Solicitors is usually the “controller” of personal data processed in connection with its legal services. This means that the firm decides why and how personal data is processed.
Complaints relating to this Privacy Notice or the firm’s handling of personal data may be directed to the Data Protection partner (details below).
Where the firm acts in another capacity, for example as a processor for another controller, or jointly with another organisation, this will be explained where appropriate.
3. Personal Data We May Collect
The personal data processed by the firm will depend on the nature of the matter and the services being provided. It may include the following categories.
3.1 Identity and contact details
This may include:
1. full name, including previous names or aliases;
2. date of birth;
3. postal address;
4. email address;
5. telephone number;
6. marital or civil partnership status;
7. nationality;
8. gender;
9. occupation and employment details;
10. National Insurance number;
11. client reference numbers; and
12. signatures.
3.2 Identification and verification information
To comply with anti-money laundering, sanctions, fraud prevention and professional regulatory obligations, the firm may process:
1. passports, driving licences and other identity documents;
2. proof of address documents;
3. electronic identity verification results;
4. biometric or facial recognition checks where provided through an identity verification platform;
5. source of funds and source of wealth information;
6. bank statements and financial records;
7. sanctions screening results;
8. politically exposed person checks; and
9. company, trust or beneficial ownership information.
3.3 Financial and transactional information
This may include:
1. bank account details;
2. payment records;
3. mortgage and lending information;
4. details of assets and liabilities;
5. tax information;
6. invoices and billing records;
7. client account transactions;
8. completion statements;
9. estate accounts;
10. trust accounts; and
11. records required for accounting, audit and regulatory purposes.
3.4 Matter-related personal data
Depending on the services provided, the firm may process information concerning:
1. property ownership, occupation and transactions;
2. leases, tenancies, easements, covenants and other property rights;
3. commercial property arrangements;
4. wills, trusts, probate, estates, lifetime gifts and succession planning;
5. family relationships and family law arrangements;
6. children and dependants, where relevant to family or private client matters;
7. marriage, divorce, separation, cohabitation and financial arrangements;
8. employment, business interests and directorships;
9. ecclesiastical appointments, offices, licences, permissions, faculties, registers, church property, church governance and related diocesan matters;
10. correspondence, attendance notes, instructions and advice; and
11. information about counterparties, beneficiaries, trustees, executors, attorneys, deputies, witnesses, experts, agents and other third parties.
3.5 Special category personal data
Some matters require the firm to process more sensitive personal data known as “special category data”. This may include information about:
1. health, mental capacity or disability;
2. racial or ethnic origin;
3. religious or philosophical beliefs;
4. political opinions, where relevant;
5. trade union membership, where relevant;
6. sex life or sexual orientation, particularly in family matters;
7. genetic or biometric data, where used for identification; and
8. safeguarding or vulnerability information.
3.6 Criminal offence data
The firm may occasionally process data relating to criminal offences, allegations, convictions, cautions or related security measures where relevant to a legal matter, regulatory obligations, safeguarding, anti-money laundering, sanctions screening, fraud prevention, or ecclesiastical and diocesan work.
3.7 Technical and usage data
When using the firm’s website, portals or electronic communication systems, the firm may process:
1. IP addresses;
2. device and browser information;
3. login credentials and authentication information;
4. audit trails;
5. portal activity;
6. email metadata;
7. security logs; and
8. cookie or website analytics data, where applicable.
4. Sources of Personal Data
The firm may collect personal data from:
clients directly;
prospective clients;
family members, representatives, attorneys, deputies, executors, trustees, beneficiaries or other persons connected with a matter;
other solicitors, licensed conveyancers, barristers, notaries, mediators and professional advisers;
estate agents, managing agents, landlords, tenants, surveyors, valuers and property professionals;
mortgage lenders, brokers, insurers and financial advisers;
HM Land Registry, HM Revenue & Customs, Companies House, the Probate Registry, the Charity Commission and other public bodies;
courts, tribunals, diocesan and ecclesiastical authorities, registries and public registers;
local authorities, drainage boards, utility providers and search providers;
electronic identity verification, anti-money laundering and sanctions screening providers;
banks and payment service providers;
accountants, tax advisers and auditors;
medical professionals, capacity assessors and expert witnesses, where relevant;
other parties to a transaction, dispute or arrangement;
publicly available sources; and
third-party technology platforms and service providers used by the firm.
5. Why We Process Personal Data
The firm processes personal data for the following purposes.
5.1 Providing legal services
This includes:
1. opening files and taking instructions;
2. advising on legal rights, obligations and options;
3. preparing, reviewing and negotiating documents;
4. communicating with clients and third parties;
5. undertaking conveyancing and property due diligence;
6. dealing with wills, trusts, probate, estate administration and tax-related matters;
7. advising and acting in family law matters;
8. undertaking ecclesiastical and diocesan registry work;
9. dealing with agricultural, commercial and ecclesiastical property matters;
10. completing transactions;
11. representing clients in negotiations, correspondence and proceedings;
12. instructing barristers, experts, agents and other professional advisers; and
13. maintaining records of advice and work undertaken.
5.2 Client due diligence and regulatory compliance
This includes:
1. verifying identity;
2. checking source of funds and source of wealth;
3. complying with anti-money laundering legislation;
4. conducting sanctions checks;
5. preventing fraud and financial crime;
6. complying with Solicitors Regulation Authority requirements;
7. complying with court, tribunal, tax, property registration and professional obligations;
8. complying with accounting and audit requirements; and
9. maintaining professional indemnity insurance records.
5.3 Managing the firm’s business
This includes:
1. managing client relationships;
2. maintaining files, records and internal systems;
3. issuing invoices and collecting payments;
4. client account administration;
5. credit control;
6. conflict checks;
7. risk management;
8. training and supervision;
9. quality assurance;
10. business continuity and disaster recovery;
11. IT security and system administration;
12. complaints handling; and
13. defending or bringing legal claims.
5.4 Communications and updates
The firm may use contact details to send matter-related communications and, where permitted, legal updates, service information or invitations to events. Marketing communications will be managed in accordance with applicable electronic communications rules, and recipients may opt out where applicable.
6. Lawful Bases for Processing Personal Data
The firm will only process personal data where it has a lawful basis under UK GDPR.
Depending on the circumstances, the firm may rely on one or more of the following lawful bases.
6.1 Contract
Processing may be necessary to perform a contract with a client or to take steps before entering into a contract. This will usually apply to:
1. taking instructions;
2. providing legal services;
3. communicating about a matter;
4. billing and payment administration; and
5. managing the client relationship.
6.2 Legal obligation
Processing may be necessary for compliance with legal obligations to which the firm is subject. This may include:
1. anti-money laundering checks;
2. sanctions compliance;
3. tax and accounting obligations;
4. Solicitors Regulation Authority requirements;
5. court and tribunal obligations;
6. HM Land Registry, HM Revenue & Customs and Companies House requirements;
7. professional conduct obligations;
8. safeguarding or reporting obligations, where applicable; and
9. record-keeping requirements.
6.3 Legitimate interests
Processing may be necessary for the firm’s legitimate interests, or those of a client or third party, provided those interests are not overridden by the rights and freedoms of the individual. Legitimate interests may include:
1. providing efficient legal services;
2. managing and developing the firm’s practice;
3. maintaining accurate records;
4. preventing fraud;
5. protecting the firm, its clients and others from legal or financial risk;
6. ensuring IT and information security;
7. carrying out conflict checks;
8. handling complaints and professional indemnity matters;
9. recovering debts;
10. instructing third-party providers, experts and counsel;
11. defending or pursuing legal claims; and
12. maintaining business continuity.
6.4 Consent
The firm may rely on consent in limited circumstances, for example:
1. where an individual agrees to receive certain marketing communications;
2. where consent is required for a particular type of disclosure or processing;
3. where medical or other sensitive information is obtained with consent in a particular matter; or
4. where a third-party platform requires explicit user consent for identity verification or related checks.
Where processing is based on consent, that consent may be withdrawn at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.
6.5 Vital interests
In rare cases, processing may be necessary to protect someone’s vital interests, for example in an emergency or safeguarding situation.
6.6 Public task
In some public-facing, ecclesiastical or registry functions or processing may be necessary for the performance of a task carried out in the public interest or in the exercise of official authority, where applicable. This may include certain diocesan registry functions, statutory or quasi-statutory processes, or functions connected with ecclesiastical law and church governance.
7. Special Category Data
Where the firm processes special category data, it will do so only where a lawful basis under Article 6 UK GDPR applies and an additional condition under Article 9 UK GDPR is met.
The firm may rely on one or more of the following Article 9 conditions:
explicit consent, where appropriate;
processing necessary for the establishment, exercise or defence of legal claims;
processing necessary for reasons of substantial public interest, where permitted by the Data Protection Act 2018;
processing necessary to protect vital interests, where the individual is physically or legally incapable of giving consent;
processing of data manifestly made public by the individual; and
processing by or on behalf of a body with a religious aim, where applicable and permitted by law, including certain ecclesiastical or diocesan contexts.
8. Criminal Offence Data
The firm may occasionally process criminal offence data where necessary and authorised by law. This may include processing required for:
anti-money laundering checks;
sanctions screening;
fraud prevention;
safeguarding;
regulatory compliance;
legal advice and representation;
employment or office-holding issues arising incidentally within a matter; and
the establishment, exercise or defence of legal claims.
The firm will process such data only where appropriate safeguards are in place.
9. Who We Share Personal Data With
The firm may share personal data where necessary for the purposes described in this Privacy Notice. Recipients may include:
other solicitors, licensed conveyancers, barristers, notaries and professional advisers;
courts, tribunals, mediators and arbitrators;
HM Land Registry;
HM Revenue & Customs;
Companies House;
the Probate Registry;
the Charity Commission;
the Office of the Public Guardian;
local authorities and other public bodies;
diocesan authorities, registrars, bishops, archdeacons, chancellors, registry officers, parochial church councils, churchwardens and other ecclesiastical bodies or office holders, where relevant;
mortgage lenders and brokers;
banks and payment service providers;
estate agents, managing agents, landlords, tenants, surveyors, valuers, auctioneers and insurers;
search providers and property information providers;
identity verification, anti-money laundering and sanctions screening providers;
accountants, auditors and tax advisers;
medical professionals, capacity assessors and expert witnesses;
translators, process servers, tracing agents, enquiry agents and document management providers;
IT, software, cloud hosting, cyber security, email, telephony, storage and support providers;
outsourced cashiering, bookkeeping, accounting and finance providers;
document production, electronic signature, bundling, archiving and case management providers;
professional indemnity insurers, brokers and claims handlers;
the Solicitors Regulation Authority, the Legal Ombudsman, the Information Commissioner’s Office and other regulators;
law enforcement agencies, where required or permitted by law; and
any other third party where disclosure is necessary for the conduct of a matter, compliance with legal obligations, protection of the firm’s rights, or the proper management of the firm’s business.
The firm uses a range of external systems and service providers. The firm will seek to ensure that external providers process personal data only where appropriate contractual and security arrangements are in place.
10. International Transfers
The firm primarily stores and processes personal data in the United Kingdom or the United Kingdom and European Economic Area.
Some external providers may process or allow access to personal data outside the United Kingdom. Where personal data is transferred internationally, the firm will take steps designed to ensure that the transfer is lawful and that appropriate safeguards are in place. These may include:
adequacy regulations;
the UK International Data Transfer Agreement;
the UK Addendum to the European Commission Standard Contractual Clauses;
contractual safeguards with service providers;
transfer risk assessments, where required; and
other measures permitted by UK data protection law.
11. How We Protect Personal Data
The firm uses technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures may include:
access controls;
password protection and authentication measures;
encryption where appropriate;
secure client portals and document exchange systems;
secure file storage;
staff confidentiality obligations;
staff training;
IT monitoring and cyber security measures including multi form authentication where appropriate;
secure disposal of paper and electronic records;
supplier due diligence;
professional conduct controls; and
business continuity and backup arrangements.
No method of transmission or storage is entirely risk-free. The firm will take proportionate steps to manage information security risks.
12. Client Confidentiality and Legal Professional Privilege
The firm is subject to duties of confidentiality and professional conduct obligations. In addition, some communications and documents may be protected by legal professional privilege.
Personal data may be withheld from disclosure where the firm is legally entitled or required to do so, including where disclosure would breach legal professional privilege, client confidentiality, court obligations, regulatory requirements or the rights of another person.
13. How Long We Keep Personal Data
The firm will retain personal data for as long as necessary for the purposes for which it was collected, including legal, regulatory, professional indemnity, accounting and reporting requirements.
Retention periods may vary depending on the type of matter. At the end of the appropriate retention period, personal data will be securely deleted, destroyed, anonymised or archived, unless there is a lawful reason to retain it for longer.
14. Individual Rights
Individuals have rights under data protection law, subject to certain conditions and exemptions. These may include the right to:
request access to personal data;
request correction of inaccurate or incomplete personal data;
request erasure of personal data;
request restriction of processing;
object to processing;
request data portability;
withdraw consent, where processing is based on consent;
object to direct marketing; and
complain to the Information Commissioner’s Office.
These rights are not absolute. The firm may be unable to comply with a request in full where, for example, the information is subject to legal professional privilege, must be retained for legal or regulatory reasons, relates to another individual, or is needed for the establishment, exercise or defence of legal claims.
Requests should be sent to the Data Protection partner (details below).
The firm may need to verify identity before responding to a request.
15. Complaints
Any complaint about the firm’s handling of personal data should be directed in the first instance to the Data Protection Partner (details below).
The firm will consider and respond to complaints in accordance with its complaints procedure and applicable regulatory obligations.
Individuals also have the right to complain to the Information Commissioner’s Office:
https://ico.org.uk
0303 123 1113
16. If Personal Data Is Not Provided
Where the firm requires personal data to provide legal services, comply with legal obligations, conduct identity checks, complete transactions or manage a matter, failure to provide that information may mean that the firm cannot act, cannot continue to act, or cannot complete certain work.
For example, the firm may be unable to proceed if it cannot verify identity, assess source of funds, conduct sanctions checks, obtain information required by a lender, register a property transaction, administer an estate or comply with court, registry, diocesan or regulatory requirements.
17. Automated Decision-Making
The firm does not usually make decisions about clients based solely on automated processing that produce legal or similarly significant effects.
Some external systems may use automated tools to support identity verification, anti-money laundering checks, sanctions screening, risk assessment, fraud prevention, document production or workflow management. Where such tools are used, the firm will retain appropriate human oversight where required.
18. Changes to This Privacy Notice
The firm may update this Privacy Notice from time to time to reflect changes in the law, regulatory guidance, firm procedures, technology or services.
The latest version will be made available at www.battbroadbent.co.uk
The Data Protection and Complaints partner is:
Sue de Candole
Email: sue.decandole@battbroadbent.co.uk
Tel: 01722 411 141
Get in touch
We're here to make your legal matters as stress-free as possible.
Based in Salisbury and Chippenham, we specialise in a wide range of legal services for businesses and individuals.
Contact us