• For Business
    • Property Sales & Purchase
    • Leases, Licences & Tenancies
    • Business Contracts & Structures
    • Business Sales & Purchases
    • Agricultural Property
  • For You
    • Family Law
    • House Sales & Purchases
    • Remortgages
    • Wills
    • Probate
    • Estates & Trusts
    • Elderly Clients
    • Powers of Attorney
    • Court of Protection
  • Church of England
    • Diocesan Registry
  • Our People
    • About Us
    • The Office Dogs
Contact Us
  • Instant Conveyancing Estimate
  • Careers
  • Insights & Events
  • Contact Us
Salisbury Chippenham
  • For Business
    • Property Sales & Purchase
    • Leases, Licences & Tenancies
    • Business Contracts & Structures
    • Business Sales & Purchases
    • Agricultural Property
  • For You
    • Family Law
    • House Sales & Purchases
    • Remortgages
    • Wills
    • Probate
    • Estates & Trusts
    • Elderly Clients
    • Powers of Attorney
    • Court of Protection
  • Church of England
    • Diocesan Registry
  • Our People
    • About Us
    • The Office Dogs
Contact Us
Home » Privacy Policy

Privacy Policy

Privacy Notice – Clients

Privacy Notice for Clients and Prospective Clients
Effective from: 5 June 2026

 

1. Purpose of this Privacy Notice

This Privacy Notice explains how Batt Broadbent collects, uses, stores, shares and protects personal data relating to clients, prospective clients and others connected with client matters.

This notice applies to personal data processed by the firm in connection with its legal services.

This notice is intended to meet the transparency requirements under the UK General Data Protection Regulation, the Data Protection Act 2018 and other applicable data protection legislation.

 

2. Who We Are

Batt Broadbent Solicitors LLP
Minster Chambers, 42-44 Castle Street, Salisbury, Wiltshire, SP1 3TX
www.battbroadbent.co.uk

For data protection purposes, Batt Broadbent Solicitors is usually the “controller” of personal data processed in connection with its legal services. This means that the firm decides why and how personal data is processed.

Complaints relating to this Privacy Notice or the firm’s handling of personal data may be directed to the Data Protection partner (details below).

Where the firm acts in another capacity, for example as a processor for another controller, or jointly with another organisation, this will be explained where appropriate.

 

3. Personal Data We May Collect

The personal data processed by the firm will depend on the nature of the matter and the services being provided. It may include the following categories.

3.1 Identity and contact details

This may include:

1.     full name, including previous names or aliases;

2.     date of birth;

3.     postal address;

4.     email address;

5.     telephone number;

6.     marital or civil partnership status;

7.     nationality;

8.     gender;

9.     occupation and employment details;

10.  National Insurance number;

11.  client reference numbers; and

12.  signatures.

 

3.2 Identification and verification information

To comply with anti-money laundering, sanctions, fraud prevention and professional regulatory obligations, the firm may process:

1.     passports, driving licences and other identity documents;

2.     proof of address documents;

3.     electronic identity verification results;

4.     biometric or facial recognition checks where provided through an identity verification platform;

5.     source of funds and source of wealth information;

6.     bank statements and financial records;

7.     sanctions screening results;

8.     politically exposed person checks; and

9.     company, trust or beneficial ownership information.

 

3.3 Financial and transactional information

This may include:

1.     bank account details;

2.     payment records;

3.     mortgage and lending information;

4.     details of assets and liabilities;

5.     tax information;

6.     invoices and billing records;

7.     client account transactions;

8.     completion statements;

9.     estate accounts;

10.  trust accounts; and

11.  records required for accounting, audit and regulatory purposes.

 

3.4 Matter-related personal data

Depending on the services provided, the firm may process information concerning:

1.     property ownership, occupation and transactions;

2.     leases, tenancies, easements, covenants and other property rights;

3.     commercial property arrangements;

4.     wills, trusts, probate, estates, lifetime gifts and succession planning;

5.     family relationships and family law arrangements;

6.     children and dependants, where relevant to family or private client matters;

7.     marriage, divorce, separation, cohabitation and financial arrangements;

8.     employment, business interests and directorships;

9.     ecclesiastical appointments, offices, licences, permissions, faculties, registers, church property, church governance and related diocesan matters;

10.  correspondence, attendance notes, instructions and advice; and

11.  information about counterparties, beneficiaries, trustees, executors, attorneys, deputies, witnesses, experts, agents and other third parties.

 

3.5 Special category personal data

Some matters require the firm to process more sensitive personal data known as “special category data”. This may include information about:

1.     health, mental capacity or disability;

2.     racial or ethnic origin;

3.     religious or philosophical beliefs;

4.     political opinions, where relevant;

5.     trade union membership, where relevant;

6.     sex life or sexual orientation, particularly in family matters;

7.     genetic or biometric data, where used for identification; and

8.     safeguarding or vulnerability information.

 

3.6 Criminal offence data

The firm may occasionally process data relating to criminal offences, allegations, convictions, cautions or related security measures where relevant to a legal matter, regulatory obligations, safeguarding, anti-money laundering, sanctions screening, fraud prevention, or ecclesiastical and diocesan work.

 

3.7 Technical and usage data

When using the firm’s website, portals or electronic communication systems, the firm may process:

1.     IP addresses;

2.     device and browser information;

3.     login credentials and authentication information;

4.     audit trails;

5.     portal activity;

6.     email metadata;

7.     security logs; and

8.     cookie or website analytics data, where applicable.

 

4. Sources of Personal Data

The firm may collect personal data from:

clients directly;
prospective clients;
family members, representatives, attorneys, deputies, executors, trustees, beneficiaries or other persons connected with a matter;
other solicitors, licensed conveyancers, barristers, notaries, mediators and professional advisers;
estate agents, managing agents, landlords, tenants, surveyors, valuers and property professionals;
mortgage lenders, brokers, insurers and financial advisers;
HM Land Registry, HM Revenue & Customs, Companies House, the Probate Registry, the Charity Commission and other public bodies;
courts, tribunals, diocesan and ecclesiastical authorities, registries and public registers;
local authorities, drainage boards, utility providers and search providers;
electronic identity verification, anti-money laundering and sanctions screening providers;
banks and payment service providers;
accountants, tax advisers and auditors;
medical professionals, capacity assessors and expert witnesses, where relevant;
other parties to a transaction, dispute or arrangement;
publicly available sources; and
third-party technology platforms and service providers used by the firm.

 

5. Why We Process Personal Data

The firm processes personal data for the following purposes.

5.1 Providing legal services

This includes:

1.     opening files and taking instructions;

2.     advising on legal rights, obligations and options;

3.     preparing, reviewing and negotiating documents;

4.     communicating with clients and third parties;

5.     undertaking conveyancing and property due diligence;

6.     dealing with wills, trusts, probate, estate administration and tax-related matters;

7.     advising and acting in family law matters;

8.     undertaking ecclesiastical and diocesan registry work;

9.     dealing with agricultural, commercial and ecclesiastical property matters;

10.  completing transactions;

11.  representing clients in negotiations, correspondence and proceedings;

12.  instructing barristers, experts, agents and other professional advisers; and

13.  maintaining records of advice and work undertaken.

 

5.2 Client due diligence and regulatory compliance

This includes:

1.     verifying identity;

2.     checking source of funds and source of wealth;

3.     complying with anti-money laundering legislation;

4.     conducting sanctions checks;

5.     preventing fraud and financial crime;

6.     complying with Solicitors Regulation Authority requirements;

7.     complying with court, tribunal, tax, property registration and professional obligations;

8.     complying with accounting and audit requirements; and

9.     maintaining professional indemnity insurance records.

 

5.3 Managing the firm’s business

This includes:

1.     managing client relationships;

2.     maintaining files, records and internal systems;

3.     issuing invoices and collecting payments;

4.     client account administration;

5.     credit control;

6.     conflict checks;

7.     risk management;

8.     training and supervision;

9.     quality assurance;

10.  business continuity and disaster recovery;

11.  IT security and system administration;

12.  complaints handling; and

13.  defending or bringing legal claims.

 

5.4 Communications and updates

The firm may use contact details to send matter-related communications and, where permitted, legal updates, service information or invitations to events. Marketing communications will be managed in accordance with applicable electronic communications rules, and recipients may opt out where applicable.

 

6. Lawful Bases for Processing Personal Data

The firm will only process personal data where it has a lawful basis under UK GDPR.

Depending on the circumstances, the firm may rely on one or more of the following lawful bases.

 

6.1 Contract

Processing may be necessary to perform a contract with a client or to take steps before entering into a contract. This will usually apply to:

1.     taking instructions;

2.     providing legal services;

3.     communicating about a matter;

4.     billing and payment administration; and

5.     managing the client relationship.

 

6.2 Legal obligation

Processing may be necessary for compliance with legal obligations to which the firm is subject. This may include:

1.     anti-money laundering checks;

2.     sanctions compliance;

3.     tax and accounting obligations;

4.     Solicitors Regulation Authority requirements;

5.     court and tribunal obligations;

6.     HM Land Registry, HM Revenue & Customs and Companies House requirements;

7.     professional conduct obligations;

8.     safeguarding or reporting obligations, where applicable; and

9.     record-keeping requirements.

 

6.3 Legitimate interests

Processing may be necessary for the firm’s legitimate interests, or those of a client or third party, provided those interests are not overridden by the rights and freedoms of the individual. Legitimate interests may include:

1.     providing efficient legal services;

2.     managing and developing the firm’s practice;

3.     maintaining accurate records;

4.     preventing fraud;

5.     protecting the firm, its clients and others from legal or financial risk;

6.     ensuring IT and information security;

7.     carrying out conflict checks;

8.     handling complaints and professional indemnity matters;

9.     recovering debts;

10.  instructing third-party providers, experts and counsel;

11.  defending or pursuing legal claims; and

12.  maintaining business continuity.

 

6.4 Consent

The firm may rely on consent in limited circumstances, for example:

1.     where an individual agrees to receive certain marketing communications;

2.     where consent is required for a particular type of disclosure or processing;

3.     where medical or other sensitive information is obtained with consent in a particular matter; or

4.     where a third-party platform requires explicit user consent for identity verification or related checks.

 

Where processing is based on consent, that consent may be withdrawn at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.

 

6.5 Vital interests

In rare cases, processing may be necessary to protect someone’s vital interests, for example in an emergency or safeguarding situation.

 

6.6 Public task

In some public-facing, ecclesiastical or registry functions or processing may be necessary for the performance of a task carried out in the public interest or in the exercise of official authority, where applicable. This may include certain diocesan registry functions, statutory or quasi-statutory processes, or functions connected with ecclesiastical law and church governance.

 

7. Special Category Data

Where the firm processes special category data, it will do so only where a lawful basis under Article 6 UK GDPR applies and an additional condition under Article 9 UK GDPR is met.

The firm may rely on one or more of the following Article 9 conditions:

explicit consent, where appropriate;
processing necessary for the establishment, exercise or defence of legal claims;
processing necessary for reasons of substantial public interest, where permitted by the Data Protection Act 2018;
processing necessary to protect vital interests, where the individual is physically or legally incapable of giving consent;
processing of data manifestly made public by the individual; and
processing by or on behalf of a body with a religious aim, where applicable and permitted by law, including certain ecclesiastical or diocesan contexts.

 

8. Criminal Offence Data

The firm may occasionally process criminal offence data where necessary and authorised by law. This may include processing required for:

anti-money laundering checks;
sanctions screening;
fraud prevention;
safeguarding;
regulatory compliance;
legal advice and representation;
employment or office-holding issues arising incidentally within a matter; and
the establishment, exercise or defence of legal claims.

The firm will process such data only where appropriate safeguards are in place.

 

9. Who We Share Personal Data With

The firm may share personal data where necessary for the purposes described in this Privacy Notice. Recipients may include:

other solicitors, licensed conveyancers, barristers, notaries and professional advisers;
courts, tribunals, mediators and arbitrators;
HM Land Registry;
HM Revenue & Customs;
Companies House;
the Probate Registry;
the Charity Commission;
the Office of the Public Guardian;
local authorities and other public bodies;
diocesan authorities, registrars, bishops, archdeacons, chancellors, registry officers, parochial church councils, churchwardens and other ecclesiastical bodies or office holders, where relevant;
mortgage lenders and brokers;
banks and payment service providers;
estate agents, managing agents, landlords, tenants, surveyors, valuers, auctioneers and insurers;
search providers and property information providers;
identity verification, anti-money laundering and sanctions screening providers;
accountants, auditors and tax advisers;
medical professionals, capacity assessors and expert witnesses;
translators, process servers, tracing agents, enquiry agents and document management providers;
IT, software, cloud hosting, cyber security, email, telephony, storage and support providers;
outsourced cashiering, bookkeeping, accounting and finance providers;
document production, electronic signature, bundling, archiving and case management providers;
professional indemnity insurers, brokers and claims handlers;
the Solicitors Regulation Authority, the Legal Ombudsman, the Information Commissioner’s Office and other regulators;
law enforcement agencies, where required or permitted by law; and
any other third party where disclosure is necessary for the conduct of a matter, compliance with legal obligations, protection of the firm’s rights, or the proper management of the firm’s business.

The firm uses a range of external systems and service providers. The firm will seek to ensure that external providers process personal data only where appropriate contractual and security arrangements are in place.

 

10. International Transfers

The firm primarily stores and processes personal data in the United Kingdom or the United Kingdom and European Economic Area.

Some external providers may process or allow access to personal data outside the United Kingdom. Where personal data is transferred internationally, the firm will take steps designed to ensure that the transfer is lawful and that appropriate safeguards are in place. These may include:

adequacy regulations;
the UK International Data Transfer Agreement;
the UK Addendum to the European Commission Standard Contractual Clauses;
contractual safeguards with service providers;
transfer risk assessments, where required; and
other measures permitted by UK data protection law.

 

11. How We Protect Personal Data

The firm uses technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures may include:

access controls;
password protection and authentication measures;
encryption where appropriate;
secure client portals and document exchange systems;
secure file storage;
staff confidentiality obligations;
staff training;
IT monitoring and cyber security measures including multi form authentication where appropriate;
secure disposal of paper and electronic records;
supplier due diligence;
professional conduct controls; and
business continuity and backup arrangements.

No method of transmission or storage is entirely risk-free. The firm will take proportionate steps to manage information security risks.

 

12. Client Confidentiality and Legal Professional Privilege

The firm is subject to duties of confidentiality and professional conduct obligations. In addition, some communications and documents may be protected by legal professional privilege.

Personal data may be withheld from disclosure where the firm is legally entitled or required to do so, including where disclosure would breach legal professional privilege, client confidentiality, court obligations, regulatory requirements or the rights of another person.

 

13. How Long We Keep Personal Data

The firm will retain personal data for as long as necessary for the purposes for which it was collected, including legal, regulatory, professional indemnity, accounting and reporting requirements.

Retention periods may vary depending on the type of matter. At the end of the appropriate retention period, personal data will be securely deleted, destroyed, anonymised or archived, unless there is a lawful reason to retain it for longer.

 

14. Individual Rights

Individuals have rights under data protection law, subject to certain conditions and exemptions. These may include the right to:

request access to personal data;
request correction of inaccurate or incomplete personal data;
request erasure of personal data;
request restriction of processing;
object to processing;
request data portability;
withdraw consent, where processing is based on consent;
object to direct marketing; and
complain to the Information Commissioner’s Office.
These rights are not absolute. The firm may be unable to comply with a request in full where, for example, the information is subject to legal professional privilege, must be retained for legal or regulatory reasons, relates to another individual, or is needed for the establishment, exercise or defence of legal claims.

Requests should be sent to the Data Protection partner (details below).

The firm may need to verify identity before responding to a request.

 

15. Complaints

Any complaint about the firm’s handling of personal data should be directed in the first instance to the Data Protection Partner (details below).

The firm will consider and respond to complaints in accordance with its complaints procedure and applicable regulatory obligations.

Individuals also have the right to complain to the Information Commissioner’s Office:

https://ico.org.uk
0303 123 1113

 

16. If Personal Data Is Not Provided

Where the firm requires personal data to provide legal services, comply with legal obligations, conduct identity checks, complete transactions or manage a matter, failure to provide that information may mean that the firm cannot act, cannot continue to act, or cannot complete certain work.

For example, the firm may be unable to proceed if it cannot verify identity, assess source of funds, conduct sanctions checks, obtain information required by a lender, register a property transaction, administer an estate or comply with court, registry, diocesan or regulatory requirements.

 

17. Automated Decision-Making

The firm does not usually make decisions about clients based solely on automated processing that produce legal or similarly significant effects.

Some external systems may use automated tools to support identity verification, anti-money laundering checks, sanctions screening, risk assessment, fraud prevention, document production or workflow management. Where such tools are used, the firm will retain appropriate human oversight where required.

 

18. Changes to This Privacy Notice

The firm may update this Privacy Notice from time to time to reflect changes in the law, regulatory guidance, firm procedures, technology or services.

The latest version will be made available at www.battbroadbent.co.uk

The Data Protection and Complaints partner is:

Sue de Candole
Email: sue.decandole@battbroadbent.co.uk

Tel: 01722 411 141

 

Get in touch

We're here to make your legal matters as stress-free as possible.

Based in Salisbury and Chippenham, we specialise in a wide range of legal services for businesses and individuals.

Contact us

Sign Up to Our Newsletter

Get the latest news delivered to your inbox. We promise only to send relevant, interesting articles and news items, and you can unsubscribe at any time.

This field is for validation purposes and should be left unchanged.

Salisbury Office

01722 411 141

Minster Chambers
42/44 Castle Street
Salisbury
Wiltshire, SP1 3TX

Batt Broadbent
DX58000 Salisbury

Company Number
OC380270

Authorised and regulated by the SRA
No. 591668

Chippenham Office

01249 472 444

65 St Mary Street
Chippenham
Wiltshire
SN15 3JF

Our Services

  • For Business
  • For You
  • Church of England
  • Instant Conveyancing Estimate
  • Make a Payment

About Us

  • Our People
  • The Office Dogs
  • Insights & Events
  • Careers

Useful Links

  • Complaints
  • Diversity Information
  • Probate Pricing and Service Information
  • Conveyancing Pricing and Service Information

  • Privacy Policy
  • Cookie Policy
  • Terms & Conditions
Made by Blue Bee
© Batt Broadbent 2026