Data & Privacy Notice

Effective from 1 April 2026

1.   About This Policy

Dean Wilson LLP is committed to protecting the privacy and security of your personal information.

This privacy policy explains how we collect, use, store and share your personal data when you instruct us, use our services, visit our website, or otherwise interact with us.

Dean Wilson LLP, of Ridgeland House, 165 Dyke Road, Brighton, BN3 1TL, is a limited liability partnership registered in England and Wales with registration number OC351755. We are authorised and regulated by the Solicitors Regulation Authority (SRA number 532989).

This privacy policy should be read together with our Terms of Business and any Engagement Letter issued to you. Where those documents contain additional information about how we handle your personal data, they supplement (and do not override) this policy.

This website is not intended for children and we do not knowingly collect personal data from children.

2.   Data Controller

Dean Wilson LLP is the data controller responsible for your personal data. When we refer to "we", "us" or "our" in this policy, we mean Dean Wilson LLP.

3.   Data Protection Contact

The firm's Managing Partner and Compliance Officer for Legal Practice (COLP), James Chadburn, is responsible for overseeing compliance with this privacy policy.

If you have any questions about this policy, about how we handle your personal data, or if you wish to exercise any of your legal rights, please contact us:

Name: James Chadburn (or Craig Shoosmith, Compliance Manager)

Email: DataAct@deanwilson.co.uk

Post: Dean Wilson LLP, Ridgeland House, 165 Dyke Road, Brighton, BN3 1TL

Telephone: 01273 249200

4.   The Information Commissioner's Office

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. You can contact the ICO at www.ico.org.uk.

We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us in the first instance.

5.   Changes to This Policy

We keep this privacy policy under regular review and may update it from time to time to reflect changes in our processing activities, the law, or regulatory guidance.

Where we make significant changes, we will take reasonable steps to notify you (for example, by updating the policy on our website or informing you directly). The most current version will always be available at www.deanwilson.co.uk.

6.   The Personal Data We Collect

Personal data means any information about a living individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer the following categories of personal data:

  • Identity Data — your name (including former names), title, date of birth, gender, marital status, national insurance number, passport or driving licence details, and photographic identification.
  • Contact Data — your home address, correspondence address, email address and telephone numbers.
  • Financial Data — your bank account details, payment card details, source of funds and source of wealth information.
  • Transaction Data — details of payments to and from you, and details of the legal services we have provided to you.
  • Technical Data — internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system, platform, and other technology on the devices you use to access our website.
  • Profile Data — information about the legal services you have used or enquired about, your preferences, feedback and survey responses.
  • Usage Data — information about how you use our website, including pages visited and navigation patterns.
  • Marketing and Communications Data — your preferences for receiving marketing from us and your communication preferences.
  • Communications Data — records of telephone calls, video conferences, emails, letters and other communications between you and the firm, including recordings and transcripts of telephone calls and video conferences (see section 12 below).
  • Verification Data — information collected through electronic identity verification checks (for example, via our third-party verification provider, Legl), including the results of those checks.

Depending on the nature of your matter, we may also need to collect Special Categories of Personal Data, which includes information about your racial or ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health, and genetic or biometric data. We may also collect information about criminal convictions and offences where this is relevant to the work we are doing for you.

We will only process special category data where we have a lawful basis for doing so, such as where it is necessary for the establishment, exercise or defence of legal claims, or where you have given us your explicit consent.

7.   How We Collect Your Personal Data

We collect personal data from you and about you through the following means:

  • Direct interactions — you provide us with personal data when you instruct us, complete forms, correspond with us by post, telephone, email or video conference, attend meetings (in person or remotely), provide documents for the purposes of your matter, or give us feedback.
  • Video conferences and telephone calls — where we conduct meetings by video conference (using platforms such as Microsoft Teams or Zoom) or by telephone, we may record and transcribe those communications. See section 12 for further details.
  • Automated technologies — when you visit our website, we may automatically collect technical data about your equipment, browsing actions and patterns using cookies, server logs and similar technologies. Please see our Cookie Policy for further details.
  • Electronic identity verification — we may collect identity and verification data through electronic verification systems, including our third-party provider Legl.
  • Third parties and publicly available sources — we may receive personal data about you from third parties, including:
  • HM Land Registry, Companies House, the Electoral Register, local authorities, courts and tribunals
  • Other solicitors, barristers, experts or professionals involved in your matter
  • Your bank or mortgage lender
  • Credit reference agencies and fraud prevention agencies
  • Regulatory bodies, including the SRA and HMRC
  • Third-party identity verification providers

If you provide us with personal data about other individuals (for example, family members or business associates), you should ensure that those individuals are aware of this privacy policy and, where appropriate, have consented to you sharing their data with us.

8.   How and Why We Use Your Personal Data

We will only use your personal data where we have a lawful basis for doing so under the UK GDPR. The lawful bases we rely on are:

  • Performance of a contract — where the processing is necessary for the performance of our contract with you (for example, to provide legal services under our Terms of Business and Engagement Letter).
  • Legitimate interests — where the processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interests include the effective and efficient delivery of legal services, the proper administration of our business, maintaining accurate records, business development, and the prevention of fraud and financial crime.
  • Legal obligation — where the processing is necessary for us to comply with a legal or regulatory obligation (for example, anti-money laundering checks, filing SDLT returns with HMRC, or reporting obligations to the SRA or the courts).
  • Consent — in limited circumstances, we may rely on your consent to process your personal data (for example, for certain marketing activities). Where we rely on consent, you have the right to withdraw it at any time.
  • Substantial public interest — where necessary for reasons of substantial public interest, such as the prevention or detection of unlawful acts.

Set out below are the main purposes for which we process your personal data, together with the lawful basis for each:

Purpose / Activity

Type of data

Lawful basis

To register you as a new client and carry out identity verification and anti-money laundering checks

Identity, Contact, Financial, Verification

Performance of a contract; Legal obligation

To provide legal services to you in accordance with our Terms of Business and Engagement Letter, including conducting your matter, giving advice, corresponding on your behalf, and preparing documents

Identity, Contact, Financial, Transaction, Communications, Profile

Performance of a contract; Legitimate interests (effective delivery of legal services)

To record and transcribe telephone calls and video conferences for the purposes described in section 12

Identity, Contact, Communications

Legitimate interests (maintaining accurate records, verifying instructions, training, regulatory compliance); Performance of a contract

To use AI-assisted tools in the delivery of legal services (such as document review, information retrieval, preliminary drafting, and transcription of meetings)

Identity, Contact, Communications, Transaction

Legitimate interests (efficient delivery of legal services); Performance of a contract

To manage payments, send invoices, collect fees and recover debts

Identity, Contact, Financial, Transaction

Performance of a contract; Legitimate interests (recovery of sums due)

To comply with legal and regulatory obligations, including anti-money laundering, sanctions screening, tax filings (including SDLT returns), SRA reporting, and court orders

Identity, Contact, Financial, Transaction, Verification

Legal obligation

To manage our relationship with you, including notifying you about changes to our terms or this privacy policy

Identity, Contact, Profile, Marketing and Communications

Performance of a contract; Legal obligation; Legitimate interests

To send you legal updates, newsletters, event invitations and information about our services

Identity, Contact, Profile, Marketing and Communications

Legitimate interests (business development); Consent (where required)

To administer and protect our business, website and IT systems, including troubleshooting, data analysis, testing, system maintenance and network security

Identity, Contact, Technical, Usage

Legitimate interests (running our business, IT security); Legal obligation

To use data analytics to improve our website, services, marketing, client relationships and experiences

Technical, Usage

Legitimate interests (business improvement)

To deal with complaints and regulatory enquiries

Identity, Contact, Communications, Transaction

Legal obligation; Legitimate interests (defending legal claims and regulatory compliance)

9.   AI-Assisted Tools and Technology

We use AI-assisted tools to support the delivery of our legal services. These tools may be used for tasks such as document review, legal research, information retrieval, preliminary drafting, and the transcription of meetings and telephone calls.

When we use AI tools, your personal data may be processed by the AI tool as part of the task it is performing. We ensure that:

  • all AI tools we use are subject to appropriate data protection and security assessments before deployment;
  • client data processed by AI tools is encrypted both in transit and at rest;
  • all outputs generated by AI tools are reviewed and validated by qualified legal professionals before being relied upon or shared with you;
  • we maintain appropriate contractual safeguards with AI tool providers, including data processing agreements, confidentiality obligations, and restrictions on the use of client data; and
  • we do not permit AI tool providers to use your personal data to train their models or for any purpose other than providing the service to us, unless we have a lawful basis to do so and have informed you.

Our use of AI tools is subject to continuous review to ensure it meets ethical standards and aligns with best practice in the legal profession, as well as SRA guidance on the use of technology.

If you have any concerns about our use of AI tools in connection with your matter, please let us know and we will discuss this with you.

10.  Who We Share Your Personal Data With

We may share your personal data with the following categories of recipients where it is necessary to do so for the purposes described in this policy:

  • Other professionals involved in your matter — such as barristers, experts, other solicitors, surveyors, accountants, financial advisers, mediators, or translators.
  • Third parties to a transaction — such as the other side's solicitors, estate agents, mortgage lenders, management companies, or landlords.
  • Regulators and authorities — such as the Solicitors Regulation Authority, HM Revenue and Customs, the National Crime Agency, the Information Commissioner's Office, HM Land Registry, Companies House, the courts and tribunals, and local authorities.
  • Service providers — third parties who provide services to us, including:
  • IT support, hosting and cloud services (including Microsoft 365 and associated services)
  • Case management systems
  • Electronic identity verification providers (Legl)
  • Secure payment platforms (Legl)
  • Video conferencing platforms (Microsoft Teams, Zoom)
  • AI-assisted tools used in the delivery of legal services
  • Document storage, scanning and printing services
  • Typing, transcription and digital dictation services
  • Accounting and audit services
  • Insurance brokers and professional indemnity insurers
  • Marketing and communications platforms
  • Credit reference and fraud prevention agencies
  • Potential purchasers — if we sell, transfer or merge parts of our business, or if we undergo an internal restructuring, your personal data may be shared with prospective purchasers or new partners. We will ensure that any such party treats your data in accordance with this policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our service providers to use your personal data for their own purposes and only permit them to process it for specified purposes and in accordance with our instructions.

We will never sell your personal data to third parties.

11.  Outsourcing

We may from time to time outsource certain functions or services to carefully selected third-party providers. This may include typing and transcription, document production, IT support and hosting, electronic identity verification, digital dictation, bulk printing, scanning, and other administrative support.

Where we outsource services, we remain responsible for the overall supervision of your matter. We only use outsourced providers who commit to keeping your information confidential and to handling personal data in accordance with data protection law. We require appropriate contractual safeguards, including data processing agreements.

Some outsourced services (including certain IT and cloud-based services) may involve your information being accessed or processed outside the UK. Where this happens, we ensure that appropriate safeguards are in place (see section 13).

If you have any concerns about outsourcing in relation to your matter, please let us know.

12.  Recording and Transcription of Communications

We may monitor, record, store and use communications with you, including telephone calls, video conferences (via platforms such as Microsoft Teams and Zoom), emails, and other electronic communications. We do this for the following purposes:

  • to maintain an accurate record of instructions, advice and information exchanged;
  • to check and verify instructions you have given us;
  • to support the efficient conduct of your matter;
  • to provide training and professional development;
  • to prevent crime and ensure regulatory compliance; and
  • to improve the quality of our client care.

Where we conduct meetings by video conference, we will ordinarily record the meeting and produce a written transcript. Transcription may be carried out using AI-assisted tools integrated within the video conferencing platform or by other means.

We will inform you at the start of any video conference that the meeting is being recorded and transcribed. If you do not wish the meeting to be recorded or transcribed, please tell us before or at the start of the meeting and we will make alternative arrangements.

Where a video conference or telephone call involves third parties (such as other solicitors, experts, or other professional advisers), we will make reasonable efforts to inform all participants that the meeting is being recorded and transcribed before the recording begins.

Recordings and transcripts are stored securely as part of your matter file and are retained in accordance with our document retention policy (see section 14). Access is restricted to those who need it for the conduct of your matter, training, supervision, or regulatory compliance.

We process recordings and transcripts on the basis of our legitimate interests in maintaining accurate records and providing effective legal services, and where necessary for the performance of our contract with you. We may also rely on legal obligation where recordings are needed for regulatory compliance.

Where we use AI-assisted tools to transcribe recordings, the same data protection, confidentiality and security obligations apply as to any other processing described in this policy. All transcripts generated by AI tools are reviewed for accuracy and are not treated as a verbatim record unless expressly confirmed.

By instructing us, you acknowledge and agree to the recording and transcription of communications as described in this section. If you have any concerns, please raise them with the person handling your matter.

13.  International Transfers

We primarily store and process your personal data within the United Kingdom.

Some of our third-party service providers (including certain IT, cloud and AI tool providers) may access or process your personal data outside the UK. Where this happens, we ensure that appropriate safeguards are in place to protect your data, in accordance with the UK GDPR.

These safeguards may include:

  • transfers to countries that the UK government has determined provide an adequate level of data protection (an "adequacy decision");
  • the use of UK International Data Transfer Agreements (IDTAs) or the UK Addendum to the EU Standard Contractual Clauses; or
  • other appropriate safeguards recognised under UK data protection law.

If you would like further information about the specific safeguards we apply to international transfers, please contact us.

14.  How Long We Keep Your Personal Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, regulatory or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes of processing, and the applicable legal requirements.

As a general guide:

  • Matter files (including correspondence, documents, recordings and transcripts) — we retain these for a minimum of seven years after the conclusion of your matter, or for such longer period as the law or regulatory requirements demand.
  • Identity and anti-money laundering records — we retain these for a minimum of five years after the end of the business relationship, in accordance with the Money Laundering Regulations.
  • Financial and tax records — we retain these for a minimum of six years for tax purposes.
  • Marketing data — we retain your contact details and preferences until you opt out or ask us to delete them.
  • Website analytics data — we retain this in accordance with our Cookie Policy.

At the end of the applicable retention period, we will securely delete or anonymise your personal data. In some circumstances, we may anonymise your data for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

You can request details of the retention periods that apply to specific categories of your personal data by contacting us.

15.  Data Security

We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, accessed, altered or disclosed in an unauthorised way.

These measures include:

  • encryption of data in transit and at rest;
  • access controls restricting access to personal data to those with a business need to know;
  • regular security assessments and penetration testing of our IT systems;
  • training for all staff on data protection, confidentiality and information security;
  • secure disposal of paper and electronic records; and
  • contractual obligations on all third-party service providers to maintain appropriate security standards.

We have procedures in place to deal with any suspected personal data breach and will notify you and the ICO where we are legally required to do so.

16.  Your Legal Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — you can request a copy of the personal data we hold about you (a "subject access request").
  • Right to rectification — you can ask us to correct any inaccurate or incomplete personal data.
  • Right to erasure — you can ask us to delete your personal data in certain circumstances. We may not always be able to comply (for example, where we are required to retain the data by law or for the establishment, exercise or defence of legal claims).
  • Right to restrict processing — you can ask us to suspend the processing of your personal data in certain circumstances.
  • Right to data portability — you can request the transfer of certain personal data to you or to a third party in a structured, commonly used, machine-readable format.
  • Right to object — you can object to our processing of your personal data where we are relying on legitimate interests, including for direct marketing purposes. We will stop processing for direct marketing if you ask us to. For other processing based on legitimate interests, we may demonstrate compelling grounds to continue.
  • Right to withdraw consent — where we rely on your consent to process personal data, you can withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw consent.

You will not normally have to pay a fee to exercise your rights. However, we may charge a reasonable fee or refuse to comply if your request is clearly unfounded, repetitive or excessive.

We may need to verify your identity before responding to your request. We will try to respond to all legitimate requests within one month, though it may take longer for complex or multiple requests.

To exercise any of your rights, please contact us using the details in section 3.

17.  Marketing

We may use your personal data to send you information about legal developments, our services, events and other matters that may be of interest to you. We do this where it is in our legitimate business interest to keep you informed, or where you have consented to receiving such communications.

You can ask us to stop sending marketing communications at any time by contacting us or by using the unsubscribe link in our emails.

If you opt out of marketing, this will not affect the processing of personal data provided to us for the purposes of providing legal services or other transactions.

We will never sell your personal data to third parties for marketing purposes.

18.  Cookies

Our website uses cookies and similar technologies to collect technical and usage data. You can set your browser to refuse some or all cookies. If you disable cookies, some parts of our website may not function properly.

For full details, please see our Cookie Policy, available on our website.

19.  Third-Party Links

Our website may include links to third-party websites, plug-ins and applications. We do not control these websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

20.  Changes of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis for doing so.

We may process your personal data without your knowledge or consent where this is required or permitted by law.

21.  Automated Decision-Making

We do not currently carry out any automated decision-making (including profiling) that has legal or similarly significant effects on you without human involvement.

If this position changes, we will update this policy and notify you in accordance with the UK GDPR.

Dean Wilson LLP

Ridgeland House, 165 Dyke Road, Brighton BN3 1TL

www.deanwilson.co.uk

Authorised and regulated by the Solicitors Regulation Authority (SRA number 532989).