Client Privacy Policy


Thursfields Legal Limited (we/us) are committed to protecting and respecting your privacy.  This document sets out the basis on which any personal data that we collect from you or that you provide to us is used (processed) by us.

We comply with the requirements of the United Kingdom General Data Protection Regulations (EU) 2016/679 (UK GDPR) and the Data Protection Act 2018 (together “the regulations”). For the purpose of the regulations we are a data controller and our main office is at 9-10 The Tything, Worcester WR1 1HD. Please read this document carefully so that you understand how we will deal with all aspects of your personal data.


Why we need information and retain it

In order to advise you properly and to comply with our legal and regulatory obligations, we have to obtain information from you about you including but not limited to information about your personal and financial circumstances.  We may sometimes also have to obtain information about your family and their personal and financial circumstances.

This includes information provided by you when you submit an enquiry to us, request an appointment or a return telephone call, when you subscribe to our mailing list or book an event with us, as well as when you actually use our services.

As an example of how this works, if you are buying a property, this information might include things such as your current address, the location and price of the property you are buying, your contact details (email address and/or mobile and/or landline telephone numbers), your mortgage arrangements and details about anyone else with whom you might be buying


How we use this information

We use this information to enable us properly to act for and to advise you, to fulfil our contract with you and to enable us to ensure that we offer you the services that seem to be the most appropriate to your circumstances. It enables us to keep you informed about our services and about how they might affect you. Sometimes we ask for it because the law requires that we do so.

We will only collect and use your personal information where:-

  • It is necessary to enable us to enter into and/or to perform our contract with you;
  • It is needed for our legitimate business interests;
  • There is a legal obligation on us to do so; or
  • You have given us your consent to do so.

By engaging our services, you acknowledge and agree that:

  • any or all of the information that we hold about you and/or your family can be held by us on our computer systems and/or paper files and records, and may be processed internally by third party processors/media service providers to whom we outsource our IT needs; and
  • any or all of the information that you give to us may be disclosed to such third parties (including credit reference agencies) as are required in the course of our acting for you.

As a valued client, we would like to keep in touch with you.  This may be to update you on changes to our personnel, new services offered, or news and updates about Thursfields’ activities. The regulations allow us to use your personal information for legitimate purposes.  These may include sending you our newsletters, inviting you to our event or events that we host with others, and updating you from time to time about the services we can offer. Whilst generally we do not rely upon consent as a legal basis for processing your personal data, if you would like to be taken off our mailing list, then please just contact us at


Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.  If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.


Disclosure of your information

We may disclose your personal information to any employee or worker at Thursfields in the fulfilment of our contract with you. We may disclose your personal information to third parties, such as other parties to your transaction or matter, counsel, expert and lay witnesses, other advisers involved in your transaction or matter, the Legal Ombudsman and our regulatory authorities, our service providers, our service standard assessors and tracing agents for example:-

  • If we are buying or selling an asset for you, when it is necessary to disclose personal information to your buyer/seller or lender;
  • If you are asking to attend a function that we are running in conjunction with a third party;
  • If we are under a duty to disclose or share such information to comply with a legal obligation such as under the anti-money laundering regulations;
  • If we need to enforce or apply our terms of engagement with you;
  • If we need to protect the rights, property or interests of Thursfields for instance if a claim or complaint is made against us in relation to your transaction or matter.

This list is not meant to be exhaustive but is illustrative only.


Your rights

You have a number of rights under the regulations. These include the right to:

  • see the information we hold about you;
  • request that your personal information is amended;
  • (in certain circumstances) ask for your personal data to be removed.

We deal with some of this below but you can obtain further information about how and when you are able to exercise these rights by visiting the website of the Information Commissioner’s Office at


Right of access to your information

You have the right to have access to the information that we hold about you. The regulations tell you how to exercise this right and provide us with a specific time within which to respond.



You can ask us to correct anything that is inaccurate or incomplete.


Storage and removal of your information from our records

We and our service providers may store your data. We will do so in both electronic and paper form, on our computer systems and by way of paper files. These paper files are copied to our computer systems at the end of your case so that the paper copies can be securely destroyed or returned to you.

We keep our files (whether stored electronically or historically in paper format) for as long as we need to do so in line with the work that we have done for you. The actual length of time for which we keep it will depend on each individual case but is unlikely to be for less than 6 years and only in rare cases will it be for more than 15 years. We have what we call a ‘file retention policy’ which we use to help us to decide for how long each particular file and data upon it needs to be kept and you will be advised of the time limit in your particular case at the point at which your matter is completed and then archived.

You can ask us to delete or remove your data from our records when there is no compelling reason for its continued use but please note that certain data is needed by us to enable us to comply with our own regulatory requirements such as confirming your identity to comply with the anti-money laundering regulations. We are allowed to retain this data regardless of your right to ask us to delete all data we hold about you. There are other limitations on what you can require us to delete. For full details of when the right might/might not apply see

You can also sometimes restrict or prevent us from processing your information but that might mean we can no longer continue to act for you until we are again given access to that information.


Our website

If you access our services via our website or otherwise make use of our website, we may collect information about your computer, including your IP address, operating system and browser type. This is to enable us to analyse trends, track user movements and gather broad demographic information. Please note that this is purely statistical data about our users’ browsing actions and patterns of behaviour. It does not identify you as an individual.  Similarly, we may obtain information about your more general use of your computer by means of what are known as ‘cookies’, a file which is stored on the hard drive of your computer.


International transfers

From time to time we may have to transfer your personal data out of the UK. This may be because we are dealing with another party or professional adviser who is based overseas. It may also be that your personal data will be hosted in a cloud based storage facility for the purposes of proving the services (e.g. Dropbox, Glass cubes), and that facility is either based overseas, or back-ups or mirror servers are based overseas. When this happens, either:

  • We will only transfer your data to countries that have been deemed to provide an adequate level of protection for person data; or
  • We may use specific contract approved for use in the UK which give personal data the same protection as it has in the UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.


Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


Complaints and access requests

If you wish to exercise any of your rights in relation to or have any concerns about how we are holding or processing your personal information, please contact our Data Protection Manager, Lorna Tipple at Thursfields, 9-10 The Tything, Worcester, WR1 1HD; email:


No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.


What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.


Time limit to respond 

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If you remain unhappy about how we are handling your personal information, you have the right to make a complaint to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF: tel 0303 123 1113; email: