Claire Nash Solicitors – Privacy Policy

Last updated: June 2026

1. Who we are

Claire Nash Solicitors is the Data Controller responsible for your personal data. We are registered with the Information Commissioner’s Office (ICO). Our ICO registration number is: ZA314164. Our registered address is Claire Nash Solicitors, Croham Lodge, Croham Road, Crowborough, TN6 2RH.

If you have any questions about this policy or how we handle your personal data, please contact us at info@clairenashsolicitors.co.uk.

2. What personal data we collect

We may collect and hold the following categories of personal data:

• Contact details, including your name, postal address, email address and telephone numbers.

• Financial information, including bank details where relevant to your matter.

• Identity documents, including National Insurance number, passport and driving licence.

• Information necessary to provide legal advice and carry out your instructions.

3. Special category data

Depending on the nature of your matter, we may also need to collect and process special category data. This could include:

• Health information, including medical records and conditions.

• Information about your racial or ethnic origin, religious beliefs, trade union membership, sexual orientation or political opinions.

• Information about criminal convictions or offences.

We will only process special category data where it is necessary to establish, exercise or defend legal claims, or where you have given your explicit written consent. You may withdraw consent at any time, though this will not affect the lawfulness of processing carried out before withdrawal.

4. How we collect your data

We collect personal data directly from you when you enquire about or instruct us in relation to a legal matter, including through our website enquiry form. We may also collect data from third parties where this is necessary and lawful, including background check agencies such as Tracesmart, credit reference agencies, and other publicly available sources.

5. Our lawful basis for processing

Under UK GDPR, we are required to identify a lawful basis before processing your personal data. We rely on the following:

• Contract: We need to process your data to perform our obligations under the retainer or other agreement we have entered into with you.

• Legal obligation: We are required to process your data to comply with our legal and regulatory obligations, including those imposed by the Solicitors Regulation Authority (SRA), HM Revenue and Customs, and the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

• Legitimate interests: We process your data where it is necessary for our legitimate business interests, such as managing client relationships and running our practice efficiently. We will not do so where your interests or fundamental rights override those interests.

• Consent: Where we rely on consent, for example for sending you information about our services or firm updates, we will make this clear at the point of collection. You have the right to withdraw consent at any time by contacting us at the address below.

• Vital interests: In rare circumstances, we may process data to protect someone’s life.

• Public task: Where processing is necessary for the performance of a task carried out in the public interest.

6. Marketing communications

We will only send you information about our services, promotions or firm updates where you have given your consent to receive such communications, or where we have a legitimate interest in doing so and you have not objected. You can opt out at any time by contacting us at info@clairenashsolicitors.co.uk or by following the unsubscribe link in any marketing email we send you.

7. Who we share your data with

We may share your personal data with third parties where it is reasonably necessary to carry out your instructions or comply with our obligations. This may include:

• Other solicitors, barristers, lawyers, advisers and expert witnesses involved in your matter.

• Third-party service providers, including contractors and agents acting on our behalf.

• Regulatory bodies, including the SRA and Legal Ombudsman.

• Law enforcement agencies, where required by law.

• Credit reference agencies and fraud prevention organisations.

• Any party in the context of a sale or restructuring of the business, where necessary.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our service providers to use your data for their own purposes.

8. International transfers

Where it is necessary to transfer your data to a solicitor, lawyer, adviser or expert witness outside the UK or European Economic Area (EEA), we will do so on the basis that the transfer is necessary to perform our contract with you, or on the basis of another appropriate safeguard recognised under UK GDPR, such as standard contractual clauses approved by the UK Information Commissioner. We will inform you of any such transfer where required.

9. How long we keep your data

We retain personal data for a minimum of six years from the end of our engagement, in accordance with professional and statutory obligations. The precise retention period may be longer depending on the nature of the matter. Once the retention period has expired, we will securely delete or anonymise your data unless we are required by law to keep it for longer.

10. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

• Access: You can request a copy of the personal data we hold about you (known as a Subject Access Request).

• Correction: You can ask us to correct inaccurate or incomplete data.

• Erasure: You can ask us to delete your data where there is no legitimate reason for us to continue processing it.

• Restriction: You can ask us to suspend processing of your data in certain circumstances, for example while we verify its accuracy.

• Portability: Where processing is based on consent or contract and carried out by automated means, you can ask us to transfer your data to another party in a structured, commonly used format.

• Objection: Where we rely on legitimate interests, you have the right to object to the processing. You also have an absolute right to object to direct marketing at any time.

• Withdrawal of consent: Where we rely on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

• Rights related to automated decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, where it produces legal or similarly significant effects on you. We do not currently make decisions about you in this way.

We will respond to requests within one month of receiving them. This period may be extended by a further two months where requests are complex or numerous, in which case we will notify you. We may ask you to verify your identity before acting on a request. There is no fee for exercising these rights, though we may charge a reasonable fee or decline to act where a request is manifestly unfounded or excessive.

11. What happens if you do not provide data

Where providing personal data is a legal or contractual requirement, failure to do so may mean we are unable to carry out your instructions or fulfil our legal obligations. We will tell you at the point of collection whether providing particular information is mandatory.

12. Security

We take the security of your data seriously. We have implemented appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure. Access to personal data is restricted to those with a legitimate need to know and is granted on a confidential basis.

We have procedures in place to deal with suspected data security breaches. Where we are legally required to do so, we will notify you and the ICO of any breach without undue delay.

13. Complaints

If you have concerns about how we handle your personal data, please contact us in the first instance at info@clairenashsolicitors.co.uk or write to us at Claire Nash Solicitors, Croham Lodge, Croham Road, Crowborough, TN6 2RH.

You also have the right to complain to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues. You can contact the ICO at www.ico.org.uk or by calling 0303 123 1113.

14. Changes to this policy

We review this policy periodically and will post any updates on our website. Where changes are material, we will notify you directly. This version was last updated in June 2026.