page contents
top of page
Privacy notice




Welcome to Montpelier Solicitors Limited’s privacy notice.

Montpelier Solicitors Limited respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.






This privacy notice aims to give you information on how we collect and process your personal data.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.




Montpelier Solicitors Limited is the controller and responsible for your personal data (collectively referred to as ”MSL”, “we”, “us” or “our” in this privacy notice).

We are:


(a) authorised and regulated by the Solicitors Regulation Authority (SRA ID: 644302), registered in England and Wales with Company number 10987716 and with our registered office at 3rd Floor 138 - 140 Southwark Street, London, United Kingdom, SE1 0SW; and


(b) responsible for the website.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.




This version was last updated on 25 May 2018.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.




Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.




Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer the following different kinds of personal data about you:


• your name and contact information such as your home and / or business address, email address and telephone number;


• identity and biographical information including your nationality, date of birth, tax status, passport / national identity card details and country of domicile, your employment and employment history, job title and role, educational profile, interests and other information relevant to our provision of professional services;


• information in relation to your financial situation such as income, expenditure, assets and liabilities, sources of wealth, as well as your bank account details and other information necessary for processing payments and for fraud prevention purposes;


• an understanding of your goals and objectives and other information provided to us in connection with our provision of professional services; and


• information about our meetings with you, including at our offices.


Our provision of professional services may also require us to process Special Categories of Personal Data about you (including data relating to racial or ethnic origin, political opinions, religious beliefs, trade union membership, health and sexual life) and / or data relating to criminal convictions and offences.




We may collect your personal data or you may provide it to us through various means including from information:


• you provide to us when you meet us;


• about you provided to us by your organisation, agents, advisers, intermediaries or custodians of your assets;


• provided to us by our clients;


• you communicate to us by telephone, post, email or other forms of electronic communication, in which respect, we may monitor, record and store any such communication;


• collected when you complete (or we complete on your behalf) client engagement formalities or register for an event;


• drawn from publicly available sources or from third parties, for example when we need to conduct background checks about you; and / or


• collected otherwise in the normal course of providing professional services.




How we use your personal data will depend on whether you are a client, a representative of a client, a business contact, someone whose personal data we necessarily process as part of our provision of professional services, or otherwise. We may process your personal data for the following purposes:


• providing a proposal to you or your organisation in relation to the professional services we offer and for client engagement purposes (including the carrying out of background checks);


• providing professional services to you and / or our clients (including legal research and advice, and associated advisory services);


• managing our relationship with you and / or our clients (including billing and financial management), for record-keeping purposes and more generally for the proper operation of MSL;


• dealing with any complaints or feedback you may have;


• monitoring and improving the performance and effectiveness of our services, including by training our staff;


• any other purpose for which you provide us with your personal data;


• the purposes set out in Section 10 (Our communications, the Website and cookies) below;


• seeking advice on our rights and obligations, such as where we require our own legal advice, and to exercise and defend our legal rights;


• compliance with our legal and regulatory obligations, such as anti-money laundering laws (which may include the carrying out of background checks and retention of a record of such checks), data protection laws and tax reporting requirements, and / or to assist with investigations by police and / or other competent authorities (where such investigation complies with relevant law) and to comply with Court orders;


• safeguarding the security of our systems and communications; and / or


• for security purposes generally and to ensure the safety of our employees and visitors.


We may process your personal data for any of the purposes set out above where one (or more) of the following lawful processing grounds applies:


• the processing is necessary to perform a contract with you, or to take steps at your request before entering into a contract with you;


• the processing is necessary for us to comply with our legal obligations;


• the processing is necessary for our legitimate interests (including the operation of MSL, and the provisions of professional services) or those of any client or relevant third party, unless those legitimate interests are overridden by your interests or fundamental rights or freedoms; and / or


• you have consented to the processing in question.


Where we process sensitive personal data, other lawful processing grounds may apply, such as that the processing is necessary for the establishment, exercise or defence of legal claims (for example to protect and / or defend our property or rights, or those of our clients) or for reasons of substantial public interest; or where you have given us your explicit consent.




We may share your personal data with:


• your organisation;


• our client(s) in the particular matter;


• third parties we engage to assist in providing our professional services, such as lawyers (including barristers), other professional services firms, IT and other consultants, public relations advisers, translators and / or couriers;


• intermediaries to whom we introduce you;


• third party service providers who provide business services to us, such as shared service centres, and with providers of anti-money laundering services and background checks, for processing in accordance with our instructions;


• our own legal and professional services providers and insurers, where appropriate;


• third parties and their advisers in the event of the potential or actual sale or purchase of all or part of our business or assets (or any other business or assets), subject to appropriate obligations of confidentiality; and / or


• courts and other authorities in connection with the enforcement or defence of legal rights and provision of our professional services.




Our provision of professional services may require us to transfer your personal data to countries outside the European Economic Area which may not provide the same level of data protection as within it.


We ensure that any such transfer meets the requirements of GDPR, for example because it is necessary for the provision of our professional services to you or for the establishment, exercise or defence of legal claims; or is otherwise subject to prescribed safeguards such as model clauses approved by the European Commission. More information is available from


(Of course, if nothing changes between now and 29 March 2019, we will ourselves be transferred outside the EEA and while we expect these rules to continue to apply at least until 31 December 2020, we will continue to monitor the situation and will inform you of any substantive changes.)




We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to access such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.


We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.




We will retain your personal data for as long as is necessary to fulfil the purposes set out in this Privacy Notice.


In many cases this will mean that we shall retain your personal data for the same period as we retain your files or a copy of your files. Usually this will not be less than 16 years from the date that the relevant matter came to an end. In addition, we shall retain information obtained to meet our obligations under the anti-money laundering regulations for at least 5 years following the end of our business relationship with you.


Longer retention periods may be appropriate where, for example, specific legal or public interest archival reasons apply, such as the need to carry out conflict checks.




Under GDPR you have the right to:


• obtain access to, and copies of, the personal data we hold about you and information about how we process it;


• require us to correct any inaccuracies in the personal data we hold about you;


• require, in certain circumstances, erasure of your personal data;


• require us, in certain circumstances, to restrict our data processing activities;


• obtain from us the personal data you have provided to us in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;


• object to our use of your personal data based on our legitimate interests, on grounds relating to your specific situation;


• withdraw your consent, where our use of your personal data is based on that consent; and


• complain to the Information Commissioner's Office, which can investigate compliance with data protection law and has enforcement powers, if you are not satisfied with how we are processing your personal data.


Please contact us in writing using the contact details below if you would like to action any of your rights above. You should note that these rights are not absolute, and we may be entitled (or required) to refuse requests where exceptions apply.




You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.




We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.




We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.




We may use your contact details to send you (by post or electronically) briefings, newsletters, event invitations and other mailings promoting our services. We do so on the basis of our legitimate interests or your consent (as appropriate to the communication in question). You can always unsubscribe from these mailings, by contacting us at


We use mailing list management / marketing software to manage how we contact you as set out above. This enables us to record and manage how we contact you, and to manage your preferences and bookings for our events. It also enables us (as set out in any such email) to review whether emails are opened or forwarded, and whether briefing links are clicked. This data helps us to ensure our mailing list remains up to date; it also provides us with some basic information about your interests and to personalise our communications with you.


We use cookies on our Website. However, the cookies that we use do not gather or retain personal data.




We may update this Privacy Notice in line with changes to how we process personal data. We will publish any new version of the Privacy Notice on the Website and, where appropriate, will provide you with a copy.




If you have any queries about this Privacy Notice or how we process your personal data, you can contact us at, or by post at Data Protection, Montpelier Solicitors Limited, 3rd Floor 138 - 140 Southwark Street, London, United Kingdom, SE1 0SW.

bottom of page