The firm’s Principal, Louise Humphreys, is registered with the Information Commissioner for the purposes of the General Data Protection Regulation and the Data Protection Act 2018 (registration number Z9851806) and is the data controller. Her contact details appear at the end of this Notice. 

The data controller is the person who determines how your personal data is processed and for what purposes.

References in this notice to ‘we’ and ‘us’ and ‘our’ refers to Louise Humphreys in her capacity as the data controller of Peyto Law.

Your personal data – what is it? 

Personal data is defined as information about an individual which is capable of directly or indirectly identifying that individual by reference to things such as names; location data; or factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.

Identification can be ascertained by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.

Personal data we frequently collect

  • Your name, address and telephone number;
  • Electronic contact details (e.g. your email address);
  • Information to enable us to check and verify your identity to comply with our legal obligations (e.g. your date of birth, passport details);
  • Information relating to the matter in which you seek advice or representation;
  • Your financial details so far as are relevant to your instructions (e.g. your bank account details when you settle an invoice)

Personal data we sometimes collect

Depending upon your instructions, we may sometimes collect the following:

  • Details of your spouse / partner / dependents and / or other family members;
  • Criminal records data (where permitted by law and appropriate to do so) such as the existence of prior criminal offences when we are instructed in criminal proceedings;
  • Information relating to your health / medical records where required when these directly relate to your instructions

Why do we use your personal data?

We use your personal data for the following purposes:

  • To register you as a client or prospective client;
  • To enable us to communicate with your during your case;
  • To provide you with advice, to carry out civil or criminal litigation (including any statutory appeals) on your behalf or on behalf of any organisation that you may represent, and to prepare documents;
  • To keep records of any financial transactions that we may make on your behalf – such as the payment of court fees; 
  • To maintain our own financial accounts and records;
  • To carry out identity, credit, anti-money laundering and fraud prevention checks using databases kept by other organisations (which may involve giving your details to registered credit reference or fraud prevention agencies)
  • To help us manage our practice and statutory returns to meet legal and regulatory requirements imposed by the Solicitors Regulation Authority and / or Law Society;
  • To ask you to undertake a survey at the completion of the work; 
  • To operate the firm’s website;
  • To inform you of news and events run by Peyto Law (whether alone or in conjunction with any third party);
  • To enable us to instruct other professional advisers and expert witnesses in connection with your case;
  • To conduct research about your opinions of the service provided by Peyto Law;
  • To respond to any complaint or allegation of negligence against us.

Sharing your personal data 

During the course of carrying out your legal work we may need to disclose some information to parties outside Peyto Law. We are likely to provide information to:

  • A court or tribunal including any organisation which deals with statutory appeals, such as the Planning Inspectorate;
  • HM Land Registry
  • Solicitors acting for the other side of your matter (including in-house legal teams) or the other side directly where they have not engaged Solicitors;
  • Legal counsel (i.e. barristers) or non-legal experts (e.g. planning consultants, surveyors, architects) to obtain advice and / or assistance on your matter;
  • Translation agencies (if required);
  • Any bank or building society or other financial institution or person who acts as a mortgagee over your property;
  • Solicitors representing our interests in the event of a claim against us;
  • A prospective purchaser (or their advisers) of this business under a binding non-disclosure agreement;
  • The providers of identity verification and assurance tools who we may appoint to confirm that we can take you on as a client;
  • Any disclosure required by law, in particular in relation to the prevention of financial crime of terrorism.

In addition, we use case management software to track and monitor progress on your case. This software is provided by LEAP. The data contained in our case management software is housed in data centres in Dublin which comply with the requirements of ISO27001. All data is encrypted.

We only allow our service providers to handle your data where we are satisfied that they take appropriate measures to protect your data. 

We will never sell your personal data.

How long do we keep your personal data? 

We will retain the information for so long as is necessary to:

  • carry out your work; 
  • as is required to be kept by law; 
  • until the period that you could make a claim against us has elapsed, which is usually 7 years after the matter concluded; 
  • comply with any client instructions to extend the retention period in relation to their documents. 

What is the legal basis for processing your personal data? 

Article 6 processing 

  • Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract 
  • Necessary to comply with legal obligations to which we are subject
  • Necessary for our legitimate interests 

Article 9 processing

  • Explicit consent is given by you
  • Processing is necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity

Your rights and your personal data 

Unless subject to an exemption under the GDPR and DPA, you have the following rights with respect to your personal data: – 

  • The right to request a copy of your personal data which we hold about you; 
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date; 
  • The right to request your personal data is erased where it is no longer necessary for us to retain such data; 
  • The right to withdraw your consent to the processing at any time; 
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing; 
  • The right to lodge a complaint with the Information Commissioners Office. 

Further processing 

If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

What happens if I don’t want you to use my personal data? 

The GDPR provide you with three rights, the right to object to specific types of processing, the right to be forgotten and the right to restrict processing. 

Depending on the nature of the request, we will comply with it to the fullest extent possible, but in some cases, this could mean that we are unable to continue with your matter, in which case work would cease at the earliest opportunity. In such circumstances you would remain liable for the fees and disbursements incurred up to that point. 

In certain situations, you may be able to ask for restrictions to be placed on the processing of your data or to exercise your right to be forgotten. A restriction has the effect of freezing data, so we would continue to store your personal information but could not do anything with it. This might be relevant to you if you had any query or concern over the way your data was handled. A right to be forgotten would usually apply if data is processed unlawfully or otherwise fails to satisfy the requirement of the GDPR

Contact Details 

To exercise all relevant rights, queries or complaints please contact Louise Humphreys in the first instance:

Tel: 01252 671119


You also have the right to lodge a complaint with the UK regulator on data protection issues – the Information Commissioner’s Office.

Tel: 0303 123 1113