Specialist Employment Law Solicitors in Abingdon
For Oxford, Oxfordshire, Berkshire, London & the Thames Valley

This statement is to comply with our obligation to provide required information to people about whom we hold and process data, under the General Data Protection Regulation.

The Data Controller is Employment Law Plus (UK) Ltd. Our contact details are above. We have not appointed a data protection officer. We are registered with the Information Commissioner’s Office under registration number Z2481948.

What information will you get about me if I use your contact box on your website?

Our email contact form on our website only captures an enquirer's name and email address along with IP address of the computer used to make the request. No cookies are captured. Obviously, any information which you choose to type into the contact box will be provided to us.

Data security

We have put in place appropriate security measures to prevent your personal data from being lost, used, altered, disclosed or accessed in an unauthorised way.

What categories of personal data do we process?

We process the following categories of personal data:

Corporate client staff contact details and their opinions and instructions

Data about private clients, including personal details, family details, lifestyle and social circumstances, goods and services, financial details, their business and education and employment details (“Personal Details”); and sensitive data about health, sexuality, race, political opinions, sexual life, trade union membership, offences and alleged offences, criminal proceedings and outcomes (“Sensitive Data”)

Data showing identity

Data about workers of corporate clients and other third parties relating to their issues including Personal Details and Sensitive Data

Data about colleagues of private clients and other third parties relating to their issues including Personal Details and Sensitive Data

Contact details of prospective clients and issues around their cases, including Personal Details and Sensitive Data

Contact details of representatives of parties with whom our clients are involved in a deal or with whom they have a dispute, and their opinions

Contact details of our suppliers and potential suppliers and their staff and details of their services and opinions

Contact details of referees and potential referees and business contacts and their staff and details of their services and opinions

Contact details of the staff at our regulators and professional organisations and their opinions and advice

Data in the public domain about court and tribunal judgments

Why we process personal data

We process data to run a business providing legal services, authorised and regulated by the Solicitors Regulation Authority including:

Primarily to advise and act on behalf of clients

For contact and communication purposes

To send legal updates that we may circulate from time to time, and news about the South Oxon HR Network

To book a person onto an event

For updating and enhancing client records

To decide if we can offer legal advice to a prospective client or to provide information to enable a prospective client to decide if they wish to use our services

To refer clients or prospective clients to a specialist adviser

To verify a client’s identity and check any relevant background circumstances for anti-money laundering purposes and 'know your client' purposes

For selecting suppliers and managing information relating to our suppliers and prospective suppliers

For legal and regulatory compliance

To deal with feedback, queries or complaints

To close files in a risk compliant manner

For analysis to help us manage our practice

To try to win business, for example, by providing legal updates or communications about our services or events clients and contacts may be interested in attending

To create, grow and sustain a referral network to benefit those whom we refer, ourselves and the third parties to whom we give referrals

To provide information to our insurers and their brokers and solicitors and to be ready to defend ourselves against claims or prospective claims

To detect fraud and loss

To invoice clients, keep track of payments, recover monies due to us and take legal actions

To administer our business

To establish and pursue actual or prospective legal claims

Where do we get the personal data which we process?

We get personal data from the individuals concerned and also from third parties. When we get personal data from third parties, we receive it from their employers, their opponents in cases, their lawyers and accountants, courts and tribunals, their medical professionals and other relevant advisers and specialists, witnesses, our clients and those referring prospective clients to us. If the need arises, we may also get information from publicly accessible sources to find out if an individual has an outstanding judgment against them or from agencies to confirm ID or trace an individual or to access case law legal authorities. We may look up information about a business or an individual on public facing websites and social media. We check details about the directors of companies who instruct us on public facing websites.

Our clients who are themselves data controllers must only give us personal data if that personal data has been lawfully processed and there is a lawful basis to give it to us.

Who receives personal data which we process?

The following categories of people receive or may receive personal data which we process:

Our clients

Group companies of our clients

Opponents of our clients (directly or via representatives)

Actual or prospective witnesses for our clients in litigation

Courts and employment tribunals

Recipients receiving information to allow us to comply with legal obligations such as our regulators

Providers of services to us

Our insurers and insurance brokers

The organiser of the South Oxon HR Network

People or businesses to whom we may make referrals: of prospective clients, clients, suppliers and possible suppliers

If we were to merge, transfer or sell our business or its assets, our new or prospective business partners or the new or prospective owners

Do we transfer personal data abroad?

We hold personal data in the UK and transfer personal data to a third country within the European Economic Area. We do not transfer personal data to a third country outside the European Economic Area.

Exceptionally, to provide a high quality of service, we may work on matters when we are outside the EEA (for example, when on business or even if we are on holiday.) We will notify the client concerned.

How long will we keep personal data?

We will keep personal data for periods based on the following criteria:

Client files:

7 years from file closure/end of matter with certain exceptions. For corporate clients, we will retain certain matter details until a date based on 7 years from the client ceasing to instruct us on any issue. Data may be kept longer if there were an outstanding dispute

Prospective client enquiries (where the person decides not to use us):

2 years from enquiry

Marketing database:

Within one month of a request for deletion

Those to whom we may refer business and business contacts; marketing data (excluding database):

Until closure of business subject to relevance

Supplier information:

For as long as we have a relationship with the supplier (and for 3 years afterwards) or think we might want to buy products or services from them, or for the duration of a dispute with the supplier

Regulator records:

6 years and 4 months after closure of business

Information showing identity:

5 years after file closure

Are you obliged to provide your personal data to us, and what happens if you do not do so?

You are not obliged to provide any personal data to us. However, if you enquire about using our services, we will need to obtain certain data from you in order to decide whether or not we can assist you. If you do not provide us with minimum information, we will not be able to take you on as a client. You may also decide to give us additional information at that stage. Clients will need to give us their personal data so that we can provide our services. If they do not provide the personal data, we will not be able to provide our services. If we act for a client in litigation, a stage will be reached where the client must provide all documents relevant to their case in order to comply with an order of the court of tribunal. If they fail to do so, and we are aware of this, we will have to stop acting for the client.

Automated decision making processes

We do not use any automated decision making processes.

The legal basis for our processing of personal data

The legal bases for our processing of personal data are:

“Consent”: the data subject has given consent to the processing for one or more specific purposes. The only context in which we rely on this basis is for consents from non client contacts to send them newsletters and information

“Performance of a Contract”: the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. For example, when a client wishes to instruct us to carry out legal services for them

“Legal Obligation”: the processing is necessary for our compliance with a legal obligation to which we are subject. For example, to identify clients in certain circumstances to comply with anti-money laundering laws

“Legitimate Interest”: the processing is necessary for the purposes of our legitimate interests or a third party’s legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject For example, so that we can decide if we can offer services to a prospective client

“Protection of vital interests”: the processing is necessary to protect the vital interests of the data subject. For example, if a client were to fall ill in our office


If we rely on the legitimate interest ground for data processing, our legitimate interests include the following:

To advise and act on behalf of clients in order to generate revenue

To decide if we can offer legal advice to a prospective client

To “know” our client

Contact and communication purposes

For updating and enhancing client records while the matter is active

For legal and regulatory compliance and demonstrating compliance

For analysis to help us manage our practice

To provide information to our insurers and their brokers and solicitors and to be ready to defend ourselves against claims or prospective claims

To detect fraud and loss

To invoice clients, keep track of payments, and recover monies due to us

To administer our business

To deal with feedback, queries or complaints

To market similar services to those which we are already providing to a client

To try to win business

For selecting suppliers and managing information relating to our suppliers and prospective suppliers

To establish or pursue actual and prospective legal claims

To create, grow and sustain a referral and business network to benefit those whom we refer, ourselves and the third parties to whom we give referrals

To close files in a risk compliant manner

Legal basis for processing sensitive personal data

Sensitive personal data relates to health, sexuality, race, political opinions, religion or philosophical beliefs, sexual life, and trade union membership, and criminal offences.

The legal bases for our processing of sensitive personal data are:

“Employment Law Obligations”: the processing is necessary to carry out our obligations and exercise our rights or those of the data subject in the field of employment law in so far as it is authorised by UK law

“Legal Claims”: the processing is necessary for the establishment, exercise or defence of legal claims

“Protection of vital interests”: the processing is necessary to protect the vital interests of the data subject. For example, if a client were to fall ill in our office

“Public information”: the data subject has made the information public

“Public interest”: the processing is necessary for reasons of public interest. For example, to undertake activities in relation to the prevention of fraud or other dishonest activities or unethical conduct


Rights of data subjects

Where our processing of data is based on the consent of the data subject, the data subject may withdraw that consent at any time. This will not affect the lawfulness of the processing of the data before the consent was withdrawn.

Please keep us informed if your personal data changes during our relationship with you. Data subjects have the right to request from us access to their personal data, and rectification or erasure of personal data and restriction of processing and to object to processing. In certain circumstances, we have the right to refuse such requests. We do not process data in a way to give data subjects the right to data portability.

If data subjects consider that our processing of their personal data is not in compliance with the Data Protection Act, please contact us in the first instance so that we have a chance to deal with your concerns. Data subjects may complain to the Office of the Information Commissioner. The contact information is: Information Commissioner's Office. Wycliffe House. Water Lane. Wilmslow. Cheshire. SK9 5AF. Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

The use of cookies on our website

Cookies are used on our website to remember whether the viewer has clicked the button to acknowledge the use of cookies.

Links on our website to third party websites

We include Facebook and Twitter plugins on our website to help the viewer share content that may be of interest to their social network. We also use AddThis, which is a service allowing social media sharing with a range of alternatives to Facebook and Twitter. Some pages may also include Google or YouTube features which need cookies in order to work, improve service and prevent fraud.

Our website may include links to other third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.



If you have any questions or queries regarding this policy, please contact jkelly@employmentlawplus.com. We will do our best to deal with your questions or queries as soon as possible.

We may update this Policy at any time and the up to date version will appear on our website at www.employmentlawplus.com. Updates will be marked with a new date. You can obtain historic versions from us. We may provide you from time to time with more specific processing of personal data information and this Statement is not intended to override this.

Rev 5 Sep 2019