Privacy Policy

Privacy Notice

Aziz Sinclair Solicitors
393 Green Street, London, E13 9AU, United Kingdom
(Opposite Upton Park Station)

Email: info@azizsinclairsolicitors.co.uk
Telephone: +44 20 3161 6856 | 020 3391 7376 | 07988 786415

SRA Number: 8010819

Last updated: 1st November 2026-Valid until 30 October 2027


1. Introduction

Aziz Sinclair Solicitors ("we", "our", "the Firm") is committed to protecting the privacy and security of your personal information. This Privacy Notice explains how we collect, use, store, share, and protect your personal data when you instruct us, contact us, or use our website, and sets out your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).


We are a firm of solicitors authorised and regulated by the Solicitors Regulation Authority (SRA) under number 8010819. We are registered with the Information Commissioner's Office (ICO) as a data controller.


For the purposes of data protection law, Aziz Sinclair Solicitors is the "data controller" responsible for your personal data.


If you have any questions about this Privacy Notice or how we handle your personal data, please contact us using the details above.


2. What Personal Data We Collect

We may collect and process the following categories of personal data about you:


Personal identification and contact information:

  1. Full name, title, date of birth, gender, nationality
  2. Postal address, email address, telephone numbers (landline and mobile)
  3. Proof of identity documents (passport, driving licence, utility bills, bank statements)
  4. National Insurance number, UTR number


Case and matter-related information:

  1. Details of your legal matter and instructions
  2. Family circumstances (spouse/partner details, children, dependants)
  3. Employment and education history
  4. Financial information (income, assets, liabilities, bank account details, tax records)
  5. Property ownership and tenancy information
  6. Immigration status and travel history
  7. Criminal records or allegations
  8. Correspondence, emails, telephone records, meeting notes, and file notes


Special category personal data (sensitive data):
Where necessary for your legal matter, we may process special category data, including:

  1. Health information and medical records
  2. Information about race, ethnicity, or national origin
  3. Religious or philosophical beliefs (e.g., for Islamic Wills)
  4. Sexual orientation or gender identity
  5. Information about criminal convictions, allegations, or proceedings
  6. Trade union membership
  7. Genetic or biometric data


Third-party information:
We may also collect personal data about third parties relevant to your matter, such as family members, witnesses, opposing parties, and experts.


Website and communication data:

  1. IP addresses, browser type, device information
  2. Cookies and analytics data (see Section 10 below)
  3. Email and correspondence history


3. How We Collect Your Personal Data

We collect personal data:

  1. Directly from you when you instruct us, contact us, complete forms, or provide documents
  2. From third parties, including courts, tribunals, government agencies, experts, other solicitors, barristers, and publicly available sources
  3. Through our website, email, telephone, and in-person meetings
  4. From your employer, family members, or representatives (with appropriate authority)


4. How and Why We Use Your Personal Data

We use your personal data for the following purposes:


To provide legal services:

  1. To provide legal advice, representation, and other professional services as instructed by you
  2. To prepare documents, conduct legal research, and manage your case
  3. To communicate with you, third parties, courts, tribunals, and regulatory bodies
  4. To instruct counsel, experts, and other professionals on your behalf
  5. To protect and enforce your legal rights


To comply with legal and regulatory obligations:

  1. To verify your identity and conduct anti-money laundering (AML) and conflict-of-interest checks
  2. To comply with court orders, legal process, and regulatory requirements
  3. To meet our obligations under the SRA Standards and Regulations and other professional rules
  4. To respond to requests from law enforcement, regulators, and public authorities


To manage our business:

  1. To maintain our accounts, records, and file management systems
  2. To process invoices and payments
  3. To manage complaints and disputes
  4. To maintain our professional indemnity insurance
  5. To improve our services and client experience


Marketing (with your consent only):
We do not use your personal data for marketing purposes without your explicit prior consent. If you provide consent, you may withdraw it at any time by contacting us.


5. Legal Basis for Processing Your Personal Data

We process your personal data on one or more of the following legal bases under Article 6 of the UK GDPR:

  1. Contractual necessity (Article 6(1)(b)): Processing is necessary to perform our contract with you or to take steps before entering into a contract.
  2. Legal obligation (Article 6(1)(c)): Processing is necessary to comply with legal obligations, including AML regulations, court orders, SRA requirements, and other statutory duties.
  3. Legitimate interests (Article 6(1)(f)): Processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include operating our business, managing risk, defending legal claims, and maintaining records.
  4. Vital interests (Article 6(1)(d)): Processing is necessary to protect your life or that of another person.
  5. Consent (Article 6(1)(a)): Where you have given explicit consent to the processing.


Special category data:
Where we process special category data (sensitive personal information), we rely on one or more of the following conditions under Article 9 of the UK GDPR and Schedule 1 of the DPA 2018:


  1. Explicit consent (Article 9(2)(a)): You have given explicit consent for us to process your special category data for specified purposes.
  2. Legal claims (Article 9(2)(f) and Schedule 1, Part 2, paragraph 2 DPA 2018): Processing is necessary for the establishment, exercise, or defence of legal claims or whenever courts are acting in their judicial capacity. This is the primary condition relied upon by solicitors.
  3. Substantial public interest (Article 9(2)(g) and Schedule 1, Part 2, DPA 2018): Processing is necessary for reasons of substantial public interest, such as preventing or detecting unlawful acts, protecting the public, or supporting individuals.
  4. Vital interests (Article 9(2)(c)): Processing is necessary to protect your vital interests where you are unable to give consent.


6. Who We Share Your Personal Data With

We may share your personal data with the following categories of recipients where necessary for the purposes set out above:


  1. Courts, tribunals, and dispute resolution bodies
  2. Barristers, expert witnesses, interpreters, translators, and other professional advisers
  3. Other solicitors and legal representatives (including those representing other parties)
  4. Government departments and agencies (Home Office, HMRC, Land Registry, local authorities, etc.)
  5. The Solicitors Regulation Authority, Legal Ombudsman, and other regulators
  6. Our professional indemnity insurers and brokers
  7. IT service providers, document storage providers, and other suppliers who process data on our behalf under strict contractual obligations
  8. Financial institutions (for payment processing and AML checks)
  9. Law enforcement, fraud prevention agencies, and regulatory authorities where required by law
  10. Your nominated representatives, family members, or third parties with your consent or authority


We do not sell, rent, or trade your personal data to third parties for marketing purposes.


7. International Transfers of Personal Data

We primarily store and process your personal data within the United Kingdom. Where it is necessary to transfer personal data outside the UK (for example, if you instruct us on a matter involving overseas parties or if we use third-party service providers located abroad), we will ensure that:


  1. The destination country benefits from an adequacy decision under UK GDPR; or
  2. We implement appropriate safeguards, such as Standard Contractual Clauses approved by the ICO; or
  3. Another lawful transfer mechanism applies (such as explicit consent or necessity for legal claims).


If you would like further information about international transfers of your data, please contact us.


8. How Long We Retain Your Personal Data

We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law.

Our standard retention periods are:


Type of Matter

Retention Period

Immigration matters

6–7 years from completion

Family law (no children involved)

7 years from completion

Family law (children involved)

7 years from child's 18th birthday

Wills

Permanently (or 7 years after estate wound up)

Probate and estate administration

7 years from completion

Civil litigation and dispute resolution

7 years from completion

Landlord and tenant matters

6–7 years from completion

Criminal matters

6–7 years from completion

AML/CDD records

6 years from end of client relationship (minimum 5 years)


These periods are based on the Limitation Act 1980, the Money Laundering Regulations 2017, and SRA guidance.

We may retain data for longer where:


  1. You request extended retention
  2. We are required to do so by law, court order, or regulatory obligation
  3. It is necessary for the establishment, exercise, or defence of legal claims
  4. There are ongoing proceedings or disputes


After the retention period expires, we will securely delete or destroy your personal data unless we are required or permitted to retain it.


9. Data Security

We take data security seriously and have implemented appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

Our security measures include:


  1. Secure IT systems with encryption, firewalls, and password protection
  2. Restricted access to personal data on a need-to-know basis
  3. Regular staff training on data protection and confidentiality
  4. Secure storage of physical files in locked cabinets and controlled-access areas
  5. Secure disposal of data (shredding of paper records, secure deletion of electronic records)
  6. Regular security reviews and audits


While we use all reasonable efforts to protect your data, no system is completely secure. If you believe there has been a data breach involving your personal data, please contact us immediately.


10. Cookies and Website Analytics

Our website uses cookies and similar technologies to improve user experience, analyse website traffic, and monitor performance.


What are cookies?
Cookies are small text files stored on your device when you visit a website. They allow the website to recognise your device and remember certain information.


How we use cookies:


  1. Essential cookies: Required for the website to function properly (e.g., session cookies)
  2. Analytics cookies: Help us understand how visitors use our site (e.g., Google Analytics) so we can improve it
  3. Functional cookies: Remember your preferences and settings


Your cookie choices:
You can control and delete cookies through your browser settings. However, disabling certain cookies may affect the functionality of our website. For more information about cookies, visit www.aboutcookies.org or www.allaboutcookies.org.


11. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:


1. Right of access (Article 15):
You have the right to request a copy of the personal data we hold about you, together with information about how and why we process it. This is known as a Subject Access Request (SAR).


2. Right to rectification (Article 16):
You have the right to ask us to correct inaccurate or incomplete personal data.


3. Right to erasure (Article 17):
You have the right to request deletion of your personal data in certain circumstances, such as where it is no longer necessary for the purpose for which it was collected. However, this right is subject to exceptions, including where we are required to retain data by law or for the establishment, exercise, or defence of legal claims.


4. Right to restrict processing (Article 18):
You have the right to request that we suspend or limit the processing of your personal data in certain circumstances.


5. Right to data portability (Article 20):
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller where technically feasible.


6. Right to object (Article 21):
You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.


7. Rights related to automated decision-making (Article 22):
You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects. We do not currently engage in automated decision-making.


8. Right to withdraw consent:
Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.


How to exercise your rights:
To exercise any of these rights, please contact us in writing using the details at the top of this notice. We will respond to your request within one month, although this may be extended by a further two months where requests are complex or numerous.

We may need to verify your identity before responding to a request, and we may charge a reasonable fee or refuse a request if it is manifestly unfounded or excessive.


12. Complaints

If you are dissatisfied with how we have handled your personal data or if you believe we have breached data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):


Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk


We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us in the first instance.


13. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. Any changes will be posted on our website, and the "Last updated" date at the top of this notice will be revised. We encourage you to review this notice periodically.

Significant changes will be brought to your attention, and where required by law, we will seek your consent.


14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Notice or our data protection practices, please contact:

Abdul Aziz Khan
Solicitor & Director
Aziz Sinclair Solicitors

Email: info@azizsinclairsolicitors.co.uk
Telephone: +44 20 3161 6856 | 020 3391 7376 | 07988 786415
Address: 393 Green Street, London, E13 9AU, United Kingdom


15. Regulatory Information

Aziz Sinclair Solicitors is authorised and regulated by the Solicitors Regulation Authority (SRA).
SRA Number: 8010819

The SRA Standards and Regulations, including the SRA Code of Conduct, can be accessed at www.sra.org.uk.[3][sra.org]


We are registered with the Information Commissioner's Office as a data controller.

Details of our professional indemnity insurance are available on request.