The website https://coded.legal ("Website") is operated by Coded Legal Limited ("we" or "us"). This Privacy Notice informs you about how we use any personal data which you provide to us, including through our Website.

We are committed to safeguarding the privacy of our website visitors, clients and personnel. We only collect and use your personal data as described in this Privacy Notice. Any personal data we collect will only be used as permitted by law.

This Privacy Notice is effective as of 17th January 2025. We may update this policy from time to time by publishing a new version on our Website.

We use cookies on our Website. Insofar as those cookies are not strictly necessary for the provision of our Website and services, we will ask you to consent to our use of cookies when you first visit our Website. You can find out more about how our Website uses cookies in our Cookie Policy, available here: https://coded.legal/cookie-policy.

Our Website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

Our Website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing correspondences and limit the collection, sharing and publication of your personal data.

Coded Legal Limited is a private limited company registered in England and Wales under registration number 15225096 and registered office/principal place of business at Flat 6 Vanburgh House, 40 Folgate Street, London, E1 6UL, England.

We are regulated by the Solicitors Regulation Authority (SRA) under number 8009911, and we comply with the SRA Standards and Regulations, including all professional conduct obligations.

You can contact us:

• by post, to the postal address given above;
• using our Website contact form;
• by telephone, on the contact number published on our Website; or
• by email, using the email address published on our Website.

When we use personal data about you or others in connection with promoting and administering our business, providing our services, or recruitment, we do so as data controller.

We do not meet the criteria for a mandatory appointment of a Data Protection Officer under the UK General Data Protection Regulation or an EU Representative under the General Data Protection Regulation.

In this section, we have set out the categories of personal data that we process and, in the case of personal data that we did not obtain directly from you, information about the source and specific categories of that data.

A: General

We may collect different kinds of personal data about you when you interact with us, including via the Website, social media, email, telephone, post or in person. We may also receive this information from third parties (for example, a publicly available source or from someone who has recommended us to you and given us your contact details). We have grouped this information together as follows:

• Identity Data, such as your name.
• Contact Data, such as your email address, telephone/fax number, address and other contact details.
• Enquiry Data, such as your enquiries about engaging us for legal advice or job opportunities.
• Correspondence Data, such as any correspondence between us and you about an enquiry.
• Technical Data, such as your IP address, operating system, browser type and version, location and other information about how you use our Website.
• Marketing and Communications Data, such as your communications preferences and how you have responded to our marketing communications.
• Tracking Data, such as information we or others collect about you from cookies and similar tracking technologies, such as web beacons, pixels, and other digital identifiers.

We do not usually collect any special categories of personal data about you, but you may choose to disclose this data to us. Special categories of personal data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. Unless we are required to do so to comply with a legal obligation, or as an integral part of providing relevant legal services to you, we do not usually collect any personal data about you relating to criminal convictions or offences.

Our core purposes for processing personal data are to promote and operate the business of being a law firm, to provide legal services to our clients, to maintain our client and business records, to recruit, and to comply with the law and regulations.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where it is necessary for us in order to perform a contract which we are about to enter into, or have entered into, with you (for example, a contract between you and us for us to provide legal advice to you).
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (for example, to monitor our IT systems and protect them).
• Where we need to comply with a legal or regulatory obligation (for example, the rules which require us to verify the identity of someone before they can become a client).
• Where we have your consent to do so (for example, if you are not a client and you ask us to sign you up for news and updates by email).

The Annex to this Privacy Notice sets out in more detail the lawful basis we rely on to process personal data, depending on the category of personal data and the reason we are processing it. Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

This is a non-exhaustive list which is reflective of the varied nature of the personal information processed as part of a law firm providing legal services.

B: Additional information for Clients

We may collect additional categories of personal data about you when you instruct us or seek to instruct us, including via the Website, email, telephone, post or in person. We may also receive this information from third parties (for example, a publicly available source or from someone who has recommended us to you and given us your contact details). We have grouped this information together follows:

• Identity Data, such as copies of your passport, driving licence, birth certificate, national identity card, utility bills and/or other identifying information required to be provided to us for anti-money laundering purposes.
• Matter Data, which includes any personal data about you connected with your instructions to us, including correspondence between us, notes of our calls and meetings, and third party information about your matter.
• Financial Data, which includes bank account and/or other billing details.
• Transaction Data, which includes details about the costs of the matter and any payments to and from you.

Our core purposes for processing personal data are to operate the business of being a law firm, to provide legal services to our clients, to maintain our client and business records, and to comply with the law and regulations. In relation to you (or the organisation on behalf of which you instruct us) this primarily involves: providing you with legal advice or other information that you have requested from us; invoicing you for services we have undertaken for you; keeping records of the work we have carried out for you; and fulfilling our anti-money laundering obligations.

Coded Legal is primarily engaged by corporate entities and as such those instructors are not data subjects. However, as part of such instructions personal information may be provided to us (e.g. personal information relating to any of our corporate clients’ or prospective clients’ officers or personnel, any opponent or vendor or purchaser or personal information relating to their legal advisors or personnel, as relevant or similar).

If you are an individual whose personal information is processed by us as a result of providing our legal services to others (including individual clients and corporate clients) we will process a variety of different personal information depending on the legal services provided.

This may include personal information relating, without limitation, to any of our corporate clients’ or prospective clients’ officers or personnel, any opponent or vendor or purchaser personal information including personal information relating to their legal advisors, other advisors or personnel as relevant or similar.

We might also need to process personal information in relation to other third parties instructed either by our own clients or other persons or companies involved with us providing the legal services to our client (for instance other law firms, experts etc.).

C: Additional information for Recruitment purposes

We may collect additional categories of personal data about you when you apply to join us, including via the Website, email, telephone, post or in person. We may also receive this information from third parties (for example, a publicly available source or from someone who has recommended you to us and given us your CV). We have grouped this information together as follows:

• Identity Data, such as a copy of your passport and your date of birth.
• Career Data, such as details about your education and qualifications, your skills and your experience/career.
• Financial Data, such as your salary history and bank account and tax details.

Our core purposes for processing personal data are to operate the business of being a law firm, to recruit and maintain staff and lawyers and to comply with the law and regulations. In relation to you, this primarily involves considering your personal data in the context of our hiring and business development needs and complying with our legal and regulatory obligations.

As a law firm we comply with the SRA Code of Conduct (“SRA Code”). The SRA Code requires us to keep the affairs of our clients and prospective clients confidential, unless disclosure is required or permitted by law or consent.

We may share your personal data with a variety of the following categories of third parties as necessary:

• Third parties to whom we outsource certain services such as, without limitation, IT systems or software providers, IT Support service providers, document and information storage providers. This includes our affiliated technology services entity, Coded Law Services Limited (company number: 14146363 with registered office at Flat 6 Vanburgh House, 40 Folgate Street, London, E1 6UL, England).
• Third party service providers to assist us with client insight analytics, such as Google Analytics.
• Our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice.
• Government or regulatory authorities (for example the SRA, HM Revenue & Customs and the Information Commissioner’s Office (“ICO”)).
• Regulators/tax authorities/corporate registries.
• (if you are a Client) In order to provide you (or your organisation) with our services, we may provide personal data to the courts, to lawyers advising other parties in your matter, or to other professionals (such as overseas law firms, patent agents, forensic accountants or experts).
• (if you are a potential recruit) We may share your data to conduct a disclosure barring service check (also sometimes referred to by its old name, a CRB check). 

Please note this list is non-exhaustive and there may be other examples where we need to share your personal data with other parties.

In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK Data Protection Laws, making sure appropriate safeguards are in place. Please contact us for more information.

We may need to transfer your information in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and / or for our legitimate interests. In some countries the law might compel us to share certain information, e.g. with tax authorities. Even in these cases, we’ll only share your information with people who have the right to see it.

You acknowledge that personal data that you submit for publication through our Website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

We will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, in line with our Data Retention Policy. You can request a copy of this any time.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

For example, if you are a client we’ll normally keep your core data for a period of ten years from the end of our relationship with you. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes, such as dealing with any disputes or concerns that may arise.

We may need to retain your information for a longer period, where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes, e.g. to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators, etc. If we don’t need to retain information for this period of time, we may destroy, delete or anonymise it more promptly.

In the event of a personal data breach, we will notify affected individuals and relevant authorities as required by GDPR and applicable laws.

Your principal rights under data protection law are:

• Your right of access: You can ask for copies of your personal data.
• Your right to rectification: You can ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure: You can ask us to erase your personal data in certain circumstances.
• Your right to restriction of processing: You can ask us to restrict the processing of your personal data in certain circumstances.
• Your right to object to processing: You can object to the processing of your personal data in certain circumstances.
• Your right to data portability: You can ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
• Your right to complain to a supervisory authority: You can complain about our processing of your personal data.
• Your right to withdraw consent: When we use consent as our lawful basis of our processing of your personal data you have the right to withdraw your consent.

These rights are subject to certain limitations and exceptions. You can learn more about your rights on the website of the Information Commissioner’s Office (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/).

You may exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out below.

We cannot advise you in connection with our use of your data. If you need legal advice on this subject, then you will need to consult another firm.

You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the contact details provided above.