Privacy Notice

All personal information provided by you will be treated in accordance with:


The Data Protection Directive 95/46/EC and ePrivacy Directive 2002/58/EC as implemented by countries within the EEA


From 25th May 2018 the General Data Protection Regulation


Other laws that are similar, equivalent to or that are intended to implement, amend or replace the laws that are identified in a and b above (the ‘Data Protection Legislation’).

Personal data is information which directly or indirectly identifies you. We at Pengillys LLP are committed to processing your personal data in accordance with EU Data Protection laws. For the purpose of EU Data Protection laws, Pengillys LLP is the data controller.

It may be necessary for you to give us personal data so that we can provide you with the requested services, fulfil any contractual relationship with you, inform you of our services, comply with applicable laws, regulations and/or codes of practice, and for other purposes as set out in this notice where in our legitimate interests.

Collecting Your Personal Data

We may collect your personal data in a number of ways, including from:


You, for example when you:

i. Apply for and use our services.
ii. Call us.
iii. Enter into any agreement with us.
iv. Contact and interact with us.
v. Ask us to contact you.
vi. Attend events.
vii. participate in surveys.


Someone else may share your personal data with us, for example:

i. Within the course acting on a conveyancing transaction.
ii. Administering an estate.
iii. Conducting litigation on your behalf or the like.


Third parties, such as:

i. Credit reference agencies.
ii. Fraud prevention agencies.


Public sources, for example:

i. Companies House.

What Personal Data We Collect

Types of information we may collect include your personal details, eg date of birth, contact details, nationality, tax details, employment details, regulatory history.

Other personal information as required, eg as part of litigation in which you may have asked us to represent you.

Financial information, eg income and outgoings, assets and liabilities, bank details, account information and history, account activity, credit history and information, share holdings.

Information we have from our dealings with you or from anyone acting on your behalf, eg records of telephone calls, records of our interactions/correspondence with you, details of your transactions.

Sensitive personal data including but not limited to the following: religious belief, sexual orientation. (We will only collect this with your explicit consent, or where the processing is specifically authorised by a regulatory body, or required by law/legal process.)

If you give us personal data about someone else you should have a lawful basis for doing so, eg you have their consent to share personal data with us. Where applicable, you should ensure that they read this Privacy Notice and understand how we will use and disclosure their information, in the ways described in this Privacy Notice.

How We May Use Your Personal Data

We may disclose certain personal data as follows:


To Courts, tribunals, mediators, governmental and non-governmental agencies, regulators and ombudsmen.


To law enforcement agencies.


To any relevant third party in the course of an acquisition, sale, transfer, re-organisation or merger of parts of our business or our assets.


To any relevant third party in the course of an acquisition, sale, transfer, re-organisation or merger of parts of our business or our assets.


In the course of conveyancing we follow the Law Society Protocol which encourages communication with all parties involved including but not limited to estate agents, mortgage brokers; conveyancing practitioners; HMRC and the Land Registry and other statutory bodies.


In the course of probate we will need to will need to contact many third parties who will need to have relevant personal data (eg but not limited to) banks or other financial institutions; utility companies; the press; financial advisors; estate agents; the Probate Registry; HMRC; the Land Registry; other solicitors; charities; beneficiaries and a range of third parties in particular to assist in the administration of an estate.


In the course of contentious matters we follow the procedure prescribed by the court or in various protocols. Invariably this requires disclosure of relevant personal data which can include sensitive data. Examples of this include in Family cases where a range of personal data and at times sensitive personal data will need to be given to the court; CAFCASS; CYPS; exchanged or provided to the other party/ parties (occasionally including medical records in certain cases); in Employment cases similarly personal data will need to be shared with the court and other party/parties to the case and on occasion this can include sensitive personal data; in Civil Litigation cases (eg personal injury claims), personal data and at times sensitive data will need to be disclosed to the other party/parties as part of pre action protocol; at mediation/ADR; and certainly within the course of court proceedings. Frequently in all such cases experts may be used and will need relevant personal data in order to prepare their report/s.


As required or permitted by law or regulation, where we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property or safety of Pengillys LLP, our clients or others.


To credit reference agencies (CRAs).


To fraud prevention agencies (FPAs).

You may ask us for details of the CRAs and FPAs which we have used for your searches. If there are any errors in the information we hold about you, please tell us so that we can correct information we hold about you.


As part of our Lexcel accreditation and professional auditing process generally, your file may be selected for inspection. We understand that you consent to this unless you have informed us to the contrary.

Transfer of Personal Data Outside the European Economic Area (EEA)

We may transfer your personal data to recipients who may carry out services on our behalf, or in accordance with your request, or to fulfil your instructions, located in countries outside of the EEA. If we transfer your personal data to such a country, we will take all necessary steps to ensure your data is protected to an equivalent standard as within the EEA.

Your Rights

You have a right to:


Request access to your data and information, and about how it is being used.


Request rectification or erasure of your personal data.


Request restriction of processing or to object to the processing of your personal data.


Request data portability, ie to request the transfer of personal data from one data controller to another.

If you wish to exercise any of these rights or withdraw consent to use your personal data, you should contact the IT Principal as described below. You also have the right to lodge a complaint about the processing of your personal data with your local Data Protection Supervisory Authority (in the UK the Information Commissioner’s Office).


We may contact you periodically to provide information regarding events, products, services and content that may be of interest to you, and to invite you to participate in market research.

If applicable law requires we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent. Where this information is provided electronically we may track your response, eg with which e-mails you open.

If you wish to stop receiving marketing or marketing research communications from Pengillys LLP, please simply inform the person with conduct of your case, or contact the IT Principal as described below.

Security and Data Retention

We will take steps to protect your personal data against loss or theft, as well as from unauthorised access, disclosure, copying, use or modification, regardless of the format in which it is held. Subject at all times to applicable laws, we will retain your personal data for a period of at least seven years from the end of the relationship to enable us to fulfil our record keeping and professional obligations.

Prospective Clients

Please contact the IT Principal using the details below for further information regarding data retention periods.
Changes to this Privacy Notice

We may revise or supplement our Privacy Notice from time to time to reflect, for example, any changes in our business, law, markets, or the introduction of any new technology.

Enquiries, Requests or Concerns

All enquiries, requests or concerns regarding this Notice or relating to the processing of personal data should be sent to the IT Principal, Pengillys LLP, 67 St Thomas Street, Weymouth, Dorset, DT4 8HB, or e-mail

Make an enquiry