General Privacy Policy for Clients and Potential Clients

Kitson & Trotman takes your privacy and looking after your personal information very seriously. We are committed to handling confidential information securely and appropriately.We ask that you read this Privacy Notice carefully as it tells you what to expect when you make contact with us; use one of our services; work for us or provide the firm with services.  It explains the rights you have in law in relation to your personal information and how you can exercise those rights and deal with any failures.


  1. Important information and who we are
  2. Why we need your data
  3. Obtaining data about you
  4. How we may use your data
  5. Sharing your data with others
  6. Using your data for marketing
  7. Keeping hold of your data and documents
  8. Safeguarding your data
  9. Your legal rights


  1. Definitions
  2. Types of data we might collect
  3. Outside sources which might provide data about you
  4. Our legal bases for processing
  5. Examples where we might share your data with others
  6. Data retention: How to hold your data and documents
  7. Your legal rights

1. Important information and who we are

A. Purpose of this privacy notice

This privacy notice covers general matters, including our website, as we have privacy notices for each of our areas of business, namely: property (including residential, agricultural and commercial property) private client (wills, probate, trusts, power of attorney etc.), family matters including divorce and separation, dispute resolution and equine law matters. We also have specific privacy notices to cover specific relationships such as that we have with our staff or with service providers.

The specific notices may over-ride what is stated in this document but, ideally, the documents should be read together. If there are any queries or suspected errors, please let us know using the details below.

In this document we tell you how we will process1 data and information which identifies you (‘personal data2’) and how the law protects you and what you can do if something goes wrong.

1: ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

2: ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

B. Who we are and whom to contact about privacy matters

We are responsible, as data ‘controller’ of your personal data for the purposes of these laws (referred to as “Kitson Trotman”, “the Firm”, “we”, “us” or “our” in this privacy notice).
If you have any questions or wish to exercise any of your legal rights, please contact our Compliance Lead at Kitson & Trotman LLP, The Champions, Hogshill Street, Beaminster, Dorset DT8 3AN or email to or call 01308 480022

C. How your privacy is protected

Our use of your personal data is subject to your instructions, of course, and we are, also, regulated under

You are protected not just by these laws, however, but by our professional duty of confidentiality too. This means that all our dealings with you and any personal data we have about you is likely to be confidential (and may be the subject of legal professional privilege). Therefore, we can promise:

D. Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

E. Complaints about privacy

You have the right to complain to the Information Commissioner’s Office (ICO), the UK’s data protection regulator ( However, we would like to resolve complaints ourselves if possible, so please contact us in the first instance. Our Complaints policy is here

Return to top

2. Why we need your data

A. Principal purpose

The principal purpose of collecting, processing and holding your personal data is to allow us to provide you with legal services and other incidental services.

B. 'Legal basis' for processing

By law, we must have a good reason (‘legal basis’) to do this, which can be one or more of the following:

In addition, if we process special category3 data we must meet additional legal requirements as to the legal basis for the processing. See section 3B below.

3: Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation

C. Our 'legitimate interests'

A legitimate interest is where we have a business or commercial reason to use your data, such as for administrative purposes or to promote our services. However, we must not rely on this legal basis unfairly.

If we do rely on it for obtaining your personal data, we will tell you what our legitimate interest is so you can challenge it if you think our use is unfair or unreasonable. Always let us know if you have any concerns or queries about how we are using your personal data.

D. If you withhold data or consent.

Much of the data we ask for is needed to carry out the work you have asked us to do or to meet our legal/ regulatory obligations, so it is likely we will be unable to continue working for you if you do not provide it. If so, we will tell you at the time.

In general, we do not rely on obtaining your consent as the legal basis for collecting and processing your personal data. If we do, we will make clear that we are seeking your consent, which you will be entitled to withdraw at any time. Do remember that if you do, however, this decision may restrict what we are able to do for you.

Return to top

3. Obtaining data about you

A. What data do we collect?

We may collect, use, store and transfer different kinds of personal data about you. Further details can be found in Appendix 2 including our use of Cookies on our website.

We also collect and use anonymous data about clients and potential clients for a variety of purposes. This may be derived from your personal data but is not considered personal data in law as it does not reveal your identity. If, however, we combine this with other data about you so that you can be identified (directly or indirectly), then the combined data will be personal data, which we will use in line with this privacy notice.

B. Particularly sensitive data

We may collect and process data which is treated in law as ‘special category data’ (that is, it is particularly sensitive). If relevant to work we are doing for you, this may include the following:

The law says that we need to have further justification for handling this type of data. Of the ten permitted reasons, the ones on which we will most commonly rely (if need be) will be these:

Similar provisions apply in law to criminal offence data (details of criminal proceedings, actual/alleged offences, and outcomes/sentences). We have to have specific legal authority to handle such data.

C. Sources of data on you

Most of the personal data we obtain about you will come from direct interactions between us, such as:

However, we may need to obtain information about you from outside sources (including but not limited to public ones). A list of examples of such sources is provided in Appendix 3.

Return to top

4. How we may use your data

A. Legal basis for processing your data

See Appendix 4 for details of all the ways in which we may use your data, which permitted legal reasons we have for doing so, and what legitimate interests we may have for processing.

Note that we may process your data for a variety of purposes. If you wish to know which legal basis we are relying on in any particular circumstances, please ask.

B. Change of purpose

We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If you would like us to explain how we have arrived at such a decision, please ask. If we need to use your data for an unrelated purpose, we will tell you and explain the legal basis for this.

Please note that we may process your data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Return to top

5. Sharing your data with others

A. Why this may be necessary

We only share your data with others in the following circumstances:

We would also need to share your data in the unlikely event that the ‘data controller’ changes. Such a situation would arise if we decided to sell, transfer, or merge parts of our business, or if we acquired/ merged with another business. If this happened, the new owner/organisation would become the ‘data controller’ in law and would be able to use your data in the same way as set out in this document.

B. Categories of people and organisations with whom we may share your data

Please see Appendix 5 for a list of examples of the types of people and organisations with whom we may share your personal data if necessary.

C. Safeguards

If we have to share your data with external organisations, they will be required to keep it confidential and to treat it in accordance with the law. Unless they are a ‘data controller’ in their own right, they are not allowed to use your data for their own purposes – in particular for marketing – but only in accordance with our instructions and for specified purposes. Examples of others who might be a ‘data controller’ themselves would be a law enforcement agency or a professional such as a barrister or other expert who will normally provide you with their own privacy notice.

D. If you wish to object

If you do not wish us to share your data with a particular organisation or individual(s), please tell us (in writing). We will respect your wishes unless our legal obligations prevent us from doing so, but this may limit the work we can do for you.

E. Electronic identity checks and other checks to prevent/detect crime

In order to comply with the law on money laundering, terrorist financing, and the proceeds of crime, we have to obtain certain information about you in order to:

In doing this, we may need to share your data with companies providing electronic ID verification services. We may also consult public sources of data on you. See Appendix 5 for further details.

F. Sharing your data with law enforcement agencies

In the unlikely event that anything you ask us to do leads us to suspect criminality, we may have to inform law enforcement agencies and pass to them personal data we have about you. An example of this would be the National Crime Agency, to whom we are obliged to report any knowledge or suspicion of money laundering or terrorist financing. Further details about this can be found in Appendix 5.

G. Credit checks on you

We may carry out a credit check on you or your business(es) (using a Credit Reference Agency). Further details about this can be found in Appendix 5.

Return to top

6. Using your data for marketing

We may send you marketing information of news about events from time to time. However, we will apply the principles below when doing so and you can always tell us to stop (see D below).

A. Marketing where it is in your best interests

B. Other ethical marketing to you

C. Marketing products, services and events not provided by us

D. Saying no to marketing

Return to top

7. Keeping hold of your data and documents

Data and documents which you give us will be held in both electronic and paper form. Unless you are advised otherwise, anything held electronically will be stored either in the UK or somewhere within the European Economic Area (EEA (or other places which the EU has decided provide adequate protection to such data). The key points about our approach to holding data and documents for you are set out below. Further details of our policies on this can be found in Appendix 6.

A. Important documents/papers

B. Work files and other records containing your data

C. Charging for storage, retrieval and destruction

Return to top

8. Safeguarding your data

As required by law, we take appropriate technical and organisational measures to keep your data secure, such that it is not accessed, altered, used or disclosed in an unauthorised way, or lost. Despite these measures these risks can never be eliminated entirely– in particular when we are communicating with you electronically.

A. Where you choose to share our communications to you with others

Any communication from us to you is meant for you only, and if you choose to share it with anyone else, you may lose the legal professional privilege that normally protects communications between you and us.

 B. Risks of email and other unencrypted forms of communication

C. Security breaches

In the event of a breach of security which could affect your data, the law and our professional obligations require us to consider the possible impact on you and tell you if there is a significant risk to your privacy. We also have obligations to tell the ICO and Solicitors’ Regulation Authority about security breaches unless the risk to your privacy is minimal.

D. Transfers of your data overseas

It may be necessary to transfer your data overseas e.g. if the website storage of a person we deal with on your behalf stores information overseas. If so, we will make reasonable efforts to ensure it is only stored within the European Economic Area (EEA) or places where the EU has said that the data protection standard is adequate. Such transfers will be made in full compliance with data protection law.

Return to top

9. Your legal rights

The law on data protection is designed to put you in control of your data, and as such the following rights will apply (in addition to your overall right to be informed about how we process your personal data):

Further information on these rights is provided in Appendix 7.

If you wish to exercise any of these rights, please contact our Compliance Lead (whose address is provided in section 1). We will usually process your request (which must be in writing and include proof of your identity) without charge and within 30 days. We are allowed by law, however, to charge a reasonable administration fee and extend the timescale by up to two months in some cases such as where your request is very complex.

Return to top


1. Definitions

Abbreviations used:

Return to top

2. Types of data we might collect

Return to top

3. Outside sources which might provide data about you

Persons/organisations directly involved in the work you ask us to do, such as:

Organisations with which we work in order to run our business, such as:

Return to top

4. Our legal bases for processing

We have set out in the table below a description of all the ways in which we may use your personal data and which reasons allowed in law we have for doing so. The table also shows what our legitimate interests for processing are (where appropriate).

How we will use your informationTypes of dataLegal basis for processing (including what our legitimate interest is, if any)
1. To record you as a client/potential client.
  • Identity
  • Contact
  • Fulfilling a contract with you.

2. To carry out your instructions and deliver the work you ask us to do, including:

a. Providing advice tailored to your circumstances;
b. Instructing professionals/others to act for you;
c. Introducing you to others who can help you to achieve what you want;
d. Obtaining data about you from others;
e. Managing on your behalf any payments and fees you have to pay;
f. Collecting money owed to you;
g. Bringing/defending legal claims for you;
h. Liaising with official bodies on your behalf (such as courts, tribunals, registries, government bodies, tax authorities);
i. Identifying and managing risks for you which come to light.

  • Identity
  • Contact
  • Financial/tax
  • Business
  • Transaction/usage
  • Marketing & profile
  • Fulfilling a contract with you.
  • To comply with any legal requirements which apply to us
3. To manage our relationship with you or your business, including:
a. Asking you to provide feedback;
b. Responding to complaints and seeking to resolve them;
c. Notifying you about relevant changes to the way in which we work (such as who is involved in your work, our basis of charging, and our terms of business;
d. Collecting any money you owe us. 
  • Identity
  • Contact
  • Profile
  • Marketing & profile
  • Fulfilling a contract with you.
  • To comply with a legal obligation.
  • In our legitimate interests (to recover money owed to us).
  • In our legitimate interests (to keep our records updated and to study how clients use our products/services).
4. To run our business properly and efficiently, including:
a. Maintaining accounts and records;
b. Managing risk for our business;
c. Managing our financial position and business capability;
d. Business planning;
e. Corporate governance and audit;
f. To obey applicable laws/regulations;
g. Communications & training;
h. Meeting our equality, diversity and environmental aims. 
  • Identity
  • Contact
  • Technical
  • In our legitimate interests (for running our business).
  • To comply with the law and regulations which apply to us.
5. To tell you about relevant products/services:
a. Suggest  other products/services that you may need (to manage risk for you) or may be of interest to you;
b. Tell you about events we are running or sponsoring such as the Melplash Show;
c. Provide advice or guidance about our products/services and those of other organisations (where relevant);
d. Otherwise carry out marketing activities to promote our services. 
  • Identity
  • Contact
  • Usage
  • Marketing & profile
  • Fulfilling a contract with you.
  • To comply with our professional obligation to act in your best interests.
  • In our legitimate interests (to grow our business and develop our products/services).
6.To prevent/detect financial crime, such as:
a. Money laundering;
b. Terrorist financing;
c. Property & mortgage fraud;
d. Tax evasion;
e. Financial sanctions. 
  • Identity
  • Contact
  • Financial/tax
  • Business
  • Transaction/usage 
  •  To comply with the law and regulations which apply to us.

7. To improve our business by:
a. Developing our own products/services and the way we deliver then;
b. Managing how we work with other organisations that provide products/services that our clients need;
c. Developing new ways to meet our clients' needs and to grow our business. 

  • Identity
  • Contact
  • Business
  • Transaction/usage 
  • Marketing & profile
  • In our legitimate interests (to develop products and services, and what we charge for them). 

Return to top

5. Examples where we might share your data with others

A. Categories of people and organisations with whom we may share your data

B. Electronic identity check and other checks to prevent/detect crime

a) Legal requirement to check your identity

To comply with the law on money laundering, terrorist financing, and the proceeds of crime, we need to obtain evidence of your identity. We do this when you first ask us to work for you and we will usually repeat the process for each piece of work you ask us to do in future.

b) Electronic checks on your identity

We will request ID documents from you but in many situations we will also carry out an electronic check on your identity, using an electronic verification provider (‘EV provider’). This will involve us sharing your personal data with the EV provider.

c) Other checks the law requires us to do

The law requires us to ask questions and obtain data/documents (from you, others or public sources) – as much as we reasonably need – to be able to do the following:

d) The data we will need

These are some of the kinds of personal data that we will need in order to confirm your identity:

Where you have asked us to assist you with a transaction, we will need to understand how you are funding it. This means we will need:

e) If we are unable to complete our checks

If we are unable to obtain all of the information we need (whether to prove your identity or carry out any of the other procedures required), we will not be able to work for you.

f) What we will do with the data we obtain

C. Sharing your data with law enforcement agencies

If we know or suspect that any legal work for you may involve money laundering, terrorist financing or a similar offence, we may be required by law to disclose your data to the National Crime Agency. Similarly if the work will breach UK or international sanctions, or involves fraud/other criminal offences, we may be required to tell other law enforcement agencies, who will then have access to your data. This is to support their duty to detect, investigate, prevent and prosecute crime. If this happens, we will not be able to tell you that we have told them and we may have to stop working for you without being able to say why.

D. Credit Reference Agencies (CRAs)

We may carry out a credit check on you or your business. If we do, we will share your data with the CRA and they will give us information about you. The data we exchange can include:

We will use this data to:

Other points to note:

Return to top

6. Data retention: how we hold your data and documents

A. Keeping important/original documents and papers

Apart from Wills, we usually return to you at the end of our work any important/original documents (such as title deeds and share certificates), unless you ask us to keep these for you.

If we agree to hold an important/original document for you, in some cases this may only be for a certain length of time (agreed in advance). In other cases, no such fixed period will be put in place, so we may end up holding the document for many years. If so, there will come a point when it is no longer appropriate for us to keep it, either because it is no longer valid, important or useful, or because we are no longer willing to store it. In such cases we will try to return it to you, but if we cannot, we may decide to destroy it. In reaching such a decision, we would take into account the date of the document, its contents, and any later documents, as well as your date of birth.

B. Keeping our work files and other records containing your personal information

We will keep our work files (and other records containing your data) only for as long as necessary after finishing our work. Normally this will be for at least 6 years (in case there is a query/complaint about the work and to comply with various laws). In some cases, we will keep it for much longer (such as for Wills). When we no longer need to retain a file (or other record containing your data), we will destroy it without telling you, so if there is anything in any of our files or records that you want to keep, please tell us (in writing) before we close the file/record and put it into storage.

C. Charging for storage and destruction

Where we agree to hold any important/original documents for you (such as title deeds, wills and share certificates), we may make a reasonable charge for storage, copying or retrieval. We will not make a charge, though, if the copying or retrieval is part of new work we have agreed to do for you.

For all other documents which we hold (on the files we create whilst doing your work), even though some of these may legally belong to you, we do not charge for their storage or destruction.

Return to top

7. Your legal rights

A. Right to information

When we collect personal information from you, or receive it from another source, you have the right to Information about how it will be used and how long it will be kept etc.  This information is set out in our Privacy Policy of which this table forms a part.  Let us know if you want any further details.

B. Right of Access (commonly known as a "data subject access request")

This enables you to obtain a copy of the data we hold about you and to check our processing is lawful and to be provided with information about the processing (in essence this information is very similar to the information given under the Right to Information.

C. Right to Rectification

This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

D. Right to Erasure (commonly known as 'right to be forgotten')

This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where:

a) You have withdrawn your consent to our processing of your personal data and there is no other legal basis for processing it;
b) you have successfully exercised your right to object to processing (see below);
c) we may have processed your information unlawfully;
d) we are required to erase your personal data to comply with the law.

Note that we may not always be able to comply with your request, such as where we need the information to complete the work we are doing for you, or to fulfil our legal/regulatory obligations, or to make or defend legal claims. If this is the case, we will tell you at the time of your request.

E. Right to Restriction of Processing

This enables you to ask us to stop (save for storage) or limit the processing of your personal data in any of the following cases:

a) If you want us to establish the data’s accuracy;
b) Where our use of the data is unlawful but you do not want us to erase it;
c) Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
d) You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Note that this right may not always apply but where it does not we will give you the reasons so you can challenge the decision by lodging a complaint with the with the Information Commissioner (ICO)

F. Right to Data Portability

This right applies in situations where you provided us with your personal data in a structured, commonly used and machine readable format e.g. in an excel spreadsheet and you wish to transfer your personal data from one IT environment to another.  It allows you to move, copy or transfer your personal data from one service to another.  Various rules apply to this right so let us know if you would like more information about exercising this right.

G. Right to Object to Processing

This applies in situations where we are relying on having a legitimate interest in processing your data, but where you feel it impacts on your fundamental rights and freedoms.

You also have the right to object where we are processing your personal data for direct marketing purposes.

Note that in some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. If you remain unhappy you have the right to lodge a complaint with the Information Commissioner (ICO)

H. Rights concerning Automated Individual Decision Making Including Profiling

You have the right not to be subject to decisions based solely on automated processing (including profiling) if such a decision produces legal or otherwise significant affects you. At present no decisions taken by Kitson Trotman would fall into this category.

This right will not apply where:

a) it is necessary for contractual reasons
b) It is lawful under UK or EU law providing suitable safeguards are in place
c) you have given your explicit consent

Where points a) and c) apply we must ensure that suitable safeguards are in place including the right to ask for a person to review the decision; to express your point of view and to contest the decision by lodging a complaint with the Information Commissioner (ICO)

I. Right to lodge a complaint

If you are unhappy about the way in which we have processed your personal information or dealt with any request to exercise your rights, please let us know and we will do our best to put things right.

If you remain unhappy you have the right to lodge a complaint with the Information Commissioner (ICO)

J. Other rights

You have a number of other rights including:

Return to top
The Champions
Beaminster, Dorset DT8 3AN
Mon-Thurs 9am - 5:30pm / Fri 9am - 5pm
t: 01308 862313
f: 01308 862033
9 Chancery Lane
Bridport, Dorset DT6 3PX
Mon-Thurs 9am - 5:30pm / Fri 9am - 5pm
t: 01308 427436
f: 01308 420335
57/58 Broad Street
Lyme Regis, Dorset DT7 3QF
Mon-Thurs 9am - 5:30pm / Fri 9am - 5pm
t: 01297 442580
f: 01297 444810
5 St Albans Chambers
St Alban Street, Weymouth, Dorset DT4 8PY
Mon-Thurs 9am - 5:30pm / Fri 9am - 5pm
t: 01305 341400
f: 01305 767644
e: /

Authorised and regulated by the Solicitors Regulation Authority (SRA number 634822)
Kitson & Trotman Est. 1756