Privacy Policy

  • Home
  • >
  • Privacy Policy

ANDREW & ANDREW Solicitors Limited (“ANDREW & ANDREW”, “we”, “us”) respects the privacy and legal rights of the individuals and organisations we deal with.

This Privacy Notice (“the Notice”) provides information about how we collect and use data from you when you visit our website and the persons and organisations we deal with when providing services and administering our business.


This Privacy Notice and our Website Terms & Conditions and any other documents referred to in it explains how we use the personal data we collect from or about you or which you provide to us.

You can access our website without giving us your personal information. However, you may choose to provide us with your personal information on some pages of the website, for instance by completing the contact us form. By submitting your personal information, you consent to our use of the information as set out in this privacy policy. If you or your organisation is one of our clients, further information will be found in our engagement letter.


For the purpose of the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulation (Regulation (EU) 2016/679) (“the GDPR – Effictive May 2018”), the data controller in respect of any personal data controlled by the firm is ANDREW & ANDREW Solicitors Limited. ANDREW & ANDREW solicitors are a limited company under the laws of England and Wales, registered under number OC333290.  Our registered address is Atlantic House, 114 Kingston Crescent, North End, Portsmouth, Hampshire, PO2 8AL.

We are authorised and regulated by the Solicitors Regulation Authority (registered number 622293) and are subject to the Solicitors’ Code of Conduct 2011 (“Code”).


Our website and services are not aimed specifically at children because in legal work, children are generally represented by their parents or guardians. If you are a child and need further advice or explanation about how we would use your data, please email


When we refer to “personal data” in this notice, we are referring to information about living individuals which, alone or in conjunction with other information held by us, is capable of identifying them.  The DPA and the GDPR regulate our use of your personal data.

In dealing with clients, other legal professionals and other parties in the course of our business, we generally collect personal data consisting of names, physical and electronic addresses and telephone numbers.

We may obtain personal data from you when you contact us or visit our offices, including when you call us, contact us via our website, or when you or your organisation contacts us using any means of communication. This includes personal data you provide to us when you:

  • Contact us with a question or enquiry;
  • Contact us or authorise anyone to contact us about employment with ANDREW & ANDREW;
  • Deal with us when we are providing services to one of our clients;

We may also collect and retain client data:

  • When obtained from public sources about you or your organisation;
  • When obtained from third parties, who may include our clients, legal and accountancy professionals and their firms, insolvency practitioners, courts, professional regulators, public bodies, and other entities, including credit reference agencies and providers of analysis, screening and database services who have a right to disclose this information to us; and
  • Relating to whether our contacts read electronic correspondence from us or click on links we send them.


We can use any personal data we obtain for a number of purposes, as set out below.  We will not retain personal data for longer than is necessary for the purpose or purposes for which we use it.  We may of course hold the same pieces of personal data and use them for multiple purposes.   If you or your organisation are a client of ANDREW & ANDREW.

  • To provide you or your organisation or our clients with information or services (we will keep this until you tell us to remove your personal data from our records for these purposes, or until we have reason to believe that you may no longer have any need for this information and our services);
  • To perform a contract with the person about whom we hold data (we will keep your data for so long as is necessary for the contract and then as required for legal and compliance purposes);
  • Deal with us in order to provide us with goods or services.
  • To deal with enquiries or requests or to contact people on behalf of our clients (we’ll keep your data for so long as is necessary to deal with the enquiry or request);
  • To protect or pursue ANDREW & ANDREW’s legitimate interests or those of our clients, the courts or anyone else we provide personal data to, after taking into account the legitimate interests of the person the data is about;
  • To conduct data analysis, matching and screening techniques and services – more information about this is set out below;
  • To comply with the law – for example, when performing background, know-your-client (customer) or money laundering checks (we’ll keep your data for so long as is necessary to document our compliance with the law and our regulator’s requirements);
  • To protect the personal and organisational security and the financial resources of our firm and our clients (we’ll keep your data for so long as we reasonably think necessary to protect those interests);
  • To assess the financial resources of an individual or organisation in relation to legal rights, claims and defences as part of our work as legal professionals (we’ll keep your data for so long as is necessary to make those assessments, to conduct legal proceedings and then to document to our clients, courts and regulators that we’ve complied with our legal and regulatory obligations to them);
  • To promote the services, we provide and obtain new business (we’ll keep your data unless you ask us to remove it from our records or we decide you’re not likely to be interested in our services);
  • To promote the administration of justice, comply with the Code and comply with our solicitors’ duties as officers of the court (we’ll keep your data for so long as is necessary to achieve this – in some cases this may be up to 10 years); and
  • In any other way which we consider necessary and appropriate in order to conduct our business as a law firm, including to fulfil our professional, regulatory and legal obligations to our clients, the courts or other persons (we’ll keep your data for as long as we need to in order to achieve this, but for no longer than is necessary).
  • To pay our debts (we’ll keep your data until we’ve paid our debts and then as necessary for our tax affairs and to prove we’ve made the payment – this may be up to 6 years);
  • Make a complaint;

As a business, we want to better understand current and prospective clients and people we do business with in order to communicate more effectively, provide better services and increase our efficiency.  To do this, we may from time to time use data analysis, screening and matching techniques, either internally or in conjunction with independent contractors and service providers who process personal data for us.  Contractors and service providers who process personal data on our behalf may provide us from time to time with additional, matching or supplementary data (where they have a legal right to do so), including personal data, about persons we already have some information on.

This may mean, for example, that from time to time we use internal or external resources to obtain additional contact information about individuals which they have not shared with us; estimate the financial resources of our contacts; or profile contacts on the basis of geographic, financial or biographical information, affiliations or interests to estimate how likely they are to be interested in particular services.

We don’t currently use any of these analysis, screening and matching techniques, but if we do we’ll provide this information in an updated notice.

Where we have obtained personal data for any of the purposes set out in this notice, we may use it in connection with data analysis, screening and matching for the specific purposes set out in the paragraphs above, but also for any of the other purposes set out in this notice.  This does not affect your legal right to object to the use of your data for direct marketing purposes.


We may provide access to your personal data to our employees, contractors, agents and to our clients and their employees, contractors and agents.

Where we supply personal data to our employees, contractors and agents, this will be for the performance of their duties or contractual responsibilities to us and to be used only in a manner which isn’t incompatible with the purposes for which we obtained it.

We have a data protection regime in place to oversee the effective and secure processing of your personal data. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.

Generally, we will only use your information within ANDREW & ANDREW Solicitors. However, there may be circumstances, in carrying out your legal work, where we may need to disclose some information to third parties; for example:

  • HM Land Registry to register a property
  • HM Revenue & Customs; e.g. for Stamp Duty Liability
  • Court or Tribunal
  • Solicitors acting on the other side
  • Asking an independent Barrister or Counsel for advice; or to represent you
  • Non-legal experts to obtain advice or assistance
  • Translation Agencies
  • Contracted Suppliers
  • External auditors or our Regulator; e.g. Lexcel, SRA, ICO etc.
  • Bank or Building Society; or other financial institutions
  • Insurance Companies
  • Providers of identity verification
  • Any disclosure required by law or regulation; such as the prevention of financial crime and terrorism
  • If there is an emergency and we think you or others are at risk

In the event any of your information is shared with the aforementioned third parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so.

There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.

As a matter of necessity or convenience, where we share data for the above reasons, we may transfer it to countries or territories outside the European Economic Area (EEA).  We do not currently make these transfers but may do so when this is necessary to provide services (for example, a client, or a party in relation to whom we are conducting proceedings or dealing with, or an asset that is the subject of legal proceedings is located outside the EEA) or to obtain goods and services from third parties.

Where you give us your personal data, you consent to the transfer of such personal data out of the EEA and acknowledge that this may involve the transfer of personal data to a country or territory which may not be deemed by the European Commission or the European Courts to provide an adequate level of protection for your rights and freedoms as a data subject, however we will advise you further on this should this occasion arise.


We may automatically collect the following information, which may or may not be personal data, on anyone visiting the website:

  • IP addresses (static or dynamic) and other technical information relating to the virtual or physical location of a visitor and their means of access;
  • How visitors use the website, including dates and times and any details of how and for what duration particular resources are viewed or used; and
  • Click data, including where users navigate to our site to and from and any searches you have made on or relating to our site.

We will use this data to:

  • run our website and ensure it works properly;
  • maintain the site’s security and that of our visitors


An HTTP cookie is a piece of data sent on behalf of a website (such as ANDREW & ANDREW’s website) and stored on the user’s computer by the user’s web browser while the user is browsing

We may use third-party analysis services which use cookies to collect information on site usage and behaviour patterns.  We do this to find out things such as the number of visitors to the various parts of our website and improve it.  We may also share website usage data with service providers for benchmarking and site rating purposes.

We don’t use cookies in a way which allows ANDREW & ANDREW to identify site users.

You can block cookies via your web browser and can screen out certain cookies using browser add-ons or other software.  This may prevent you from accessing all of our website.


We do not currently undertake direct marketing, however should we decide that the practice will commence with this, we will write to you and ask your permission to send you specific notices that may be of interest to you.

We appreciate that you may decide that you don’t want us to use your personal data in this way and we will respect your choice.  We also have a legal obligation under the GDPR to stop sending you marketing communications if you object, so if you don’t want us to use your personal data in this way, just let us know.  We suggest sending an e-mail to us at or writing to us care of:

The Data Protection Officer
ANDREW & ANDREW Solicitors Limited
Atlantic House

114 Kingston Crescent

North End




Under the DPA, you have the following rights in relation to your own personal data:

  • to prevent us using your data for direct marketing;
  • to have (in certain circumstances) inaccurate personal data corrected, blocked or destroyed;
  • to access a copy of the information comprised in your personal data that is undergoing processing (this is called “subject access rights” or “SAR”);
  • to object to automated decisions (ANDREW & ANDREW do not, however, use automated decision making);
  • to obtain compensation through legal proceedings for damage caused by a breach of the DPA; and
  • a right to object to processing that is likely to cause or is causing damage or distress.

If you want to tell us to stop using your data for direct marketing; exercise your subject access rights; tell us about inaccurate personal data you think we hold on you; or object to a use you believe we’re making of your data which is causing, or is likely to cause, damage or distress, please contact ANDREW & ANDREW’s Data Protection Officer or write to us at this address:

The Data Protection Officer
ANDREW & ANDREW Solicitors Limited
Atlantic House

114 Kingston Crescent

North End




We will not charge you to exercise your subject access rights (SAR) but may make charge a reasonable fee reflecting our administrative costs should you request further copies of the personal data.  When you contact us to exercise any of the above rights, we will first ensure that the person requesting the data is the person whose data is being sought (or that it is being requested on that person’s behalf).  This may involve providing us with proof of your identity or your authority to act for the data subject.  We can also ask you for any information we need to help us find the personal data you’re enquiring about.
We will also provide you with the following information relating to your personal data:

  • the purpose for which we’re processing it;
  • what categories of data about you we process;
  • the recipients of your data, if any, including specifically international or foreign organisations;
  • our expected retention period or how we’ll calculate this, if we don’t know yet;
  • your rights in relation to the data; and
  • the source of the data, if we didn’t get it from you.


Our website may contain links to other websites operated by other people or organisations.  If you use these links, you should note that these sites will not operate as set out in this notice and that ANDREW & ANDREW have no responsibility or liability for how they are operated or what data they may collect on their visitors.  Should you have any doubt on these links, please contact the company involved.


Please do get in touch if you have any questions or complaints about our website or what’s in this notice, or if you believe we’ve done something which may violate your rights under the DPA and GDPR or any related law. Where you have concerns regarding our use of your personal data or wish to complain about it, you also have the right to contact the ICO (information Commissioners Office).