Privacy Policy

We are committed to protecting the privacy and security of your personal information.

Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

When we use your personal data we are regulated under the General Data Protection Regulation (“GDPR”) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal data for the purposes of the GDPR. Our use of your personal data is subject to your instructions, the GDPR, other relevant UK and EU legislation and our professional duty of confidentiality.


Please familiarise yourself with the following key terms

We, us, our, Elmwoods Law & Mediation

Jonathon Stokes Limited trading as Elmwoods Law & Mediation incorporated and registered in England and Wales with registered number 10664841 whose registered office is at 206 Maling Exchange Hoults Yard, Walker Road, Newcastle Upon Tyne, England, NE6 2HL

Our data protection officer

Angela Curran

Personal data

Any information relating to an identified or identifiable individual

Special category personal data

Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, data concerning health, sexual orientation, or details of criminal offences


The table below sets out the personal data we will or may collect in the course of advising and/or acting for you.

Personal data we will collect

Personal data we may collect depending on why you have instructed or contacted us

Your name, address and telephone number Information to enable us to check and verify your identity and to comply with our anti–money laundering obligations e.g. your date of birth or passport details

Electronic contact details e.g. your email address and mobile phone number

Information relating to the matter in which you are seeking our advice or representation

Information to enable us to undertake a credit or other financial checks on you

Your financial details so far as relevant to your instructions e.g. the source of your funds if you are instructing on a purchase transaction or to enable us to comply with our anti-money laundering and other obligations

Your National Insurance and tax details

Your bank and/or building society details

Details of your spouse/partner, dependants or other family members, and beneficiaries or trustees e.g. if you instruct us on a family matter or a Will or other matters requiring these details

Your employment status and details including salary and benefits e.g. if you instruct us on matter in which your employment status or income is relevant

Your nationality and immigration status and information from related documents, such as your passport or other identification, and immigration information e.g. if this information is required as part of our anti-money laundering checks

Details of your pension arrangements e.g. if you instruct us in relation to financial arrangements following breakdown of a relationship, Wills/administration of Estates and other matters where such information is relevant

Your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances (including relevant special category personal data) e.g. if you instruct us on matter related to your employment or in which your employment records are relevant or if we are acting for you in a clinical negligence or personal injury claim to calculate loss

Your trade union membership e.g. if we are acting for you in a clinical negligence or personal injury claim and we need to determine what funding is required

Your medical records e.g. if we are acting for you in a clinical negligence or personal injury claim or in certain circumstances where our family team are acting for you or if we need to establish whether a client has capacity

Your criminal records e.g. if our crime team are acting for you or if it is otherwise relevant to your instructions

Information about your use of our IT, communication and other systems, and other monitoring information e.g. if using our secure online client portal, or when you visit our website

Details of your professional online presence e.g. LinkedIn profile

Information relating to details of your visits to our premises including CCTV footage


We will collect most of the above information from you. The circumstances in which we may collect personal data about you include:

  • when you or your organisation seek legal advice from us or use any of our online client services;
  • when you correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us;
  • when you or your organisation browse, complete a form or make an enquiry or otherwise interact on our website or other online platforms;
  • when you or your organisation offer to provide, or provides, services to us; and
  • when you attend our seminars or other events or sign up to receive personal data from us, including training.

We may also collect information:

  • from publicly accessible sources e.g. Companies House or HM Land Registry;
  • directly from a third party e.g.:
– sanctions screening providers;
– credit reference agencies; and
– agencies providing online identity / money laundering checks.
  • from a third party e.g.:
– your bank or building society, another financial institution or advisor;
– consultants and other professionals we may engage in relation to your matter;
– your employer and/or trade union, professional body or pension administrators; and
– your doctors, medical and occupational health professionals;
  • via our website—we use cookies on our website (for more information on cookies, please see our cookies policy at the end of this privacy notice);
  • via our information technology (“IT”) systems e.g.:

– case management, document management and time recording systems; or
– automated monitoring of our websites and other technical systems, such as our computer networks and connections, communications and email systems.



Should you provide information to us about any person other than yourself, such as your employees, your suppliers, or your counterparties you must ensure that such third parties have been informed and understand how their personal data will be used and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.



We may use your personal data only for the following purposes:

  • to register you as a client of Elmwoods Law & Mediation and provide legal services to you;
  • to administer our relationship with you, including processing payments, accounting, auditing, billing and taking other steps linked to the performance of our business relationship;
  • to carry out background checks, where permitted;
  • compliance with our legal obligations, including maintaining records, compliance checks or screening and recording (e.g. anti-money laundering, financial and credit checks, fraud and crime prevention and detection, which may include automated checks of personal data you provide about your identity against relevant databases);
  • gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies including external audits and quality checks for Lexcel or ISO and the audit of our accounts;
  • to analyse and improve our services and communications and to ensure business policies are adhered to e.g. policies covering security and internet use;
  • to manage access to our premises and for security purposes;
  • to protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
  • for credit reference checks via external credit reference agencies;
  • for insurance purposes;
  • to exercise or defend our legal rights, or to comply with court orders;
  • for any other purposes related and/or ancillary to any of the above or any other purposes for which your personal data was provided to us;
  • for statistical analysis to help us manage our practice e.g. in relation to our financial performance, client base, work type or other efficiency measures;
  • to communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our, events and initiatives;
  • to send you details of client surveys and marketing campaigns; and
  • to collect information about your marketing preferences to personalise and improve the quality of our communications with you.

Under data protection law, we can only use your personal data if we have a reason for doing so. We may process your personal data in connection with any of the purposes set out above on one or more of the following legal grounds:

  • for the performance of our contract with you or to take steps at your request before entering into a contract;
  • to comply with our legal and regulatory obligations;
  • because our legitimate interests, or those of a third party recipient of your personal data, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms;
  • where you have given consent; or
  • in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings.

Please note a legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.



Where we are required by law to collect personal data or in order to perform a contract we have with you or process your instructions and you fail to provide such information when requested, we may be unable to process your instructions or perform the contract we have with you. If so, it may be necessary for us to cancel the contract you have with us. We will, however, notify you of this at the relevant time.



We may use your personal data to send you updates (by email, telephone or post) about legal developments that might be of interest to you and/or information about our services, including seminars or new services or products.

We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.

We will always treat your personal data with the utmost respect.

You have the right to opt out of receiving promotional communications at any time or to update your marketing preferences by:

  • contacting us by e-mailing Angela Curran or
  • using the ‘unsubscribe’ link in emails.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.



We routinely share personal data with:

  • professional advisers whom we instruct on your behalf or to whom we refer you or from whom you have been referred to us e.g. counsel, medical professionals, accountants, tax advisors, agents or other experts;
  • local and national law enforcement officials and the Court;
  • other third parties where necessary to carry out your instructions, e.g. your mortgage provider or HM Land Registry in the case of a property transaction or Companies House;
  • the Office of the Public Guardian;
  • the Inland Revenue Service;
  • credit reference agencies and with companies providing services for money laundering and terrorist financing checks and other fraud and crime prevention purposes;
  • our insurers and brokers;
  • external auditors and regulatory bodies, e.g. in relation to our ISO, Lexcel or Conveyancing Quality Scheme accreditations;
  • our auditors;
  • our bank; and
  • external service suppliers, representatives and agents that we use to make our business more efficient including providers of IT services, PR agencies, offsite storage of computer data, maintenance of office machines, telephone and call recording services, photocopying, storage of completed files and shredding of confidential documents.

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.



Information may be held at our offices, with third party agencies or with service providers as described above (see ‘Who we share your personal data with’).

Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal data when this occurs, see below: ‘Transferring your personal data out of the EEA’.



We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. We will keep your personal data after we have finished advising or acting for you. We will do so for one of these reasons:

  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to show that we treated you fairly; and/or
  • for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

If you want to learn more about our specific retention periods for your personal data established in our retention policy you may contact Angela Curran

When it is no longer necessary to retain your personal data, we will delete or anonymise it.



To deliver services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA) e.g.:

  • with service providers or advisers located outside the EEA;
  • if you are based outside the EEA; or
  • where there is an international dimension to the matter in which we are advising you.

These transfers are subject to special rules under European and UK data protection law.

Generally, these non-EEA countries do not have the same data protection laws as the United Kingdom and the EEA. We will, however, ensure the transfer complies with data protection law and all personal data will be secure. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal information, such as European Commission approved standard contractual clauses or if the recipient is part of the “Privacy Shield” which requires them to provide similar protection to personal data shared between the Europe and the US.

If you would like further information please contact our Data Protection Officer (see ‘How to contact us’ below).


The right to be provided with a copy of your personal data


The right to require us to correct any mistakes in your personal data

To be forgotten

The right to require us to delete your personal data—in certain situations

Restriction of processing

The right to require us to restrict processing of your personal data—in certain circumstances e.g. if you contest the accuracy of the data

Data portability

The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party

To object

The right to object: — at any time to your personal data being processed for direct marketing; — in certain other situations to our continued processing of your personal data e.g. processing carried out for the purpose of our legitimate interests.

If you would like to exercise any of those rights, please:

  • email, call or write to our Data Protection Officer—see below: ‘How to contact us’; and
  • let us have enough information to identify you (e.g. your full name, address and client or matter reference number);
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
  • let us know what right you want to exercise and the information to which your request relates.



If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent. If you wish to do so, please contact us or “unsubscribe” to any marketing e-mail we send to you, where relevant.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.  Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our legal services.



We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.



We are committed to maintaining the accuracy of the personal data we process. If any of the personal data that you have provided to us changes or if you become aware that we are processing inaccurate personal data about you, please get in touch.  We will not be responsible for any losses arising from any inaccurate or incomplete personal data provided to us by you.



We hope that we can resolve any query or concern you may raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at or telephone: 0303 123 1113.



This privacy notice was published on 18th January 2021.

We may change this privacy notice from time to time.


Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.  You can read more about our cookie policy here

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.


Please contact us if you have any questions about our privacy policy or information we hold about you.