Types of personal information we collect

We collect, use and store different types of personal information about you, which we have grouped together as follows:

Types of personal information


Identity Data

ID information including your name, marital status, title, date of birth and gender

Contact Data

Where you live and how to contact you

Financial Data

Your financial position, status and history, including bank details and credit rating

Transactional Data

Details about payments to and from you and other details about services you purchase from us and we purchase from you

Communications Data

What we learn about you from letters, emails and conversations between us

Publicly Available Data

Details about you that are publicly available, such as on Companies House or elsewhere on the internet

Consents Data

Any permissions, consents or preferences that you give us


How we use your information

The table below outlines how we use your personal information and our reasons. Where these reasons include legitimate interests, we explain what these legitimate interests are.

What we use your information for

Our reasons

Our legitimate interests

  • To receive the products or services you provide to us
  • Contractual performance
  • Legal obligation
  • Legitimate interests
  • For firm management
  • To maintain access and control records
  • For incident/breach reporting, management and investigation
  • To fulfil our contractual obligations
  • Contractual performance
  • Legitimate interests
  • To comply with our contractual obligations to you and your organisation
  • To properly manage the risks and liabilities associated with the contracts we are party to
  • To comply with laws and regulations that apply to us
  • To protect our reputation
  • To enforce the terms of our contract with you
  • Contractual performance
  • Legitimate interests
  • To ensure that we benefit from the terms of the contracts we have entered into and properly manage the risks and liabilities associated with them
  • For procurement purposes, including supplier due diligence, background checks and the assessing of tenders
  • To carry out credit checks
  • Legitimate interests
  • To carry out supplier due diligence
  • To ensure our contracts provide us with best value
  • To assess the financial worthiness and reliability of those with whom we deal
  • For financial administration, including calculating and managing payments, benchmarking, calculating fees and interest and collecting and recovering money that is owed to us
  • Contractual performance
  • Legitimate interests
  • Our legal duties
  • To meet our contractual obligations to you or your organisation
  • To ensure that we benefit from the terms of the contracts we have entered into and properly manage the risks and liabilities associated with them
  • To comply with laws and regulations that apply to us
  • To establish, enforce and defend legal claims
  • Legal claims
  • Legitimate interests
  • To comply with laws and regulations that apply to us
  • To respond to questions or complaints
  • To maintain records to evidence matters that may be in dispute
  • To manage our business properly
  • For corporate activity, such as a sale, transfer, merger or re-organisation of our business
  • Consent
  • Contractual performance
  • Legitimate interests
  • To manage our business efficiently and properly in accordance with normal business practices, legal requirements and to optimise its value for shareholders
  • To ensure that we run our business in accordance with good business principles and meet corporate governance, accounting and audit standards
  • For the prevention of crime and public safety, including through the use of CCTV
  • Legal obligation
  • Legitimate interests
  • To manage the risk of crime and safety for us, our employees and our clients
  • To develop and improve how we deal with crime
  • To report criminality or the suspicion of criminality for the wider benefit of society
  • To be efficient about how we fulfil our responsibilities generally


Where we collect your personal information from

We may collect personal information about you from the following sources:

  • Directly from you or the organisation for whom you work
  • Companies or individual that tell you about us
  • Publicly available resources, such as Companies House and Registers of Scotland
  • The internet and social networking sites such as LinkedIn
  • Third parties with whom we deal with during the course of carrying on our business
  • Market researchers
  • Intermediaries such as other professional firms who know you

Who we share your information with

We may share your personal information with the following third parties:

  • Agents and service providers that we use during the course of providing legal services, including Mimecast, Concep and 3GRC (who manage our supplier questionnaires)
  • Our professional advisors
  • Other suppliers to the firm
  • The police and other law enforcement agencies
  • Relevant regulators, including the Information Commissioner's Office in the event of a personal data breach
  • Other companies owned or jointly owned by Brodies LLP
  • Potential or actual purchasers of any part of our business or assets, or other third parties in the context of a possible transfer or restructuring of our business

If you choose not to give your personal information

If you choose not to give us your personal information, it may delay or prevent us from being able to comply with our own legal obligations. It may also result in us being unable to, or refusing to, engage you or your organisations a supplier.

Automated decisions

We do not envisage taking any decisions about you based solely on automated processing (i.e. without human involvement), which have a legal or similarly significant effect on you.

How long we keep your personal information

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In general terms, we will hold your personal information for so long as you or the organisation for whom you work continue to provide us with products and services and for an additional period of 10 years thereafter.

International transfers

As a law firm, we hold all personal information concerning our suppliers and their affairs within the United Kingdom. We do work with agents and service providers who may process your personal information on our behalf outside the EEA. If your information is processed outside the EEA, we will ensure that it is protected to the same standards as if it were being processed within the EEA by putting in place a contract with our agents and service providers that provides adequate safeguards or using service providers that are certified on the US Privacy Shield framework.