When we say 'Brodies', 'we' or 'us' in this notice, it means the entity that your organisation has instructed to provide legal advice, being either Brodies LLP or Brodies Middle East LLP (ADGM Branch) which is Brodies Middle East LLP's branch in the Abu Dhabi Global Market. That entity (either Brodies LLP or Brodies Middle East LLP (ADGM Branch)) is the 'controller' of your personal information.

We collect, use and store different types of personal information about you, which we have grouped together as follows:

Types of personal information Description
Identity Data ID information including your name, marital status, title, date of birth, gender and National Insurance Number
Contact Data Where you live and how to contact you
Financial Data Your financial position, status and history, including bank details and credit rating
Transactional Data Details about payments to and from you and other details about services you purchase from us
Contractual Data Information obtained by providing legal services to you
Communications Data What we learn about you from letters, emails, call recordings and conversations between us
Social Relationships Data Details about your family, friends and other relationships
Publicly Available Data Details about you that are publicly available, such as on Companies House or elsewhere on the internet
Marketing Data Details about your preferences in receiving marketing communications from us and our third parties
Consents Data Any permissions, consents or preferences that you give us
Usage Data Information about how you use our website, products and services
Special Category Data

Some types of personal information are defined as special. We will only collect and use these types of information where we need to and if the law allows us to: 

  • Racial or ethnic origin
  • Political opinions, religious or philosophical beliefs
  • Trade union membership
  • Genetic or biometric data used for ID purposes
  • Health data
  • Sex life and sexual orientation
  • Criminal convictions data


How we use your information

If you work for an organisation which is a client of the firm or if you are a director, officer, partner, shareholder or other owner of such an organisation, we may use your personal information in the course of providing legal services to that client. The table below outlines how we use your personal information and our reasons. Where these reasons include legitimate interests, we explain what these legitimate interests are.

What we use your information for Our reasons Our legitimate interests
  • To contact you in the course of providing our legal services to the organisation
  • Legitimate interests
  • To provide the organisation with legal services and fulfil our contractual obligations
  • To keep our records up to date, including our client file
  • To provide the organisation with products, such as BOrganised and Workbox by Brodies
  • To use information about you where relevant to the legal services we provide
  • To provide advice or guidance about our products or services
  • Legitimate interests
  • To provide the organisation with legal services
  • To fulfil our contractual obligations
  • To keep our files and records up to date
  • To provide products, such as BOrganised and Workbox by Brodies 
  • To carry out identity verification, background checks and anti-money laundering procedures (directors, officers, partners, shareholders/owners only)
  • Legal obligation
  • Legitimate interests
  • To engage the organisation as a client and allow us to provide you with legal services
  • To protect our reputation
  • To carry out credit checks (directors, officers, partners, shareholders/owners only)
  • Legitimate interests
  • To assess the financial worthiness of those to whom we may provide services to assess their ability to pay any sums due for those services
  • To run our business in an efficient and proper way. This includes managing financial administration, business capability, planning, communications, corporate governance and audit
  • To improve our products and services and develop new ones
  • Legal obligation
  • Contractual performance
  • Legitimate interests
  • To manage credit control and debt recovery
  • To bill and deal with funds transfers
  • For financial reporting
  • To manage complaints and claims
  • To be efficient about how we manage our relationship with you and the organisation and fulfil our responsibilities generally
  • To improve our efficiency and provide clients with new or improved products and services
  • To prevent crime and for public safety, including through the use of CCTV
  • Legal obligation
  • Legitimate interests
  • To manage the risk of crime and safety for us, our employees and our clients
  • To develop and improve how we deal with crime
  • To report criminality or the suspicion of criminality for the wider benefit of society
  • To be efficient about how fulfilling our responsibilities generally
  • For marketing and business development activities, including seeking new business, promoting our business and events management
  • Consent (where provided through our preference centre)
  • Legitimate interests
  • To develop our relationship with you and the organisation
  • To attract new business
  • To promote our business
  • To hold events, such as seminars or corporate hospitality to promote our business and its services
  • To seek your consent if we need it to contact y



Where we collect your personal information from

We may collect personal information about you from the following sources:

  • Directly from the organisation and the organisation’s website
  • Directly from you during the course of providing legal services to the organisation
  • Publicly available resources, such as Companies House and Registers of Scotland
  • The internet and social networking sites such as LinkedIn
  • Title and search agents for real estate work
  • Intermediaries such as other professional firms who know you
  • Other solicitors, intermediaries, expert witnesses, courts, adjudicators, arbiters and other that we engage (or have engaged us) in connection with the products and services that we provide to the organisation
  • Market researchers

Where we decline to accept your instructions

In the event that we decline your request for Brodies to act for you, either directly as a personal client of the firm or on your behalf in relation to a corporate entity, we may retain information relating to the prospective instruction and our reasons for declining to act.

Who we share your information with

We may share your personal information with the following third parties:

  • If your organisation has instructed Brodies LLP to provide legal advice, personal data may be shared with Brodies Middle East LLP (ADGM Branch) which will act as a separate controller where Brodies Middle East LLP (ADGM Branch) is engaged by Brodies LLP to provide legal advice
  • If your organisation has instructed Brodies Middle East LLP (ADGM Branch) to provide legal advice, personal data will be shared with Brodies LLP which will act as a (a) processor in relation to its provision of human resource, IT, finance and other services to Brodies Middle East LLP (ADGM Branch) and (b) separate controller where Brodies LLP is engaged by BMEL to provide legal advice. 
  • Your organisation and your colleagues within it
  • Our anti-money laundering service providers, Credit Safe and Encompass and (in the case of Brodies Middle East LLP (ADGM Branch)) MS Accountants
  • Our service providers, including providers of e-discovery and document analysis tools, data rooms and extranets used by us in the course of providing our products and services
  • Other agents and service providers who we utilise in the provision of our products and services, including solicitors, counsel, intermediaries, expert witnesses, courts, law accountants, sheriff officers (or similar), third party payees, search agents and insurance brokers
  • The police and other law enforcement agencies, HMRC and other government bodies where it is necessary to do so for the purpose of providing you with our services, or where we have a legal or regulatory obligation to do so
  • Public information resources, such as Companies House and Registers of Scotland
  • Relevant regulators, including the Information Commissioner's Office in the event of a personal data breach, the Scottish Legal Complaints Commission and the Law Society of Scotland and the Solicitors Regulation Authority
  • Credit reference agencies and fraud prevention agencies
  • Counterparties to any transaction, dispute or legal proceedings, or other matter on which we are advising your organisation
  • Other professional advisors and agents engaged by your organisation
  • (a) Subsidiaries or affiliates of Brodies LLP or of Brodies Middle East LLP (ADGM Branch), and (b) Brodies & Co (Trustees) Limited and any of its subsidiaries or affiliates 
  • Potential or actual purchasers of any part of our business or assets, or other third parties in the context of a possible transfer or restructuring of our business

If you have any questions on how we share your personal information with third parties then please email privacy@brodies.com.

If you choose not to give your personal information

Where we need to collect personal information from you to meet our legal obligations – for example to carry out anti-money laundering checks – or under the terms of a contract we have with your organisation and you fail to provide that data when requested, it may delay or prevent us from being able to perform the contract we have entered into with the organisation and/or comply with our own legal obligations. In some cases, we may be unable to act for the organisation or may have to withdraw from acting.

Automated decisions

We do not envisage taking any decisions about you based solely on automated processing (i.e. without human involvement), which have a legal or similarly significant effect on you.

How long we keep your personal information

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In relation to matters in which we act for clients, we follow the guidelines issued by the Law Society of Scotland concerning the retention of client files which means that we will retain those files (and your personal information within them) for a basic minimum period of 10 years. In some areas of practice, such as real estate or wills, trusts and executries, the nature of the matters on which we are instructed, may require us to hold our client files (and your personal information) for longer periods because the time periods during which legal claims can arise are much longer than 10 years.

International transfers

Brodies LLP

We hold all personal information concerning our clients and their affairs within the United Kingdom.  This means our document management system, our email servers and our practice management system are all hosted in the United Kingdom.

Brodies LLP will only send your personal information outside the United Kingdom:

  • where you ask us to
  • where we are being instructed on your behalf by someone outside the United Kingdom (for example,
    another law firm)
  • where that is required to provide the legal services that you have instructed us to provide – for
    example, in instructing/dealing with foreign solicitors or other advisors on your behalf
  • where we need to do so in order to comply with a legal duty incumbent on us or you
  • where the transfer is necessary for important reasons of public interest
  • the transfer is necessary for the establishment, exercise or defence of legal claims


We also use ancillary IT systems hosted outside the United Kingdom or where data is backed up in a data centre outside the United Kingdom.

If your information is to be processed outside the United Kingdom, then we will ensure that it is protected to the same standards as if it were being processed within the United Kingdom by using appropriate safeguards, which may include:

  • ensuring that your information is only transferred to countries that have been recognised under data
    protection law as adequately protecting personal information to the same standards as the United
    Kingdom.
  • putting in place a contract with the recipient of your information which requires them to protect that
    information to the same standards as if the information were being processed within the United
    Kingdom.

The safeguards we use will depend on the location of the recipient, the function they are performing and the personal information being transferred. 

Brodies Middle East LLP

Where Brodies Middle East LLP (ADGM Branch) is the controller of your personal data under our notices, personal information will be held within the Abu Dhabi Global Market. We will only send your personal data outside of the Abu Dhabi Global Market to Brodies LLP within the United Kingdom (see Who we share your information with). The United Kingdom is considered an 'adequate jurisdiction' by the Abu Dhabi Global Market Office of Data Protection.