Privacy Notice
Introduction
Bellevue Law Limited (referred to below as “we or “us” or “our”), is a law firm specialising in workplace law and commercial disputes.
We are a ‘data controller’ under the UK General Data Protection Regulation and committed to safeguarding the personal information provided to us during the course of our business.
This notice explains:
- The types of personal data we process about you.
- The legal bases and purpose for us collecting and using your personal data.
- Your privacy rights and how to exercise them.
- How long we will retain personal data.
Who does this privacy notice apply to:
Our general privacy notice applies to clients (current, prospective, and former), individuals who may work for those clients, business partners such as suppliers and agents, users of our website contact form, office visitors, legal counterparties, and any individuals whose personal data we process in connection with our legal services.
We maintain a candidate privacy notice which will be applicable to everyone submitting information to us for recruitment purposes (whether or not that information has been solicited by us). This candidate privacy notice is accessible below but should also be read alongside this general privacy notice.
A separate workplace privacy notice is provided directly to our employees, workers and contractors once they are engaged to work for us.
Our website is not intended for children and we do not knowingly collect data relating to children.
How to contact us
We do not meet the criteria for the mandatory appointment of a data protection officer under data protection legislation. We have allocated informal responsibility to a person in our business who can deal with any data protection-related matters. If you wish to exercise any of the rights mentioned below or have any questions or concerns on any data protection-related matter, please contact us using the following details (marking your correspondence “For the attention of the data privacy manager”):
Email us: dataprivacymanager@bellevuelaw.co.uk
Write to us: 9 Dallington Street, London, EC1V 0LN
You can find out more about your rights on the Information Commissioner’s Office (“ICO”) website at www.ico.org.uk.
General Privacy Notice
The types of personal data we collect about you
Personal data means any information about an individual from which that person can be identified.
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:
|
Type of Data |
Categories of Personal Data |
|
Career Data |
details about your education and qualifications, your skills and your experience / career, including your employment or self-employment details e.g. job title, current and previous employers, start date and, if different, start date of continuous employment, location of employment or workplace and organisation contact details, leaving date and reason for leaving, employment or self-employment records (including contracts, job titles, work history, working hours, working arrangements (office-based, hybrid, remote), holidays and other types of leave, training records and professional memberships), performance information and disciplinary and grievance information |
|
Contact Data |
including your home address, billing address, delivery address, email address, telephone numbers and emergency contact numbers |
|
Enquiry Data |
enquiries about engaging us for legal services or career opportunities |
|
Family Data |
dependants and next of kin |
|
Financial and Tax Data |
your national insurance number, bank account details, payroll records and tax status information, salary, pension and benefits information, compensation history, and billing details |
|
Identity Data |
such as a first name, last name, any previous names, username or similar identifier, marital status, title, date of birth, sex and gender. It may include copies of passports, driving licence, birth certificate, national identity card, utility bills and / or other identifying information required to be provided to us for anti-money laundering purposes. Given the type of work on which we may advise, it may occasionally include data relating to change of gender identity, including the acquisition of a gender recognition certificate |
|
Marketing and Communications Data |
includes preferences in receiving marketing from us and communication preferences |
|
Matter Data |
includes any personal data about a client in connection with their instructions to us, including correspondence between us and the client, notes of our calls and meetings and third-party information about the client matter |
|
Profile Data |
includes services we have provided you, your marketing preferences, feedback and survey responses (although there is the option to complete our client surveys anonymously) |
|
Recruitment Data |
copies of right to work documentation, copy passport or other photo ID, copy proof of address documentation (for example, bank statement or utility bill), copy driving licence, references and information included in a CV or cover letter or as part of the application process |
|
Regulatory Information |
includes details about your date of birth, identity information, details of whether you are a politically exposed person |
|
Special Category Data |
includes any of the following information about your: · Racial, or ethnic origin.
|
|
Technical Data |
includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access our IT infrastructure. This would also include data relating to the use of our telephone systems and use of swipe cards. |
|
Transaction Data |
includes details about the costs of a client matter and any payments to and from a client |
|
Visitors to our office |
includes Identity Data as above, Special Category Data relating to health-related information including dietary and access requirements |
We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate your Marketing and Communications Data to calculate the % of recipients who respond to any marketing correspondence.
Legal Basis
The law requires us to have a “lawful basis” for collecting and using your personal data. You can find out more about lawful bases on the ICO’s website. We rely on one or more of the following legal bases:
- Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example where you ask us to provide you with legal services. We request this consent as part of our terms of engagement with you.
- Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you (e.g. our engagement to provide legal advice to you or your organisation).
- Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to (such as our regulatory requirements to undertake client due diligence). We will identify the relevant legal obligation when we rely on this legal basis.
- Protection of vital interests: We may use your personal data where it is necessary for protecting your vital interest if you are incapable of giving consent in case of any accidents and emergencies at our offices or when you are with members of our staff or consultants.
- Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to provide legal services and client management. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Purposes for which we will use your personal data
Below is a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
|
Description of processing carried out by us |
Type of data |
Legal basis and purpose of processing activity |
|
To register you as a new client |
· Contact Data · Identity Data · Career Data |
Legitimate interests (providing legal services and client management and to win potential work from clients) |
|
Providing our legal advice to you |
· Contact Data · Identity Data · Career Data · Matter Data · Special Category Data |
Performance of a contract with you Legitimate interests (providing legal services and client management) And (where relevant) for special category data – your consent from our engagement terms |
|
Recording our client calls and using AI-enabled transcription tools to create a live transcription |
· Contact Data · Identity Data · Career Data · Matter Data · Special Category Data |
Your consent to recording from our engagement terms and before the start of the call recording |
|
Corresponding with others about your matter, which may include the opposing party / opposing party lawyers, barristers instructed by us, expert witnesses, your insurers and may include the use of third-party suppliers (such as electronic signature providers) to assist in delivering our legal services to you. The above may include us corresponding about special category data relating to, for example, your physical or mental health or any of special category data, depending on the type of legal advice you are seeking from us. |
· Contact Data · Identity Data · Career Data · Matter Data · Special Category Data |
Performance of a contract with you Legitimate interests (providing legal services and client management) And (where relevant) special category data – your explicit consent from our engagement terms |
|
Submitting court or legal proceedings on your behalf (including legal claims, tribunal applications, arbitrations, mediations and or regulatory actions) The above may include us corresponding about special category data relating to, for example, your physical or mental health or any of the special category data listed in the table above, depending on the type of legal advice you are seeking from us |
· Contact Data · Identity Data · Career Data · Matter Data · Special Category Data |
Performance of a contract with you Legitimate interests (providing legal services and client management) And (where relevant) for special category data – your explicit consent from our engagement terms |
|
Conducting client due diligence checks using Thirdfort Limited to help verify your address and raise other potential fraud warnings; and to verify the authenticity of an identity document Personal data will be processed in line with Thirdfort’s Privacy Policy (www.thirdfort.com/privacy/). |
· Contact Data · Identity Data · Regulatory Data |
Performance of a contract with you To comply with legal and regulatory obligations (anti-money laundering and fraud checks) Legitimate interests (providing legal services and client management) Anti-money laundering and fraud checks |
|
Conducting screening for financial, adverse media, political positions, other sanctions, etc |
· Contact Data · Identity Data · Regulatory Data |
To comply with legal and regulatory obligations (anti-money laundering, sanctions and anti-proliferation and fraud checks) Legitimate interests (providing legal services and client management) Anti-money laundering, sanctions and anti-proliferation and fraud checks |
|
Managing and running checks within our internal conflict databases |
· Contact Data · Identity Data · Career Data |
To comply with legal and regulatory obligations Legitimate interests (providing legal services and client management) |
|
Complying with our legal obligations or making disclosures to government, regulatory or other public bodies where the disclosure is appropriate and/or permitted by law |
· Contact Data · Identity Data · Career Data · Matter Data |
To comply with legal and regulatory obligations Legitimate interests (providing legal services and client management) Anti-money laundering, sanctions and anti-proliferation and fraud checks |
|
Providing access to our files for audit, review or other quality assurance checks by our regulators, auditors, professional advisors, governmental bodies, crime and law enforcement agencies This could also include special category data where this forms part of the client file |
· Contact Data · Identity Data · Career Data · Matter Data · Financial and Tax Data · Special Category Data · Transaction Data |
To comply with legal and regulatory obligations Legitimate interests (providing legal services and maintaining and improving our services ) And (where relevant) for special category data – your explicit consent from our engagement terms and / or legal claims |
|
Providing information to our brokers and insurers. This could also include special category data where this forms part of the client file |
· Contact Data · Identity Data · Career Data · Matter Data · Financial and Tax Data · Special Category Data · Transaction Data |
To comply with legal and regulatory obligations (regulatory requirement for us to have PII cover) For a legitimate interest (to provide legal services and maintain our services) And (where relevant) for special category data – your explicit consent from our engagement terms and / or legal claims |
|
To process our legal work including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us |
· Contact Data · Identity Data · Matter Data · Financial and Tax Data · Transaction Data |
Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us and providing legal services and client management) |
|
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy notice (b) Dealing with your requests, complaints and queries |
· Contact Data · Identity Data · Matter Data · Profile · Financial and Tax Data |
Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated and providing legal services and client management) |
|
To enable you to participate in our annual client survey and other client feedback processes* [NB this is currently done on an anonymous basis unless you choose to disclose your identity] |
· Identity · Contact · Profile · Usage · Marketing and Communications |
Necessary for our legitimate interests (to study how clients find our services, to develop them, improve them and grow our business) |
|
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
· Identity · Contact · Technical |
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security and to prevent fraud) Necessary to comply with a legal obligation |
|
To use data analytics to improve our website, products/services, customer relationships and experiences and to measure the effectiveness of our communications and marketing |
· Technical |
Necessary for our legitimate interests (to define types of client for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
|
To send you relevant marketing communications and make personalised suggestions and recommendations to you about our services that may be of interest to you based on your Profile Data |
· Identity · Contact · Technical · Profile · Marketing and Communications |
Necessary for our legitimate interests (to carry out direct marketing, develop our services and grow our business) Consent, having obtained your prior consent to receiving direct marketing communications |
|
Hosting you at the office |
· Contact Data · Identity Data · Special Category Data
|
You have given your explicit consent to the processing for your dietary and access requirements Protect vital interests And (where relevant) for special category data – your explicit consent It is necessary to protect somebody’s vital interests if they are incapable of giving consent in case of any accidents and emergencies at our offices |
Candidate Privacy Notice
Who is your personal information collected from
We collect personal information about candidates from the following sources:
- You, the candidate.
- A recruitment agency or a third-party HR support service, from which we would collect Career, Enquiry and Recruitment Data.
- Thirdfort Limited, from which we would collect Contact Data, Identity Data and Regulatory Data.
- Your named referees, from whom we collect Career, Identity and Recruitment Data.
The kind of information we hold about you
In connection with your application for work with us, we will collect, store, and use the following categories of personal information about you:
- The information you have provided to us in your curriculum vitae and covering letter.
- Any information you provide to us during the interview process.
- Information obtained from sources other than yourself previously referred to in our general privacy notice.
This may involve us collecting, storing and using the following types of more sensitive personal information:
- Information about your race or ethnicity, religious or philosophical beliefs, trade union membership, sexual orientation and political opinions.
- Information about your health, including any medical condition, health and sickness records.
How we will use information about you
We will use the personal information we collect about you to:
- Assess your skills, qualifications, and suitability for the role.
- Carry out background and reference checks, where applicable.
- Communicate with you about the recruitment process.
- Keep records related to our hiring processes.
- Comply with legal or regulatory requirements.
It is in our legitimate interests to decide whether to appoint you since it would be beneficial to our business to recruit individuals to perform the role in question.
We also need to process your personal information to decide whether to enter into a contract of employment or consultancy agreement with you.
If you fail to provide personal information
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully.
How we use particularly sensitive personal information
Where appropriate we will use your particularly sensitive personal information in the following ways:
- We use information about disability to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during an interview or access requirements to our office.
- We may use information about racial or ethnic origin (such information on a passport of birth certificate) when carrying out right to work checks.
- We may use information about racial or ethnic origin, religious or philosophical beliefs, disability or sexual orientation to ensure meaningful equal opportunity monitoring and reporting.
Information about criminal convictions
We do not routinely process information about criminal convictions.
Automated decision-making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Data retention
How long will you use my information for?
We will retain personal information of unsuccessful candidates for a period of 12 months after we have communicated to you our decision. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our data retention policy.
Personal data is securely destroyed every 3 months following the 12 month retention period, which may result in a short delay before deletion.
We typically retain the application records of successful candidates for 7 years after their employment or consultancy ends. This retention period allows us to defend against any potential legal claims.
If we would like to retain your personal information on file, on the basis that we might be able to consider you for an opportunity that may arise in future, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period for that purpose.
Marketing by Us
You will receive marketing communications from us if you have requested information from us or used us to provide legal advice and you have not opted out of receiving the marketing.
Opting out of marketing
You can ask to stop sending you marketing communications at any time.
If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or client service purposes.
Cookies
For more information about the cookies we use and how to change your cookie preferences, please see: www.bellevuelaw.co.uk/cookie-policy
Disclosures of your Personal Data
We may share your personal data where necessary with the parties set out below:
- law firms, counsel and other professionals, experts and agents;
- advisers appointed by the opposing (or another) party to your matter;
- others who perform services for us, such as the providers of our external IT, HR and marketing support services, external administrative / PA support services, translation services, litigation support, confidential waste disposal, external credit control, our practice management system and our anti-money laundering software provider;
- we may be audited or checked by our accountants or the Solicitors Regulation Authority, or by other organisations;
- any court, tax, law enforcement or regulatory authorities, government or other public bodies or others as may be required in order to carry out our legal services for you;
- our actual and potential professional indemnity insurers and brokers, in connection with the provision and / or obtaining of insurance and insurance-related advice to us and managing, giving notice of and making disclosure of claims;
- agents instructed in relation to unpaid invoices.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
International Transfers
We do not normally copy personal information outside the UK, except at your request or with your consent (i.e. if you want to instruct law firms in other jurisdictions to assist in your matter).
Safeguarding Personal Data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will you use my personal data for?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We generally retain client matter records for 6.5 years after the matter closes. Following this period, most of the file will be securely destroyed in line with our Data Retention Policy and legal requirements. However, we will keep essential details—such as client name, related parties, matter description, and the fee-earners involved—to meet regulatory obligations and prevent future conflicts of interest.
Personal data is securely destroyed every six months following the 6.5 year retention period, which may result in a short delay before deletion.
In some circumstances you can ask us to delete your data: see below for further information.
Your legal rights
You have a number of rights under data protection laws in relation to your personal data. You have the right to:
- Request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
- You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes for details of how to object to receiving direct marketing communications.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data (see the table in section 4 for details of when we rely on your consent as the legal basis for using your data). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide our legal services to you. We will advise you if this is the case at the time you withdraw your consent.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
- If you want us to establish the data’s accuracy;
- Where our use of the data is unlawful but you do not want us to erase it;
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
If you wish to exercise any of the rights set out above, please contact us using the contact details at the top of this privacy notice.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Complaints
You have the right to make a complaint to the ICO, the UK regulator for data protection issues (www.ico.org.uk). However, before doing so please make sure you have first made your complaint to us or asked us for clarification if there is something you do not understand (using the contact details at the top of this privacy notice). The ICO will expect you to have done this before reviewing your complaint.
If you remain unhappy with how we’ve used your data after raising a complaint with us, the ICO’s address is:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/
Changes to the privacy notice and your duty to inform us of changes
We keep our privacy notice under regular review. This version was last updated on 3 December 2025. Historic versions can be obtained by contacting our data privacy manager.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Last updated: 03 December 2025