Griffins Litigation LLP respects your right to privacy.

 

We put in place security measures for your personal data and manage your personal data in accordance with applicable data privacy regulations.

​

​The principles set out in this Data Privacy Notice apply to all instances in which Griffins Litigation LLP receives your personal data as a Data Controller for the purposes described in this notice.

​

​General Data Protection Regulation (GDPR) 

The GDPR forms part of the data protection regime in the UK, together with the Data Protection Act 2018 (DPA 2018). The main provisions of this apply, like the GDPR, from 25 May 2018.

​

​The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA.

​

​The legislation aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. It focuses on the protection, collection and management of personal data, and it applies to all businesses who hold or otherwise process personal data of people in EU Member States.

 

​Personal Data

Personal data relates to a living individual (data subject) who can be identified from the data or from data and any other information which is in, or likely to come into, the possession of the data controller.

​

​Sensitive Personal Data

GDPR provides a separate definition for “sensitive personal data”. This relates to information concerning a data subject’s racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetics, biometrics (where used for ID purposes), physical or mental health, sex life, or sexual orientation.

​

​The GDPR rules for sensitive (special category) data do not apply to information about criminal allegations, proceedings or convictions.

​

​Data Controller

A “data controller” is an organisation or a person who (either alone or jointly or in common with other persons) decides the purpose for which any personal data is to be processed and the way in which it is to be processed. For the purposes of the DPA and the GDPR the data controller is Griffins Litigation [SH1] LLP, Tavistock House North, Tavistock Square, London WC1H 9HR.

​

​Data Processor

A “data processor”, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

​

​Use, legal basis, retention periods and sharing of personal data

​

​Website

We automatically collect data about visitors to our website (for example on browsing patterns) by using cookies (please also see our website cookies policy). This data is used only in an anonymous form to create a statistical report on website activity; no individual is identified.

​

​We log your Internet Protocol (IP) address in order to receive and send information from and to you over the internet.

​When you register with us, visit our website, use our services or make an enquiry, you may be asked to provide some personal data such as your name, address, telephone number and e-mail address. This personal data may be transferred to the firm’s Client Relationship Management (“CRM”) database (see below).

​

​We only collect such personal data as is provided voluntarily by visitors to our website and is necessary in the circumstances. We will use your personal data only for the purpose for which it was collected and will retain the data only for the period required to deal with your request.

​

We will not share your data with third parties outside of Griffins Litigation without your prior consent.

​

​The website may contain third party links to other websites over which Griffins Litigation LLP have no control. Griffins Litigation LLP does not accept responsibility or liability for the operation or content of such websites.

​

​Telephone Recording

We have a telephone system that is capable of recording conversations. Like many other organisations, this is a standard practice that allows the recording of telephone calls for quality monitoring, training, compliance and security purposes.

​

​Both incoming and outgoing calls may be recorded by Griffins Litigation LLP Staff. Call recording facilities will only be used in the following circumstances

• The people involved in the call have given consent to be recorded

• Recording is necessary for the fulfilment of a contract

• Recording is necessary to fulfil a legal requirement

• Recording is necessary to protect the interests of one or more participants

• Recording is in the public interest, or necessary for the exercise of official authority

• Recording is in the legitimate interests of the recorder, unless those interests are overridden by the interests of the participants in the call

 

We do not record telephone calls routinely or without necessity. Notice that a call is being recorded may not be given if, in the opinion of the staff member recording the call, this has the potential to prejudice the reason why the recording is being made.

​

Personal data collected in the course of recording activities will be:

• ​Adequate, relevant and not excessive;

• Used for the purpose(s) stated above and not used for any other purposes;

• Treated confidentially;

• Accessible only by authorised personnel;

• Stored securely;

• Only kept for as long as deemed necessary and securely destroyed

 

We shall ensure that the use of these recordings is fair and that we comply with the requirements of the relevant legislation. This includes:

• ​The Regulation of Investigatory Powers Act 2000

• The Telecommunications (Lawful Business Practice) (Interception of Communications Regulations) 2000

• The Telecommunications (Data Protection and Privacy) Regulations 1999

• The General Data Protection Regulation 2018

• The Data Protection Act 2018

• The Human Rights Act 1998.

 

Contact Relationship Management (CRM)

We use a CRM database to store personal data for the purposes of developing relationships with current and prospective clients. Where permitted in our legitimate interest or with your prior consent (where required by law), we use your personal data to provide you with information about events and our services by email, letter, telephone, or using our website.

​

​If we send you any marketing emails, we will always provide an unsubscribe option to allow you to opt out of any further marketing emails. If you “opt-out” you will be added to our suppression list to ensure we do not accidentally send you further marketing information. You can exercise the right at any time to “opt out” of receiving marketing information from us by contacting us at enquiries@griffinslitigation.com. We may still need to contact you for administrative or operational purposes, but we will make sure that those communications don’t include direct marketing.

​

​We never share your name or contact details with third parties for marketing purposes.

​

​Contract Information and Other Information

We use personal data received in the course of providing professional services in order to perform duties under a contract with you or to take steps to enter into a contract with you, or for the purposes of the legitimate interests pursued by us as a data controller.

​

​When you enter into a contract with us (or someone does so on your behalf) there will be correspondence with us about the contract and personal data about you relating to that contract such as:

• ​Your name and contact details

• Your delivery address

• Your payment details

• Information to verify your identity and other information for us to carry out anti money laundering checks

 

You must provide this in order to enter into a contract with us (or as required under that contract), if you do not, we may not be able to carry out our contract with you.

​

Other correspondence or interaction (for example by email, telephone, post or via our website) between you and us, may include personal data, such as enquiries, reviews, follow-up comments or complaints lodged by or against you and disputes with you or your organisation.

​

We may also collect details of phone numbers used to call us and the date, time and duration of any calls. Please note that we may record calls to or from in line with the section on Telephone Recording.

​

Where your information relates to a contract, it is kept for a period of up to 7 years after your account is closed to enable us to deal with any enquiries or claims and as required for tax purposes. Any contract information is kept for reference purposes in our archive for as long as our business purpose requires.

​

​Employee Information

If we have a business relationship with you or your organisation, we may receive personal data about you from your organisation.

​The personal data we collect about you may include your contact information, details of your employment and our relationship with you. This information may be collected directly from you or provided by your organisation. Your organisation should have informed you that your information would be provided to us and directed you to this policy. We use this as necessary for our legitimate interests in managing our relationship with your organisation.

​

​Information Collected At Our Premises

We use personal data as necessary for our legitimate interests in administering your visit, ensuring site security and visitor safety, and administering parking.

​

​We may record information on your visit, including the date and time, who you are visiting, your name, employer, contact details and vehicle registration number. If you have an accident at our premises, this may include an account of your accident. Visitor information is kept for a period of up to 12 months. If you have an accident on our premises, our accident records are retained for a period of up to 3 years.

​

Job Applicants

We will collect and hold personal data on job applicants, including information you provide to us in your application, or provided to us by recruitment agencies, as well as personal data from any referees you provide. We use this as necessary to enter into an employment contract with you, and for our legitimate interests in evaluating candidates and recording our recruitment activities, and as necessary to exercise and perform our employment law obligations and rights.

​

You must provide certain information (such as your name, contact details, professional and educational history) for us to consider your application fully. If you have not provided all of this information, we may contact you to ask for it. If you do not wish to provide this information, we may not be able to properly consider your application.

​

​If you are successful in your application, your information will be used and kept in accordance with our internal employee privacy notice. If you currently work for us, or used to work for us, you can request a copy of this from us. If you are not successful in your application, you information will be held for up to 12 months after the hiring decision.

​

​If you are listed as a referee by an applicant, we will hold your name, contact details, professional information about you (such as your employer and job title) and details of your relationship with the applicant. We will use this information as necessary for our legitimate interests in evaluating candidates and as necessary to exercise and perform our employment law obligations and rights. Your information will be kept alongside the applicant’s information.

​

​If you are listed as an emergency contact by someone who works for us, we will hold your name, contact details and details of your relationship with that worker. We will use this to contact you as necessary to carry out our obligations under employment law, to protect the vital interests of that worker, and for our legitimate interests in administering our relationship with that worker. Your information will be kept until it is updated by that worker, or we no longer need to contact that worker after they have stopped working for us.

 

​Legal Claims

Where we consider there to be a risk that we may need to defend or bring legal claims, we may retain your personal data as necessary for our legitimate interests in ensuring that we can properly bring or defend legal claims. We may also need to share this information with our insurers or legal advisers. How long we keep this information for will depend on the nature of the claim and how long we consider there to be a risk that we will need to defend or bring a claim.

​

​The personal data we control will include your name, email address, postal address, telephone number, date of birth and financial details. The precise nature of personal data we hold will be dependent upon the unique circumstances of the contract, but may include (although not limited to) Griffins Litigation LLP acting as the data controller in respect of:

• ​Case file notes

• Internal meeting notes

• Bank and Credit / Debit card records

• Correspondence with third parties

• Correspondence with clients / debtors / directors and other individuals

• Legal documents

• Insurance policies

• Medical records

• Family records

• Employment records

 

The legal basis on which we process personal data when acting as data controller on instructions will be dependent upon the unique circumstances of the case, but will include at least one of the following:

• ​A legal obligation to which the Data Controller is subject;

• The performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;

• For the purposes of the legitimate interests pursued by a Data Controller;

• The establishment, exercise or defence of legal claims.

• Processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;

• Processing relates to personal data which are manifestly made public by the data subject;

• Processing is necessary for reasons of substantial public interest.

 

We will keep your personal data for no longer than reasonably necessary.

 

​How Long We Keep Your Information For?

We have set out above indications of how long we generally keep your personal data. In some circumstances, it may be necessary to keep your information for longer than that in order to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

​

​To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

​

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

​

​Sharing personal data

We will not share your data with third parties outside of Griffins Litigation LLP unless we are obliged to do so, by law, or we have an appropriate legitimate interest in doing so, for example where personal data is required by an agent or solicitor who has a case related need to know the information.

​

All third parties with whom personal data is shared will have agreed to comply with our required data security standards, policies and procedures and put adequate security measures in place. All third-party transfers will comply with applicable cross border transfer restrictions.

​

​Data Security

As well as the measures set out above in relation to sharing of your personal data, we have security measures in place designed to prevent data loss, to preserve data integrity, and to regulate access to personal data.

​

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

​

We have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where necessary.

​

​Your rights

Where we act as the Data Controller, you have the following rights with respect to your personal data:

• ​The right to be informed about the collection and use of your personal data;

• The right to access your personal data and supplementary information;

• The right to request that we correct any personal data if it is found to be inaccurate or out of date;

• The right to request your personal data is erased where it is no longer necessary for us to retain such data;

• The right to withdraw your consent (where consent has been obtained) to the processing at any time;

• The right to data portability, allowing you to obtain and reuse your personal data for your own purposes across different services. The right of data portability only applies:

  • to personal data an individual has provided to a controller;

  • where the processing is based on the individual’s consent or for the performance of a contract; and

  • when processing is carried out by automated means.

• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

• The right to object to the processing of personal data, (where applicable);

• The right to lodge a complaint with the Information Commissioners Office

 

Changes to this Data Privacy Notice

We reserve the right to change this Data Privacy Notice at any time without notice to you so please check back regularly to obtain the latest copy of this Privacy notice. We last revised this Data Privacy Notice on 22 January 2026.

​

​This Data Privacy Notice does not override any applicable national data privacy laws and regulations in countries where Griffins Litigation LLP operates.

​

Contact Details

To exercise all relevant rights, queries of complaints or to remove your information from our system, please contact enquiries@griffinslitigation.com or by telephone 03330 416 250.

​

​You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.