PRIVACY POLICY

Home » About Us » Privacy Policy for Rayden Solicitors

PRIVACY POLICY FOR RAYDEN SOLICITORS

This Notice tells you what to expect when we collect personal information. Rayden Solicitors will respect your privacy and look after your personal data.

This notice contains information about:

  1. Who we are and Regulations we follow
  2. What is personal data and special category data?
  3. Why we collect your personal information?
  4. Lawful basis for processing
  5. How is your data collected?
  6. How we use your data?
  7. How long we keep information?
  8. How we keep information secure?
  9. Your rights
  10. How we provide the information?
  11. Can you see all the information we hold about you?
  12. Information sharing and third parties
  13. Information collected from third parties
  14. Changes to this notice

1. Who we are and Regulations we follow?

Raydens Limited (trading as Rayden Solicitors) is the “data controller” of the personal information we hold for the purposes of the United Kingdom’s data protection legal framework, which includes the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (the Data Protection Act) which supplements UK GDPR and extends its application in the UK and the Data (Use and Access) Act 2025 (DUAA).

The Brexit transition period ended on 31 December 2020.  Data we collected before the end of 2020 about individuals located in the EU/EEA at that time will continue to be subject to the EU GDPR. After Brexit, data pertaining to UK individuals is now governed under the UK GDPR.

Adequacy Decision: As of 28th June 2021, the European Commission granted the UK an adequacy decision under the EU GDPR, allowing personal data to be transferred freely from the EU/EEA to the UK. This adequacy decision is subject to review every four years and ensures that the UK continues to provide an adequate level of data protection. On 22 July 2025, the European Commission launched the procedure to adopt a new adequacy decision to maintain the free flow of personal data between the European Economic Area and the United Kingdom, which is going through the process for final decision.

What countries or territories are covered by adequacy regulations?

The UK has “adequacy regulations” in relation to the following countries and territories, which means it can transfer personal data between the UK and the following countries and territories, without any further safeguards:

  • Transfers within the European Economic Area (EEA).Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, along with Iceland, Liechtenstein, and Norway.
  • Gibraltar.
  • Third countries and territories for which the European Commission has adopted an ‘adequacy decision’ under Article 45 GDPR (i.e. deemed to provide an essentially equivalent level of data protection): Andorra, Argentina, Canada (commercial organisations only under PIPEDA), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea (South Korea), Switzerland, Uruguay, United States (organisations certified under the EU-US Data Privacy Framework), plus others where relevant.
  • Partial or sector specific adequacy/special cases: Canada (private sector under PIPEDA) or some territories may have decisions which cover only certain sectors or under earlier legal frameworks.

If, during the course of our retainer with you and/or us processing personal data for and on your behalf, you travel outside the UK and to any of the above listed countries, then the onus is on you to let the firm know specifically which country, as we may have to implement additional safeguards, such as encryption of data/transfer restrictions for the transfer of any personal data from us to you in such countries that may not be covered by the UK adequacy decisions that are in place.

If you are located in or travel to countries outside the UK or EU/EEA, and these do not benefit from an adequacy decision, we may need to implement additional safeguards such as International Data Transfer Agreements (IDTA) or apply appropriate safeguards, such as encryption, to ensure the lawful and secure transfer of your personal data. The legal basis for processing such transfers will be contract or legitimate interest, where applicable.

Transfers Outside the UK: The EU adequacy decision for the UK is in the process of being reviewed and renewed, expected by December 2025 Should this adequacy decision not be renewed, Rayden Solicitors will implement additional safeguards, such as Standard Contractual Clauses (SCCs) or the International Data Transfer Agreement (IDTA) for data transfers from the EU/EEA..

2. What is personal data and special category data?

Personal data is defined in the UK GDPR as any information relating to an identified or identifiable natural person. It can include obvious data like your name but also identification numbers, online identifiers and/or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Special category data includes data revealing race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.

Children’s Data: If we process personal data related to children, we will ensure that such data is handled with the highest degree of protection. We will only process children’s data where necessary, and will provide age-appropriate explanations and obtain parental consent where required.

3. Why we collect your personal information

This policy applies to information we collect about:

  • visitors to our website
  • employees
  • service providers
  • applicants to work at Rayden Solicitors
  • clients
  • third parties
  • people who make enquiries
  • others connected to our work

What type of information we may collect:

  • Normal personal data for Clients, including your name, address, telephone number, date of birth, email address, and any other information necessary to provide legal services or comply with regulatory obligations (e.g. anti-money-laundering checks),geographical/location details, bank account details, employment details, National Insurance number, educational qualifications;
  • Personal financial data;
  • Personal identity – we retain copies of passports or identity documents to verify your identity;
  • Special categories of personal data – for example we may process data concerning your health if you give this to us;
  • CCTV images or photos when attending our meetings or events;
  • Call recordings.
  • Third party personal data relating to opposing parties, witnesses or other persons relevant to legal matters
  • Recruitment data relating to job applicants CVs, qualifications, and employment history (where applicable)

4. Lawful basis for processing

We rely on one or more of the following lawful bases for processing your personal data:

a) Contract: where processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract  As a legal services firm, most of the personal data we process is data relating to our contractual functions, powers and duties.

b) Legal obligation: where processing is necessary for us to comply with our legal or regulatory duties (e.g., anti-money-laundering or professional obligations). There may be occasions where we process data to comply with legal obligations, particularly in the context of legal proceedings and/or compliance with requests by law enforcement agencies, for example; although, even in these cases, our regulatory functions will also generally be engaged.

c) Legitimate interests: where processing is necessary for our legitimate interests (or those of a third party) and your interests or fundamental rights do not override those interests.

d) Recognised legitimate interests (Data Use and Access Act 2025): in certain cases, we may rely on “recognised legitimate interests” as defined under the Data Use and Access Act 2025, for example, processing necessary for network and information security, internal administration, fraud prevention or other purposes recognised by law.

e) Consent: where required (for example for certain marketing communications or cookies), we will seek your consent, which you may withdraw at any time. We will not generally rely on consent as a basis for processing personal data. In the limited circumstances where we may rely upon consent, we will specifically obtain this in the course of collecting the data.

Where we process special category data (e.g., health, racial or ethnic origin, criminal offence data), we will rely on appropriate legal bases such as legal claims, substantial public interest, or explicit consent.

We may also use data to improve our level of service. Where we do this, we do it to help inform us how to improve the way we work since both we and those we deal with have an interest in us doing so. We may for instance, monitor and/or record calls for quality and accuracy purposes.

Nova Engage and the Nova Platform

Nova Engage is a software application managed by Nova Law Trading Limited (Nova), on the Nova Platform which facilitates services for visitors from selected law firms and introduced by selected law firms. Rayden Solicitors have access to Nova Engage running on the Nova platform.

Using Nova Engage visitors would be requested to provide certain personal data in order to get legal advice and guidance. Examples of the personal data that may be requested are: General data that identifies individuals such as names, ages, addresses, children and financial details. Additionally, special category data which may include general health although your response is optional.

Your sharing of your personal data with us via the Nova Platform will be on the basis of contract with Nova. It will be shared with us at Rayden Solicitors for the purpose of providing you with legal guidance and advice. Upon receiving your personal data from Nova, we will process your personal data as follows:

For general data: using “Legitimate Interest’ as the lawful basis for such processing.

For special category data: on the basis that the processing is necessary for the establishment, exercise or defence of legal claims or remedies on your behalf.

Legl – Our AML Partner for client identification and verification

We use the services of Legl, our AML Partner, to provide secure digital identity verification, online payments, and to share key documents as part of our client on-boarding process, in line with SRA regulations and our Anti Money Laundering professional obligations.

All information provided is securely processed by Legl using the highest security standards to encrypt your details and keep your personal data safe. You will receive a link to your email address to start your client on-boarding, and you will be redirected to Legl’s secure portal where the verification will take place.

The lawful basis that we will use for the processing of your personal data for this identification and verification purpose is to comply with “legal obligation”.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). If you choose not to give us your consent for our mailing list, there will be no effect on your legal contract with us.

5. How is your data collected?

We use different methods to collect data from and about you including through:

Directly

You may give us your identity and contact details by filling in forms, including our website or online formsor by corresponding with us by post, phone, and email or otherwise. This includes personal data you provide when you:

  • Make an enquiry about our services or instruct us;
  • Give us some feedback;

Automated technologies or interactions

As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.

Third parties or publicly available sources

We may receive personal data e.g. computer IP address, about you from various third parties and public sources as set out below:

  • Technical data from the following parties: analytics providers such as Google based outside the EU;
  • Contact, financial and transaction Data from providers of technical, payment and delivery services.
  • Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU.
  • Referrals and opponents.
  • Enquiries made electronically or over the telephone

The nature of our work means that we handle personal information about third parties who are, in some way, connected to the work we do. This category is broad and examples include experts including but not limited to barristers, pension advisors, mortgage brokers, private detectives, medical experts, counsellors, mediators and estate agents.

Some data is collected when people sign up to receive marketing or register with us for events.

6. How we use your data?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • where we need to perform the contract we are about to enter into or have entered into with you.
  • verifying identity and conducting due diligence;
  • managing client relationships and billing
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • where we need to comply with a legal, regulatory and professional obligation.
  • marketing purposes
  • improving our services, website and client experience;
  • managing recruitment, HR and supplier/outsourced provider relationships;
  • maintaining information security and preventing fraud or misuse.

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or by post. You have the right to withdraw consent to marketing at any time by contacting us at privacy@raydensolicitors.co.uk. As we may rely on consent for marketing purposes, if you withdraw your consent, we will still be able to provide services to you.

We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you.

You will receive marketing communications from us if you have requested information from us or purchased services from us or if you provided us with your details when you entered a competition and, in each case, you have not opted out of receiving that marketing. We will not sell your personal information. We also do not share personal information that reasonably identifies you with unaffiliated entities for their independent use except where it is shared with trusted organisations and/or bodies for the purposes of independent research into the world’s leading lawyers, law firms and professional advisers. Where such personal data is shared, it is done so confidentially for their internal interview and/or application, research, ranking and award purposes only. The lawful basis that we use to share such personal data is legitimate interest and you have the ability to exercise all of your rights as mentioned in section 8 below.

7. How long we keep the information for?

We will only use your personal data when the law allows us to. Most commonly, we wilWe will only keep your personal data for as long as we need it in order to complete the purpose for which we collected it in the first place. When a legal case is concluded, we retain your file of papers up to a period of 7 years from date of formal closure. Provided we have not identified any of your papers as being required for a longer term, we will aim to destroy all papers and data we hold about you upon the expiry of the 7 year period, unless we have a legal, regulatory or statutory obligation to dispose of /delete such papers/data prior to this period. Due to current case management system constraints, all digital information will be securely retained on our case management system and anonymised/redacted where possible.

When we receive job applications containing personal information we create or update the information we hold about that person on our systems and files. We use the personal information to process the application and to make a decision about the application itself. We will keep the information for a period of 1 year, after which it will be destroyed.

You can unsubscribe from our data at any time during this period.

Information about online forms, the use of our website and the use of cookies is explained in our section about ‘Visitors to our website’.

We regularly review our data retention policies in line with changes in data protection legislation. We will retain your personal data only as long as necessary for the purposes for which it was collected, including satisfying legal, regulatory, accounting, or reporting requirements. As part of our compliance with any proposed upcoming regulations, we may amend our data retention periods where necessary.

8. How we keep information secure?

We are under a general duty to keep personal data and information confidential. Where we share information, we take all reasonable steps to keep it secure, use it fairly and ensure that data protection safeguards are in place. We use secure portals and encryption tools when necessary to ensure data in transit is protected.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookies policy below.

Rayden Solicitors uses cookies on our website to improve user experience. We will only place non-essential cookies on your device with your prior consent. You can manage your cookie preferences through our cookie banner or browser settings.

In order to collect the information this website uses cookies. A cookie is a small file of letters and numbers that is sent to your browser and stored on the hard drive of your computer (or internet enabled device) when you visit a website.

These cookies are used throughout the www.raydensolicitors.co.uk website. These cookies are used for reporting purposes helping us to collect information about how many people use our site, what parts are accessed and where visitors come from.

Our website may link through to third party websites which may also use cookies over which we have no control. We recommend that you check the relevant third party’s privacy notice for information about any cookies that may be used.

You can configure your web browser to refuse cookies, to delete cookies, or to be informed if a cookie is set. You can find out how to do this by clicking “help” on your browser menu.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org/ 

You should note that by deleting or blocking cookies, the website may not function correctly and you may not be able to access certain areas.

Cookies Consent: We use cookies on our website to improve user experience. We will only place non-essential cookies on your device with your prior consent. You can manage your cookie preferences through our cookie banner or browser settings. Please note that if you disable certain cookies, parts of our website may not function correctly.

Under the Data (Use and Access) Act 2025, some cookies used solely for statistical or low-risk performance purposes may be placed without explicit consent, provided they do not involve intrusive tracking. We may rely on legitimate interests to use such cookies

9. Your rights

Depending on the information we hold about you, and the reason for us holding it, you have certain rights which are set out below. Under the data protection legislation (UK GDPR and Data (Use and Access) Act 2025), you have the right to access and request a copy of your data(data subject access request), request rectification of your data (inaccurate or incomplete data), request erasure of your data(right to be forgotten), where lawful, object to us processing your data, the right to prevent your data being used for direct marketing, request us to restrict the processing of your data, the right to data portability, the right to withdraw consent at any time (where consent is the lawful basis), the right to lodge a complaint with the Information Commissioner’s Office (ICO) (details below).

If you have any concerns of this nature, you can email our Data Protection Manager, Loschinee Reddy at privacy@raydensolicitors.co.uk who will acknowledge receipt, advise what we may need from you and provide the time limit to respond to your request.

The right to rectification

You are entitled to have your records amended if the personal data we hold is inaccurate or incomplete.

The right to erasure

You have a right to request your data is deleted in certain circumstances, i.e. where it is no longer needed for the purposes it was collected; the (rare) occasions where consent is relied upon as the lawful basis for processing, it is withdrawn and there is no other lawful basis for our continuing to process it; you object to the processing (see below) and there are no overriding legitimate grounds to continue; where the data has been unlawfully processed; or where it has to be erased for compliance with a legal obligation.

The right of access (Data Subject Access Requests)

You have the right to obtain a copy of personal data we hold about you, including the reasons why we hold it, who the data will be shared with as well as details of the period for which the data will be retained.

You may request access to your personal data by contacting our Data Protection Manager, Loschinee Reddy at privacy@raydensolicitors.co.uk

Under the Data (Use and Access Act) 2025, we are required to carry out a reasonable and proportionate search for your information. We may temporarily pause (“stop the clock”) the statutory response time if we need additional information (for example, to confirm your identity or clarify your request).

In most instances, we will provide the information to which you are entitled within one month of receipt of a valid request. Requests which are complex or numerous may however take up to three months. 

We may refuse or charge a reasonable fee for requests that are manifestly unfounded, excessive, or repetitive. Certain exemptions may apply, such as information protected by legal professional privilege.

The right to restrict processing

You have the right to limit the way we use your personal data if you are concerned about the accuracy of the data or how it is being used. You can also stop us deleting your data.

To exercise your right to restriction, you should make the request directly to our Data Protection Manager, Loschinee Reddy and say what data you want restricted and the reasons why.

The right to object to processing

You have the right to object to the processing of your personal data in certain circumstances. If the firm agrees to your objection, we must stop using your data for that purpose unless it can provide strong legitimate reasons to continue to use your data despite your objections.

You have an absolute right to object to the firm using your data for direct marketing and once you exercise this objection, the firm must stop using the data.

The right to data portability

You have the right to ask us to transfer the information you have given to us from one organisation to another or to give that information back to you.

This right will only be applicable if we are processing information based on your consent or under contract and the processing is automated.

The right not to be subject to decision making based on automated processing

You have the right not to be subject to a decision based solely on automated processing i.e. decisions made entirely by technological means, without human intervention.

This right includes profiling for example any form of automated processing for the purpose of evaluating you as an individual.

We confirm that we do not make decisions based on automated processing as all decisions are made by individual/individuals within the firm.

Automated Processing and AI Systems: Where we may use artificial intelligence or automated systems to assist with legal work, Rayden Solicitors ensures human oversight. We do not make decisions based solely on automated processing. In cases where automated systems are used, we will provide information on their role, safeguards in place, and your right to challenge any decision resulting from this processing.

Complaints and contact

Email: privacy@raydensolictors.co.uk

We aim to acknowledge and resolve all complaints promptly.

If you are not satisfied with our response, you have the right to lodge a complaint with:

The Supervisory authority is the Information Commissioner’s Office (ICO) whose contact details are as follows:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number. If you are calling from outside the UK, you may not be able to use the 03 number above, so please call +44 1625 545 700.

Fax: 01625 524 510

Website: https://ico.org.uk/global/contact-us/

Email: icocasework@ico.org.uk

Opening Hours: their normal opening hours are Monday to Friday between 9am and 5pm UK time.

10. How we provide the information to you?

We usually send an electronic copy but can provide a hard copy by special delivery post to your residential address. We can make other arrangements in some cases.

11. Can you see all the information we hold about you?

You may not be entitled to see all the information held about you if an exemption applies. Examples of exemptions include information that:

  • is about another person
  • is subject to legal privilege

If an exemption applies we will explain which exemption applies and we tell you if we have removed any information from the copy we send you.

12. Information Sharing and third parties

We use IT, cloud-based and administrative service providers who operate within the UK and EEA under suitable data protection arrangements and security controls in place in accordance with the requirements in UK GDPR and Data (Use and Access) Act 2025

We also store hard copy material with Oasis in the UK who provide archive services to Rayden Solicitors. We have a data processing agreement in place with Oasis to ensure Oasis’s security arrangements meet our data protection obligations.

We also share data with organisations who perform audit and assurance roles for us, regulators, law enforcement or other authorities as required by law, and those who provide professional advisory services including but not limited to professional advisers, counsel, experts, or other parties involved in your matter), business partners who help us deliver our services,, with whom we have arrangements to ensure their compliance with our requirements.

13. Information collected from third parties

As explained more particularly below, we also obtain data from third parties. Generally, when we do this, it is in the exercise of our regulatory functions, powers and duties, including:

Complainants, other regulatory bodies, law enforcement agencies and witnesses.

14. Changes to this notice

We may update this Privacy Policy from time to time to reflect legal or operational changes, including further implementation of the Data (Use and Access) Act 2025.

The latest version will always be published on our website, and material changes will be communicated where appropriate.

Last updated January 2026