Privacy notice – clients and others

Who we are

We are Temple Bright LLP, a limited liability partnership registered in England and Wales with registered number OC352276. “Temple Bright” is the business name for the legal practice carried on by Temple Bright LLP. Accordingly, references to “Temple Bright”, “the firm”, “we”, “us” or “our” should be read as referring to Temple Bright LLP.

Purpose of this privacy notice

This privacy notice is addressed to clients and any others whose personal data we may use. “Others” in this context may include, without limitation: prospective clients and those to whom we market our services; suppliers and prospective suppliers; parties which are, or may be in prospect of becoming, involved in any transaction or dispute with our clients or prospective clients; persons who work for our clients or for others in any of the foregoing categories.

This privacy notice aims to give you information on how we collect and process your personal data. We are the data controller of your personal data. We are responsible for its security and for ensuring that we use it only for the purposes outlined in this notice. This notice tells you about how we look after your personal data, about your privacy rights and about how the law protects you.

Other privacy notices on our website

There are separate notices relevant to candidates to join the firm and users of our website, which can be accessed via our Legal notices page. The notice for website users is also likely to be relevant to you; if you use our website, that notice should be read alongside this one.

Questions and concerns

If you have any questions about this privacy notice or need to contact us in connection with your personal data, including any requests to exercise your legal rights referred to at the end of this notice, please contact Justyn McIlhinney, whom we have appointed as our representative for the purposes of the Data Protection Act 2018 and UK GDPR:

[email protected]

Although you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (, we would, of course, appreciate the chance to deal with your concerns about data protection directly so please contact us in the first instance.

The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data including first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, your job function, your employer or department.
  • Contact Data including billing address, postal address, email address and telephone numbers including frequency of contact (these details may relate to your organisation or to you personally, depending on the nature of our relationship with you or the organisation that you work for).
  • Financial Data including bank account and other payment method details.
  • Transaction Data including details about payments to and from you and other details of services you have received from us.
  • Profile Data including information you give us or that we obtain when you use our services, supply us with goods or services, enquire about a service, place a service request, enter a survey, or contact us to report a problem, or do any of these things on behalf of your organisation.
  • Client Data including information about how you use our services, as well as personal data which can include Identity, Contact, Financial, Transaction and Profile Data of you and/or your family members, beneficiaries, employees or employers, or other third parties about whom we need to collect personal data by law, or under the terms of a contract we have with you or your organisation. Client Data may also include special categories of personal data where it is relevant to the legal services that we provide, such as settlement of insurance claims which may require us to obtain health reports.
  • Marketing and Communications Data including your preferences in receiving marketing from us and your communication preferences. This may include information about events to which you or your colleagues are invited, and your personal data and preferences to the extent that this information is relevant to organising and managing those events (for example, your dietary requirements, but excluding sensitive data).

How is your personal data collected?

We (and any person acting on our behalf) may collect data about you from different sources, including without limitation:

  • From you.
  • From third parties. It is possible that we may collect your data from other parties connected with you or your matter. These might include (for instance) your organisation, your business partners or your family members, or other parties to transactions or disputes in which you or your organisation are or may become involved, or such parties’ advisers.
  • From publicly accessible sources. It is possible that we may collect your data from publicly available databases or websites, including without limitation credit reference agencies, Companies House, LinkedIn and other social media platforms.

We (and any person acting on our behalf) may use a range of different collection methods, including without limitation:

  • Communication in person.
  • Communication by phone, email, fax, SMS or any other electronic communication method.
  • Communication by letters, notices, information sheets or any other paper-based communication methods.
  • Your use of our website, social media channels, or other technologies.
  • You visiting us (for example, if you sign in or are recorded on CCTV while visiting our offices, or you give us the registration details of your vehicle).

How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we (and any person acting on our behalf) will use your personal data in the following circumstances:

  • Where it is necessary for our legitimate interests in the operation of our business (or the legitimate interests of a third party) and we have made an objective assessment that your interests and fundamental rights do not override those interests (for example to manage our relationship with you or where you ask us to provide more details about our business to you).
  • Where we need to do so for the performance of a contract to which you or your organisation are a party (including without limitation our engagement for the provision of legal services) or in order to take necessary steps prior to entering into such a contract.
  • Where we need to comply with a legal or regulatory obligation.
  • Where you have given us your express consent for use of your data in connection with a particular purpose (for example, anti-money laundering checks).
  • Where we have received such data from a third party, such as one of our clients or another advisory firm, or from publicly accessible sources, and our use of such data is necessary in order for us properly to perform our professional role in any transaction.

Please contact us if you need details about the specific legal ground we are relying on to process your personal data.

Disclosures of your personal data

For the purposes set out above (“How we use your personal data”), we (and any person acting on our behalf) may need to share your personal data with appropriate third parties, including without limitation:

  • Our IT support and hosting companies, providing us with IT services.
  • Our practice management system provider.
  • Credit reference agencies for the purpose of assessing your credit score where this is in the context of us entering into a contract with you or your organisation.
  • Company data providers and similar information providers for the purpose of carrying out our client and matter acceptance checks (including client due diligence) in accordance with our legal and regulatory obligations.
  • Other business partners, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or your organisation (including without limitation providers of services such as typing or photocopying).
  • Google Analytics or similar, for analysis of website use (see the separate privacy notice for website users found on our Legal notices page).
  • Organisations involved in fraud protection, credit risk reduction and preventing cybercrime.
  • Our auditors, legal advisers and other professional advisers.
  • Expert witnesses.
  • Advisers appointed by another party to a transaction or dispute on which we are advising.
  • Third parties to whom we may sell, transfer, or merge parts of our business, or whose businesses we may acquire in whole or in part (or third parties with whom we are considering doing any of the foregoing) and their advisers and funders in each case. If our business is subject to a change of ownership, the new owners may use your personal data in the same way as set out in this privacy notice.
  • Relevant public bodies including without limitation courts and regulators.
  • Other businesses associated with us (such as Source Professional Support Limited).

As far as lies within our power, we require all third parties to respect the security of your personal data and to treat it in accordance with the law.

We may allow Source Professional Support Limited to use your personal data for equivalent purposes to those for which we use your personal data (as detailed above), subject to that company’s own privacy policy which can be found here. Source Professional Support Limited may also provide us with certain services from time to time and in so doing, may process your personal data.

Subject to the foregoing points which are specific to Source Professional Support Limited, we do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International transfers

We do not normally copy personal data to anyone outside the European Economic Area, but we may do so when the particular circumstances of your matter so require and we will ensure that we follow appropriate procedures in so doing. To the extent that our third party service providers may have servers or operations based outside the UK or the EEA, we ask that they have appropriate protections in place so that we know all data will be looked after as though it were subject to the UK’s laws on data protection. Should you need further details on which third party processors we use that are based outside the UK, please let us know.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention

How long will you use my information for?

We will retain your data for five years in accordance with our statutory obligations and after the five year period in accordance with our document retention policy, unless you tell us otherwise. A longer period of retention may apply for any of your personal data which is also subject to one of the other two notices accessed via our Legal notices page, where a longer period of retention for such data is anticipated under that notice.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you can ask us to delete your data (see below for further information).

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Data protection – your obligations

If you send us personal data about anyone other than yourself you will ensure you have any appropriate consents and notices in place to enable you to transfer that personal data to us, and so that we may use it for the purposes for which you provide it to us.

Data protection – your rights

Under certain circumstances, by law you have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party.

If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact Justyn McIlhinney.

More information on these rights and when they apply is available here:

EU residents

We have appointed IT Governance Europe Limited to act as our EU Representative. If you wish to exercise your rights under the EU General Data Protection Regulation (GDPR), or have any queries in relation to your rights or privacy matters generally please email our Representative at [email protected] or post your request or query to:

EU Representative, IT Governance Europe, The Mill, Newtown Link Rd, Stagreenan, Drogheda, Co. Louth, A92 CD3D, Ireland.

When contacting our Representative please ensure you include our firm name in any correspondence.