Privacy Policy

Hartley Law Limited commits to respect and protect your privacy.

This privacy policy sets out how we collect, use and store your personal data and tells you about your privacy rights and how the law protects you.

This policy was last updated in June 2023. We may update this from time to time; any updates will be posted on this page, please re-visit this page occasionally to ensure you are happy with any changes.

Please read the below carefully.

Who We Are

The data controller responsible for your personal data is:
Hartley Law Limited trading as “Hartley Law”, company number 10374829, registered at Building B Watchmoor Park, Riverside Way, Camberley, Surrey, GU15 3YL. The terms “we” or “us” refer to Hartley Law Limited.

We are registered with the Information Commissioner’s Office register of data protection fee payer under registration reference ZA245968.

By “personal data”, we mean information which may identify you directly, such as your name, or indirectly by a certain characteristic combined with information we already hold about you.
The personal data we hold about you must be accurate and current. Please keep us informed if your personal data changes.

Where we need to collect personal data by law or, under the terms of a contract we have with you and, you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with legal services). In this case, we may have to cancel the service you have with us but, we will notify you if this is the case at the time.

Information we collect from you

We may collect, use, store and transfer different kinds of personal data about you which depends on your relationship with us, for example, if you are a client receiving our services, a visitor to our website ( or, an employee/candidate applying for a position.

We have grouped the kinds of data we may collect from you as follows:

Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, driving licence number, passport number and date of birth and utility bills.

Contact Data includes billing address, delivery address, email address and telephone numbers and social media profile.

Financial Data includes bank account details (i.e. bank name, account name and address, sort code) and credit history.

Transaction Data includes details about payments to and from you and other services you have purchased from us.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website, our social media channels and our case management software, LEAP.

Usage Data includes information about how you use our website, services and social media channels.

Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered ‘personal data’ in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We only collect special categories of personal data about employees, work experience students, and contract workers (this includes details about your race, religion, ethnicity and medical information) strictly as necessary to report on diversity and to safeguard such workers.

How is your personal data being collected?

How we collect data about you from depends on how you interact with us. We use different methods to collect data including the following:

Direct interactions you may give us your Identity and Contact data by filling in forms, corresponding with us by email, phone, post, through instructions and information we collect when you instruct us to act for you on a case, via LEAP, our web portal for keeping clients updated on their case or matter, subscribing to our newsletter, via our website and applications or service that links to it, when you apply for a job position, work experience or send your CV to us on a speculative basis or feedback you provide to us.

Automated technologies or interactions as you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this data using cookies, server logs and other similar technologies. We may also receive Technical Data if you visit other websites employing our cookies. Please see our cookie policy for further information. We may also observe, detect or create data about you without directly asking you to provide the information to us, for example, via CCTV or through a meeting. We may record phone or video calls and meetings and retain copies or transcripts of dialogue e.g. via the LEAP web portal, chatbot on our website, WhatsApp, SMS.

Third parties or public sources
We may collect data about you from third parties or publicly available sources (e.g., LinkedIn, Companies House, Land Registry, HM Courts & Tribunal Service), when making anti-money laundering, identity and credit checks through third parties, recruitment consultants, referees, third parties collecting feedback on our behalf or reviews, banks, mortgage brokers, estate agents, courts, any third party or introducer of a case or matter to us.

Technical Information
This is collected from analytics providers, for example, Google Analytics.

How we use information that we collect

How we use data varies depending on the context of our relationship with you. We may use information held about you in the following ways:

  • To set you up as a client, to perform anti-money laundering, credit, identity checks;
  • To give you with information and to perform the legal services that you may request from us;
  • To give you with information about services we offer;
  • For recruitment purposes in the event a position of interest arises;
  • To tell you about changes to our service;
  • To invoice you for our services and to receive or recover the payment owed to us;
  • To manage our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • To improve our website to ensure that content is presented in the most effective way for you and for your computer;
  • To assess and improve our delivery of services;
  • To allow you to participate in interactive features of our service and/or to follow any of our social media sites including Facebook, Instagram, LinkedIn and Twitter, when you choose to do so;
  • Cookies (for further information please see our cookie policy);
  • As part of our efforts to keep our site safe and secure;
  • To measure or understand how effective our advertising is;
  • The prevention of fraud and other criminal activities.
  • To tell you about relevant training, events, products, news updates and announcements.
  • To address a request from you in relation to the exercise of your rights, for example, if you have asked us not to contact you for marketing purposes, we will keep this information on a list.
  • To make suggestions and recommendations to you and other users of our website about services that may interest you or them;
  • To comply with our legal, regulatory, professional and ethical obligations;
  • To communicate updates on the law or matters we believe to be of interest;
  • To invite you to take part in surveys regarding your experiences of working with us;
  • To deal with, assess, investigate, defend and respond to any queries, complaints or claims; and/or
  • For any other legitimate business purpose.

We will only use your personal data for the purpose for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, whether this is permitted by law. The provision of documents for identity purposes is necessary for us to comply with our legal and statutory obligations. Failure to provide these will mean we are unable to carry out checks as required as by Money Laundering Regulations and we will not be able to act for you or the organisation instructing us, though, we will notify you if this is the case.

We will get your express opt-in consent before we share your personal data with any company outside of Hartley Law Limited for marketing purposes, to feature your identity in a case study, press release, advertisement or testimonial or wish to include your image in a photograph or video in connection with public relations or promotional activities.

Disclosure of your information

  • We may share your personal information with our staff working in our offices or remotely in order to for us to provide our services to you. You agree that we have the right to share your personal information with selected third parties (including Experian) including analytics and search engine providers, that assist us in the improvement and optimisation of our site.
  • In the event that we sell or buy our business or assets, we will disclose your personal data to the prospective seller or buyer of such business or assets.
  • If a third party acquires Hartley Law Limited or substantially all of its assets, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose to share your personal data in order to comply with any legal and/or regulatory obligation, or in order to enforce or apply our and other agreements; or to protect the rights, property, or safety of Hartley Law Limited, our clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • To our regulatory body, the Solicitors Regulation Authority or, professional advisors, professional bodies including courts.
  • To the police and other law enforcement agencies where we are under a duty to do so.
  • To our suppliers and service providers, for example, insurers, payroll providers, accountants, tax advisors, barristers and experts, auditors.
  • Other organisations involved in your case or matter e.g. agents, brokers, banks.


You will only receive tailored marketing from Hartley Law (including services, events, webinars, latest news, legal updates on changes in the law, newsletter) if you have signed up to our newsletter, if you are a client of ours, if we believe its in your best interest to receive the communication, if you attend a webinar, seminar or event, if you provide a business card to an employee of Hartley Law at any networking/business event, or, if you have given us your express consent.

If you would like to withdraw your consent, you can contact us. Withdrawing your consent will not remove our right to contact you regarding work we may carry out for you.

Where we store your personal data

All information you provide to us is securely stored inside the United Kingdom. If we transfer your personal data outside of the United Kingdom, we will take reasonable steps to protect your personal information. Third parties we use may transfer your data outside of the United Kingdom. These countries may have different standards of protection and privacy laws in place, which means additional safeguards must be put in place.

Data Security

We have put in place appropriate procedures and security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

Additionally, we limit access to your personal data to those employees and third parties who have a business need to know. They are required to only process your personal data on our instructions.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to keep your personal data secure, we cannot guarantee the security of your data transmitted to our website or the Internet; any transmission is at your own risk. We cannot be held responsible for unauthorised or unintended access that is beyond our control.

We will notify you and any applicable regulator of a breach where we are legally required to do so.

We implement appropriate measures and controls, including monitoring and physical measures, to store and transfer data securely.

Where we have given you (or where you have chosen) a password which enables you to access any of our online or electronic resources, you are responsible for keeping this password confidential. We advise you not to share your password with anyone.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting or reporting requirements, in respect of providing services to you, resolving disputes and enforcing our agreements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We will retain your personal data for six years following the end of our business relationship with you, or the end of your matter, whichever is latest.

CCTV recordings are retained for 30 days from visiting our offices.
We retain CV’s for a period of one year, unless we hire the candidate or have them carry out work experience, in which case we retain your data for up to six years following the end of our business relationship with you.

Your Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You are entitled at any time to ask us for a copy of your personal data we hold about you, known as a data subject access request. You are also entitled to ask that any information we hold about you is supplemented, updated or rectified. You can make any of these requests free of charge by contacting us.

In certain circumstances, you can also ask us to restrict our processing of your personal data e.g. if you contest the accuracy of it. We will continually review your request and will inform you if we decide we are not required to action it. If you need us to restrict, or stop processing your personal data in any way, this may impact on our ability to provide our legal or professional services to you. Depending on the nature of your requests we may have to stop acting for you but will still have to pay any unpaid fees and expenses which we have incurred on your behalf to date.

You are entitled to ask that we send you a copy of the personal data we hold about you to another organisation for your own purposes, for example, if you intend to instruct another solicitor instead of us. If you want us to move, copy or transfer your personal data in these circumstances, please contact us.

You are entitled to ask us to erase your personal data where there is no good reason for us to keep it. If this happens, we will erase your data where possible and whether not be in breach of any legal or regulatory obligations by doing so. We will also consider whether we can redact or anonymise your data. This will not affect the lawfulness of any processing carried out before your request.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information to speed up this process.

We will aim to respond to your request within one month. Sometimes, it may take longer if your request is complex, in this case, we will update you.

Third Party Links

Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements and their security is not guaranteed. When you leave our website, we encourage you to read the privacy notice of every website you visit.

If you click on our website from a third party website, we cannot be responsible for their privacy policies and practices of the owners and operators of that website and recommend you check the privacy policy of that third party website.

Contact Us

If you need to contact us regarding the use of your data, please contact Karenjit Dhaliwal, Chief Executive Officer/Data Protection Officer at:

01276 536410

Hartley Law, Building B, Watchmoor Park, Riverside Way, Camberley, Surrey GU15 3YL.

We would appreciate a chance to resolve any concerns in the first instance.

If you are not satisfied with our response, you have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (

Get in touch