Privacy policy

Cannings Connolly is committed to protecting your privacy. Our Privacy Policy sets out how we collect and use your personal data on our website and in our practice.

Data Controller

The data controller is Cannings Connolly of 16 St Martin’s-le-Grand, London, EC1A 4EE, and we are registered with the Information Commissioner’s Office (ICO) under registration number is Z7830297.

Data Protection Officer (DPO)

Our DPO is Guy Bate and any questions relating to our privacy policy or to data protection issues generally should be sent by email to and with the heading ‘data privacy’ or sent in writing addressed to the Practice Manager at our office address.

Types of personal data that we collect

We will collect, store and process personal data that is given to us in relation to our services and our practice including names, addresses, email address, telephone number and identity verification documents when we are contacted by individuals, companies or clients, applicants for job vacancies, suppliers and professional third party service providers, and relating to our employees, consultants and Partners (which includes sensitive personal data). We may collect your personal data from public sources such as Companies House. We will automatically collect the Internet protocol (IP) address of every visitor to our website, but we do not collect any other personal data through our website. We use cookies on our website and this is explained in more detail below.

How we use personal data

We will obtain, store and process personal data for the following purposes:

(a) to provide individual clients (or the organisation on behalf of which an individual client instructs us) with legal advice and assistance, or other information that is requested from us;

(b) to keep records of the work that we have carried out for clients, including related email and other correspondence;

(c) to keep records of the anti-money laundering documentation that we have collected from clients for the purposes of preventing money laundering or terrorist financing, and as required by applicable anti-money laundering legislation– this documentation may include copy passports, utility bills, driving licences, names of company directors, and other identifying information;

(d) to send to clients and contacts information on legal updates that may be of interest to them, invitations to firm events, and other marketing materials related to our services, unless they have told us that they do not want to receive this information;

(e) to keep records of applicants for trainee solicitor, qualified solicitor, Partner and support staff roles in our firm;

(f) to keep records of the work that our suppliers and third party professional service providers (e.g. tax advisors, overseas counsel) have carried out for us and our clients, including related email and other correspondence; and

(g) to keep human resources records of our personnel, including employees, consultants and Partners.

We will process your personal data where it is necessary for the performance of a contract to which you are a party, or in order to take steps at your request before entering into a contract (for example, to establish your business as a new client of the firm); where the processing is necessary for compliance with a legal obligation to which we (as data controller) are subject (for example, complying with applicable anti-money laundering legislation); and where it is necessary for the purposes of our legitimate interests, except where those interests are overridden by the interests or fundamental rights and freedoms of the individual. Processing that is carried out for marketing purposes and certain human resources data processing is carried out on the basis of our legitimate interests, which are the promotion and growth of the firm’s business and efficient staff management.

If you do not allow us to process your personal data, our firm will not be able to represent you or offer you employment, as this processing is required for us to provide legal services and to fulfil our duties as an employer.

Sharing personal data

We will not share personal data with third parties without the relevant individual’s consent unless we are required to do so in order to comply with a legal, regulatory or professional obligation or in connection with any legal proceedings.

Where personal data is stored

The personal data that we collect will be stored within the European Economic Area.

Data security

We have information security systems in place and use appropriate technical and organisational measures in order to prevent unauthorised access to or disclosure of personal data.

How long do we keep personal data

We periodically evaluate the personal data collected by us to determine whether it is current and still needs to be held. As a general rule we store personal data for minimum of 7 years and otherwise in accordance with our retention policy. If you would like more information on this please contact our DPO.

Marketing information

Individuals have the right to ask us at any time not to send marketing information to them, by emailing us on or by writing to the Partners at our office address.

Data subjects’ rights

You have the following data protection rights in relation to your personal data that apply in certain circumstances:

  • Right to erasure: You can ask us to erase or delete all or some of your personal data.
  • Change or correct data: You can also ask us to update the data we hold about you.
  • Object to, or limit, our use of your data: You can ask us to stop using all or some of your personal data or to limit our use of it.
  • Subject access requests and portability right: you can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.

All requests for access to personal information that is held about a particular individual should be directed to the Practice Manager. We try to respond to all legitimate requests within one month.


Please be aware that our website uses cookies. A cookie is a text file that is used by many websites to identify a visitor’s computer to their server. Our website uses cookies to distinguish between users of the website. We use cookies purely for analytical purposes (i.e. to count the number of unique visitors to the site). We do not seek to identify individual visitors through our use of cookies.

Questions and complaints

If you have any questions or complaints relating to our handling of your personal data please contact either our DPO, Guy Bate, by email at and, with the heading ‘data privacy’, or our Practice Manager in writing at our office address. You have the right to lodge a complaint with the Information Commissioner’s Office, but we would ask you to notify us first.

Changes to our privacy policy

Any changes we make to our privacy policy in the future will be posted on this page.