Close this search box.

Privacy policy

Please click on a heading below to get more information about a particular area of our policy.


1. Purpose

This Privacy Policy describes how we collect and use information through our website and information from clients, prospective clients, and client representatives. In this Privacy Policy, “you” or “your” refers to users of our website, clients, prospective clients, or client representatives as the context requires. Please read this Privacy Policy together with any other privacy notice we may provide you with when we are collecting or processing personal information about you, so you are fully aware of how and why we are using your information. This Privacy Policy supplements the other notices and does not override them.

We update this Privacy Policy from time to time. This version was last updated in August 2018 where we made significant changes to reflect changes in the law as a result of GDPR. You can compare this version to the last version of this Privacy Policy which can be viewed here. We will post details of any further changes to this Privacy Policy on this page.

2. Who we are and how to contact us about this Privacy Policy.

We are Kemp IT Law LLP, a firm of solicitors specialising in IT law that is authorised and regulated by the Solicitors Regulation Authority. Our SRA No. is 8000918. Our address is 21 Napier Avenue, London, SW6 3PS. Our VAT No. is 418 9059 71.

If you have any questions about how we use your information or about this Privacy Policy, please contact us at or call us on 020 3011 1667

3. Types of information we collect.

We collect non-personal information such as statistical data and certain personal information (information about an individual from which that person can be identified) when you use this website, become a client, represent a client, or sign up for client alerts or for an event.

The types of personal information we collect about you are as follows:

  • Identity and Contact Data includes first name, maiden name, last name, username or similar identifier, title, job title, organisation, organisation address, email address and telephone numbers;
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;
  • Usage Data includes information about how you use our website and our services;
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences;
  • Client Financial Data, which may include bank account details and details of any fees and payments;
  • Client Onboarding Data includes identification and background information, information relating to anti-money laundering, conflict and financial/credit checks, and other information required as part of our regulated client onboarding procedures. This may include special categories of personal data, such as information relating to biometric data from passports. We also obtain information from publicly available sources such as public registers of companies, charities, public registers of sanctioned persons and entities (such as HM Treasury in the UK) and other public sources including any services accessible on the Internet which you are using for professional networking purposes e.g. LinkedIn; and
  • Client Matter Data includes data provided by you as a client, generated by us based on our interactions with you or by others (e.g. other advisers) during the course of a matter.

4. How we collect information.

We collect most information from you as part of the client onboarding process, or when you fill in a form, contact us to engage us in services or provide feedback, or when you sign up to receive client alerts or to attend an event. You do not have to give us any personal information to use most of our website but if you want to sign up for our events or materials you will. We collect information for clients’ alerts, etc., and events registration as follows.

  • Client alerts, etc. To subscribe for client alerts, white papers, invitations to events and webinars, and other materials, please email your contact at the Kemp IT Law or To unsubscribe, update your details via the subscription form or email us at
  • Event registration. To register for an event, please email your contact at the Kemp IT Law or During registration, we will collect Identity and Contact Data. This information enables us to process and fulfill your registration online so we can contact you about the event.

Additionally, through the use of cookies, we may automatically collect Technical Data about your equipment, browsing activity, and patterns. Please see the section below on cookies and our Cookie Policy for more information.

5. What happens if you fail to provide us information?

If you fail to provide personal information that we need to perform a contract with you or by law, then we may not be able to provide you with the service the contract relates to. We will notify you when this is the case.

6. Cookies.

We use cookies on our website. For more information on how we use cookies and how you can disable or refuse cookies, please see our Cookie Policy.

7. Purposes for collecting information and our lawful grounds for processing.

We will use your personal information only where we have a lawful basis for doing so. The lawful basis for processing your personal data will depend on the purpose for which it was obtained. The table below sets out the purposes for which we may process your personal information and the relevant lawful basis/bases that allow for that processing:
Purpose of ProcessingType(s) of DataOur Lawful Basis for Processing
Managing our relationship with you and providing legal services- Identity and Contact Data
- Client Onboarding Data
- Client Financial Data
- Client Matter Data
- Necessary to comply with a legal obligation
- To perform a contract with you
- If you are a client representative, it may be necessary for our legitimate interests in running our legal practice to process your personal data to provide services to the client you represent.
Administration purposes and the protection of our business and the website – e.g. accounting, billing, troubleshooting, data analysis, testing, IT system maintenance, support, reporting, hosting of data, and to defend our business interests including exercising our legal rights.- Identity and Contact Data
- Technical Data
- Client Financial Data
- Necessary for our legitimate interests* – in running our practice, the provision of administration and IT services, network security and fraud prevention and for business reorganisations or group restructuring exercises
- Necessary to comply with a legal obligation
To register you as a new client- Identity and Contact Data
- Client Onboarding Data
- Client Financial Data
- To perform a contract with you
- Necessary to comply with a legal obligation
Marketing and promotions:
- Sending you client alerts
- To register you for an event
- Asking you to leave a review or provide feedback
- To use data analytics to improve our website, products/ services, marketing, client relationships and experiences
- To make suggestions and recommendations to you about events that may be of interest to you
- Identity and Contact Data
- Usage Data
- Marketing and Communications Data
- Technical Data
- Necessary for our legitimate interests* (to study how clients view our services, to develop them, to grow our practice and to inform our marketing strategy
- Necessary for our legitimate interests* (to define types of clients for our services, to keep our website updated and relevant, to develop our practice and to inform our marketing strategy)
- Necessary for our legitimate interests* (to develop our services and grow our practice)
*“Legitimate interests” means our legitimate interests in conducting and managing our practice where these interests are not overridden by your fundamental rights, interests and freedoms.

8. Changes to the purposes of processing.

We will only process your personal information for the purpose(s) for which we collected it. If we do need to use your personal information for a new purpose, we will notify you of this, explain the lawful basis we will be relying on, and, if necessary, ask for your consent.

9. How we share your information.

We may need to share your information with certain third parties:

  • Our suppliers who provide us with services acting as processors, including IT services, hosting services, website analytics, event organisers and marketing providers;
  • Other law firms and other professional services providers or advisers such as barristers as part of the services we provide to clients;
  • Our professional advisers including accountants, bankers, auditors, insurers who provide us with professional services based in the UK;
  • Regulators such a HM Revenue & Customs, the Solicitors Regulation Authority and other authorities based in the UK who require information about our processing activities from us; and
  • In the unlikely event of a sale, any organisation that acquires our practice.

We do not share or transfer the information we have collected except as set out in this policy. Where we share your personal information with third parties we will ensure they respect your privacy and keep your information secure.

10. Marketing.

We will send you marketing communications if you have signed up for client alerts or registered for events, in either case, where you have not opted out of receiving that marketing. You can opt out of receiving marketing communications by following the opt-out or unsubscribe links on any marketing message sent to you or by contacting us at any time.

11. Video Conferencing.

We may use video conferencing when providing services to you and/or managing our relationship with you. We use Zoom and Microsoft Teams platforms for video and audio calls. We collect Client Matter Data and Identity and Contact Data through such calls. We also use GoToWebinar to provide seminar presentations for the purpose of Marketing and Promotions as set out in Purposes for collecting information and our lawful grounds for processing. We always ensure meetings are secured with passwords and IDs. We may record calls and meetings for the purposes of client management, training and improving services to clients but will only keep the recordings for as long as is necessary as set out in Data retention.

12. Correcting, updating or removing your details.

If your personal information changes or if you no longer wish to receive our service, please let us know and we will correct, update or remove your details. You can do this by emailing us at

13. Third party links.

This website may include links to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our website, we recommend you read the privacy policy of every website you visit.

14. International transfers.

In providing services to you, we may need to transfer your personal information to the United States and other countries outside of the EU that do not afford the same level of data protection as the UK. Your personal data may also be processed by our suppliers outside of the EU. Where your data is processed outside of the EU, we will ensure your personal information is protected by putting in place appropriate safeguards such as EU Commission Standard Contractual Clauses. You can find the current version of these clauses at the Annex of Commission Decision2010/87/EU : 5 February 2010 – please see

If you would like more information about international transfers of your personal information, please contact us by email at or by phone no 0203 011 1667.

15. Data security.

Whilst we store and use your personal information we will ensure appropriate security for it by including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach as is required by the law.

16. Data retention.

We will not keep your personal information longer than is necessary for the purposes for which we use it. We will retain your personal information for the periods that are required by law, our regulators and for our arrangements with our insurers, whichever is the longest. This will generally be seven years after the year:

  • in which we received it; or
  • (if later) when the client matter or relationship that was the context for receiving it ended.

We will delete or destroy it when it is no longer required.

17. Requesting access to your information.

Under data protection law, individuals have the right to request access to information about them that we hold. To make a request for your personal information please contact

18. Your other privacy rights.

By law you have certain additional privacy rights. These are to:

  • be informed of how we are processing your personal information – this Privacy Policy serves to explain this to you but please do get in touch if you have any questions;
  • have your personal information corrected if it is inaccurate or incomplete;
    have your information erased (the right to be forgotten) in certain circumstances – e.g. where it is no longer needed by us the purpose for which it was collected or you have withdrawn your consent. Please note however, that in certain circumstances, we may not be able to comply with your request of erasure for legal reasons. If this is the case, we will notify you at the time you request erasure;
  • restrict the use of your information in certain circumstances e.g. where you have told us information is inaccurate and we are in the process of checking this. In such circumstances we will continue to store your information but will not process it further until we have checked and confirmed whether the information is inaccurate;
  • object to the processing of your information in certain circumstances – e.g. you may object to processing of your information for direct marketing purposes;
  • data porting – where you have provided us with personal information and we use this information either on the basis of your consent or to perform a contract with you, you have the right to receive your personal information from us in a commonly used and machine readable format, and the right to require us to transmit your personal information to someone else if it is technically feasible;
  • object to decisions being taken by automated means; and
  • to withdraw your consent at any time to processing where we are relying on consent as the lawful basis – e.g. to receiving marketing communications. Please note if you withdraw your consent, we may not be able to provide certain services to you – We will let you know if this is the case at the time you withdraw your consent.

If you have any concerns about the way we are collecting or using your personal information, please contact us in the first instance. You also have the right to lodge a complaint with the UK’s supervisory authority for data protection matters – the Information Commissioner’s Office at