Privacy Policy

Overview

This Privacy Policy applies to Womble Bond Dickinson (UK) LLP, a limited liability partnership authorised and regulated by the Solicitors Regulation Authority (SRA number 449247), and to any entities owned or controlled by Womble Bond Dickinson (UK) LLP including those entities listed here, collectively referred to in this Privacy Policy as "WBD UK Group". This Privacy Policy is issued on behalf of the WBD UK Group so when we mention "we", "us" or "our" in this Privacy Policy, we are referring to the relevant entity in the WBD UK Group responsible for processing your personal data.

This Privacy Policy is designed to help you understand what personal data we collect, why and how we use it and who we share it with. It also explains the rights you have in connection with your personal data, including how to contact us or to make a complaint.

The entity with whom you enter into an engagement will be the controller of your personal data when you enter into an engagement with us for legal or other services or otherwise engage with us. Womble Bond Dickinson (UK) LLP is the controller and responsible for any personal data collected through this website: https://www.womblebonddickinson.com/uk.

If you were a client of Bond Pearce LLP or Bond Pearce LLP otherwise processed your personal data then Womble Bond Dickinson (UK) LLP (at that time known as Bond Dickinson LLP) assumed responsibility for such processing on the 1 May 2013 and this Privacy Policy applies to any personal data we hold about you.

Due to our global reach, we may be subject to different data protection regimes. This Privacy Policy reflects the UK GDPR standard of protecting personal data. Elements of this Privacy Policy may not apply in jurisdictions where data protection regimes differ to the UK GDPR and this Privacy Policy does not establish additional rights or obligations to those prescribed in the local data protection laws applicable to those jurisdictions.

If you have any questions about this Privacy Policy please get in touch with your usual WBD UK Group contact or contact us using the details below. If you would like this notice in another format (for example large print) please contact us using the details below.

What Personal Data do we collect and use?

We process personal data about many different categories of individuals, including our clients and prospective clients, counterparties and third parties that have a connection with the matters that we work on for our clients, individuals we or our staff have relationships with, individuals who work for our suppliers, individuals who visit our offices and other individuals who interact with us (e.g. through our website or communications with us).

The type of personal data we collect and process depends on our relationship with you and the nature of the services we are providing. The table below sets out a non-exhaustive list of the personal data we may collect and process, depending on the circumstances.

If you provide us with personal data in respect of individuals associated with you or your business to enable us to provide legal or other services, you are responsible for ensuring that the relevant individuals are made aware of the terms of this Privacy Policy and that you have any necessary permission or authority to do so.

Personal data we may collect depending on our relationship with you

Name, gender, address and telephone number(s), email address and other contact details.

Information to enable us to check and verify your identity, e.g. your date of birth or passport details.

Regulatory information including whether you are a Politically Exposed Person (PEP).

Your occupation, organisation you work for, your title or position and interests and professional information (such as job title, previous positions and professional experience).

Information about your personal or family life that you choose to share with us, for example, relating to your hobbies or interests (not including special category personal data).

Financial details so far as relevant to our instructions.

National Insurance and tax details.

Bank and/or building society details.

Nationality and immigration status and information from relevant documents, such as your passport or other identification documents.

Details of your spouse/partner and dependants or other family members, e.g. if we are instructed on a private wealth matter.

Employment status and details including salary and benefits, e.g. if we are instructed on a matter related to your employment or in a private wealth matter.

Details of your pension arrangements, e.g. if we are instructed on a pension matter or other private wealth matter.

If we are instructed to incorporate a company, personal identifying information such as your hair or eye colour or your parents’ names, to answer security questions required by Companies House.

Your employment records where relevant to the matter on which we are advising.

Other personal data relating to matters on which we are instructed or relating to services we provide or that you choose to share with us.

Information about your use of our website, digital platforms, portals, communication systems, and other technology including your website usage, browser type and version, time zone setting, browser plug-in types and versions, operating systems and platforms, IP addresses, other online identifiers.

If you attend a meeting or event at our offices or those of a third party, personal data in relation to your visit including CCTV, access time and attendance information and dietary requirements.

Information you provide to us about our services, for example by completing client surveys.

Your direct marketing and user preferences including whether you have consented to marketing communications.

Invitation responses, reading activity and event attendance confirmation via the use of cookies and similar technologies to enable us to tailor communications.

Special category or sensitive personal data we may collect depending on our relationship with you

Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs, e.g. if we are instructed on a discrimination claim or if you provide dietary information to us in connection with your attendance at a meeting or event.

Personal data relating to your health including medical records, e.g. if we are instructed on a matter where your health is relevant.

Genetic or biometric personal data in relation to matters on which we are instructed.

Your trade union membership, e.g. if we are instructed on a discrimination claim or your matter is funded by a trade union.

Personal data relating to criminal convictions and offences, e.g. if we are instructed on a matter where your criminal offence data is relevant.

Other special category or sensitive personal data relating to matters on which we are instructed, relating to services we provide or that you otherwise choose to share with us.

How we collect your Personal Data

We may collect personal data about you from various sources including:

  • You
  • Your employer
  • Family members, relatives or members of your household
  • Our clients
  • Individuals or organisations involved in matters on which we are instructed
  • Our service providers or suppliers including service providers we use to enable us to conduct background checks, client e-verification due diligence providers and sanctions screening providers
  • Your bank or building society or other financial institution or advisor
  • Consultants and other professionals we may engage or correspond with in relation to a matter including other parties involved in the legal proceedings (such as the solicitor acting on the other side)
  • Your professional body or pension administrators
  • Your doctors, medical and occupational health professionals
  • Other third parties such as witnesses, or representatives involved in a matter
  • Publicly accessible sources, e.g. Companies House or HM Land Registry or government bodies or agencies
  • Our information technology systems, e.g., case management, document management, client portals and time recording systems
  • Our website
  • CCTV and access control systems, communications systems, email, voicemail and instant messaging systems
  • By telephone, video conferencing or collaboration software
  • Networking (e.g. at law fairs, client events and/or other meetings or events both in person or virtual either hosted or attended by us)
  • Through an extranet or other document storage, management or review sites or platforms that we make available in the context of the services we provide
  • Through our guest WiFi service or other facility at our premises that may require log in details
  • Through an online or emailed form, questionnaire, survey or similar format.

What we use your Personal Data for

We aim to be transparent about the purposes for which we collect and process personal data. We will only process personal data where we have a lawful reason for doing so. Further information on the main purposes for which we process personal data and the lawful reasons for processing the personal data is set out below:

Identification and background information

What we use your personal data forOur reasons for processing your personal data

We use your identification and background information for client due diligence and know your client purposes.

As part of our client due diligence and know your client processes we carry out certain background searches and screening to:

  • Verify your identity
  • Comply with laws relating to preventing money laundering and terrorist financing
  • Verify whether or not there are any potential issues that may mean we cannot work with a particular person or organisation (for example to identify criminal convictions, PEPs, sanctions, adverse media or other potential reputational issues). This will include any verification that we need to undertake in relation to individuals that are connected to or involved in the structure of our client entities, for example, directors or beneficial owners
  • We use third parties to carry out identity verification, background and screening checks. This includes using a third party, SmartSearch, who use facial recognition and liveness detection technology to process your biometric data for identity verification purposes. Your biometric data is not shared with us. For further information concerning SmartSearch and its use of your personal data please see: https://www.smartsearch.com/privacy-notice
  • Compliance with our legal and regulatory obligations.
  • Our legitimate interest in safeguarding the WBD UK Group against inadvertently dealing with the proceeds of criminal activities or inadvertently assisting in any other unlawful or fraudulent activities (for example, terrorist financing).
  • Our legitimate interest in carrying out the business of providing professional legal and other services and securing prompt payment of fees and costs in respect of our services.
  • Where we process criminal conviction/criminal offence data, we will do so either where we have your explicit consent, to establish, exercise or defend legal claims, to prevent or detect unlawful acts or to comply with our regulatory requirements relating to unlawful acts and dishonesty. We may also process criminal convictions/criminal offence data where it has been made public by you/the relevant individual.

Legal and other services

What we use your personal data forOur reasons for processing your personal data

We provide a wide range of professional services. Some of our services require us to use personal data (including special category personal data and criminal offence data) to provide advice and deliverables to our clients. We may use this information:

  • To manage and administer our relationship with you (and/or your organisation) and enter into and maintain contractual relations
  • When we are instructed on a legal matter or engaged to provide professional services, we may process personal data relating to a range of individuals. This includes clients and their representatives, counterparties, litigants in person, advisors, experts, counsel, witnesses, and other individuals whose information is relevant to the matters that we work on for our clients. Such processing may be necessary, for example, to attempt to resolve a dispute or to initiate, conduct or defend dispute resolution proceedings on behalf of our client.
  • To comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety regulation or rules issued by our professional regulator, the Solicitors Regulation Authority and to provide information required by or relating to enquiries or investigations by regulatory bodies
  • For accounting and tax purposes
  • For marketing and business development
  • For statistical analysis to help us manage our business or to provide information required by our clients, e.g. in relation to our financial performance, client base, work type or other efficiency measures or key performance indicators
  • To ensure our business policies (and client requirements) are adhered to, e.g. policies covering security and internet us
  • For operational reasons, such as improving our business and services by undertaking analysis and research and assessing your satisfaction with our services, efficiency, insurance purposes, training and quality control
  • To assess your eligibility for a distribution from a trust or estate;
  • To communicate with you in relation to the administration of a trust or estate
  • To make a payment or transfer to you from trust or estate funds by way of a trust or estate distribution
  • To respond to any complaint or allegation of negligence made against us
  • To ensure safe and secure working practices, comply with our office health & safety risk assessments, public health requirements, staff administration and assessments and to enforce or protect any of our rights, property or safety (or those of our members, employees or clients)
  • For administering and managing our website
  • For internal and external audits (including audits of our accounts), quality checks and certifications and accreditation.
  • Where it is necessary for our legitimate interests or those of a third party, such as one of our clients or someone with a financial or legal interest in the matter.
  • Compliance with a legal or regulatory or professional obligation to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.
  • Our legitimate interest in processing personal data as necessary to meet with a legal or regulatory or professional obligation.
  • Our legitimate interest in providing professional services and our client in receiving professional services in a certain way (e.g. a statutory audit).
  • Our legitimate interest to administer, manage and develop our business services.
  • Our legitimate interest to help our clients to improve our business, service delivery and offerings to help WBD develop technology and offerings, including benchmarking and statistical analysis.
  • Where we process special category personal data, we will rely on either a relevant substantial public interest condition (with a basis in law), explicit consent or to establish, exercise or defend legal claims. We may also process special category personal data where it has been made public by you/the relevant individual.
  • Where we process criminal conviction/criminal offence data, we will do so either where we have your explicit consent, to establish, exercise or defend legal claims, to prevent or detect unlawful acts or to comply with our regulatory requirements relating to unlawful acts and dishonesty. We may also process criminal convictions/criminal offence data where it has been made public by you/the relevant individual.

Meetings, events, seminars and learning sessions

What we use your personal data forOur reasons for processing your personal data
To facilitate your attendance at meetings, events or seminars whether organised by us or by our business partners, contacts or other professional representatives. This will include any photos or videos taken at our events, seminars and learning sessions. 
  • Consent of the participant.
  • Our legitimate interest in organising events and managing the registration process for such events.
  • Our legitimate interest in providing information about and promoting WBD, our services and events which we organise.
  • Our legitimate interest in protecting our people, assets and information and to prevent unauthorised people gaining access to WBD offices.

Visitors to WBD offices

What we use your personal data forOur reasons for processing your personal data

When you visit a WBD office, we process your personal data to provide you with certain facilities (such as access to our buildings and conference rooms) to control access to our buildings and to protect our offices, personal, goods and confidential information, by using CCTV.

  • We monitor and log traffic on our wi-fi networks. We also scan email and other communications for appropriate and potentially harmful content, attachments or viruses.
  • Where permitted by law, we use CCTV monitoring. CCTV images are securely stored and only accessible on a need to know basis (for example to look at an incident). We are allowed to disclose CCTV images to law enforcement bodies. We will also share CCTV images with our insurers for purposes of processing an insurance claims as a result of an incident.
  • When you visit a WBD office, we may also process certain health data about you, for example, dietary or access requirements or temperature check and/or other relevant test results or information. If collected, we will use this information:
  • In the case of dietary requirements, for the purposes of any catering services provided during your visit.
  • In the case of access requirements, for the purposes of facilitating your access to our WBD office(s).
  • In the case of any temperature checks/other relevant tests, we will use that data to review whether or not you can safely attend our WBD office(s) in line with any government guidance. We will also maintain records of any questionnaires or other forms completed by visitors for the purpose of evidencing that appropriate steps/checks have been undertaken. We will disclose that same health data and records referred to above (including temperature and/or other relevant test results and information) on a confidential basis to a governmental organisation, health authority and / or equivalent where required to do so by law.
  • Our legitimate interest in protecting our offices, personnel, goods and confidential information.
  • Our legitimate interest in preventing and detecting criminal and dishonest activity, including to ensure the security of our WBD offices and website.
  • Explicit consent of the business contact.
  • Compliance with a legal or regulatory obligation.
  • Where the processing is necessary for establishing, exercising or defending legal claims.

Client Relationship and Marketing (CRM) Purposes

What we use your personal data forOur reasons for processing your personal data
  • We process personal data about contacts (former, existing and potential clients and individuals employed by, or associated with, such clients and other business contacts, such as alumni, consultants, regulators and journalists) in our CRM systems to maintain our database of clients and other third parties for administration, and accounting and relationship management purposes and to support our marketing operations.
  • We may telephone, email or post you any relevant information on our services and events that may be of interest but only if you have given us your consent to do so or we are otherwise able to do so in accordance with data protection laws.
  • Consent of the business contact.
  • Our legitimate interest in managing the relationship with our business contacts and providing information about WBD, our services and the events we organise.

Use of new technologies, including artificial intelligence (AI)

We use new technologies, including AI, in the delivery of our services. For example, we have signed up to CoCounsel, Thomson Reuters' professional-grade Gen-AI assistant, across our UK practice. Our lawyers are able to use CoCounsel and other new technology tools to support with day-to-day legal tasks, such as legal research, document review and analysis and All outputs generated by new technology tools, including CoCounsel and any other AI tools that we adopt, will be carefully supervised by appropriately experienced members of our team. 

Prior to adopting any new technologies tools that involve the processing of personal data and where appropriate, we conduct a robust due diligence process in line with industry best practice and standards. This ensures that security, confidentiality and the protection of personal data are prioritised.

Personal data of children

If your Matter involves children, these children must be represented by their parents or guardians. In these circumstances we will explain to the parent or guardian why we need any personal data relating to the children and how it will be used, both when we first collect the data and as the particular Matter progresses.

Visitors to our website

We capture a limited amount of personal data about visitors to our website automatically. We do this by using cookies and analytics tools on the website – for more information please see our Cookies Policy.

We use Google Analytics cookies to understand how users engage with the website. These cookies collect certain information, including the number of visitors to the site, where visitors have come from geographically and the pages they have visited, and the devices and browsers the visitor is using. For further information about Google Analytics, visit:

Google's Privacy Policy

Google Analytics Help pages

Our website is not intended for children and, other than in connection with work experience applicants, we do not knowingly collect data relating to children via our website.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 

We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Marketing communications

We may use your personal data to send you updates (by email, telephone or post) about legal developments that might be of interest to you and/or information about our services, including new services.

We have a legitimate interest in processing your personal data for our business development purposes. This means we do not usually need your consent to send you legal updates and information about our services. However, where consent is needed (for example to send you electronic communications), we will ask for this consent separately and clearly. 

You have the right to opt out of receiving marketing communications at any time by:

  • Contacting us by via the opt out form on our website or by telephone +44 (0)345 415 0000
  • Using the ‘unsubscribe’ link in our emails
  • We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

Who we share your Personal Data with

We may share personal data where we are legally permitted to do so, with:

  • WBD UK Group entities.
  • Womble Bond Dickinson (US) LLP which is a separate legal entity operating as an independent law firm based in the United States, details of which can be found here.
  • Professional advisers who we instruct on your behalf or refer you to, e.g. barristers, medical professionals, accountants, tax advisors or other experts with whom we engage as part of the services or who you separately engage in the same context.
  • Other third parties where necessary to carry out your instructions, e.g.:
  • HM Land Registry in the case of a property transaction.
  • Companies House or your mortgage provider.
  • Third parties engaged in order to provide services to a trust or estate, for example, tracing agents or payroll providers, replacement trustees and executors.
  • HMRC for compliance purposes e.g. to register a trust with the Trust Registration Service.
    • Our insurers and brokers.
    • Our bank/s.
    • External service suppliers, representatives and agents that we use to make our business more efficient, e.g. marketing agencies, document collation or analysis suppliers, postal services, document storage facilities, front of house teams.
    • Building or facilities managers to facilitate your attendance at a meeting.
    • Where we use or work with third parties to organise or host events for or with us, we will provide these third parties with your relevant personal data.
    • Our regulator, the Solicitors Regulation Authority.
    • Governmental (e.g. public health) authority.
    • Our data processors providing catering, security, email security, data governance and archiving support services.
    • IT service providers such as providers of software or cloud providers of software as a service used by us as part of our client onboarding processes or in the provision of services to you, data room providers and providers of our IT servers g. our website platform provider and CRM platform providers and any other digital platform providers, which may provide hosting and support services.
    • Disclosures required by law or regulation: in certain circumstances, please note that we may be required to disclose personal data under applicable law or regulation, including to law enforcement agencies or in connection with proposed or actual legal proceedings.

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you. Some of our service providers use AI in the provision of their services to us. As explained above, prior to using any such AI tools, we conduct a robust due diligence process to ensure that security, confidentiality and the protection of personal data are prioritised.

We may also need to share some personal data with other parties. For example, if we, in the course of our own business operations, sell or buy any business or assets we may disclose personal data held by us to the prospective seller or buyer of those businesses or assets.

Where possible, information will be anonymised but the recipient of the information will be bound by confidentiality obligations. If we are acquired, or substantially all of our assets are acquired, by a third party (or are subject to a reorganisation), personal data held by us will be one of the assets which is transferred. 

Where your Personal Information is held

Personal data may be held at our offices, those of WBD UK Group entities or third parties, see 'Who we share your personal data with'.

Some of these third parties may be based outside the United Kingdom. For more information, including on how we safeguard your personal data when this occurs (see: Transferring your personal data abroad).

E-signatures

To make the signing of contracts easier, we may use e-signature software. This involves inputting your contact details into third party e-signature software (DocuSign) and uploading the relevant contract for signature, which may contain personal data about you. In general, the data will be stored on servers within the European Economic Area (see 'Transferring your personal data abroad' below) and will be deleted following a short retention period. Please ensure you review the privacy information presented to you upon access to DocuSign, explaining why and how personal data is collected and processed when using this service.

Online platforms

As part of our work (including knowhow sharing) for our clients, you may be invited to access an online platform (for example, HighQ) to review or access documents and information or to upload information yourself. To the extent we have access to any personal data about you in connection with this, we will treat that personal data in accordance with this Privacy Policy.

Please ensure you review any other privacy information provided to you in connection with these services or platforms, including information provided by the third parties who provide the platforms. You must also ensure you read and comply with the relevant terms of use.

Transferring your Personal Data abroad

In general we shall always process your personal data within the United Kingdom. To deliver services to you, it is sometimes necessary for us to share your personal data outside the United Kingdom. For example, we may disclose your personal data outside the United Kingdom for the purpose of providing legal advice and services, including to (1) WBD UK Group entities and/or (2) Womble Bond Dickinson (US) LLP.

If we need to share your personal data with any recipient outside the UK, e.g. with any of those third parties listed above (see 'Who we share your personal data with') we will ensure we do so in compliance with data protection laws, including, where applicable, by ensuring that the transfer is necessary to perform a contract in place with you or a contract entered into in your interests. As part of this, we will ensure we have standard contractual clauses (or other approved protection mechanism) in place with that third party. 

In some instances, we may also use third party software that stores data in another jurisdiction. Usually, this will be within the European Economic Area, and, in any case, this will always be carried out in accordance with applicable data protection laws. Some of our third party software suppliers provide support services from from across the world. In some rare instances, it may be necessary for individuals providing that support to have sight of, or access to, stored personal data. Personal data may be accessed from and therefore transferred to that country which may not have the same data protection laws as the United Kingdom. We will, however, ensure the transfer complies with data protection laws.

In all circumstances, we undertake an assessment of the level of protection in light of the circumstances surrounding the transfer. We will make sure that any transfers are not repetitive and only limited to the minimum amount of information possible and will always take steps to ensure that your personal data is adequately protected.

How long your Personal Data will be kept

We will only retain your personal data for as long as it takes to provide the services to you. For most types of matters we retain your matter file, which will include your personal data, for up to fifteen years from the date of your final bill although this may vary depending on the nature of your matter.

We may keep your personal data for longer than the stated retention period for legal, regulatory or technical reasons. For example, Anti-money laundering legislation requires us to retain records, documents and information relating to a matter, including a copy of your identity documentation, for five years from conclusion of your matter or when our business relationship with you ends.

We will keep information in connection with the complaint or request in line with our retention policy. In most cases this means we will retain the information for six years.

The third parties we engage to provide services on our behalf (see 'Who we share your personal data with') will keep your data stored on their systems for as long as is necessary to provide the services to you.

When it is no longer necessary to retain your personal data, we will delete or anonymise it. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of it, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We will keep the health data (See 'What we use your personal data for') only for so long as is necessary to comply (and/or verify our compliance) with any disclosure obligation related government policy or guidance. We will destroy copies of any completed questionnaires, forms and other related reports after one year. 

In some circumstances you can ask us to delete your data, see 'Your rights with respect to your personal data'.

How we protect your Personal Data

Keeping information secure is a key part of data protection compliance. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, or used, accessed, altered or disclosed in an unauthorised way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so or where we have otherwise agreed with you that we will.

We are certified to ISO 27001 (information security) which is an international standard published by the International Standardization Organization (ISO) and describes best practice in information security management. To maintain our ISO 27001 certification we undergo regular independent security audits. We are also certified to Cyber Essentials Plus and maintain our own internal audit programme to verify that our staff are familiar with and adhere to our policies and procedures. 

If you would like more information about how we maintain information security please contact us (See 'Contact Information') to request a copy of our Security Statement or view it.

If we have given you a username and password which allows you to access certain parts of your matter via our systems, you are responsible for keeping it confidential.

Your rights with respect to your Personal Data

Under data protection laws, you have rights including:

  • Your right of access - You have the right to ask us for copies of the personal data we hold about you at any time and to be informed of the contents and origin or verify its accuracy, known as a data subject access request.
  • Your right to rectification - You have the right to ask us to request that the be supplemented, updated or rectified if you think it is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances. This may impact on our ability to provide our legal or professional services to you.
  • Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances:
  • Your right to data portability - You are entitled to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format, and to transmit that data to another data controller (for example a third party organisation you may subsequently instruct) where technically feasible. 
  • Your right to withdraw consent at any time (where processing is based on consent) - Where we process personal data using only your consent, you have a right to withdraw this consent at any time. Note that we do not generally process personal data based on consent (as we usually rely on another legal basis) and so the right to withdraw consent may not be applicable.
  • You can exercise these rights at any time by contacting us (see 'Contact Information').
  • Depending on the nature of your requests we may have to stop acting for you but you will still have to pay any unpaid fees and disbursements which we have incurred on your behalf to date.
  • You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, in the event that an access request is unfounded, excessive or especially repetitive, we may charge a ‘reasonable fee’ for meeting that request. 
  • For further information on each of these rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner's Office (ICO) on individuals' rights under the UK GDPR.

Updating your personal data

It is important that the personal data we hold about you is accurate and current. Please let us know if any of the personal data you have provided to us has changed, e.g. your surname or address please contact us using the details above.

How to complain

We hope that we can resolve any query or concern you may raise about our use of your information. If you want to complain about how we have handled your personal data, please contact our Data Protection Officer (DPO) by email: [email protected] or by post: Womble Bond Dickinson (UK) LLP, Temple Quay, 3 Temple Back East, Redcliffe, Bristol BS1 6DZ.

Please provide as much detail as possible about your complaint. If necessary, we will request any additional information we need from you to help us to understand the issue and investigate it thoroughly.

We will acknowledge receipt of your complaint within three working days. We will then investigate your complaint and inform you of the outcome of your complaint within 30 days. 

If you are not satisfied with the outcome of your complaint or if you believe we are processing your personal data unlawfully, you can complain to the Information Commissioner's Office (ICO). The ICO can be contacted via its website here or telephone at 0303 123 1113.

If you are located in the EU or EEA you may contact the Irish Data Protection Commissioner via its website here.

Contact information

Please contact us or our Data Protection Officer by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.

Our contact detailsOur Data Protection Officer's contact details

[email protected]

Our helpdesk - +44 (0)191 2799468

Louise Norman, General Counsel

Womble Bond Dickinson (UK) LLP
Temple Quay, 3 Temple Back East, Redcliffe, Bristol, BS1 6DZ

Email address and telephone number are the same as for our general contact details opposite.

Important information

  • Clients of the firm should read this Privacy Policy alongside our Terms of Business, which provide further information on confidentiality.
  • This is our primary Privacy Policy which supplements other privacy notices and policies and is not intended to override them.
  • We may publish or provide you with supplementary privacy notices to address specific services or situations.
  • It is important that you read this Privacy Policy together with any supplementary privacy notice we may provide when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data.
  • If there is any conflict between this Privacy Policy and any supplementary privacy notice, then the supplementary privacy notice will take precedence.
  • We have separate privacy notices which record how we process the personal data of our staff (and job applicants. Our recruitment tools and websites contain their own privacy notices explaining why and how personal data relating to job applicants is collected and processed.

WBD UK Group

The entities of Womble Bond Dickinson (UK) LLP that may have a role or relationship with you include:

  • Womble Bond Dickinson (IOM) Limited (registered in the Isle of Man with company number 019395V).
  • St Ann's Pension Trustees Limited (registered in England and Wales with company number 04399375).
  • Womble Bond Dickinson (Trust Corporation) Limited (SRA number 220763).
  • Womble Bond Dickinson (Europe) LLP (SRA number 655951).
  • Womble Bond Dickinson Wealth Limited (FCA number 596652) (WBD Wealth). Where WBD Wealth is referred to in your Engagement Letter or if you are proposing to instruct or are instructing WBD Wealth, then WBD Wealth will be the data controller, meaning this Privacy Policy will not apply and the WBD Wealth Privacy Policy will apply.

Third-party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Updates to this Privacy Policy

We will occasionally update this Privacy Policy to reflect changes in our practices and services. This Privacy Policy was last updated on 24 April 2026.

Key Terms used in this Privacy Policy

client/clientsMeans any individual or organisation that we provide a service to. 
data protection lawsFor the purposes of this Privacy Policy and to the extent applicable to us, the General Data Protection Regulation (Regulation (EU) 2016/670) (GDPR), Data Protection Act 2018 (as amended from time to time), the UK GDPR, any equivalent legislation amending, supplementing or replacing the UK GDPR and any other law applicable to us and otherwise relating to data protection.
personal dataHas the meaning set out in the UK GDPR. This includes information about a living person by which that person can be identified. Some of that information will identify the individual directly, for example by giving their name and email address. It may also be possible to identify someone indirectly, from information in which their name is not given, for example by naming their job title and employer, or by using another form of identifier such as their IP address. 
special category personal dataThis means personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, data concerning health, sex life or sexual orientation.
UK GDPRMeans the Data Protection Act 2018 and the UK GDPR (as defined in the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019).
you, your (and other similar terms)Refers to, as the relevant context dictates: our clients and prospective clients, individuals who have a connection with the legal or other services we provide, individuals who work for our suppliers, individuals who visit our WBD office(s) and other individuals who interact with us, for example, through our website or via other communications with us.