Our privacy objectives

Our aim is to be absolutely transparent in terms of the information we hold, or might hold, on you, and what we will do with it. This is important to us.

In summary:

What we may hold

We may hold the following information about you:

  • Your name, identity and contact information
  • Information about your business activities
  • Information and documents about your matters or enquiries, including communications with you
  • Billing and payment information

We also generate log files from various servers: this might include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

Our website does not use cookies or other similar technologies.

Using your information

References to the basis of processing (e.g. "(Basis: Art. 6(f).)") is a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.

Giving you legal advice

We use the information we hold about you and your business — both personal and otherwise — to give you the best legal advice we can.

If you get in touch looking for legal advice, we will probably do some research to understand more about you and what you do. Usually, this means reading up on your products or services, how you position yourself in the market, what you display on your public facing websites and social media presence, and so on. This helps us work out how best we can help you, and if we're really the right people for the job.

We also use your information to bill you, and keep track of payments that you make.

(Basis: Art. 6(b).)

ID checks

The law requires that, in some situations, we must know who you are before we can give you legal advice. decoded:Legal’s approach to this is to check the identity of all clients.

The level of checking we need to undertake depends on the potential risk, and there are certain factors which are considered to be high risk. One example is if you are an individual and are not able to meet us face-to-face. (Yes, this is a rather archaic rule given video conferencing, but it is a rule.)

We will do what we can to make this as painless as possible. If you would prefer not to provide these information, we will not be able to act for you.

We retain identity verification information for as long as you are our client, and then five years.

(Basis: Art. 6(c).)

Sources of money

We may need to ask questions about the source of your money, to discharge our regulatory obligations relating to proceeds of crime and terrorist funding. If you would prefer not to provide these information, we will not be able to act for you.

(Basis: Art. 6(c).)

Dealing with enquiries

If you give us a ring or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, to help us plan our business strategy and check that we are offering what potential clients want.

(Basis: Art. 6(b).)

Technical data

We may use the logs from our servers to assist in our firm's security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).

(Basis: Art. 6(f).)

Your data and the EEA

We do not transfer or process data outside the European Economic Area unless we have your specific consent or where the nature of the processing requires it (for example, where we are emailing a party to your matter who is based outside the EEA, or because you have chosen to use an email or other communications service which routes data outside the EEA). Occasionally, to provide a high quality of service, we may work on your matters when we are outside the EEA (for example, when on business or even if we are on holiday) — if this might be a problem for you, please let us know, and we can discuss.

Third parties

As a general principle, we will not transfer your personal data to third parties without your permission.

There are three exceptions to this:

  • If you do not pay your bills, we may choose to engage a third party to recover any money you owe us. We've never done this, but we want to keep this option open to us.
  • It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate.
  • As solicitors, we have professional duties, including to to co-operate with our regulator, the Solicitors Regulation Authority, as well as to report suspicious transactions or money laundering. We may not even be able to tell you of our suspicions if, in doing so, we would be committing the offence of tipping off. We will still try to minimise any sharing of your personal data.
Technical security

All our computers are full-disk encrypted, as are our phones and tablets.

Our preference is to use PGP/GPG-encrypted email, but we appreciate that it may not be convenient for you to do so.

We have a secure document transfer portal, which lets you send documents to us, and us to send documents to you. It is less convenient than email, but is more secure than unencrypted email. Depending on the nature of the advice, we may choose to use this to transfer information to you. If you want to use it to send specific documents to us, just let us know. If you want to protect all documents you send to us, we encourage you to set up PGP/GPG.

Our video conference system is encrypted, and can be used for encrypted audio-only conferences. If you, or someone else, joins from the "normal" phone system, that leg is not encrypted.

"Normal" phone calls are not encrypted.

We offer encrypted IM, via ricochet, but you will need to identify yourself to us (we do not, and cannot, give anonymous legal advice) and we keep a record of communications, so we know what we have advised and why.

All our client-facing platforms are accessible via Tor, and you can access this site at decodedsbwzj4nhq.onion.

If you have particular security requirements, please call us to discuss how we can support you.

Call recording

We record some of our calls, as we find that it can be useful to listen again to conversations, particularly the more technical ones, to help understand what we have been told. Sometimes, we need to listen to things two or three times and, by being able to do this automatically, we save you having to repeat yourself. That way, we can hopefully ask more relevant and useful questions.

Calls are recorded and stored on our premises, and not on any third party cloud platform. The server on which our telephony platform runs has full disk encryption, as indeed do all our servers containing client data. If we need to listen again to a call, we download the file to a computer and listen to it there. These, too, have full disk encryption.

We delete the recordings as soon as we have decided that we will no longer need to listen to them again. In most cases, this is immediately after the call takes place.

Occasionally — for example, a call with an insurance provider, or with a party who is not a client — we may retain a recording, as evidence that a particular conversation took place, or of what was said.

Where we have a phone call relating to a client's matter where the client is not present, we may share the call recording with that client by their preferred communications mechanism (which may include unencrypted email).

No cookies used here

We do not use any cookies on our website. If you are a client and would like us to send you some cookies, just ask!

Retention periods

Data about clients: duration of your relationship with us, then seven years

Client ID verification: duration of your relationship with us, then five years

Enquiry data: duration of enquiry, then one year

Data about specific matters: duration of the matter, then seven years

Server logs: up to one year

ICO registration

decoded:Legal is registered with the Information Commissioner's Office (ZA152364).

Get in touch