Privacy Policy

Please read the following information carefully. This privacy notice contains information about what data we collect and store about you and why. It also tells you who we share this information with, the security mechanisms we have put in place to protect your data and how to contact us if you have a complaint.


You can contact our Data Protection Officer by emailing or writing to the Data Protection Officer, Lewis Lewis & Co Ltd., County Chambers, Pentre Road, St Clears, Carmarthenshire, SA33 4AA (please mark your envelope ‘Data protection’).


Who we are?


Lewis Lewis & Co Ltd. collects, uses and is responsible for personal information about you. When we do this, we are the ‘controller’ of this information for the purposes of the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.


What do we do with your information?


Information collected by us


We may collect and use the following personal information about you:


  • your name and contact information, including address, email address and telephone number(s)
  • information to enable us to check and verify your identity, e.g. your date of birth, as well as identity documents such as passports which may contain biometric data or data revealing racial or ethnic origin
  • your gender information
  • your billing information, transaction and payment card information;
  • information about your business(es)
  • details of your assets and financial position
  • information about how you use our website, products and services


This personal information is required to provide legal services to you. If you do not provide personal information we ask for, it may delay or prevent us from providing legal services to you.


Information collected from other sources


We collect the following information from other sources:


  • publicly accessible sources, e.g. Companies House or HM Land Registry
  • a third party directly, e.g. a business such as an estate agency or claims management company that has introduced you to us
  • sanctions screening providers
  • customer due diligence providers
  • a third party with your consent, e.g. your bank or building society


How we use your personal information


The primary reason for asking you to provide us with your personal data, is to allow us to carry out your requests – which will ordinarily be to represent you and carry out your legal work.


The following are some examples, although not exhaustive, of what we may use your information for:


  • Verifying your identity
  • Verifying source of funds
  • Communicating with you
  • To establish funding of your matter or transaction
  • Obtaining insurance policies on your behalf
  • Processing your legal transaction including:
    • Providing you with advice; carrying out litigation on your behalf; attending hearings on your behalf; preparing documents or to complete transactions
  • Keeping financial records of your transactions and the transactions we make on your behalf
  • Seeking advice from third parties; such as legal and non-legal experts
  • Responding to any complaint or allegation of negligence against us


Legal reasons we collect and use your personal information


The primary legal basis for processing your personal data is to provide you with information about our services.


Processing of your personal data may be necessary for compliance with our legal and professional obligations to third parties. This includes for example, our professional and contractual duties to the courts and our obligations to regulators (for example reporting data breaches to the Information Commissioner).


Who will we share your personal information with?


We sometimes share your personal data with trusted third parties. We only do this where it is necessary for providing you legal services or for the effective operation of our legal practice.


For example, we may share your data with barristers, experts, translators, process servers, secure file storage and destruction companies and auditors.


Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:


  • We provide only the information they need to perform their specific services;
  • They may only use your data for the exact purposes we specify in our contract with them;
  • We work closely with them to ensure that your privacy is respected and protected at all times;
  • If we stop using their services, any of your data held by them will either be deleted or rendered anonymous;


Transfer of your information to countries within the European Economic Area (EEA)


It may be necessary to transfer your personal information to countries within the EEA. These countries are subject to the General Data Protection Regulation (GDPR) which provides effectively identical data protection as the UK GDPR.


Transfer of your information to countries that are outside the EEA


It may be necessary to transfer your personal information to countries that are outside of the EEA or to an international organisation in order to use services, experts or lawyers. A list of all non-EEA countries that your personal data may be transferred to can be found here.


These countries have been deemed by the European Commission to offer adequate protection of personal data. Any transfer will be subject to the international data transfer agreement or the international data transfer addendum to the European Commission’s standard contractual clauses for international data permitted under section 119A of the DPA 2018. These safeguards are designed to protect your privacy rights and provide you with remedies in the unlikely event that your personal information is misused.


If you would like any further information, please contact our Data Protection Officer.


How long will we store your personal data?


We only keep your data for as long as is necessary for the purpose(s) for which it was provided. Normally this is for six years after your case or matter ends. Enquiries where we are not formally instructed are kept for 18 months.


The SRA & other regulators require we keep your information for this length of time. This also provides you with additional protection should you wish to complain about our services once your case has concluded.





In some situations, we can collect and process your data with your consent. For example, when you provide your information in our ‘Make an enquiry’ form. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.


You have the right to withdraw this consent at any time, but this will not affect the lawfulness of any processing activity we have carried out prior to you withdrawing your consent. You can opt-out by emailing




Cookies are small text files that websites put on your computer so the site can remember who you are. They contain a unique, anonymous identifier, which is usually a string of letters or numbers.


Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website, and also allows us to improve our site.


Your rights


Under the UK General Data Protection Regulation, you have a number of important rights that you can exercise free of charge. In summary, these rights are:


  • Transparency over how we use your personal data and fair processing of your information
  • Access to your personal information and other supplementary information
  • Require us to correct any mistakes or complete missing information we hold on you
  • Require us to erase your personal information in certain circumstances
  • Receive a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format
  • Object at any time to processing of your personal information for direct marketing
  • Object in certain other situations to the continued processing of your personal information
  • Restrict our processing of your personal information in certain circumstances
  • Request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way


If you want more information about your rights under the UK GDPR, please see the Guidance from the Information Commissioners Office on Individual’s rights under the UK GDPR.


If you want to exercise any of these rights, please contact Anthea Phillips at


How to make a complaint


The UK General Data Protection Regulation also gives you the right to lodge a complaint with the Information Commissioner’s Office who can be contacted by calling 0303 123 1113.


Our security


We take all appropriate steps to protect your data. Along with our regulatory requirements, we have a clear data protection and information security policy in place. Our IT systems are protected from Cyber Attacks and access to your personal information is password protected. Our systems are monitored for potential vulnerabilities.


Future processing


We do not intend to process your personal information for any reason other than stated within this privacy notice.


Changes to this privacy notice


This privacy was published on 12/09/2022 and last updated on 12/09/2022


We constantly review our internal privacy practices and may change this policy from time to time.


Get in touch


If you have any questions about this privacy notice or the information we hold about you, please contact Anthea Phillips at


Alternative formats


If it would be helpful to have this notice provided in another format (for example: in another language, audio, braille), please contact us (see ‘Get in touch’ above).