Case Tracker
Get a Quote

Information Security and Privacy 

Data Protection Statement 

At O’Neill Patient Solicitors, we are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller 

The data controller is O’Neill Patient Solicitors, a company incorporated in the United Kingdom with its registered office at 2 Stockport Exchange, 2nd & 3rd Floors, Stockport, Cheshire, SK1 3GG. We are registered with the Information Commissioner’s Office (ICO) under registration number Z5454188.

For any data protection queries, please contact:

Email: professionalstandards@onpgroup.co.uk

Post: Data Protection Enquiry 

O’Neill Patient Solicitors LLP 

2 Stockport Exchange,

2nd & 3rd Floors, information

Stockport

SK1 3GG

Telephone: 0161 694 3000

Types of data we collect 

We may collect and process the following types of personal information:

  • Full name, postal address, telephone number, and email address
  • Proof of identity and address (e.g. passport, driving licence, utility bills)
  • Date of birth and gender
  • National Insurance number (if applicable)
  • Billing and financial details (e.g. bank account, payment card details)
  • Employment details (e.g. job title, company name, references)
  • IP address, device identifiers, browser type, and operating system
  • Usage data and preferences from your interactions with our website or services
  • Any personal information voluntarily provided during the service engagement

How we collect your data 

We collect personal data in the following ways:

  • Directly from you: when you fill in forms, contact us, or engage our services
  • From third parties: brokers, partners, public bodies, and referees (with your consent)
  • From public sources: Companies House, Land Registry, social media profiles
  • Automatically: via cookies and tracking technologies on our website

Why we collect your data

We collect personal information for the following purposes:

  • To provide legal, professional, or administrative services
  • To communicate with you regarding your enquiry or instructions
  • To verify your identity and meet anti-money laundering obligations
  • To process payments, manage billing, and keep financial records
  • To ensure compliance with our legal and regulatory obligations
  • To send updates, newsletters, or marketing (with your consent)
  • To improve our services, website functionality, and client experience
  • To detect, prevent, and address fraud, abuse, or security issues

Lawful Basis for Processing

We rely on the following lawful bases under Article 6 of the UK GDPR:

  • Consent: You have given us explicit permission to use your data for one or more specific purposes
  • Contractual Obligation: Processing is necessary for the performance of a contract to which you are a party
  • Legal Obligation: Processing is necessary to comply with our legal obligations
  • Legitimate Interests: We process your data for our legitimate interests, such as improving services, provided these interests are not overridden by your rights

You can withdraw your consent at any time by contacting us using the details provided above.

Data Sharing

From time to time, we may share your personal information with:

  • Government agencies, regulators, courts, or law enforcement, when required by law
  • Accreditation bodies for auditing and compliance purposes
  • Third-party service providers (e.g. IT hosting, CRM systems, email platforms, payment processors)
  • External consultants or subcontractors (bound by confidentiality and security terms)
  • Professional advisors (e.g. legal, financial, or audit firms)

To help provide our services, we may share data with the following processors, amongst others:

NameData SharedReason for Sharing
ArmalytixProviding security services, threat hunting/intelligence, and security monitoringEstablishment of proof and sources of funds
Grant ThorntonLog data, performance dataProviding security services, threat hunting/intelligence, security monitoring
HMLR (Land Registry)Names, Property Addresses, Contact InformationProperty registration and information services
LavaTechNames, Contact Information, DoB, Property AddressesProviding digital app services to clients
LMSNames, Contact Information, DoB, Property AddressesResidential search provider
MailChimpNames, Contact InformationMarketing purposes
MimecastE-mail contentE-mail security services, scanning and attachment protection
Pay360Names, Financial InformationPayment Services, including Apple Pay and Android Pay
Perfect PortalNames, Contact Information, DoBQuoting services for Private Clients
SynextraRaw data storage accessProviding hosting services, management of Microsoft Azure tenancy
WNSNames, Property AddressesAdministration of conveyancing processes
WorldPayNames, Financial InformationCard Payment Services

All third-party processors must adhere to strict data protection and security standards consistent with this Privacy Policy and relevant legislation to ensure the continued confidentiality, integrity, and availability of your data.

Data Security & Storage

Your personal data is stored in secure environments using appropriate technical and organisational measures, including:

  • Encryption of data at rest and in transit
  • Firewalls, access controls, and intrusion detection systems
  • Secure physical facilities and logical access restrictions
  • Regular data protection training for staff

Access to personal data is limited to personnel who require it for their job role and who are subject to confidentiality agreements.

Data Retention

We retain your personal information for as long as necessary to fulfil the purpose it was collected for, including for legal, regulatory, tax, accounting, or reporting requirements. Examples include:

  • Legal case files: 6 to 15 years, depending on the matter type
  • Financial and transaction data: 6 years from the date of transaction
  • Quote requests or marketing preferences: 6 months from the date of last contact
  • Employment records: As required by employment law and HR best practices

Once data is no longer required, it is securely deleted or anonymised following our data destruction policy.

Your Data Protection rights

Under UK data protection law, you have the following rights:

  • Right of Access – to request a copy of the personal information we hold
  • Right to Rectification – to request correction of inaccurate or incomplete data
  • Right to Erasure – to request deletion of data where there is no legal basis to retain it
  • Right to Restrict Processing – to limit how your information is used in certain circumstances
  • Right to Object – to object to data processing, especially for marketing or profiling
  • Right to Data Portability – to obtain and reuse your data across different services

You are not required to pay a fee for exercising your rights. If you make a request, we will respond within one month unless an extension is justified.

To make a request, please contact our Data Protection Officer via email or post using the details above.

Cookies and Website Analytics

Our website uses cookies to enhance user experience and track usage analytics. You can set your browser to refuse all or some cookies or to alert you when websites set or access cookies. For more information, please see our separate Cookie Policy.

International Data Transfers

We do not transfer your personal data outside the UK or the European Economic Area (EEA) unless:

  • The country has been deemed to provide an adequate level of data protection, or
  • Appropriate safeguards are in place (e.g. Standard Contractual Clauses), or
  • You have provided explicit consent for the transfer

How to complain

If you are dissatisfied with our use of your data, we encourage you to contact our Data Protection Officer first so we can address your concerns.

You also have the right to lodge a complaint with the Information Commissioner’s Office:

Address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline: 0303 123 1113

Website: www.ico.org.uk

Policy Updates

We reserve the right to update this Privacy Policy at any time. Changes will be posted here and, where appropriate, notified directly to you.

Last updated: August 2025 

Case Tracker
Get a Quote
Case Tracker
Get a Quote