Cookie and Privacy Policy

Brahams Dutt Badrick French LLP

Privacy notice for clients and prospective clients 


About this privacy notice

This privacy notice is for clients of BDBF, and for prospective clients who send us information when deciding whether to instruct us. 

BDBF respects your privacy and cares about protecting your personal information. 

BDBF refers to Brahams Dutt Badrick French LLP. BDBF is the data controller for your personal information. Our main IT systems are located in the UK and controlled by Brahams Dutt Badrick French LLP.  

This privacy notice describes:

  • what personal information we collect about you
  • how we obtain your personal information
  • how we use your personal information
  • the lawful basis for our use of your personal information
  • how long we keep your personal information 
  • how we keep your personal information secure 
  • who we share your personal information with 
  • which countries we transfer your personal information to
  • your rights regarding your personal information

What personal information do we collect about you?

We may collect personal information from you in the course of our business, including through your use of our website, our web-based ‘Ask the Expert’ facility, when you contact us or request information from us, when you engage our legal or other services, or as a result of your relationship with one or more of our staff and clients. 

The personal information that we process includes:

  • Basic information typically provided by you or collected by us when you contact us as a prospective client, during our business acceptance process including online identification and verification, and during your engagement of us. Such information includes your name and title, who you work for, your job title, and your relationship to a person
  • Contact information, like your address, email address and phone number(s)
  • Financial information, such as information related to your remuneration at work
  • Personal information about you and your employment and issues you may be facing or wanting to address. This may include special (sensitive) categories of data such as relating to your health, sexual orientation, family life, race or age 
  • Information you provide to us for the purposes of attending meetings, including access and dietary requirements
  • Any other information about you or which relates to you which you may provide to us  

How do we obtain your personal information?

We collect information from you when you make an enquiry about using our services (via email, telephone or our website) and, if you go on to formally instruct us, then we will take further information about you and others as part of our business acceptance processes and as necessary in the course of our providing legal services to you.

We also collect your personal information while monitoring use of our websites and our technology tools and services, including email communications sent to and from BDBF. See “Use of BDBF website” in our website privacy notice.

We collect information about you when you provide it to us, or interact with us directly, for instance engaging with our staff or registering on one of our digital platforms or applications.

We may also receive or obtain information about you from other sources, such as updating the contact details we hold for you from publicly available sources, or from a person who has referred you to us as a prospective client.  

How do we use your personal information?

BDBF collects and processes personal information about you in a number of ways, through your use of our services and our provision of services to you.  We use that information:

  • To onboard you as a client during our business acceptance, finance, administration and marketing processes, including anti-money laundering, conflict, reputational and financial checks 
  • To refer you to another law firm
  • As part of our process of recording those matters which we do not take on or where you do not ultimately wish to instruct us
  • To complete anti-money laundering/’know your client’ procedures, including via online identification and verification, and other regulatory obligations required of us by our regulator the Solicitors Regulation Authority
  • To provide you with legal advice and our services during the course of your matter. The information may be disclosed to third parties to the extent reasonably necessary in connection with that work  
  • If you are an employer client, to provide you with legal advice relating to your employees during the course of your matter
  • To instruct third parties on your behalf such as barristers, accountants, expert witnesses, or lawyers who specialise in other areas of expertise
  • To generate invoices and supporting time entry narratives for payment by you or a paying third party such as your former or new employer or an insurer 
  • To enforce non-payment of our invoices, or instruct other lawyers or debt collectors on our behalf
  • To process a complaint, in which case your information may be sent to our professional indemnity insurers, the Legal Ombudsman or the Solicitors Regulation Authority 
  • To obtain and maintain our professional indemnity insurance and if necessary to claim indemnification on it
  • To fulfil our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claims
  • To connect with you on social media, such as on LinkedIn, to network with you in future, and to market to you by promoting our services, sending legal updates, publications and details of events (see the sections ‘Marketing and other emails’ and ‘Meetings, events and seminars’ in our website privacy notice)
  • To analyse statistically the performance of our business
  • When it is archived to our storage facility

On what lawful basis do we use your personal information?

We use your personal information on the following lawful bases:

  • To perform a contract, engaging with you to provide legal or other services
  • For the establishment, exercise or defence of legal claims or proceedings
  • To comply with legal and regulatory obligations
  • For our legitimate business purposes.  Please see ‘How do we use your personal information?’ for more detail

How long do we keep your personal information?

Your personal information will be retained in accordance with our data retention policy which categorises all of the information held by BDBF and specifies the appropriate retention period for each category of data.  

Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our business purposes.

How do we keep your personal information secure?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Who do we share your personal information with?

We may share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including:

  • Our professional advisers and auditors
  • Suppliers to whom we outsource certain support services such as online identification and verification, dictation/word processing, hosted e-disclosure or document management, translation, photocopying/scanning and document review
  • IT service providers to BDBF 
  • Third parties engaged in the course of the services we provide to clients and with their prior consent, such as barristers and other lawyers who work in different areas of practice or in different jurisdictions to BDBF 
  • Third parties involved in hosting or organising events or seminars

Where necessary, or for the reasons set out in this policy, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies.  While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.

If in the future we re-organise or transfer all or part of our business, we may need to transfer your information to new BDBF entities or to third parties through which the business of BDBF will be carried out.

BDBF uses social media sites such as Facebook, LinkedIn and Twitter.  If you use these services, you should review their privacy policy for more information on how they deal with your personal information.

We do not sell, rent or otherwise make personal information commercially available to any third party, except with your prior permission. 

Which countries do we transfer your personal information to?

In order to provide our services we may need to transfer your personal information to locations outside the jurisdiction in which you provide it.  This may entail a transfer of your information from a location within the European Economic Area (the “EEA”) to outside the EEA, or from outside the EEA to a location within the EEA.  Please see ‘Who do we share your personal information with?’ for more detail on how the information may be shared with third party service providers. 

The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws.  Where our third-party service providers process personal data outside the EEA in the course of providing services to us, our written agreement with them will include appropriate measures, and usually standard contractual clauses.

Your rights regarding your personal information

The European Union’s General Data Protection Regulation and other applicable data protection laws provide certain rights for data subjects.  

You are entitled to request details of the information we hold about you and how we process it.  You may also have a right in accordance with applicable data protection law to have it rectified or deleted, to restrict our processing of that information, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to another organisation. You may also have the right to lodge a complaint in relation to BDBF’s processing of your personal information with a local supervisory authority. 

If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. 

Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see ‘How do we use your personal information?’) or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.  

We must ensure that your personal information is accurate and up to date. Therefore, please advise us of any changes to your information by emailing the partner with conduct of your matter or our Practice Manager.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to this privacy notice

This privacy notice does not form part of any contract, we reserve the right to update it at any time and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.