01. Who we are – controller’s details

Legal name: Plain English Law Limited

Trading name: Plain English Law

Legal form: Scottish-registered company limited by shares

Company number: SC613315

Registered office address: Commercial Quay, 84 Commercial Street, Leith, Edinburgh, EH6 6LX.

Plain English Law is regulated by the Law Society of Scotland and is authorised to operate as a firm of solicitors.

Plain English Law acts as a ‘controller’ of the personal data that you give to us. We are registered with the UK’s Information Commissioner’s Office, registration number ZA485160.



02. Why we collect personal data

Most of our clients are companies. To serve them, we need to collect the names and contact details of the people who instruct us on their behalf. For some individuals, such as company directors and those with significant control over the company, we are required by law to collect more detailed information to comply with anti-money laundering laws.

Also, we collect names and contact details of potential clients so that we can market our services directly to them.

We never sell personal data to anyone for any purpose. We will not give your data to others for their own use without your permission.


03. Kinds of personal data we collect

We do everything possible to minimise the amount of personal data we collect.

Personal data we always collect:

  • Names and contact details (telephone number(s) and email addresses)
  • Details about why you or your organisation are seeking our help


Personal data we sometimes collect, depending on the circumstances:

  • Information to verify your identity, such as date of birth, passport details, and proof of address (typically a utility bill or bank statement)
  • Financial details about you as required by law to combat money laundering and terrorist financing
  • Details needed to do a credit check on you (we will inform you before doing any credit check)

04. Where we get your personal data from

Most of the time, we collect personal data about you directly from you. Sometimes we get the information from others in your organisation. Occasionally, we collect information from third parties, including:

  • publicly accessible sources such as Companies House or Registers of Scotland;
  • credit reference agencies;
  • government agencies; and
  • organisations you have previously dealt with.

05. Purposes and legal bases for using your data

Under the law, we must process your data lawfully, fairly, and transparently. Depending on our purposes for using data, we rely on one of four legal bases:

  • our legitimate interest or the legitimate interest of a third party;
  • to comply with the law;
  • your consent; or
  • to perform our contract with you (this applies to personal clients only, not to organisations)

In greater detail:

Why we process your personal data

Our legal basis

To provide legal services to you (this applies only if you as an individual are our client)

To perform our contract with you

To provide legal services to your organisation

Our legitimate interests

Verifying the identities of our clients (Know-Your-Client and Anti-Money-Laundering regulations)

Screening for financial and other sanctions or embargoes

Other professional and legal obligations that apply to our business, such as are required by the Law Society of Scotland

To comply with the law

Providing information for audits, enquiries or investigations by regulatory bodies

To comply with the law

Ensuring business policies are adhered to, such as policies covering security and internet use

Our legitimate interests

Operational reasons, such as improving efficiency, training, and quality control

Our legitimate interests

Ensuring the confidentiality of commercially sensitive information

Our legitimate interests

To comply with the law

Statistical analysis to help us manage our practice, such as relating to productivity, types of work, or types of clients

Our legitimate interests

Preventing unauthorised access and modifications to systems and data under our control

Our legitimate interests

To comply with the law

Maintaining accurate client records

To perform our contract with you

To comply with the law (in particular GDPR and DPA 2018)

Our legitimate interests

Ensuring safe working practices, staff administration and assessments

To comply with the law

Our legitimate interests

Marketing our services to:

—existing and former clients;

—third parties who have previously expressed an interest in our services;

—third parties with whom we have had no previous dealings.

Our legitimate interests

Marketing our services to those who have consented to receive marketing materials and information circulars.


Credit reference checks via external credit reference agencies (this applies only if you as an individual are our client)

Our legitimate interests

External audits and quality checks, such as for ISO accreditation and the audit of our accounts

Our legitimate interests

06. Direct marketing

We may send you marketing materials or news about legal developments that we think might interest you. You have the right to opt out of receiving marketing from us at any time by:

  • contacting us by email at [email protected]
  • using the ‘unsubscribe’ link at the bottom of the email.

We will only send marketing materials and news items to your personal email if we have your permission in advance.

We never sell personal data to anyone for any purpose. We will not give your data to others for their own use without your permission.

07. Who we share your personal data with

We sometimes share personal data with third parties as part of providing our services or to comply with our legal duties. These parties can include:

  • those involved in any matter you instruct us for, including courts, tribunals, opposing parties, experts, and private investigators;
  • banks, debt collectors, credit reference agencies;
  • our own auditors, legal advisers, insurers, and insurance brokers;
  • government agencies, regulators and other authorities, such as the Information Commissioner’s Office;
  • our professional bodies and business associates; and
  • law enforcement agencies and regulatory bodies.

08. How we store and secure personal data

We hold personal data at our office in Scotland. We also use Microsoft OneDrive to hold client files on Microsoft’s servers in the UK.

We have appropriate security measures to protect your personal data against misuse. Only those within our business with a genuine business need have access to your data, and all are under legal or contactual duties of confidentiality.

We only allow service providers to handle personal data if we are satisfied that they take appropriate measures to protect it. All service providers’ contracts require them not to use your personal data except as instructed by us.

09. Transferring your data out of the EEA

To deliver our services, we may need to send personal data outside the UK, such as:

  • if you or one of our service providers is located outside the UK;
  • if you are based outside the UK; or
  • if we are advising you on an international matter.

These transfers are subject to special rules under UK data protection law.

The following countries to which we may transfer personal data have been assessed by the UK Government as providing an adequate level of protection for personal data: Canada.

If we need to send data to a country that the UK Government has not found to have adequate data protection laws, we will only send the data after agreeing the standard data protection contract clauses approved by the UK Government.

10. How long we keep your personal data

We will keep your personal data after we have finished advising or acting for you or your organisation. We will do so for one of these reasons:

When it is no longer necessary to retain your personal data, we will delete or irreversibly anonymise it.


You can exercise any of your rights in this section free of charge by contacting us by email at [email protected] or by phone on +44 (0)1382 848458.

You can ask us to:

  • provide you with a copy of your personal data;
  • correct mistakes in the data we hold about you;
  • delete your personal data from our records (subject to the GDPR and DPA 2018);
  • restrict the processing of your personal data in some circumstances, such as where you contest the accuracy of the data; and
  • in certain situations, provide you with a copy of the personal data you provided to us in an easily portable format.

You can object to our use of your data:

  • at any time when we use it for direct marketing; and
  • any other time we are relying on “legitimate interest” as our legal basis for using the data.

If we are relying on your consent (permission) to use your personal data, you can withdraw your consent any time. However, in some cases we may still process your personal data without your consent as required or permitted by law, for example to defend our legal rights or meet our regulatory obligations.

In some cases, if you object or withdraw your consent we can no longer provide you with services. We will advise you where this would be the case.

For further information on your rights, please contact us. You can also review the Information Commissioner’s Office webpage on Individual Rights.

12. Complaints

You can complain about our use of personal data to the Information Commissioner on their website or by calling +44 303 123 1113. However, we would appreciate the chance to deal with your concerns before you approach the Information Commissioner so please contact us in the first instance.

The EU’s GDPR also gives you right to lodge a complaint with the data protection regulator in the EU/EEA member state where you are located.

13. Changes to this privacy NOTICE

The last substantive change to this notice was on 18 June 2020. We periodically review this notice to make sure it still reflects our data handling practices. We will notify data subjects any time we make substantive changes to the notice.


14. How to contact us

Please contact us by post, email, or telephone if you have any questions about either this notice or the information that we hold about you. Full contact details can be found here.