Privacy Policy
Home > Legal > Privacy Policy

Privacy Policy

Barry Culshaw Privacy Policy and Notice

My Privacy Policy

This Privacy Policy sets out how I, Barry Culshaw, will use and protect any information that you give to me.

I am committed to ensuring that your privacy is protected.

As an essential part of my business, I collect and manage Client and Non-Client data.  I act as “Data Controller” in respect of the information I gather and process.

My use of your personal Information is regulated under the General Data Protection Regulation (“GDPR”), and any information by which you can be identified when using my website or supplied by you prior to or during the course of a matter on which you instruct me, can only be used in accordance with this Privacy Policy and GDPR.

I may need to change this Policy occasionally to keep up to date with the latest Data Protection Law. This will be done by updating my webpage and therefore you should refer back to that page from time to time to ensure that you have no objection to any changes I may need to make.

What Information I collect from you

Depending on the nature of the service you ask me to provide, I may collect the following “personal data” information:

  • Your Name
  • Your Date of Birth
  • Your Home Address
  • Your Email Address
  • Your telephone contact numbers
  • Financial Information
  • National Insurance Number

I will only process special category personal data with your explicit permission.

Please note that all the Personal Information I receive from you is treated with the strictest of confidentiality.

How I use your Personal Information

I use the information you give me to understand your needs so as to provide you with the service you require.  It is therefore used for the following reasons:

  • To set you up as a client, open a client file for you, provide you with my legal services, administer and manage my relationship with you.
  • To carry out regulatory and compliance checks.
  • To ensure the billing of any procured services by you and obtain payment.
  • To contact you about legal updates that may be of interest to you.
  • To communicate with you via telephone, email, and in writing
  • To process and respond to any complaints in order to meet my legal obligations.
  • To monitor and record information relating to the use of my services, to include my website
  • To bring or defend legal proceedings

The information that I need for these purposes is “personal data”.  I may also process sensitive classes of information which includes:

  • Physical or mental health details.
  • Racial or ethnic origin details.
  • Civil Partnership or relationship details.
  • Details of your partner, civil partner or spouse.
  • Religious or other beliefs.

The use of the above is subject to your instructions, Data Protection, and my duty of confidentiality.

Security Measures I have in place to protect your Personal Information

I have appropriate security measures to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  These measures include:

  • Protecting against potential breaches of confidentiality.
  • Ensuring all IT facilities are protected against damage, loss or misuse.
  • Ensuring optimum security on my website.

I have in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where I am legally required to do so.

Who I share your Personal Information with

I will always treat your Personal Information with the utmost respect and will never sell or share your Personal Information with other organisations. However, I may need to share your personal data with trusted third parties, such as:

  • Professional Advisers who I want to instruct on your behalf or refer to, for example, Counsel, Medical professionals, Accountants or other Experts.
  • My Insurers for the purpose of my Professional Indemnity Insurance.
  • My accountant.
  • My bank.
  • My IT support and service provider.
  • Law Enforcement Agencies and Regulatory Bodies to comply with my legal and regulatory obligations

I only allow my service providers to handle your personal data if I am satisfied that they take appropriate measures to protect your personal data.

Use of my Website

If you contact me via my website, or contact me via another means, I will collect that information you provide when you contact me, such as, your name and contact details. I will use this information to:

  • Send to you the information you have requested.
  • Respond to your enquiry.

Money Laundering

I will receive personal data from you for the purposes of my Money Laundering checks, such as, photographic and address identification.  These will be processed for the purpose of preventing Money Laundering and Terrorist Financing, or as otherwise permitted by law or with your express consent.

Your Obligations

If you forward to me personal data about anyone other than yourself, you will be required to ensure that you have the appropriate consents to do so, so that I may use that personal data for the purpose for which you have provided it to me.

Do you have to provide me with your Personal Information?

Where I have stated that your Personal Information is used to comply with the Statutory requirements I will need you to provide the Personal Information requested.  If you do not provide your Personal Information I need when I ask for it, I may not be able to respond to you, enter into a contract with you, meet my obligations under the contract, or comply with my legal obligations.  If you have any concerns about whether you need to provide your Personal Information, please contact me as the Data Protection Officer (details at end of Policy).

How Long I retain your Personal Information for

I will only keep your personal data about your matter for as long as I am required to do so in connection with your matter, which is a minimum of 6 years from the date of the matter concluding. This is so that I am able to comply with any legal, accounting or reporting/regulatory requirements.

Where I obtain documentary evidence of ID I am required under the Money Laundering Regulations to retain such evidence for a minimum statutory period of 5 years from the conclusion of your matter.

Further, in accordance with the SRA rules, I must store all accounting records securely and retain these for at least 6 years.

To comply with my regulatory requirement to have systems to ensure that I am able to identify and assess potential conflicts of interest, etc., I will keep sufficient data so that I can identify the nature and content of my Retainer with you.

How long do I retain your Client Files for

As your Solicitor I have a duty to retain files for a minimum period of time which in the nature of the work that I conduct will be a minimum period of 6 years.

Your rights in connection with your Personal Information

You may at any time request me to rectify or erase your Personal Information held by me.  Should you believe that any information I am holding on you is incorrect or incomplete, please write to me as Data Protection Officer so that appropriate action can be taken.

If you would like to exercise your rights, I will need sufficient information in order to identify you which may include, if necessary, proof of your identity and address.

I will not sell, distribute or lease your Personal Information to third parties unless I have your permission or I am required by law to do so.

Right to be Informed

This Privacy Policy and Notice fulfils my obligation to tell you about the ways in which I use your Personal Information.

Right to Access

You may request details of Personal Information which I hold about you under the Data Protection Act 1988.  A small fee will be payable.  If you would like a copy of the information held on you, please write to me as Data Protection Officer.

Right to Rectification

If any of the Personal Information that I hold about you is inaccurate, you have the right to ask me to correct any errors in your Personal Information.  Please contact me in this regard as Data Protection Officer.

Right to be Forgotten

You have the right to ask us to delete your Personal Information where:

  • I do not need your Personal Information anymore.
  • You withdraw your consent to my use of your Personal Information and I have no other legal basis to keep your Personal Information.
  • You have asked me to review and explain my legitimate interests to you and I do not actually have a valid legitimate interest to do what I am doing.
  • My use of your Personal Information is illegal.
  • I have to delete your Personal Information to comply with my legal obligations.

Right to Object

You have the right to object to the continued use of your data for any purpose listed above for which consent is identified as the lawful basis for processing, that is, you have the right to withdraw your consent at any time. 

Right to Restrict Processing

You have the right to ask me to restrict my use of your Personal Information where:

  • You do not think that the Personal Information I hold about you is correct, so that I can check if it is correct.
  • You believe my data processing is unlawful, but you do not want your data erased.
  • You wish to object to the processing of your data, but I have yet to determine whether this is appropriate.

Right to Data Portability

You have the right to ask me to provide you with a copy of your Personal Information you have provided me with in a structured, commonly used and machine readable format, and the right to transfer that information to another party where:

  1. I am using your Personal Information on the basis of your consent or on the basis that it is necessary to perform a contract with you, and
  2. The use I am making of your Personal Information is carried out by automated means.

If you would like to move, copy or transfer the electronic Personal Information that I hold about you to another organisation, please contact me as Data Protection Officer.

Right to withdraw Consent

Where I am using your Personal Information based on your consent, you have the right to withdraw that consent at any time by contacting me as Data Protection Officer.

Right to make a Complaint

You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), who is the UK regulator for Data Protection issues.

I would, however, appreciate the opportunity of dealing with your compliant before you approach the ICO in order to try and resolve any issues or concerns that you may have.

Overseas Transfers

None of the information that I collect, process or store as a result of my website is transferred outside of the European Economic Area.  This includes information that is exchanged with any third party organisation.


I am the Data Protection Officer and I am also the Risk and Compliance Officer. If you have any questions or concerns relating to this Policy, please contact me, as follows:

Mr Barry Culshaw, Data Protection Officer

Barry Culshaw, Solicitor-Advocate (Higher Courts Criminal Proceedings)

15 Beatty Close

Locks Heath


SO31 6SU

or email:

If you feel that I have not dealt with your request appropriately, you have the right to complain to the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

or email at

Helpline number:  0303 123 1113. 

Barry Culshaw is authorised and regulated by the Solicitors Regulation Authority under SRA number 62582 whose rules can be accessed via

Barry Culshaw is authorised and regulated by the Solicitors Regulation Authority under SRA number 62582 whose rules can be accessed via