Privacy Policy

  1. Pender Law Limited

Pender Law Limited, a firm of solicitors regulated by the Solicitors’ Regulation Authority (SRA. No. 00563996), practicing under the style or name of Penderlaw is a limited company registered in England and Wales with company number 07734784. Pender Law Ltd is a data controller and registered with the Information Commissioners Office (“ICO”) under reference Z3500808.

We are committed to protecting and respecting your personal data and privacy. This privacy and cookie policy relates to our use of any personal data we collect from you. Whenever you provide such information we are required to use your information in line with the legal rules and guidance designed to protect your personal data.

For instance, the General Data Protection Regulations 2016 (“GDPR”) came into force on 25 May 2018 to ensure that we only use your personal information for proper reasons.

The proper reasons include the following:

  • to fulfil a contract we have with you to provide our services, which is the reason that you provide us with such personal data;
  • where it is our legal duty;
  • where it is in our legitimate interest;
  • when you expressly consent to the use of the personal data.

A legitimate interest is when we have a business or commercial reason to use your personal data. For instance, we must hold records for our regulator, our insurer and membership to professional accreditation schemes and lenders’ panels.

  1. Your rights

GDPR gives you the following rights in respect of the data which we hold about you:

  • to be informed about the data we hold about you;
  • to have access to data we hold about you;
  • rectification of wrong or out of date information;
  • erasure of data (in appropriate circumstances);
  • to restrict processing;
  • to obtain and re-use the personal data (data portability);
  • object to direct marketing;
  • not to be subject to automated decision-making, including profiling (not used by this firm).


  1. How we use your data

We use your data to provide services to you under a contract. We will collect information about your case or transaction. For instance, we will have personal identification documents, original and copy documents, and financial and IT records. With your permission, we will also work with third parties, such as agents, accountants, financial advisors and barristers.

We may use third party organisations such as Google Analytics or other digital services such as cookies to analyse how we obtain instructions but currently we do not do this.

We will provide information to you about other services that we can provide, or other advisors if appropriate. This is part of our normal professional services.

We will retain records necessary to satisfy our legitimate interest in being able to subsequently provide information about your case to you, regulators, insurers, lenders, and other third parties to whom we owe a duty. We may also pass your personal data to third parties where we are required by law, or where we have a legitimate interest in doing so.

We use third party service providers mostly in the sphere of IT and document processing, some of which may be cloud based.

All of our third party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third party providers to process your personal data for specific purposes which are aligned to the duty we owe you in respect of your case or matter.

As part of the services offered to you we may send data outside of the European Economic Area (EEA). Where this is the case we will endeavour to ensure that the data is protected in the same way as if it were held within the EEA. If the data is held in the USA we will endeavour to ensure that their services fall with the Privacy Shield.

  1. Retention of data

We will only retain your personal data for as long as is necessary to fulfil the purpose for which it is collected. When assessing what retention period is appropriate we will take into consideration:

  • the requirements of our business and the service you require;
  • our legal and regulatory obligations;
  • the purpose for which the personal data was collected;
  • the type of personal data collected.

By virtue of GDPR you have the right to erasure of your personal data under specific circumstances. If you request your personal data to be erased, we will decide it on a case by case basis. Such a request must be submitted in writing and be acknowledged by us. Given the nature of the work that we do, it will be necessary for us to consider our legitimate interest in your personal data, once you have consented to provide it to us, when considering any request for erasure.

Please contact us if you wish to update or revise personal data that is out of date or incorrect. For example, changing address, updating telephone numbers, separation or death of a spouse / family member for whom we have acted jointly with you.

If you request information about your data in writing we will provide within one calendar month a description of the personal data that we hold for you. You may be required to provide additional identification before we will consider the request and pay for the information if the request is manifestly unprofound or excessive.

  1. Security measures and policies

We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. In addition we limit access to your personal data to those employees, agents, and other third parties who have a business need to know. Third parties will only process your personal data on our instructions and they are subject to the same duty of confidentiality as we are.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach, where we are legally required to do so.

  1. Review, withdrawal and complaints

We keep this privacy policy under review. You can withdraw your consent at any time.

If you have a complaint about the management by us of your personal data please address it to us in the first instance in accordance with our complaints procedure but if you are still dissatisfied, after we have considered your complaint, you have a right to complain to the ICO.