Privacy Page

  1. When and how we share your data
  2. Security measures
  3. International transfers


Welcome to our privacy page. The sections on this page set out how we, Stevens & Bolton LLP and Stevens & Bolton Trustees Limited, collect and process your personal data (sometimes referred to as just data).

Stevens & Bolton LLP (S&B) is a limited liability partnership registered in England (OC306955) with its office at Wey House, Farnham Road, Guildford, Surrey GU1 4YD.

Stevens & Bolton Trustees Limited (SBTL) is a company registered in England (4105828) with the same office address in Guildford. SBTL is a wholly owned professional trust company of S&B and acts as professional trustee and executor. It engages S&B to undertake all legal advice in connection with the trusts of which it acts as trustee and the estates of which it acts as executor. When instructed to act as trustee or executor, personal data will be shared between S&B and SBTL. 

We process personal data for a number of different purposes. To find out more about our processing activities, please click on the relevant section of How S&B uses your data or How SBTL uses your data below. Both entities are controllers of your data under the UK GDPR and may be referred to as we, us or our.

Some of our data practices are common to all individuals and these sections are accessible by clicking the buttons at the top of this page.

We keep this page under constant review. It was last updated on 1 May 2023.

How S&B uses your data

Please click on any of the links below to see the relevant processing activities for S&B:

  1. Clients
  2. Beneficiaries of a trust
  3. Beneficiaries of an estate
  4. Third parties including website users
  5. Job applicants
  6. Staff members

How SBTL uses your data

Please click on either of the links below to see the relevant processing activities for SBTL:

  1. Beneficiaries of a trust
  2. Beneficiaries of an estate

Security measures

We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

When and how we share your data

We sometimes use third parties to help us run our business. They are required to take appropriate security measures to protect your personal data and sign up to confidentiality undertakings. We do not allow third parties to use your personal data for their own purposes – they are only permitted to process your personal data for specified purposes and in accordance with our instructions. 

Personal data held by us may also be transferred to:

  • External service providers, representatives and agents that we use to make our business more efficient e.g., our online payment portal, typing services, marketing agencies, document collation and printing services.
  • External auditors, e.g. in relation to audits of our files and accounts.
  • Professional advisers such as accountants, auditors, lawyers and other outside professional advisers, subject to confidentiality undertakings.
  • Legal and regulatory authorities, with whom we have a legal obligation to share your data (e.g. HMRC) or for reporting any actual or suspected breach of law or regulation (e.g. SRA and ICO).
  • Any relevant party, law enforcement agency, tribunal or court, to the extent necessary for the establishment, exercise or defence of legal rights.
  • Any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties.
  • Any relevant third party acquirer(s), potential acquirers or bidders and their advisers in the event that we sell or transfer or propose to sell or transfer all or any portion of our business or assets (including in the event of a reorganisation, outsourcing, service provision change, dissolution or liquidation).

For more information on when and how we share your data, click on any of the ‘processing activities’ above.

International transfers

Where any data is transferred outside the UK, this can only happen where:

  • There are safeguards in place, e.g. standard contractual clauses or binding corporate rules.
  • An adequacy decision applies to the relevant country.
  • One of the GDPR derogations applies to the transfer including explicit consent, where the transfer is necessary for the performance of a contract with us, or for establishing, exercising or defending legal claims.

You can request more information about these safeguards by contacting us at the details below:

Individuals in the UK or outside the EEA

Data Protection Officer, Stevens & Bolton LLP, Wey House, Farnham Road, Guildford, Surrey, GU1 4YD.

Individuals in the EEA

Our EU Representative: Pembroke Privacy Ltd., 3-4 Upper Pembroke Street, Dublin 2, Ireland.

Search our site