Third Parties Including Website Users

Types of data we collect

We may collect personal data:

  • you provide to us when completing an enquiry form on our website, including your name, address, email address, phone number, position, organisation name and any other details you provide as part of the enquiry,
  • you provide when subscribing to receive our updates, briefings and event invitations, including your name, email, job title, organisation name and your areas of interest,
  • you provide when registering for a seminar or event organised by the firm, e.g. full name, email address, organisation, phone number, golf handicap (if attending one of our golf days) and special category data, i.e. dietary requirements,
  • you provide when you apply for a job advertised or submit a speculative job application and/or your CV via our portal – see applicant notice for more details, 
  • gathered using cookies – see our cookie policy for more details,
  • via our IT systems, e.g.:
    • door entry systems and reception logs,
    • automated monitoring of our website and other systems such as our computer networks, CCTV and access control systems, communications systems and email,
  • collected by external service providers (including Corsearch) to help protect our clients’ intellectual property rights online, e.g. basic contact details (name, pseudonym, email, phone number, IP address) of infringers who have produced counterfeit goods,   
  • relating to your visits to our website including but not limited to traffic data, location data, weblogs and other communications data.

How and why we use your data

Under data protection law, we can only use your personal data if we have a legal ground for doing so, e.g.:

  • for the performance of our contract with you or to take steps at your request before entering into a contract,
  • to comply with our legal and regulatory obligations,
  • for our legitimate interests or those of a third party, or
  • where you have given us your consent.

A legitimate interest is when we have a business or commercial reason to use your data, provided this is not overridden by your own rights and interests.

The table below explains how and why we process your data:

How we use your data

GDPR legal ground

Marketing our goods and services and sending legal updates to you.

For our legitimate interests, i.e. to offer a high level of service to our clients.

Registering you as a client, providing legal services to you, taking payment and managing the client relationship.

To perform our contract of engagement with you or to take steps at your request before entering into the contract; for our legitimate interests, i.e. to ensure a high level of service; or to comply with our legal and regulatory obligations.

Conducting checks to identify our clients and verify their identity; to carry out anti-money laundering checks; screening for financial and other sanctions or embargoes; other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety regulation or rules issued by our professional regulator.

To comply with our legal and regulatory obligations.

Where we process your personal data to carry out anti-money laundering checks, the data will only be used for the purposes of preventing money laundering or terrorist financing or as permitted under applicable data protection legislation.

Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies.

To comply with our legal and regulatory obligations.

Operational reasons, such as improving efficiency, training and quality control.

For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service for you at the best value.

Statistical analysis to help us manage our practice, e.g. in relation to our financial performance, client base, work type or other efficiency measures.

For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service for you at the best value.

External audits and quality checks, e.g. external auditors of both our client files and our client account.

For our legitimate interests, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards; or to comply with our legal and regulatory obligations.

Gathering basic information to protect key clients’ intellectual property rights online.

For our legitimate interests and for those of the relevant clients we provide this service to.

Communications about additional services

We may use your personal data to send you updates by email or by post about legal developments, information about our services (including new services), or invitations to events that we believe may be of interest to you.

We will either seek your express consent to send such communications to you, or we will rely on our legitimate interests in promoting our business and building our relationship with you. We will never sell your personal data to other organisations for marketing purposes.

You have the right to opt out of receiving unprompted communications at any time by:

  • using the ‘unsubscribe’ link in emails, or
  • by clicking here to access the unsubscribe page on our website.

We may ask you to confirm or update your preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.


We will keep your personal data after we have finished advising you or responding to a query from you. We will keep records if required to do so by law.

We will not retain your data for longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of data. If you would like to know the retention period for a specific type of data please contact our DPO.

Links to other websites

This notice only applies to Stevens & Bolton LLP and Stevens & Bolton Trustees Limited.

If you link to another website from our website, you should remember to read and understand that website’s privacy notice as well. We are not responsible for any use of your personal data that is made by unconnected third party websites.

Cookies and analytics

What is a cookie?

  • Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device. You can find more information about cookies at: and  and for a video about cookies visit
  • Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.

You can find out further information about the types of cookies used on this website, as well as how you can enable or disable them, by clicking the following link:


If you apply for a vacancy via this website, you should read our privacy notice for job applicants here

Intellectual property rights

All intellectual property rights in or arising from our website, including all copyright belong to Stevens & Bolton LLP, unless otherwise stated. All rights are reserved.

Your rights

Under certain circumstances, you have rights in relation to your personal data, including the right to:

  • Request access to your personal data – you may receive a copy of the personal data we hold about you.
  • Request correction of the personal data we hold about you – we will correct any incomplete or inaccurate data we hold about you.
  • Request erasure of your personal data – you may ask us to delete or remove personal data where there is no good reason for us continuing to process it.
  • Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object on this ground.
  • Request restriction of processing of your personal data – you may ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing.
  • Request the transfer of your personal data to another party.
  • Withdraw consent in the limited circumstances where you have provided your consent to the collection, processing and transfer of your personal data. After we have received notification that you have withdrawn your consent in relation to a particular purpose, we will no longer process your information for that purpose, unless we have another legitimate basis for doing so in law.
  • Lodge a complaint regarding the processing of your personal data with the Information Commissioner’s Office or any other relevant supervisory authority.

Contact us

If you want to exercise any of the above rights, please contact: 

Individuals in the UK or outside the EEA

Data Protection Officer, Stevens & Bolton LLP, Wey House, Farnham Road, Guildford, Surrey, GU1 4YD.

Individuals in the EEA

Our EU Representative is Pembroke Privacy Ltd., 3-4 Upper Pembroke Street, Dublin 2, Ireland.


Search our site