Privacy Notice

Is providing your data obligatory?

Some of the personal data we ask you to provide is required by law. In particular, we are legally obliged under the Money Laundering Regulations 2017 to collect identity verification and source-of-funds information before we can act for you. If you do not provide this data, we will be unable to accept your instructions.

Other data is needed to perform the services set out in our retainer (client care letter). Providing this data is a contractual requirement; if you do not provide it, we may be unable to carry out your conveyancing transaction.

Where we rely on your consent (for example, for marketing communications), providing your data is entirely voluntary and there is no consequence for declining.

5. Who we share your data with

In the course of acting on your conveyancing matter, we may share your personal data with the following recipients:

Transaction parties: The other party's solicitors or conveyancers, estate agents, surveyors, mortgage lenders and brokers

Government and regulatory bodies: HM Land Registry, HMRC (for SDLT), the Welsh Revenue Authority (for Land Transaction Tax on Welsh properties), local authorities (for searches), the Council for Licensed Conveyancers (CLC), the Legal Ombudsman

Service providers (acting as our data processors): Case management software provider, cloud hosting and IT support providers, electronic ID verification and AML screening providers, electronic signature platform providers, search providers (e.g. property search companies), document storage and shredding providers, cloud accounting provider

Professional advisers: Our accountants, auditors, insurers, and legal advisers where necessary

Introducers and lead generation services: Where your matter was referred to us by a third-party introducer or lead generation service, we may share limited personal data with that party strictly to the extent necessary to administer the referral relationship (for example, confirming that a matter has completed). Only the minimum data required for this purpose is shared — we do not provide these parties with access to your matter file, financial information, or identity verification documents.

We do not sell your personal data to any third party. We remain responsible for your personal data at all times and require all third parties with whom we share it to process it in accordance with applicable data protection law.

International transfers

Some of our service providers are based in the United States. This means your personal data may be transferred outside the United Kingdom to the following recipients:

Anthropic, PBC (USA) — AI services used to assist with document review, drafting, and matter management. Anthropic does not currently offer zero data retention — API inputs may be retained for up to 30 days for trust and safety purposes, after which they are deleted. Inputs are not used for model training. Transfer mechanism: EU Standard Contractual Clauses with UK Addendum, incorporated into Anthropic's Data Processing Agreement.

OpenAI OpCo, LLC — AI services used to assist with document review, drafting, and matter management. OpenAI’s EU data residency option is active, meaning your data is processed and stored within the European Economic Area. The UK has adequacy regulations covering EEA transfers, so no restricted international transfer occurs. Zero data retention is confirmed — data is not stored beyond the duration of each API call.

**Aircall.io, Inc. (USA)** — Cloud telephony. All calls to and from the firm are recorded and transcribed using Aircall's built-in AI transcription. Aircall is certified under the UK Extension to the EU-US Data Privacy Framework, providing the Data Bridge as the transfer mechanism. Recordings and transcripts are stored on AWS infrastructure with encryption in transit and at rest.

Meta Platforms, Inc. (USA) — WhatsApp Business API used for client communication during your matter (matter updates, responding to queries, scheduling). WhatsApp Ireland Limited is the contracting entity, with onward transfers to WhatsApp LLC and Meta Platforms, Inc. in the United States. Transfer mechanism: UK-US Data Bridge (WhatsApp LLC and Meta Platforms, Inc. are certified under the UK Extension to the EU-US Data Privacy Framework). EU Standard Contractual Clauses with UK Addendum are in place as a fallback mechanism via WhatsApp's Business Data Transfer Addendum. Messages are encrypted in transit and at rest. WhatsApp's Business Terms confirm that the content of business messages is not used for advertising purposes. The firm's policy restricts the sharing of sensitive documents (identity verification, financial records, formal legal advice) via WhatsApp — these must be sent via encrypted email or the client portal.

Google LLC (USA) — Email hosting via Google Workspace. Transfer mechanism: UK-US Data Bridge (Google is certified under the UK Extension to the EU-US Data Privacy Framework). EU Standard Contractual Clauses with UK Addendum are in place as a fallback mechanism.

We have carried out Transfer Risk Assessments for each of these transfers and are satisfied that appropriate safeguards are in place, including encryption in transit and at rest, access controls, and contractual obligations regarding government access requests.

If you would like further information about the safeguards in place for international transfers of your data, please contact us at privacy@farringdon.com.

6. How long we keep your data

CategoryRetention PeriodConveyancing matter files15 years from matter completion for purchase cases, and 6 years from matter completion for sales cases.Title deeds and documents of titleIndefinitely (or until property is sold/transferred)AML/CDD records5 years from end of business relationship (as required by MLR 2017)Accounting and billing records6 years from end of financial year (CLC Accounts Code, Companies Act 2006) (as required by HMRC)Call recordings and transcriptsRetained for the same period as the associated matter file: 15 years from completion for purchase matters, 6 years from completion for sale matters. Recordings and transcripts form part of the matter record (documenting client instructions and discussions).Complaints records6 years from resolution

Where multiple retention obligations apply to the same data, we retain it for the longest applicable period. For example, AML/CDD records forming part of a purchase matter file are retained for the full 15-year matter retention period, even though the standalone AML obligation is 5 years, because the records form part of the matter file and may be needed to defend claims during that period.

After the applicable retention period, your data will be securely destroyed. In some circumstances, we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

7. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access — You can request a copy of the personal data we hold about you.

Right to rectification — You can ask us to correct inaccurate or incomplete data.

Right to erasure — You can ask us to delete your data in certain circumstances (this is not absolute and may be limited by our legal obligations or legitimate interests in retaining data).

Right to restrict processing — You can ask us to limit how we use your data.

Right to data portability — You can request your data in a structured, commonly used format.

Right to object — You can object to processing based on legitimate interests.

Right to withdraw consent — Where we process your data on the basis of consent (for example, marketing communications), you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before you withdrew consent.

Rights related to automated decision-making — We use AI tools to assist with document review, drafting, and matter management throughout your conveyancing matter. No decisions that produce legal or similarly significant effects on you are made solely by automated means. All legally significant output — including documents submitted to registries, sent to third parties, or containing formal legal advice — is reviewed by a conveyancer before it is issued. AI is used as an assistive tool under professional supervision, and the conveyancer with conduct of your matter retains full responsibility for the work product. If you do not wish AI to be used in connection with your matter, please let us know; however, as AI is integral to the way we deliver our services, we may be unable to continue acting for you on that basis and would need to disinstruct you from the matter.

How to exercise your rights

To exercise any of the rights set out above, please contact us at privacy@farringdon.com.

We may need to verify your identity before processing your request. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We will respond to all legitimate requests within one calendar month. If your request is particularly complex or you have made a number of requests, we may take longer — but we will keep you informed of our progress.

We reserve the right to charge a reasonable fee if your request is manifestly unfounded, repetitive, or excessive. In such circumstances, we may also decline to comply with the request.

8. Special category data

Where it is necessary for your conveyancing matter, we may process special category data (as defined in Article 9 UK GDPR). We will only do so in the following circumstances:

• With your explicit consent

• Where it is necessary to comply with a legal obligation (for example, where we are required to report information to a regulatory body)

• Where it is necessary to establish, exercise, or defend legal claims (for example, in relation to a dispute arising from your transaction)

• Where it is necessary for reasons of substantial public interest under Article 9(2)(g) UK GDPR, read with Schedule 1, Part 2 of the Data Protection Act 2018 (for example, processing data that emerges incidentally from Politically Exposed Person screening carried out under anti-money laundering obligations — this is expected to be rare)

9. Marketing and communications

We may, with your explicit consent, send you marketing communications such as newsletters or information about our services. Any such communications are sent on the basis of your consent (Art. 6(1)(a) UK GDPR) and you may withdraw that consent at any time by contacting us at privacy@farringdon.com or using the unsubscribe link in our communications. As a firm regulated by the Council for Licensed Conveyancers, we are subject to restrictions on marketing activity and do not engage in unsolicited marketing to the general public.

10. Data security

We take appropriate technical and organisational measures to protect your personal data, including encrypted storage and transmission, access controls limiting data to authorised personnel, secure disposal of physical and electronic records, and regular review of our security practices.

We will notify you and any applicable regulator of a suspected personal data breach where we are legally required to do so.

11. Complaints

If you are unhappy with how we have handled your personal data, you have the right to complain to the Information Commissioner's Office (ICO):

• Website: https://ico.org.uk

• Helpline: 0303 123 1113

• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns before you contact the ICO. Please contact us first at privacy@farringdon.com.

12. Changes to this notice

We may update this privacy notice from time to time. We will notify you of any significant changes. This notice was last updated on 19 May 2026.