Skip to main content

Privacy notice

"Weightmans" is the collective name and brand under which Weightmans LLP and Weightmans (Scotland) LLP provide legal and other services to clients. We may share data between the two organisations when providing our services.

We are committed to protecting your information and privacy.

This notice (together with our website terms of use) explains how we use and process personal information collected. It addresses information provided to us

  • When visiting our site
  • When consulting in connection with provision of legal services
  • Otherwise as a result of our communications with you or one of our clients
  • When subscribing to our email updates or other marketing activities.

It sets out how we process it, with who we may share it and choices you can make regarding use of information collected. It does not apply to personal information of staff in connection with employment, which is dealt with by a separate internal Human Resources privacy notice available to staff from our intranet/Human Resources.

We also describe measures taken to protect security of information provided and how you can contact us about our privacy practices. Please read it carefully to understand our views and practices about why personal information is collected, what we do with it and how we use it.


Technology and data privacy best practice are continually evolving areas. We reserve the right to revise this notice from time to time in consequence. Changes will be incorporated on this page. Please review it periodically. Further information about data privacy may be found in our client engagement letter sent to you along with our terms and conditions.

The last update was July 2022.

Data protection

For Data Protection legislation notification purposes we are registered as a data controller with the Information Commissioners Office (ICO). Our registration details are as follows:

  • Weightmans LLP Number Z7388021
  • Weightmans (Scotland) LLP Number ZA090557

Our nominated Data Protection Officer for both LLPs is Sarbjit Nanuwa who can be contacted at or on 0345 073 9900

Who we are

Weightmans LLP 100, Old Hall Street, Liverpool L3 9QJ is a legal practice, regulated by the Solicitors Regulation Authority (SRA) number SRA ID: 463329 in England and Wales.

Weightmans (Scotland) LLP 144 West George Street, Glasgow, G2 2HG is a legal practice, regulated by the Law Society for Scotland Number 45303 in Scotland.

As regulated practices, we process personal information in accordance with data protection legislation and in line with obligations imposed on us under Solicitors Regulation Authority (SRA) Standards and Regulations 2019 (STARS) and the Rules and Guidance issued by the Law Society for Scotland.

How we collect your personal information

Our approach is to handle the minimum personal information necessary in a reasonable and proportionate way in order to preserve the rights and freedoms of data subjects, whilst acting in the best interests of our clients.

We collect, retain and process personal information to enable us to give legal advice, provide legal and related business services and conduct legal proceedings and transactions on behalf of our clients.

We may collect personal information in a number of ways, including:

  • Online via our site or any of our social media accounts such as Twitter, LinkedIn and Instagram
  • In hard copy by fax or post, in person, or over the telephone
  • Via phone recording in connection with our debt recovery services
  • Through provision of legal or training services to you in person or electronically
  • During the course of our dealings with you for or on behalf of a client
  • When you provide us with information relating to attendance on seminars or other promotional events
  • When you contact us via this site by filling in a form to register for newsletters, email updates, competitions, seminars, events sponsored by us, or other services
  • When you contact us with queries, we may keep a record of that correspondence
  • When you complete surveys for research or quality purposes, although you do not have to respond to them
  • When you attend in person at one of our offices, including location data
  • When we collect your personal data from other third parties, for example from our insurer clients, other clients or their representatives, including but not limited to loss adjusters or claims investigators or other individuals connected to a claim or matter where we are instructed to act as well as other law firms
  • When we collect publicly available information about you or your business, including, directly or indirectly, through electronic data sources, for example (but without limitation) for the preparation or filing of legal documents and forms, and in connection with anti money laundering, counter terrorist financing and credit risk reduction
  • For placement, recruitment and selection purposes.

Personal information collected

The type of information collected depends upon our relationship with you and the context in which we obtain and process your personal data.

Information collected and processed may include details of the following types of information:

  • Contact information (name, address, (including postal and email addresses), telephone and fax numbers and gender)
  • Occupational information, (job title, former job titles, organisational associations, professional experience and qualifications, interests and preferences where you advise us of these details in order to provide you with relevant tailored information about our services)
  • Identification documents, including date of birth and photographic identification
  • Online services in respect of which you have expressed an interest
  • Other information collected and used in the course of our business, including (but without limitation) information provided by our clients concerning employees of our clients or those providing services to our clients and information about you which is publicly available and collected, directly or indirectly, from electronic data sources
  • Details of your visits to our site, the resources accessed, including traffic data, location data and other communication data
  • Images captured by CCTV cameras at our offices
  • Where necessary and legally permitted, we may also collect sensitive data, such as diversity and health data and details of offences and related proceedings.

What we do with personal information collected

We use the information provided to:

  • Ensure content from our site is presented in the most effective manner
  • Contact you by email, fax, post or phone where you have provided contact details. We may also keep a record of that correspondence
  • Notify you about changes to our service
  • Improve our products and services, including dealing with claims, legal proceedings and non contentious matters under a retainer
  • Conduct our legitimate business interests and those of our clients in connection with the provision of our legal services
  • Maintain internal records, including about cancelled accounts
  • Ensure good governance, accounting, management and auditing
  • Carry out our obligations arising from any contracts entered into between us
  • Refer you to another team within Weightmans about other legal services which may be of benefit to your interests
  • Provide you with information, products or services which you request from us
  • Facilitate the provision to you of online or other training services
  • Send you information, or newsletters and legal updates which you may find of interest where you have indicated your wish to be contacted for such purposes
  • Pass your details to experts, including counsel and other professionals for the purposes of obtaining professional advice and complying with our contractual obligations
  • Pass your details to secure third party service providers, who are under contract to assist us in our provision of legal services
  • To contact you in the course of providing services to our clients
  • Assist with recruitment and selection process
  • Convert into anonymised, statistical or aggregated data which can’t be used to identify you but may be used for the purposes of statistics, research reporting and future planning for our business and strategic objectives
  • Where we have other legitimate reasons, such as to enforce our terms of use, or take other action required or permitted by law or for other safety and security reasons
  • To respond to complaints against us
  • We also process personal data in anonymised form for statistical and/or insurance and/or legal advice purposes.

Who do we share your information with

In providing our services, we may provide your personal information to staff in our offices or other third parties, such as:

  • Any successors in title to our business, or as part of mergers
  • To other suppliers, such as expert witnesses, counsel, counsel's administrative support or other external agencies such as translations services, IT support service providers (including training providers) that we engage on our/your behalf. When we do so, they are required to act in accordance with our instructions and keep your personal information secure with an adequate level of protection
  • To courts, tribunals and other government bodies and relevant regulators (SRA, Law Society for Scotland and the ICO) in connection with matters relating to provision of our services
  • To fraud prevention agencies
  • To professional indemnity insurers, brokers, auditors and other professional advisers
  • To our clients in connection with the provision of our services
  • To auditors in connection with maintenance of our quality certifications
  • To other third parties when required by law or other regulatory authority, where we are under a duty to do so to comply with legal or professional obligations (for example to comply with anti-money laundering obligations and counter terrorism measures)
  • To enforce or protect our rights, property or the safety of our partners, staff and clients. (This includes exchanging information with other companies and organisations for the purposes of fraud prevention and detection and credit risk reduction)
  • To other parties in legal proceedings, including solicitors acting on the other side of a case or transaction
  • To costs draftsmen
  • To financial institutions providing finance for transactions.

On what basis do we process your information

The legal grounds for processing your personal data depend upon the nature of our relationship with you and the context of processing and are as follows:

  • Processing is necessary for the performance of a contract with you, or to take steps prior to entering into a contract with you. Our retainer is comprised of our engagement letter and our terms and conditions of business which sets out the terms of the contract and the services to be provided to you. If you ask us to provide online training, we will invite you to sign our terms and conditions for the supply of online training services
  • Processing is necessary for the purposes of our legitimate interests or those of our clients in the provision of legal services and use in legal proceedings, except where those interests are overridden by the interests, rights or freedoms of affected individuals. In order to determine this we shall weigh up a number of factors, including what you were told at the time you provided your data, what your reasonable expectations are, and the nature of the data as well as its impact upon you
  • Processing is necessary for compliance with mandatory legal obligations to which we are subject.

How long do we keep your personal information

We only retain your information for as long as is necessary for the purpose for which it was obtained. This could include compliance with legal obligations (by way of example, in relation to anti money laundering regulations and counter terrorist financing where we are required to keep information for minimum periods). It could also include conducting legal work as instructed, or establishing or defending claims which could be made against us, for example for negligence in the performance of our obligations.

Information collected from you concerning other people

Where you provide personal information to us about other people, we accept it on the understanding that you have made the other person aware about how we will use and disclose their information.


Our services are not aimed at children. In matters involving children they will be represented by parents or legal guardians. Where we are acting in matters involving children we will explain why their personal data is needed and how it will be used.

Where will your personal information be processed

There may be occasions where we need to transfer your personal information to countries outside the European Economic Area, (EEA) which do not provide the same level of data protections as in the UK. For example, in relation to legal claims or transactions with an international element, or where we need to instruct overseas agents to assist us in performing our services. In these circumstances, we will take steps to ensure that your personal information is adequately protected by methods offering sufficient assurances and guarantees that the information is given the necessary safeguards to prevent it from accidental or unlawful, disclosure, access alteration or destruction.


We may provide you with information which we think you may find interesting via our newsletters, updates, competitions, seminars and other events. You can choose to restrict the collection or use of your personal information for this purpose. You can ask us to change your preference for receiving such communications, including legal updates and newsletters at any time.

Whenever you receive marketing communications from us, you will be able to indicate whether you wish to update your details or preferences.

If you would prefer not to receive this information please let us know via the contact form provided, or, alternatively you can unsubscribe via our preference centre.

You have the right to ask us not to process your personal information for marketing purposes.

When we collect contact information (for example when you pass us your business card at one of our events or meetings) we may add your details to our marketing database and mailing list. In all other cases if we intend to process your information for marketing we will inform you before collecting your information.


You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy.

Links to other websites

We may include links on our site to enable you to access third party sites directly. If you follow any links, this privacy notice will not apply. Third party sites operate their own privacy policies regarding processing of personal information and the use of cookies. Please check these policies before you submit any personal data to these external sites. We do not accept any responsibility for a third party site or use of your information or their use of cookies.

Access to your information

You have the right to request details of personal information which we hold about you.

If you would like a copy of your personal information, please write to Sarbjit Nanuwa at Weightmans, 100 Old Hall Street, Liverpool, L3 9QJ. 

Other rights

You also have the right to correct or complete information held by us.

If you think any information we have about you is incorrect, incomplete or needs updating please also let us know. We will update any information as soon as possible.

You may also in certain circumstances:

  • Request that we erase the personal data we hold about you
  • Restrict its processing whilst we continue to hold it
  • Where we process your data by automated means, ask us to transmit that data to another data controller. If you wish to request this we will let you know whether this is possible, taking into account compatibility of systems of the other data controller to whom you wish the transfer to be made
  • Object to processing. If you raise such objection we must stop unless we can demonstrate (1) an overriding legitimate business interest or (2) such processing is necessary in relation to legal proceedings
  • To have a decision taken by a human. We are however unlikely to take decisions which have a legal or similarly significant effect on you by automated means
  • Have a right to be notified of a personal data breach if it results in a high risk to your rights and freedoms
  • Right to withdraw your consent if you have given your consent to our processing of any of your personal data. (Please note that if you withdraw your consent, this will not affect the validity of any processing carried out prior to withdrawal).

These requests are free of charge.

Depending on the nature and extent of your request, we may be unable to continue acting for you. In this event, you will remain liable for our fees and disbursements incurred before the request was made.

Our contact information in connection with the exercise of these rights or other privacy issues appears at the bottom of this page.

If you consider we have breached our obligations in respect of your personal data you may raise your concerns with us. Alternatively, you have the right to make a complaint to the Information Commissioners Office, (ICO) the UK supervisory authority for data protection issues. Further details can be found at

Security and storage: how we protect personal information

We have implemented controls around how we protect and handle personal information. We aim to protect the confidentiality, integrity and availability of the personal information we handle whilst in our possession.

At organisation level, we have implemented a suite of policies and procedures which support best practice, including Acceptable use, Information Security, Business Continuity, Access Control, and Asset Management amongst others.

At a technical level, we are certified to ISO 27001:2013 and have Cyber Essentials plus accreditation. To maintain our certifications, we are obliged to implement and maintain secure data exchange methods, controls over user access, data storage and disposal together with firewalls, antivirus software, system vulnerability/penetration testing amongst other controls and processes.

We have a number of offices in the United Kingdom. Personal information provided to us, is held in our offices (in hard copy) or within secure servers within the United Kingdom or alternatively in secure data centres within the EU or European Economic Area (in electronic format).

The internet is a global environment. It can involve transmission of data on an international basis. Transmission of information via the internet or any social media is not completely secure. By using our site and communicating with us electronically, you acknowledge and accept our processing of your personal information in this way.

Although we adopt appropriate technical and organisational measures to protect your personal information, we can not guarantee its security when sent to this site. Transmission is at your own risk.

Once your information is received by us either in electronic or physical form, we take all reasonable steps necessary to prevent unauthorised access and ensure your information is handled securely and in accordance with this privacy notice. We have put in place suitable electronic, physical and managerial procedures to protect and secure the information collected.

How to contact us

If you have any queries or requests regarding this notice, or our practices concerning your personal data, please contact Andrea Bridson, Data Manager, Weightmans LLP, 100 Old Hall Street Liverpool L3 9QJ 0345 073 9900 or email or by using the contact form below.

We will take reasonable steps to resolve or answer concerns as soon as possible and normally within 30 days.

(Kindly note that queries about legal claims/legal matters should be directed to the file handler with conduct of the case as identified in our correspondence with you.)

ISO/IEC 27001
Cyber Essentials Plus

Updated January 2022