Privacy Policy

Fidanci Law Ltd (“Fidanci Law”, “we”, “our”, or “us”) is committed to protecting your privacy and ensuring that your personal information is handled securely, lawfully, and transparently. This Privacy Policy explains how we collect, use, store, and protect personal data in the course of providing legal services and running our business.

Fidanci Law Ltd is registered with the Information Commissioner’s Office (“ICO”) under registration number ZA891914.

1. Governing Law and Regulations

We process personal data in accordance with:

• The UK General Data Protection Regulation (UK GDPR)
• The Data Protection Act 2018
• The Privacy and Electronic Communications Regulations (PECR)
• Guidance issued by the Information Commissioner’s Office (ICO)
• Professional obligations imposed by the Solicitors Regulation Authority (SRA)

This policy applies to all personal data processed by us, whether collected online, in person, over the phone, or via third parties.

2. The Information We Collect

“Personal data” means any information relating to an identified or identifiable individual.

We may collect, use, store, and transfer different categories of personal data, including:

Identity Data

Names, previous names, titles, gender, marital status, date of birth, identification documents.

Contact Data

Postal address, email address, telephone numbers.

Financial Data

Bank account details, payment information.

Transaction Data

Details of payments made and received, and the legal services you have purchased from us.

 

Technical Data

IP address, browser type, operating system, login data, time-zone settings, device details (non-personally identifiable information).

Profile Data

Interests, preferences, feedback, communication preferences.

Usage Data

Information about how you use our website and services (non-identifiable analytics).

Special Category Data (only where necessary)

We may process limited special category data, such as health information, where strictly required for legal matters and with an appropriate lawful basis (e.g., explicit consent, legal claims, or regulatory obligations).

We do not collect personally identifiable information through the website unless you submit it voluntarily (e.g., contact forms or direct emails).

We do not retain personal data from telephone enquiries or office visits unless you formally instruct us.

3. How We Use Personal Data

We process personal data only where we have a lawful basis under UK GDPR. Most commonly, this will include:

Contractual Necessity

Where we need to carry out work to perform the contract for legal services.

Legitimate Interests

Where processing is necessary for our legitimate business interests and your rights do not override those interests. Examples include:

• Managing our practice efficiently
• Preventing fraud or misuse of our services
• Keeping internal records
• Improving our services and website security

Legal or Regulatory Obligations

Including anti-money laundering (AML) checks, SRA compliance, Court orders, or statutory reporting.

Consent

Where you have expressly given consent (e.g., marketing preferences). You can withdraw consent at any time.

We do not sell, trade, or rent personal data to third parties.

We share data only where necessary for legal services, compliance, or where required by law. Any third-party partners who process personal data on our behalf must comply with strict confidentiality and data-protection obligations.

4. How We Collect Personal Data

We collect personal data through:

Direct interactions:

• Emails, letters, telephone calls
• Online forms
• Meetings at our office
• Identity verification documents

Third parties:

• Barristers, experts, valuers, medical professionals
• Mortgage lenders or estate agents
• HM Land Registry, HMCTS
• Public authorities (e.g., police, CPS, local authorities)

Public sources:

• Companies House
• The Electoral Register
• Public professional directories

Automated technologies:

• Website analytics
• Cookies and technical logs

5. Categories of Individuals Whose Data We Process

We process personal data relating to:

Clients

Data necessary for providing legal services and managing client relationships.

Employees, Contractors & Job Applicants

Handled in accordance with separate internal privacy notices.

Suppliers and Service Providers

Identity and contact details for administration, billing, and service coordination.

Professional Contacts

Barristers, surveyors, experts, and business contacts (including those in our Central Register of Experts).

6. Why We Collect Your Personal Data

Examples include:

• To comply with legal and regulatory obligations (AML checks, SRA rules).
• To verify identity and prevent fraud.
• To perform the contract for legal services.
• To respond to enquiries.
• To manage payments, fees, and charges.
• To maintain office security and file management.
• To manage recruitment processes.
• To improve website experience and security.

7. Our Legitimate Interests

Our legitimate interests include:

• Protecting clients, staff, and visitors
• Providing and improving legal services
• Preventing fraud and criminal activity
• Complying with SRA and AML obligations
• Managing queries, complaints, or disputes
• Ensuring the effective operation of our business
• Protecting our legal rights

8. How Long We Keep Personal Data

We retain personal data only for as long as necessary, including:

• Enquirers who do not instruct us: no data retained
• Unsuccessful job applicants: 6 months
• Former employees: 1 year (HR file)
• Financial/transaction records: 6 years
• Client matter files: 6 years from file closure
• Wills stored: retained until executed or lawfully released

Retention periods comply with SRA, HMRC, and statutory obligations.

9. Where We Store Personal Data

• All data is stored securely within the United Kingdom, including within our practice management system LawWare.
• Data is not transferred outside the UK/EEA unless necessary for your case (e.g., immigration entry-clearance applications).
• Where international transfers occur, we ensure:
  • Adequacy regulations, or
  • Appropriate safeguards (model clauses, binding rules), or
  • Your explicit informed consent.

10. Your Rights Under UK GDPR

You have the following rights:

• Access to your personal data
• Correction of inaccurate data
• Erasure (“right to be forgotten”)
• Object to processing based on legitimate interests
• Restriction of processing
• Data portability
• Withdraw consent at any time

Fees

Requests are free of charge unless unfounded or excessive.

Verification

We may request ID to confirm your identity.

Response time

We aim to respond within one month (30 calendar days).

11. Data Security

We apply strict technical and organisational measures, including:

• Secure servers and encrypted storage
• Access control and staff confidentiality obligations
• Regular audits and compliance checks
• Incident response procedures
• ICO breach notification compliance

While no online transmission is fully secure, we take all reasonable steps to protect personal data.

12. Changes to This Privacy Policy

We may update this policy periodically. The latest version will always be published on our website.

13. Contact Details

For questions, concerns, or to exercise your rights, contact:

Data Protection Officer (DPO)
Fidancı Law Ltd
Southgate Office Village
Block B, 2nd Floor
284a Chase Road
London N14 6HF
Tel: 0208 004 1224
Email: info@fidancilaw.com

14. Lodging a Complaint

If you have concerns about how your personal data is handled, please contact us first.
You also have the right to complain directly to the:

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk