Call local rate
Mon - Fri 8:30am - 7pm | Sat - Sun 9am - 5pm
Call local rate 0330 383 0319
Mon - Fri 8:30am - 7pm | Sat - Sun 9am - 5pm
Contact us Contact us
You are here: Home » Privacy Policy & Data Protection
Call us: Mon - Fri 8:30am - 7pm, Sat - Sun 9am - 5pm

1.0 Introduction

Stowe Family Law takes the privacy of its clients, website users, prospective clients, job applicants and third parties whose data it processes in connection with family law matters very seriously. Please read the following information carefully. This privacy notice contains information about what data we collect and store, why we collect it, who we share it with, the security mechanisms we have put in place to protect it and how to contact us if you have a question or complaint. If you have any requests concerning your personal information or any queries about these practices, please contact us by e-mail at [email protected] or by writing to our Data Protection Officer (see Section 16).

A note on family law matters: Because we are a family law firm, our work frequently involves information about people other than our direct client — for example spouses, partners, children, alleged perpetrators of abuse, and other family members. Section 3.9 and Section 4A below explain how we handle information about third parties whose data we receive during the course of a matter.

2.0 Who we are

2.1 Stowe Family Law LLP collects, uses and is responsible for personal information about you. When we do this, we are the “controller” of this information for the purposes of the UK GDPR, the DPA 2018 and other applicable data protection laws. We are registered with the Information Commissioner’s Office under registration number Z1081894.

This Policy covers the following domains owned and managed by Stowe Family Law LLP:

2.2 We are committed to safeguarding the privacy of our website visitors, clients, prospective clients, job applicants and other individuals whose personal data we hold. In this policy we explain how we will handle your personal data.

2.3 We will ask you to consent to our use of non essential cookies in accordance with the terms of this policy and our Cookie Policy when you first visit our website.

2.4 We have appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with this policy and for being the principal point of contact for data subjects. The DPO’s contact details are set out in Section 16.

3.0 Personal data collected and why

3.1 In this Section 3 we have set out:

  • the general categories of personal data that we may process;
  • the purposes for which we may process personal data;
  • the lawful basis on which we rely (and, for special category data, the Article 9 condition and corresponding DPA 2018 Schedule 1 condition); and
  • the retention period applicable to each category (see also Section 6).

3.2 Site usage data. We may process data about your use of our website and services (“site usage data”). This may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your use of the site. The sources of this site usage data include a number of analytics, marketing, optimisation and tracking technologies, including:

  • Google Analytics and VWO – used to analyse website traffic, understand how users interact with our website, and improve website functionality and user experience.
  • Google Ads, Bing, Facebook/Meta, LinkedIn, Reddit and StackAdapt – used to measure the effectiveness of our advertising campaigns, deliver targeted advertisements, and understand how users arrive at and interact with our website following marketing activity (including conversion tracking and remarketing where applicable).
  • Ruler Analytics – used to attribute enquiries and calls to marketing sources, including tracking user journeys from website visit through to enquiry or instruction.
  • Webtrends Optimize – used to test and optimise website content and layout to improve usability and performance.
  • Cookiebot – used to manage cookie consent preferences and ensure compliance with applicable data protection and privacy laws.
  • Agentforce/Salesforce – used in connection with chatbot interactions and customer relationship management systems to capture and analyse user engagement and enquiry data.

This data may be processed for the purposes of:

  • analysing the use and performance of our website
  • improving website functionality, usability and content
  • delivering and measuring marketing and advertising campaigns
  • understanding user journeys and conversion behaviour
  • managing user consent preferences

The lawful basis for this processing is your consent (Article 6(1)(a) UK GDPR) where data is collected via non essential cookies or similar technologies. Where limited processing is carried out using strictly necessary technologies (for example, to ensure website security or functionality), the lawful basis is our legitimate interests (Article 6(1)(f) UK GDPR).

3.3 Enquiry data. We may process information contained in any enquiry you submit to us regarding our services (“enquiry data”). This may include your name, email address, telephone number, and any details you provide to support your enquiry, which in a family law context may include information about your relationship, family circumstances, children, finances, health or other sensitive matters. The enquiry data is processed for the purposes of contacting you to discuss the legal services we offer, assessing whether we can act for you, carrying out conflict checks and client due diligence, and (where relevant) opening a matter. The lawful basis for processing non-sensitive enquiry data is our legitimate interests (Article 6(1)(f)) in responding to enquiries and operating our business, and, where you have submitted information via a form or asked to be contacted, the taking of pre-contractual steps at your request (Article 6(1)(b)). Where the enquiry contains special category data, we rely on Article 9(2)(f) UK GDPR (establishment, exercise or defence of legal claims) and, where applicable, paragraph 33 of Schedule 1 DPA 2018 (legal services).

3.4 Client data. Once you instruct us, we process information in our case management system and secure client portal relating to the progress of your legal matter (“client data”). Client data may include your contact details, identification documents obtained for anti money laundering (AML) purposes, your case details, correspondence, financial information, information about your spouse, partner, children and other family members, and your retainer with us. The lawful bases for this processing are the performance of a contract between you and us and/or taking steps at your request to enter into such a contract (Article 6(1)(b)), compliance with a legal obligation to which we are subject — including the Money Laundering Regulations 2017, the Solicitors Regulation Authority (SRA) Standards and Regulations, and applicable court rules (Article 6(1)(c)), and our legitimate interests in the proper administration of our business and the provision of legal services (Article 6(1)(f)).

Because family law matters routinely involve special category data (including information about health, sex life, sexual orientation, and religious or philosophical beliefs) and criminal offence data (for example in matters involving domestic abuse, non molestation orders or care proceedings), we also rely on Article 9(2)(f) UK GDPR (legal claims) and Article 10 UK GDPR as permitted by section 10 and Schedule 1 Part 3 DPA 2018 (legal professional privilege, legal proceedings, and the provision of legal services).

Our use of your information is subject to your instructions, the UK GDPR, the DPA 2018 and our professional duty of confidentiality. We keep information passed to us confidential and will not disclose it to third parties except as authorised by you or required by law. Where, on your instruction, we are working with other professional service providers (such as expert witnesses, counsel, or other professional advisers) we will assume that we may disclose relevant information about your matter to them, but we will seek to confirm this with you in advance where practicable.

3.5 Job application data. We may process information that you provide to us for the purpose of applying for a role at Stowe Family Law (“job application data”), which we process for recruitment purposes only. Your details are held on systems hosted by Teamtailor, which complies with UK GDPR requirements. Our lawful basis for processing your application data is the taking of steps at your request prior to entering into a contract of employment (Article 6(1)(b)) and our legitimate interests (Article 6(1)(f)) in assessing candidates and operating an effective recruitment process. Although you will usually be applying for a particular role, we may review your details against future vacancies. If you would prefer us not to contact you about future vacancies, please email [email protected].

3.5.1 What we collect: Your full name, email and postal address, phone number and other relevant information provided in your CV or application form. We may also obtain data from third parties (including professional networking and social media sites such as LinkedIn) to enhance and personalise your experience and to identify roles that may suit you. Where we use social media in sourcing candidates, we will only access information that you have made publicly available.

3.5.2 How we share your information: Like most organisations we use external suppliers to carry out some aspects of our business, and systems and tools provided or hosted externally. Where personal information is processed by a third party, we carry out due diligence to ensure they will give it the same level of care and protection as we do, and we put in place Article 28 UK GDPR data processing agreements.

3.5.3 Automated decision making: Psychometric assessments provided by Spotted Zebra involve an automated analytical component; however, no decision that produces legal or similarly significant effects concerning you is taken solely on the basis of automated processing. A member of our recruitment team always reviews results and makes the hiring decision. You have the right to request human review of any decision that you believe has been taken on a solely automated basis — see Section 8. Psychometric profiling is carried out at the last stage of the interview process and only with your prior consent.

3.6 Correspondence data. We may process information contained in, or relating to, any communication that you send to us at [email protected] or another firm email address (“correspondence data”). This may include the content of the communication and associated metadata. Our website will generate the metadata associated with communications made using the website contact forms. Correspondence data is processed for the purposes of communicating with you, responding to enquiries and record keeping. The lawful basis is our legitimate interests (Article 6(1)(f)) in the proper administration of our business and communications with users, and, where relevant, Article 6(1)(b) (pre contractual steps) or Article 6(1)(c) (legal obligations including SRA record keeping requirements).

3.7 Contact data. We process “contact data” captured by monitoring activity on our website using third party providers to improve our digital marketing. We may use IP addresses, geolocation data, caller telephone number, voice recordings and transcriptions. Calls to and from our offices may also be recorded for quality, training and regulatory compliance purposes. The lawful basis for call tracking linked to marketing is your consent (Article 6(1)(a)), obtained via our cookie banner. The lawful basis for recording calls for quality, training and regulatory compliance is our legitimate interests (Article 6(1)(f)) and, where applicable, compliance with a legal obligation (Article 6(1)(c)). Where a call contains special category data, we rely on Article 9(2)(f) UK GDPR. You will be informed at the start of a recorded call that the call is being recorded.

3.8 “Louise” — AI Chatbot. Louise is an AI chatbot powered by Agentforce. Stowe Family Law is the data controller of personal data you provide to Louise. We may collect and process the information you provide (such as your name, contact details and the content of your enquiry) for the purpose of responding to your enquiry and discussing our legal services. The lawful basis for this processing is our legitimate interests (Article 6(1)(f)) in providing an efficient initial triage service, and, where the enquiry contains special category data, Article 9(2)(f) UK GDPR. Your data will be retained only for as long as necessary for these purposes (see Section 6) and may be shared with trusted service providers who support our operations under Article 28 data processing agreements. No decision that produces legal or similarly significant effects concerning you is taken solely on the basis of the chatbot’s processing — a qualified member of our team will always review and action any enquiry. You can ask to speak to a person at any time. We will not transfer your data outside the UK without appropriate safeguards (see Section 5).

3.9 Third parties’ personal data. As a family law firm we will inevitably receive personal data about people other than you — for example your spouse or partner, your children, other family members, witnesses, and (in some matters) alleged perpetrators of abuse. Please do not supply personal data about any other person unless you genuinely need to do so in connection with instructing us, or unless we specifically ask you to. Section 4A explains how we handle information about third parties.

3.10 Vital interests. In addition to the specific purposes set out in this Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person (Article 6(1)(d) UK GDPR) — for example, where we receive information suggesting there is a safeguarding risk to a child or vulnerable adult.

3A. Children’s personal data

Because much of our work concerns child arrangements, care proceedings, adoption, surrogacy, special guardianship and fertility matters, we routinely process information about children. We take particular care in doing so.

3A.1 Where children are the subjects of a matter (for example because a child arrangements order is being sought), we process their personal data on the same lawful bases as apply to our adult clients — typically performance of a contract with the instructing adult (Article 6(1)(b)), our legal obligations (Article 6(1)(c)), legitimate interests in providing legal services (Article 6(1)(f)), and, for special category data, Article 9(2)(f) UK GDPR as permitted by DPA 2018 Schedule 1 Part 3.

3A.2 Our website and services are directed at adults and we do not knowingly collect personal data from children under the age of 18 via our website, forms, chatbot or marketing channels. If we become aware that we have inadvertently collected personal data from a child through these channels, we will delete it.

3A.3 We have regard to the ICO’s Age Appropriate Design Code (Children’s Code) in the design of our online services and, in particular, in setting retention periods for files involving children (see Section 6).

3A.4 Where a young person (under 18) has capacity to exercise their own data protection rights, we will engage with them directly in an age appropriate way. Where they do not, rights may be exercised on their behalf by a person with parental responsibility, subject to the child’s best interests.

4.0 Use and disclosure of personal information

4.1 We may disclose your personal data to any member of our group of companies (which means all companies and limited liability partnerships within the Stowe Family Law Holdings Limited group) insofar as reasonably necessary for the purposes set out in this policy.

4.2 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.

4.3 Introducers and referral arrangements. We may receive enquiries, instructions or introductions about potential clients from third party introducers (for example, professional advisers, other legal firms, mediators, or other organisations). Likewise, in some circumstances, we may introduce clients to other regulated professionals or service providers.

Where this happens:

  • We may receive personal information about you from that third party, such as your name, contact details and a brief description of your enquiry.
  • We will use that information only to assess whether we can assist you and to contact you about your enquiry.
  • We will only share your personal information with another organisation where we have a lawful basis to do so and, where required, with your knowledge or consent.
  • If we recommend using another service provider, we will seek your explicit consent before proceeding.
  • Where we make such a referral, the service provider will act as an independent data controller. Once we have shared your information with them (with your consent), they become responsible for how they process and protect your personal data, and their own privacy notice and practices will apply.
  • You may withdraw your consent at any time. Withdrawal will not affect the lawfulness of any sharing that took place before consent was withdrawn, but we will cease any further sharing for this purpose from that point onwards.
  • We will only process personal data that is necessary for the relevant purpose and will take reasonable steps to ensure your information is kept secure.

In some cases, we have arrangements with introducers under which we may pay, or receive, a referral fee or other form of financial benefit if you choose to instruct us or the third party organisation following an introduction. Where such an arrangement exists:

  • We will inform you directly about the nature of the arrangement before you formally instruct us.
  • We will not allow any financial arrangement to affect the way we advise you or the quality of our service.
  • You are under no obligation to proceed with us or with any third party as a result of a referral.

Any referral arrangement we enter into will comply with our professional obligations, including the rules and principles set by the Solicitors Regulation Authority (SRA).

4.4 Processors and other recipients. We use a number of carefully selected third party suppliers to help us operate our business. Where these suppliers process personal data on our behalf, they do so as processors under written Article 28 UK GDPR contracts. The categories of recipient include:

  • case and document management system providers.
  • IT hosting, cloud storage, email, and cyber security providers.
  • telephony, call recording and call tracking providers.
  • website, analytics and marketing technology providers.
  • our AI chatbot platform provider.
  • applicant tracking and assessment providers.
  • banks, payment providers and AML / identity verification services.
  • professional advisers including accountants, insurers and auditors.
  • couriers, scanning and confidential waste disposal providers.
  • regulators, law enforcement and courts where required by law.

4.5 Legal obligations and disclosures required by law. We may disclose personal data where required to do so by law, regulation or order of a court of competent jurisdiction, or where disclosure is necessary for the establishment, exercise or defence of legal claims, or to comply with requests from regulators including the SRA, the ICO, HMRC, the Legal Ombudsman and the National Crime Agency (including reports of suspicious activity under the Proceeds of Crime Act 2002).

4A. Information about third parties

Where we hold personal data about you, but you are not our client (for example because you are the spouse, former partner, family member, witness or other party connected to a matter on which we are instructed), the following information is provided to you under Article 14 UK GDPR.

4A.1 Source of the data. Your personal data will typically have been provided to us by our client, by the court, by another party’s solicitors, by a public authority, or (in limited circumstances) obtained from publicly available sources or specialist tracing services.

4A.2 Categories of data. We may hold your contact details, information about your relationship to our client, financial information (including in financial remedy proceedings), information about your children, and, where relevant, special category data (including health data and information about your sex life) and criminal offence data (including allegations of domestic abuse).

4A.3 Purpose and lawful basis. We may process third party personal data to provide legal services to our client, to advance or defend legal claims, and to comply with our legal and regulatory obligations. Our lawful basis is our legitimate interests (Article 6(1)(f)) in providing legal services and, for special category and criminal offence data, Article 9(2)(f) UK GDPR and DPA 2018 Schedule 1 Part 3 conditions covering legal proceedings, legal professional privilege and the provision of legal services.

4A.4 Rights and restrictions. You have the rights set out in Section 8 in respect of data we hold about you. However, those rights are subject to important exemptions, including where providing information to you would prejudice the ability of our client to bring or defend legal claims, or would breach legal professional privilege. In those circumstances we may decline to confirm or provide data. We will, where possible, explain the basis on which any restriction is applied.

5.0 International transfers of your personal data

5.1 In this Section 5 we provide information about the circumstances in which your personal data may be transferred to countries outside the United Kingdom (a “restricted transfer” under the UK GDPR).

5.2 Stowe Family Law stores all client data on servers located in the United Kingdom. Some of our processors and their sub processors are based outside the UK.

5.3 Where we transfer personal data to a country outside the UK, we ensure that one of the following safeguards is in place:

  • the country is the subject of UK “adequacy regulations” made by the Secretary of State, or is otherwise recognised as providing an adequate level of protection (for example, the EEA and countries benefiting from UK adequacy decisions).
  • the transfer is covered by the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, supported (where appropriate) by a transfer risk assessment.
  • the transfer relies on the UK Extension to the EU–US Data Privacy Framework, where the recipient is a certified organisation.
  • another lawful derogation applies, such as explicit consent or the establishment, exercise or defence of legal claims (Article 49 UK GDPR).

5.4 You may contact our DPO to request details of the countries to which your personal data may be transferred and the safeguards in place.

5.5 You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use or misuse of such personal data by others.

6.0 Retaining and deleting personal data

6.1 This Section sets out our data retention approach, which is designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data, including the storage limitation principle in Article 5(1)(e) UK GDPR.

6.2 Personal data that we process for any purpose shall not be kept for longer than is necessary for that purpose. Our retention periods are set out below. These periods are indicative and may be extended where required by law, by our regulator, or for the establishment, exercise or defence of legal claims.

  • Site usage data — cookies are held in accordance with the durations set out in our Cookie Policy and are refreshed on each visit.
  • Enquiry data — held for a maximum of 18 months from the date of your last contact with us. If the enquiry does not progress to a matter, the personal details supplied will be deleted.
  • Call data — call recordings made for quality, training and regulatory compliance purposes are retained for 3 months. In some instances they form a specific part of a client file or a regulatory investigation, in which case they are retained in line with the file retention period.
  • Client data and correspondence data — we are required to keep our file of papers (except for any papers which you ask to be returned to you) for a minimum of seven years from the conclusion of the matter, in line with SRA and insurance requirements. In matters involving children, files will ordinarily be retained until the youngest child concerned reaches the age of 24, or longer where required (for example in adoption matters). We keep the file on the understanding that we have your authority to destroy it at the end of the applicable retention period, unless you tell us otherwise. We will not destroy documents you ask us to deposit in safe custody.
  • AML / client due diligence records — retained for five years from the end of the business relationship, as required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
  • Job application data — for unsuccessful applicants, retained for 12 months after the end of the recruitment process unless you have consented to longer retention for future vacancies. For successful applicants, your recruitment data will form the basis of your employee record and will be retained in accordance with our internal HR retention schedule.
  • Financial and accounting records — retained for a minimum of six years plus the current financial year, as required by HMRC.

7.0 Your options and consent

7.1 You may instruct us to provide you with any personal information we hold about you (see Section 8 for details of the right of access). To ensure we protect your data from impersonators, we may ask you for reasonable information to verify your identity before responding to a request — typically a form of photographic identification (such as a passport or driving licence) and/or other proportionate evidence.

7.2 We may withhold personal information that you request to the extent permitted by law, including where doing so would prejudice the rights and freedoms of others, breach legal professional privilege, or fall within another applicable exemption.

7.3 You may instruct us at any time not to process your personal information for direct marketing purposes. You can also opt out of marketing communications by using the unsubscribe link in any marketing email, or by contacting [email protected].

7.4 We will only send you marketing communications where we have your consent or where we are otherwise permitted to do so under PECR (for example, where you are an existing client and we have given you a clear opportunity to opt out).

 

8.0 Your rights

8.1 In this Section 8 we summarise the rights that you have under data protection law. Some of the rights are complex, and not all of the detail has been included in our summaries. You should read the UK GDPR, the DPA 2018 and guidance from the ICO for a full explanation of these rights.

8.2 Your principal rights under data protection law are:

8.3 Right of access. You have the right to confirmation as to whether we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned, the recipients of the personal data and the retention period. Provided the rights and freedoms of others are not adversely affected, we will supply a copy of your personal data. The first copy will be provided free of charge; we may charge a reasonable fee based on administrative costs for additional copies or for manifestly unfounded or excessive requests, or refuse to act on such requests.

8.4 Right to rectification. You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

8.5 Right to erasure. In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include where: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent based processing; the processing is for direct marketing purposes; or the personal data have been unlawfully processed. However, there are exclusions from the right to erasure — including where processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the establishment, exercise or defence of legal claims, or where the data is subject to legal professional privilege.

8.6 Right to restriction. In some circumstances you have the right to restrict the processing of your personal data, for example where you contest the accuracy of the data, where processing is unlawful but you oppose erasure, where we no longer need the data for the purposes of our processing but you require it for legal claims, or where you have objected to processing pending verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data but will only otherwise process it with your consent, for legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest.

8.7 Right to object. You have the right to object to our processing of your personal data on grounds relating to your particular situation, to the extent that the lawful basis for the processing is either the performance of a task carried out in the public interest or in the exercise of any official authority vested in us, or the legitimate interests pursued by us or a third party. If you object, we will cease to process the personal data unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

8.8 Right to object to direct marketing. You have an absolute right to object to our processing of your personal data for direct marketing purposes, including any profiling for direct marketing purposes. If you object, we will cease to process your personal data for that purpose.

8.9 Right to object to research processing. You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

8.10 Right to data portability. Where the lawful basis for our processing of your personal data is consent or performance of a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine readable format. This right does not apply where it would adversely affect the rights and freedoms of others.

8.11 Rights in relation to automated decision making. You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. We do not currently make any such solely automated decisions about you.

8.12 Right to withdraw consent. Where our processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.

8.13 Right to complain. If you consider that our processing of your personal data infringes data protection law, you have the right to lodge a complaint with the Information Commissioner’s Office, which is the UK’s supervisory authority. Contact details are in Section 9.

8.14 Exercising your rights. You may exercise any of your rights in relation to your personal data by written notice to our DPO at [email protected] . We will respond to your request within one month of receipt, subject to extensions permitted under the UK GDPR.

9.0 How to make a complaint

We hope that you are happy with our service and that we can resolve any issues or complaints that arise. For data related complaints, please contact our DPO in the first instance (see Section 16). You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection. You can contact the ICO at:

·         Website: https://ico.org.uk/make-a-complaint/

·         Helpline: 0303 123 1113

·         Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Lodging a complaint with the ICO does not affect any other legal remedy that may be available to you.

10.0 Security of your personal data

10.1 We take appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage, in accordance with Article 32 UK GDPR. Our measures include:

  • encryption of data in transit and at rest for client data and other sensitive categories.
  • multi factor authentication and role based access controls on our case and document management systems.
  • regular security testing, vulnerability scanning and patching.
  • staff training on data protection, confidentiality and cyber security, refreshed at least annually.
  • data processing agreements with all suppliers who process personal data on our behalf.
  • business continuity and disaster recovery arrangements.
  • independent assessment and certifications.

10.2 Despite these measures, no transmission of data over the internet can be guaranteed to be completely secure.

11.0 Personal data breaches

11.1 A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

11.2 Where a personal data breach occurs, we will assess the likely risk to affected individuals without undue delay.

11.3 Where a breach is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office without undue delay and within 72 hours of becoming aware of the breach, in accordance with Article 33 UK GDPR.

11.4 Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay in clear and plain language, in accordance with Article 34 UK GDPR, unless an exemption applies (for example, where we have taken steps that render the data unintelligible).

12.0 Cookies

12.1 A cookie is a small file containing an identifier that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may be either “persistent” or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie will expire at the end of the user session, when the web browser is closed.

12.2 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

12.3 We use cookies for the purposes set out in our Cookie Policy, including authentication, session management, personalisation, security, advertising, analytics and cookie consent management. We use Cookiebot to manage cookie consent on our website. You can change your cookie preferences at any time via the “Cookie settings” link on our site.

12.4 We set strictly necessary cookies on the basis of our legitimate interests (and on the basis that they are exempt from the PECR consent requirement). All other cookies (including analytics, marketing and advertising cookies) are set only with your consent obtained via our cookie banner, as required by regulation 6 of PECR.

12.5 We use Google Analytics to analyse the use of our website and Webtrends to understand how users interact with our pages. Call tracking cookies are provided by Ruler Analytics. Full details of the cookies we use, including purpose, provider and duration, are set out in our Cookie Policy.

12.6 Most browsers allow you to refuse to accept cookies and to delete cookies. Blocking all cookies will have a negative impact on the usability of many websites, including ours.

13.0  Links to other sites

Our website may contain links to other sites. Please be aware that Stowe Family Law is not responsible for the privacy practices of those other sites. We encourage you to read the privacy statements of any third party sites you visit. This privacy notice applies solely to information collected by Stowe Family Law as data controller.

14.0 Amendments

14.1 We may update this policy from time to time by publishing a new version on our website. This policy was last reviewed June 2026.

14.2 We will post a notice on our website when we make material changes to this policy. Where the changes affect processing based on your consent, we will seek fresh consent.

14.3 You should check this page from time to time to stay informed about how we protect your personal data.

15.0 Alternative formats

If it would be helpful to have this notice provided in another format, please contact us at [email protected].

16.0 Our details and Data Protection Officer

Stowe Family Law LLP is a Limited Liability Partnership authorised and regulated by the Solicitors Regulation Authority (SRA registration number 469401). We are registered in England and Wales under registration number OC331570. Our registered office and head office is at Clockwise, Yorkshire House, Greek Street, Leeds, LS1 5SH.

We are registered with the Information Commissioner’s Office under registration number Z1081894.

Data Protection Officer contact: [email protected]

General contact:

  • By post: Copthall Bridge, Station Parade, Harrogate, HG1 1TT
  • By telephone: 0330 159 9947
  • By email: [email protected]
  • Via our website contact form
Close

Newsletter Sign Up

Sign up for advice on divorce and relationships from our lawyers, divorce coaches and relationship experts.

What type of information are you looking for? (Optional)


Read about how we use your data in our Privacy Policy. To opt out at any time, select ‘unsubscribe’ in any of our marketing communications, or email [email protected].

Privacy Policy
Close
Close
Close

Podcast:

Please enable marketing cookies to view this content.

Close

Video:

Please enable marketing cookies to view this content.