privacy policy & cookies

important information and who we are

Mullenders Solicitors respects your privacy and takes its obligations under the General Data Protection Regulation (GDPR) and Data Protection Act 2018 very seriously. When you submit enquiries on our website, we will necessarily ask that you provide personal data to us to allow us to contact you regarding your enquiry. We will treat this information in the strictest confidence and will never pass information on to third parties without your prior permission or unless ordered to do so by Statute, Statutory Instrument or other secondary legislation.

Mullenders Solicitors is a controller and processor under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

whose data do we hold?

We may hold data about you

  • Clients, customers and prospective new clients,
  • Suppliers and service providers
  • Advisors, consultants and other professional experts
  • Complainants and enquirers.


what data do we collect?

We will or may collect the following information in the course of advising and/or acting for you

  • Your name address and telephone number
  • Information to enable us to verify your identity
  • Electronic contact details
  • Information relating to the matter in which we are advising and/or acting for you
  • Information about your use of our IT systems


Most of this information will be collected from you directly but we may also obtain information from the following sources

  • from publicly accessible sources, e.g. Companies House or HM Land Registry.
  • from a third party with your consent, e.g. your bank or another financial advisor
  • consultants and other professionals we may engage in relation to your matter
  • your employer and/or trade union, professional body or pension administrators
  • your doctors, medical and occupational health professionals
  • via our website – we use cookies on our website (for more information on cookies, please our website for our cookies policy)
  • via our information technology(IT) systems, e.g :case management, document management and time recording systems
  • automated monitoring of our website and other technical systems, such as our computer networks and connections, communications systems, email and instant messaging systems.

special category data

Through legal instructions we may collect personal data revealing racial or ethnic origin, criminal convictions, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data and data concerning health, sex life or sexual orientation. Information needed for equal opportunities monitoring policy and other special categories of information relating to those categories listed above will only be collected if we obtain your explicit consent to those activities unless this is not required by law or the information is required to protect your health in an emergency. Where we are processing data based on your consent, you have the right to withdraw that consent at any time.

basis for processing data

The basis on which we process your personal data is one or more of the following:

  • It is necessary for the performance of our contract with you
  • It is necessary for us to comply with a legal obligation
  • It is in our legitimate interest to do so
  • You have given us your consent (this can be withdrawn at any time)


who we share your personal information with

We routinely share personal data with:

  • professional advisors who we instruct on your behalf or refer you to, e.g. barristers, Courts and Tribunals, medical professionals, healthcare professionals, accountants, tax advisers or other experts.
  • other third parties where necessary to carry out your instructions, e.g. legal professionals, your mortgage provider, estate agent or HM Land Registry in the case of a property transaction or Companies House or HM Revenue and Customs.
  • our insurers and brokers
  • external auditors, e.g. in relation the audit of our accounts.
  • our banks
  • external service suppliers, representatives and agents that we use to make our business more efficient


We will also share personal data where we need to comply with a legal or regulatory obligation. We will share personal information with law enforcement or other authorities if required by applicable law.

Where you authorise us we may also disclose your information to your family, associates and other representatives. We may disclose your information to debt collections agencies if you do not pay our invoices. As a business, we may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, for administrative purposes or for reporting potential crimes.

If in the future we intend to process your personal data for a purpose other than that for which it was collected, we will provide you with information on that purpose and any other relevant information. You have the right to withdraw consent to any marketing at any time by contacting us.

how long will your data be stored for?

By law we have to keep basic information about our clients (including Contact, Identity, Financial and Transaction Data) for 6 years after they cease being clients for tax purposes. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. For new enquirers or prospective new clients, we will hold your information for a maximum of 1 year.

security arrangements

We shall ensure that all information that you provide is kept secure using appropriate technical and organisational measures. In the event of a personal data breach we have in place procedures to ensure that the effects of such breach are minimised and we shall liaise with the ICO and with you as appropriate.

your legal rights

Under certain circumstances, you have rights under data protection laws with regards to your personal data under the GDPR and the Data Protection Act 2018:

  • Right to be Informed
  • Right of Access
  • Right to Rectification
  • Right to Erasure
  • Right to restriction of Processing
  • Right to Data Portability
  • Right to Object
  • Rights concerning automated decision making and profiling.


right of access

You have the right to see information we hold about you.

To access this information you need to provide a written request in writing to our Data Protection Officer together with proof of identity. We will usually process your request free of charge and within 30 days, however we reserve the right to charge a reasonable administration fee and to extend the period of time by a further two months if the request is manifestly unfounded or vexatious and/or is very complex.

Full details are available in our Data Subject Access Policy which is available on request from the Data Protection Officer.

right of erasure

You have the right to ask us to erase your data in certain cases (details can be found in Article 17 of the GDPR).

We will deal with your request free of charge and within 30 days but reserve the right to refuse to erase information that we are required to retain by law or regulation, or that is required to exercise or defend Legal claims.

withdrawing consent

If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.

how to complain

If you are unhappy about how we have used your information or responded to a request then initially you should contact us at This email address is being protected from spambots. You need JavaScript enabled to view it.. If your complaint remains unresolved or you do not believe that we have complied with the requirements of the GDPR or DPA 18 with regard to your personal data, you should contact the Information Commissioners Office; details are available at Telephone 0303 123 1113.

our contact details

Mullenders Solicitors is the controller and processor of data for the purposes of the GDPR and DPA 18. If you have any concerns as to how your data is processed you can contact:

Roger Mullender, Data Protection Officer, Mullenders Solicitors, 2nd Floor, Dome Building, Richmond, Surrey TW9 1DT or email This email address is being protected from spambots. You need JavaScript enabled to view it.

changes to our privacy policy

Any changes to our Privacy Policy in the future will be posted to this site and, where appropriate we will notify you via email.

cookies information and guidance cookies

Cookies are small amounts of information which we store on your computer. They help us provide a better website and make it easier for you to log on to and use the site during future visits. They also allow us to monitor website traffic and to personalise the content of the site for you. You may set up your computer to reject cookies although, in that case, you may not be able to use certain features on our site.

There is further information regarding cookies and what they do at

NOTE! This site uses cookies and similar technologies.

Our website uses Cookies to help improve your experience.
If you continue to use this site, you are agreeing to our use of Cookies.