SRC Legal Ltd Privacy Notice

Last updated: May 2026

The Data Protection Act 2018 ("DPA 2018") and the UK General Data Protection Regulation ("UK GDPR") impose certain legal obligations in connection with the processing of personal data. SRC Legal Ltd is a controller within the meaning of the UK GDPR.

Our contact details are: SRC Legal Ltd, 2nd Floor, Preston Park House, South Road, Brighton, BN1 6SB. We may amend this privacy notice from time to time. If we do so, we will supply you with and/or otherwise make available to you a copy of the amended privacy notice.

Where we act as a processor on behalf of a controller, we will provide any additional information required by law or our contractual arrangements. That additional information should be read in conjunction with this privacy notice.

Information We Collect From You

Depending on the nature of our relationship with you, we may collect and process the following categories of personal data:

  • identity and contact data, including your name, title, home or business address, email address, telephone number, date of birth and details of the business or organisation you represent;

  • cookies and similar technologies, which may be used on our website to help the site operate properly, improve functionality, remember preferences, understand how visitors use the site and support the security of our online services. You can usually control cookies through your browser settings, although disabling some cookies may affect how the website functions;

  • client due diligence and compliance data, including identification documents, proof of address, beneficial ownership information, source of funds or source of wealth information, sanctions or politically exposed person screening results and other information required to meet our anti-money laundering, fraud prevention and professional compliance obligations;

  • legal, estate and matter information, including information about your family circumstances, assets, liabilities, property, beneficiaries, executors, attorneys, tax position, testamentary wishes, probate matters, trusts, estate administration and other information provided so that we can deliver will writing, probate and other legal services;

  • technical and website usage data, such as IP address, browser type, device information, pages visited and similar information collected when you use our website or online systems;

  • information from other sources, including HM Courts & Tribunals Service, the Probate Registry, HM Revenue & Customs, the Land Registry, banks, professional advisers, identity verification or screening providers, publicly available registers, introducers, your employer or business, and other organisations where necessary to provide our services or comply with legal and regulatory obligations.

Purposes for Which We Will Use Your Personal Data

We process personal data for the following purposes:

  • to enable us to supply will writing, probate, estate planning and other legal services to you as our client;

  • to fulfil our obligations under relevant laws in force from time to time, including anti-money laundering legislation;

  • to comply with professional obligations to which we are subject in connection with the legal services we provide;

  • to use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings;

  • to enable us to invoice you for our services and investigate or address any related fee disputes;

  • to contact you about will writing, probate, estate planning and other legal services we provide which may be of interest to you if you have consented to us doing so.

The Legal Bases for Our Intended Processing of Personal Data

We rely on the following legal bases in order to process your personal data: occasionally we will rely on your consent to process your personal data, but only if we have contacted you beforehand and asked you to agree; the processing is necessary for the performance of our contract with you so that we can deliver will writing, probate, estate planning and other legal services to you; the processing is necessary for compliance with legal obligations to which we are subject; and the processing is necessary for our legitimate interests, such as investigating or defending legal claims, recovering debts owed to us, keeping our client records up to date, and developing our services and growing our business.

If you do not provide the information that we request, we may not be able to provide professional services to you. If this is the case, we will not be able to commence acting or will need to cease to act.

Persons/Organisations to Whom We May Give Personal Data

We may share your personal data with the following persons or organisations where necessary:

HM Revenue & Customs, HM Courts & Tribunals Service, the Probate Registry, the Land Registry and other public authorities or registries where required;

  • any third parties with whom you require or permit us to correspond;

  • subcontractors;

  • an alternate appointed by us in the event of incapacity or death;

  • insurers, including professional indemnity insurers;

  • banks, financial institutions, executors, attorneys, beneficiaries or other persons involved in your matter where appropriate and permitted;

  • our professional bodies, regulators, anti-money laundering supervisors and compliance advisers where applicable;

  • other professional consultants and service providers;

  • the police, law enforcement agencies, courts, tribunals and the Information Commissioner’s Office where the law allows or requires us to do so.

Transfers of Personal Data Outside the UK

Your personal data will be processed in the UK only.

Where We Store Your Personal Data

All information you provide to us is stored on secure systems. Any payment transactions carried out through our website or online systems are intended to be protected using appropriate encryption technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to our site and any transmission is at your own risk. Once we have received your information, we will use appropriate technical and organisational measures, together with strict procedures and security features, to try to prevent unauthorised access.

Data Retention

When acting as a data controller and in accordance with recognised good practice for legal services, we will retain all of our records relating to you as follows:

  • where will writing, probate, estate planning or other legal services have been provided, it is our policy to retain information for as long as is necessary to meet legal, regulatory, professional and insurance requirements and thereafter securely delete or anonymise it in line with our retention policy;

  • where ad hoc legal or estate planning advice has been undertaken, it is our policy to retain information for six years from the date the business relationship ceased, unless a longer period is required by law, regulation, our professional obligations or our insurers;

  • where we have an ongoing client relationship, data needed to provide will writing, probate, estate planning and other legal services is retained throughout the relationship, but will be deleted or anonymised when no longer required in accordance with our legal, regulatory and professional obligations;

  • our contractual terms provide for the destruction of documents after four years and agreement to those terms is taken as agreement to the retention of records for this period and to their destruction thereafter;

  • where we act as a processor, we will delete or return all personal data to the controller as agreed at the termination of the contract.

You are responsible for retaining information that we send to you, such as copies of wills, lasting powers of attorney, probate papers, estate accounts, tax submissions and related correspondence, and this will be supplied in the form agreed between us. You should keep important legal documents and related records for as long as they may be needed for your personal affairs, estate administration, tax compliance or to establish, exercise or defend legal rights.

Your Legal Rights

Under data protection law, you have rights in relation to your personal data, including the right to request access, rectification, erasure, restriction, objection, data portability and, where processing is based on consent, the right to withdraw consent.

Requesting Personal Data We Hold About You (Subject Access Requests)

You have a right to request access to your personal data that we hold. Such requests are known as subject access requests (SARs). Please provide all SARs in writing and include enough detail to enable us to verify your identity and locate the relevant information.

  • your date of birth;

  • previous or other names you have used;

  • your previous addresses in the past five years;

  • personal reference numbers we may have given you, for example your national insurance number, tax reference number or VAT registration number;

  • what type of information you want to know.

  • if you do not have a national insurance number, you must send a copy of the back page of your passport or your driving licence and a recent utility bill.

DPA 2018 requires that we comply with a SAR promptly and in any event within one month of receipt, although in some circumstances the law allows us to refuse access, for example where a similar request has previously been made and there has been little or no change to the data.

You can ask someone else to request information on your behalf, for example a friend, relative or solicitor, but we must have your authority before responding. Where you are a controller and we act for you as a processor, we will assist you with SARs on the same basis.

No Fee Usually Required

You will not usually have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What We May Need From You

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to help us respond more quickly.

Putting Things Right (the Right to Rectification)

You have a right to obtain the rectification of any inaccurate personal data concerning you that we hold. You also have a right to have any incomplete personal data completed. Please inform us immediately if any personal data we hold about you is inaccurate or incomplete so that we can correct it.

Deleting Your Records (the Right to Erasure)

In certain circumstances you have a right to have the personal data that we hold about you erased. If you would like your personal data to be erased, please inform us immediately and we will consider your request. In certain circumstances we have the right to refuse to comply with a request for erasure and, if applicable, we will supply you with the reasons for refusing your request.

The Right to Restrict Processing and the Right to Object

In certain circumstances you have the right to block or suppress the processing of personal data or to object to the processing of that information. Please inform us immediately if you want us to cease processing your information or you object to processing so that we can consider what action, if any, is appropriate.

Obtaining and Reusing Personal Data (the Right to Data Portability)

In certain circumstances you have the right to be provided with the personal data that we hold about you in a machine-readable format. The right to data portability only applies to personal data you have provided to a controller where the processing is based on your consent or for the performance of a contract and where processing is carried out by automated means. We will respond without undue delay and within one month, although we may extend this by a further two months where the request is complex or where we receive a number of requests, in which case we will explain why.

Withdrawal of Consent

Where you have consented to our processing of your personal data, you have the right to withdraw that consent at any time. Please note that the withdrawal of consent does not affect the lawfulness of earlier processing, and even if you withdraw your consent it may remain lawful for us to process your data on another legal basis. If you withdraw consent, we may not be able to continue to provide services where we have previously relied on your consent to do so.

Automated Decision-Making and Profiling

We do not use automated decision-making and profiling in relation to your personal data.

Complaints

If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with the UK GDPR or DPA 2018 in some other way, you can complain to us using the contact details set out in this notice. If you are not happy with our response, you have the right to lodge a complaint with the Information Commissioner’s Office.

Contact

Questions, comments and requests regarding this privacy notice or our use of personal data should be sent to SRC Legal Ltd at 2nd Floor, Preston Park House, South Road, Brighton, BN1 6SB or by email to info@srcadvisory.com.