Privacy Notice


The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data and we are required by law to provide you with information in this respect. We also care about your privacy and wish to ensure that it is protected.

The Privacy Notice applies to all our clients who are individuals but not to corporate clients. We may amend this privacy notice from time to time. Our current Privacy Notice will be available on our website or a copy can be sent to you on request.

Marshalls is a Data Controller within the meaning of the GDPR and the firm’s Data Protection representative is Nathan Dyke. Marshalls does not have a Data Protection Officer.

Changes to this policy

Marshalls may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

The purposes for which we intend to process personal data

We may collect personal information and data from or about you if you are a client, a prospective client, a visitor to our website or a third party who is relevant to the service we are providing to a client e.g. a family member, employer or employee, beneficiary, trustee or another party in a dispute. We may record and retain details of your name, contact details, ID and any other personal data given to us by you or others in connection with the work we are doing and to enable us to advise our clients properly. We intend to process personal data for the following purposes:

  • To enable us to supply professional services to you as our client.
  • To enable us to invoice you for our services and deal with any disputes that may arise in respect of our fees.
  • To comply with professional and regulatory obligations to which we are subject
  • To fulfil our obligations under relevant laws in force from time to time (e.g. the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”)).
  • To use in the investigation and/or defence of potential complaints, disciplinary proceedings and legal proceedings.
  • To contact you about other services we provide which may be of interest to you or to send you details of marketing events (but only if you have consented to us doing so).

Our intended processing of personal data has the following legal bases, some or all of which may apply in your case:

  • The processing is necessary for the performance of our contract with you.
  • The processing is necessary for the performance of a contract of which you are a party or intend to be a party
  • The processing is necessary to enable us to maintain an integrated accounts system
  • The processing is necessary for compliance with legal and professional obligations to which we are subject (e.g. Money Laundering Regulations 2017).
  • The processing is necessary for the purposes of investigating and defending legal claims and any other legitimate business which we are pursuing

It is a requirement of our contract with you that you provide us with the personal data that we request. If you do not provide the information that we request, we may not be able to provide professional services to you. If this is the case, we may not be able to commence acting for you or may need to cease to act for you.

Persons or organisations to whom we may give personal data

We will not share your personal data with anyone without your consent unless it is appropriate or necessary in relation to the work you have asked us to do or where we are obliged to do so in law or by our professional bodies. We may share your personal data without seeking your consent with:

  • HMRC, Companies House, Land Registry, Probate Registry, DWP and other government agencies and bodies
  • Credit reference agencies
  • the hosts running our software systems and our software suppliers
  • the providers of our copying machines and scanners if automatic electronic copies are made by the machine
  • the Solicitors Regulation Authority and other professional bodies
  • our professional indemnity insurers, our professional advisers, our auditors and our external accreditation auditors
  • Anti-Money Laundering Supervisors in relation to practice assurance and the requirements of MLR 2017 or other similar legislation
  • the police and law enforcement agencies
  • courts and tribunals
  • the Information Commissioner’s Office (“ICO”)
  • any third parties with whom you require or permit us to correspond including valuers, financial advisers, stockbrokers, estate agents, surveyors, insurance companies, experts, barristers, private investigators, mortgagees etc.

If you ask us not to share your personal data with any such third parties we may need to cease to act for you.

Electronic communication

The transmission of information via the internet and by email are not completely secure and any electronic communications with us are at your own risk. Please note that we will never notify you of any change in our banking details by email. If you are in doubt about our banking details please call us to check them. We cannot accept any responsibility if you transfer money into an incorrect account.

Transfers of personal data inside and outside the EEA

We do not operate outside the UK. However, we may be required to share your data with persons or organisations outside the UK if this is relevant to the work you have asked us to do for you. This may involve a transfer of personal information from a location within the European Economic Area (EEA) to outside the EEA or vice versa. The level of data protection outside the EEA may be less that within the EEA. Once we have released your personal data to a third party we will no longer have control over it or be able to ensure its safety.

Retention of personal data

When we have completed the work you have asked us to do for you the paper file will be stored on our premises in accordance with the firm’s storage policy. Our Terms and Conditions of Business provide details of the amount of time we normally store files, papers and documents. Electronic storage may be indefinite and this enables us to retrieve information from a closed file that may be useful for you or relevant to you in future. We may retain your personal details in our records indefinitely as this will enable us to check in future if we have acted for you previously and if there are any conflicts of interest. We are required to keep accounting records for any regulatory limitation periods after conclusion of your matter and thereafter such records will continue to be retained by us as part of our integrated accounts system.


We do not currently use Cookies on our website to collect personal information or for advertising purposes. We use Google Analytics to help us improve our website by identifying unique visits to the site, which pages are visited and the time spent browsing. All the data collected by Google Analytics is anonymous. You can opt out of Google Analytics on all websites, including our own, by installing the Google Analytics opt-out browser add-on. Using the Google Analytics opt-out browser add-on will not prevent site owners from using other tools to measure site analytics and will not prevent data from being sent to the website itself or in other ways to web analytics services. Use of our website by you means you agree to this.

Requesting personal data we hold about you (Subject Access Requests)

You have a right to request access to the personal data that we hold for you (these are known as “Subject Access Requests”) although we may need to keep it confidential and not release it to you in certain circumstances. You also have the right to ask us to rectify any information we hold about you or, in certain circumstances, to erase it.

Please send any such requests to Nathan Dyke together with sufficient information to enable us to identify you and your matter/s such as your full name and address (and your previous address if you have moved since we last acted for you) and the matter number if you know it. You may be asked to provide us with proof of identity such as a copy of your passport or driving licence and a recent utility bill or bank statement.

Withdrawal of consent

If we have asked you for specific consent to enable us to process some of your personal data, you have the right to withdraw your consent to this at any time. Please inform Nathan Dyke immediately if you wish to withdraw your consent. Please note that if you withdraw your consent:

  • this does not affect the lawfulness of earlier processing
  • we may not be able to continue to act for you
  • it may remain lawful for us to process your data on another legal basis (e.g. because we have a legal obligation to continue to process your data)


If you have a complaint about the way we have processed your data or if you think we have not complied with the GDPR or the DPA 2018 in any way please contact Nathan Dyke and we will try to put things right. If you are not happy with our response you have the right to lodge a complaint with the ICO (telephone 0303 123 1113

Marshalls Solicitors Details

Marshalls Solicitors,
102 High Street, Godalming, Surrey, GU7 1DS
Tel: (01483) 416101 Fax: (01483) 427265
DX 58354 Godalming 2
VAT reg no 211 4971 86
Solicitors Regulation Authority No 49769