Privacy Notice

Greenwoods GRM LLP (“Greenwoods GRM”) is committed to protecting your personal data. Please read the following privacy statement to understand how we use and protect the information that you provide to us.


Please note that this Statement is the intellectual property of Greenwoods GRM LLP. Replicating it in full, or in materially the same or similar terms may amount to a breach of copyright and other intellectual property rights. If you would like assistance with your privacy policy, please get in touch, we have a team that can help.

Greenwoods GRM LLP (referred to as “Greenwoods GRM”) respects your privacy and is committed to protecting your personal information. Client confidentiality and protection of information is a fundamental feature of our relationship with our clients. As a professional services firm (regulated by the Solicitors Regulation Authority), Greenwoods GRM has specific statutory, common law and regulatory obligations regarding the maintenance of client confidentiality and the protection of personal information.

This Privacy Notice (“Notice”) explains how and why we use personal information, and your related rights and options.

Please read this Notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal information.

The provision of your personal information to us is voluntary. However, without providing us with your personal information, your use of our services or your interaction with us may be impaired. For example, we would be unable to take you on as a new client.

1. Who does this Notice apply to?

As a legal services firm, this Notice applies to the personal information we obtain which identifies and relates to:

  • people who use or enquire about using our services;
  • visitors to our website;
  • job applicants and potential job applicants;
  • complainants;
  • people whose services we use; and
  • third parties whose personal information we need to process in the course of providing our services.

2. People who use or enquire about using our services

We ask for your personal information as it enables us to provide our services to you. To use a basic example, it would not be possible for us to communicate with you in relation to our services without knowing your contact details, which contain your personal information.

The types of personal information we collect in the course of advising and/or acting for you may include:

Personal information we will collect:

  • your name and contact details (postal address, email address and telephone/mobile number);
  • information to enable us to check and verify your identity, e.g. your date of birth or passport details;
  • information relating to the matter on which you are seeking our advice or representation;
  • your financial details so far as they are relevant to the nature of our services which you request, e.g. the relevant source of funds if you are asking for us to help with a purchase transaction;
  • your use of our IT, communication and other systems; and
  • other monitoring information, e.g. if using our secure online client portal or if receiving our email updates.

Personal information we may collect depending on why you have instructed us:

  • your national insurance number and tax details;
  • your bank and/or building society details;
  • details of your professional online presence, such as your company website profile or LinkedIn profile;
  • your employment status and details including salary and benefits;
  • your nationality, immigration status and information from related documents, such as your passport or other identification document;
  • details of your marital status/civil partnership, spouse/partner and dependents or other family members including children;
  • details of your pension arrangements; and
  • your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances.

3. Visitors to our website

Our website uses cookies or other tracking technologies to record visits and engagement with our content and communications. This is useful for us because it can help us to improve how we operate our website, communications and services and, in turn, provide you with a better experience when using our website.

In particular, we use Google Analytics to collect details of visitor behaviour patterns. We do this to find out information which might be useful, such as the number of visitors to the various parts of the site. We also track how effective our email marketing by using tracking pixels.

We do not use this information to identify anyone. The information is collected anonymously and in aggregate and we make no attempt to find out the identities of those visiting our website. Please see our Cookie Notice for more information.

In general, the personal information we collect from website visitors (as well as those who subscribe to our email updates, attend our seminars/webinars or view our other publications) includes:

  • your name, email address and internet service provider address;
  • name of your organisation, your job title and details of your job;
  • information relating to the matter which you contact us about;
  • payment details; and
  • dietary or access requirements.

4. Job applicants or potential job applicants

Within the category of “job applicants” we include individuals applying for vacation scheme placements or work experience. Personal information we may collect includes:

Personal information we will collect:

  • your name;
  • your qualifications; and
  • your work history.

Personal information we may collect (depending on the circumstances of our relationship):

  • your home address, email address and telephone/mobile number;
  • your date of birth;
  • details of your professional online presence, such as current company website profile or LinkedIn profile;
  • details of your personal online presence, such as social media accounts or profiles (depending on your settings);
  • any professional membership details (for example, your registration number with the Solicitors Regulation Authority);
  • details of your marital status/civil partnership;
  • your employment status and details including salary and benefits;
  • your nationality and immigration status;
  • your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs to assist with our internal diversity monitoring procedures and to meet our regulatory requirements;
  • pregnancy and maternity status;
  • trade union membership;
  • information about any disability or health condition you may have;
  • information about criminal offences (or alleged criminal offences) (as part of background checks);
  • your National Insurance and tax details;
  • any interview notes or assessments you may have completed; and
  • references and other information relating to past experience.

5. Complainants

We are committed to providing a high-quality service to all of our clients. However, when you do want to raise a concern with us (which we encourage you to do if you consider it appropriate), we may need to collect personal information in order to administer and respond to that complaint, such as:

  • your name, home address, email address and mobile phone number;
  • information relating to the matter about which you sought our assistance or which are/were subject of our services/relationship; and
  • details of your complaint.

6. People whose services we use

Where we engage individuals or organisations to provide services for us (for example, outsourcing functions such as benefits administration), we may be required to collect and use personal information related to personnel of the service provider in order to facilitate the provision of the service (for example, for the purposes of administrative communication). We may also collect and retain personal information to enable us to evaluate that service.

Any such use of personal information will be governed by contractual terms between us the service provider as well as the relevant provisions of this Notice.

7. “Special category” personal information

Applicable law recognises certain categories of personal information as sensitive and therefore requiring more protection and careful handling, e.g. information about your health, ethnicity, religious beliefs and political opinions.

In certain situations, we may need to collect and/or use these “special categories” of personal information (for example if we were providing you with employment law advice in relation to a discrimination claim; for our own equality of opportunity monitoring purposes or so that we can administer our employment relationship in an effective manner).

We will only collect and use these special categories of personal information if there is a valid reason for doing so, and where applicable law allows us to do so.

8. How we obtain your personal information

We collect the majority of the personal information to which this Notice applies directly from you. However, we may also collect personal information from other sources, such as:

Directly from a third party (consent will be sought where required):

For example:

  • from clients requesting our services (i.e. when your personal information is relevant to the matter about which they seek our assistance);
  • your bank or building society, or other financial institution (for example, to pay our invoices);
  • consultants and other professionals we may engage in relation to your matter (for example, an expert witness in litigation);
  • your employer and/or trade union, professional body or pension administrators;
  • your doctors, medical and occupational health professionals (for example, so that we can put in place appropriate workplace adjustments to ensure equality of access and opportunity); and
  • recruitment agencies.

Via our own or our landlord’s information technology systems:

For example:

  • case management, document management and financial management systems;
  • door entry systems and reception logs; and
  • automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.

Publicly accessible sources:

For example:

  • Companies House;
  • HM Land Registry;
  • Charity Commission; and
  • through social media platforms. Depending on your privacy settings for social media services, we may access information from relevant accounts or profiles – for example when you interact with us on Facebook, Twitter or LinkedIn.

9. How and why we use your personal information

We can only use your personal information where we have a legally recognised justification for doing so, such as:

  • in order to comply with our legal and regulatory obligations;
  • for or in the performance of our contract to provide you with our services, or to take steps at your request before entering into a contract;
  • for our legitimate interests or those of a third party (explained in more detail below); or
  • where you have provided your consent.

We do not share your personal information with any organisations for marketing, market research or commercial purposes other than providing our services.

A “legitimate interest” is when we have a valid operational or commercial reason to use your personal information, so long as this does not pose an excessive impact on your rights to privacy.

We summarise how and why we use your personal information (and the applicable legal justifications) below:

How/why we use your personal information Legally recognised justification
To provide professional services to you, or in relation to you. For the performance of our services contract with you or to take steps at your request.
Conducting checks to verify a person’s identity.  

To comply with our legal and/or regulatory obligations.

Screening for financial and other sanctions or embargoes.
Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, for example under health and safety regulation of rules issued by regulatory bodies who govern our work.
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies which govern our work and services. To comply with our legal and/or regulatory obligations.


For our legitimate interests or those of a third party, for example following our own internal procedures and policies to monitor, scrutinise and improve our services.

Ensuring the confidentiality of commercially sensitive information. For our legitimate interests or those of a third party, e.g. to protect our intellectual property and other commercially valuable information.


To comply with our legal and regulatory obligations, for example anti-money laundering, anti-terrorist financing and anti-insider trading regulations.

Statistical analysis to help us manage our practice, for example our financial performance, client base, work type and equality of opportunity monitoring. For our legitimate interests or those of a third party, for example to consider how we can improve our financial performance moving forward by learning from analysis of relevant statistics.
Preventing unauthorised access / modifications to IT / physical security systems. For our legitimate interests or those of a third party, for example to prevent and detect criminal activity that could cause damage (i.e. financial loss) to both us and you (such as identity fraud).


To comply with our legal and regulatory obligations.

Updating client records. For the performance of our contract with you or to take steps at your request before entering into a contract.


To comply with our legal and regulatory obligations.


For our legitimate interests or those of a third party, for example making sure that we market our services to clients and targets (in compliance with applicable law).

Statutory returns and regulatory returns. To comply with our legal and regulatory obligations.
Administering our working relationship. For the performance of our contract with you or to take steps at your request before entering into a contract.

To comply with our legal and regulatory obligations.

Ensuring safe working practices. To comply with our legal and regulatory obligations.
Promoting our services to existing and former clients, third parties who have expressed an interest in our services and other targets (only ever where allowed under applicable data privacy law). For our legitimate interests or those of a third party, i.e. to promote our business as a way of increasing its profitability.


10. How we use personal information relating to other individuals collected from you

For other individuals:

Due to the nature of our business, we frequently need to collect and use personal information of third parties as part of the service we provide to our clients.

We will not usually inform you that we are processing your personal information in this way and for these purposes, because our use of your personal information will be subject to the “legal professional privilege” exemption from the transparency obligations of applicable law. For the sake of clarity, and in accordance with the same applicable provisions, we are not required to a data subject access request (in part or in full) where the relevant personal information which has been requested is held subject to legal professional privilege.

For you:

In the course of providing our services to you, you may provide us with personal information which relates to and identifies individuals who are not aware of our involvement or of our use of their personal information at all. Examples include:

  • Personal information relating to employees in the course of a corporate acquisition.
  • Personal information relating to key individuals of parties to a dispute.
  • Personal information contained in allegations made about former colleagues by a claimant ex-employee.

In such situations (which, by the nature of our business, are relatively common), it will not usually be appropriate for us to have any direct contact with individuals whose personal information we are using (for example, because we communicate instead with their solicitors). Alternately, it may not be appropriate for us to provide such individuals with this Notice (for example, because it may prejudice the purpose of the services we are providing or to maintain confidentiality).

Before you pass any such personal information to us, please ensure that the relevant individual has received any requisite privacy notices in connection with the performance of our services.

Additionally, please direct any individuals who interact with us on your behalf to this Notice, a link to which is also contained in the footer of all our emails.

11. Marketing and promotional communications

We may collect and use your personal information to send you email updates about industry or legal developments that might be of interest to you, and/or other information about our services, including offers, promotions or new services/products.

As set out in section 9 above, we have a legitimate interest in using your personal information for these purposes. This means we do not always need to obtain your consent to send you marketing and promotional communications. However, we acknowledge that there are situations where consent is needed: in such situations we will ask for consent separately and clearly, and put you under no pressure to provide your consent. If you do provide your consent, you can change your mind and withdraw your consent at any time either by contacting or clicking the unsubscribe link in our emails.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in applicable law, regulation or the structure / operation of our business.

12. Do we share your personal information?

In providing our services, we may need to share your personal information with third parties who assist us in providing those services. Recipients include, but are not limited to:

  • Professional advisers who we instruct on your behalf or who we refer you to (such as barristers, solicitors in foreign jurisdictions, accountants, tax advisers or other experts).
  • Third parties whose expertise/involvement is necessary to carry out your instructions/provide our services (such as mortgage or loan providers, Companies House, HM Land Registry, the Charity Commission, the Information Commissioner’s Office and other relevant third parties.
  • Insurers and insurance brokers (for example in the context of our professional indemnity, employers’ liability and/or public liability insurance).
  • External auditors (for example in relation to security accreditation schemes or the audit of our accounts).
  • Our banks (for example, so that you can pay our invoices or disbursements).
  • Service providers, representatives and agents which we use to make our business more efficient (such as word processing/typing, translation services, discrete areas of law or payroll or benefits administration services).
  • Law enforcement agencies and regulatory bodies (so that we can comply with legal and regulatory obligations which our binding on us).

We will only allow service providers access to personal information which identifies and relates to you if we are satisfied that they take adequate measures to safeguard your personal information. We also impose contractual obligations on service providers to protect your rights to privacy, for example putting them under contractual obligations of confidentiality.

We may need to share personal information with other third parties, such as potential buyers of some or all of our business or during a re-structuring. Where required, we will ensure that any recipient of your personal information would be bound by appropriate confidentiality obligations.

13. Where do we hold your personal information?

All electronic information is held on secure systems belonging to Greenwoods GRM LLP or its chosen partners.

We have in-place appropriate organisational and technical security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.

To provide our services and administer our relationship, we may also need to transfer your personal information to recipients outside the European Economic Area (“EEA”), such as when we work on multijurisdictional matters, when you are located outside the EEA or our service providers use facilities located outside the EEA.

The applicable law of many non-EEA countries does not offer the same protection to you in respect of your personal information in comparison to the UK and EEA. We will, however, take reasonable steps to ensure that any such recipients have in place appropriate and legally binding measures to protect your personal information.

14. How long will we keep your personal information?

We will keep your personal information after our relationship comes to an end. We will do this for one of the following reasons:

  • to respond to questions, complaints or claims;
  • to show that we treated you fairly and in accordance with applicable law;
  • to keep records required by regulatory bodies who govern our work and services (or otherwise as required by applicable law or regulation); or
  • for business management purposes.

We do not keep personal information longer than necessary for the relevant purpose(s) set out in this Notice. We apply different detention periods to different types of personal information, depending on the purpose for which it was collected (usually the nature of the matter about which you seek our assistance). Further details are available on request.

15. Your rights explained

Applicable law gives you certain rights to control how we use your personal information. There are as follows:

Right Explanation
Right to withdraw consent When we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing purposes (including to stop receiving email updates from us).
Right of access You can ask us for confirmation of what personal information we hold which identifies and relates to you, and ask to request copies of documents containing that information. Provided we are satisfied that you are entitled (under applicable law) to see the personal information requested, we will provide you with access to your personal information, subject to any exemptions that apply under applicable law to oblige, or entitle, us to withhold it.
Right of erasure At your request we will delete (and, where appropriate, ask parties with which we have shared your personal information to delete) your personal information from our records as far as we are required to do so.
Right of correction If you believe that our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate or up to date.
Right to restrict use You have the right to ask us to restrict our use of your personal information if there is a disagreement about its accuracy or legitimate usage (until that disagreement is resolved).
Right to object In the following situations, you have the right to object to our use of your personal information:

· where we use your personal information in reliance on the legitimate interests lawful basis (please see section 9 above);

· where we use your personal information for marketing or promotional purposes; or

· where we use your personal information for statistical purposes.

We are then required to stop using your personal information in the manner to which you have objected, unless we can demonstrate a very important reason to continue – except for any objection you make about our use of your personal information for marketing or promotional purposes, in which case we must stop regardless of any important grounds to continue.

Right to portability In certain limited situations, where we process your personal information by automated means, you may ask us to provide that personal information to you or another service provider in a commonly used, machine-readable format.
Automated decision-making You have the right not to be subject to a decision based solely on automated decision-making which involves using your personal information and produces legal or similarly significant effects on you, unless such a decision is:

· necessary to enter into/perform a contract between you and us/another organisation;

· is authorised by EU or UK law to which we are subject (as long as that law offers you sufficient protection); or

· is based on your explicit consent.

Right to complain You are entitled to make a complaint about us or the way we have used your personal information to the data privacy supervisory authority in your home country. In the UK, the supervisory authority is the Information Commissioner’s Office (“ICO”) – Otherwise, here is a list of the other European supervisory authorities.


We may ask you for additional information to confirm your identity for security purposes before actioning any attempt to exercise these rights. Please note that some of these rights only apply in limited circumstances. For further information on these rights and how to exercise them, please contact us using the details in section 19 below.

16. Keeping your personal information secure

We have implemented appropriate security measures to prevent personal information from being accidentally lost or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it (i.e. as part of their job). Those who access and handle your personal information will do so only when authorised by us to do so and are subject to binding duties of confidentiality.

We have also implemented procedures to deal with any data security incident (or suspected data security incident). We will notify you, the ICO or other applicable regulator of any data security incidents where we are legally required to do so. For further information, please contact us using the details in section 19 below.

17. Changes to the terms of this Notice

This Notice was published on 6 August 2020.

We may change this Notice from time to time (for example because there is an update in applicable law). Where we make any significant changes, we will inform you via a notice on our website and within our email footers. Where it is practical and not intrusive, we will notify you directly of any material changes to this Notice.

Nonetheless, we recommend that you review this Notice periodically to remain informed about how we may use your personal information.

We will only notify individuals who are directly engaging with us about these changes. In particular, we will not notify any third parties whose personal information you give us.

18. The COVID-19 pandemic

During the COVID-19 pandemic and in response to UK Government / other authorised body guidance / regulation / law, we may need to collect, use and store more personal information than we normally would (for example, before you attend our premises, we may ask you information about recent travel history, clinical vulnerability or symptoms).

This is because we are under legal obligations to keep our workplace as healthy and safe as possible for all individuals on our premises, and take reasonable and proportionate steps to prevent the spread and transmission of COVID-19.

19. How to contact us

If you have any questions or concerns, please contact Gillian Bassett via the following channels:


FTAO: Gillian Bassett

Monkstone House
City Road


Phone:  +44 (0)1733 887820


Greenwoods GRM is a limited liability partnership registered in England and Wales with registration number OC306912. Our registered office is 1 Bedford Row, London WC1R 4BZ. A list of the members’ names is available for inspection at our offices in Peterborough, Cambridge and London.

Get in touch with us

Interested in finding out more? Use this form to let us know how to contact you and what you’d like to know, and we’ll get back to you.

Alternatively, contact anyone listed on our website direct, they will be happy to hear from you.

  • This field is for validation purposes and should be left unchanged.