Privacy & Cookies Policy - Jonathan Lea Network
Logo
+44 (0)1444 708 640
wewillhelp@jonathanlea.net
CLOSEMENU

Privacy & Cookies Policy

Home / Privacy & Cookies Policy

Privacy & Cookies Policy

1. Introduction

  1. Purpose of this Notice

This Privacy Notice explains how Jonathan Lea Limited (“we”, “us”, “our”) collects, uses, stores, shares and protects your personal data when:

  1. you visit our website(s);
  2. we provide legal services to you;
  3. you make an enquiry or correspond with us;
  4. we receive your data because you are involved in a matter (e.g., opponent, witness, third party); or
  5. you apply for a role with us.

1.2 Legal Framework

This Notice is provided in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, PECR, and relevant SRA Standards and Regulations.

1.3 Supplementary Notices

This Notice supplements any other privacy or fair-processing notices we may issue and is not intended to override them.

1.4 Children

This website is not intended for children, and we do not knowingly collect data relating to children.


2. Who We Are

2.1 Controller Details

Jonathan Lea Limited
Registered Office: Commerce House, 21 Perrymount Road, Haywards Heath, West Sussex, RH16 3TW
Telephone: 01444 708 640
ICO Registration Reference: ZA533556

2.2 Data Protection Manager (DPM)

Name: Alice Roseman
Email: alice.roseman@jonathanlea.net

2.3 Complaints

You may contact the UK’s supervisory authority, the Information Commissioner’s Office (ICO), at www.ico.org.uk.

Concerns relating to our professional conduct may also be raised with the Solicitors Regulation Authority (SRA) at www.sra.org.uk.

 

3. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review the privacy notices of any websites you visit.


4. Categories of Personal Data We Process

4.1 Client & Matter Data

Identity details, contact details, financial information, instructions, correspondence, evidence, and matter-related documentation.

4.2 Special Category & Criminal Offence Data

We may process:

  1. health data;
  2. racial or ethnic origin;
  3. religious or philosophical beliefs;
  4. sexual life or orientation;
  5. trade union membership;
  6. genetic or biometric data (e.g., ID verification);
  7. criminal convictions, offences, allegations.

Processed only where strictly necessary and under:

  • UK GDPR Art. 9(2)(f) (legal claims), Art. 9(2)(g) (substantial public interest);
  • DPA 2018 Sch. 1 paras 2, 5, 10–14;
  • Legal Professional Privilege (LPP) where applicable.

4.3 Website & Marketing Data

IP address, cookies, analytics data, device information, marketing preferences.

4.4 Third Party Data

Opponents, witnesses, experts, referrers, professional contacts, company officers/shareholders.

4.5 Recruitment Data

CVs, qualifications, interview notes, references, right-to-work documents.

 

5. How We Obtain Your Data

5.1 Direct Sources

Meetings, calls, emails, forms, questionnaires, online enquiries.

5.2 Indirect Sources

Clients instructing us about you, opponents, counsel, experts, regulators, referrers, AML/KYC providers, recruitment agencies.

5.3 Public Sources

Companies House, Land Registry, HMCTS, electoral registers, professional directories, social media.

5.4 Website Technologies

Cookies, analytics, security logs and plug-ins.

 

6. Purposes and Legal Bases for Processing

6.1 Core Purposes

We process personal data for the following purposes:

Purpose Legal Basis (UK GDPR Art. 6) Special Category/Criminal Basis (UK GDPR Art. 9/DPA Sch 1)
To provide legal services and take instructions Performance of a contract; Legitimate interests; Legal claims Art. 9(2)(f) Legal claims; DPA Sch 1, para 5
To conduct litigation, negotiations, transactions Legal obligation; Legal claims; Legitimate interests Art. 9(2)(f) Legal claims; DPA Sch 1, para 5
AML/KYC, sanctions checks, anti-fraud Legal obligation  DPA Sch 1, para 12; DPA Sch 1, para 14
File opening, conflict checks, risk management Legal obligation (SRA Rules); Legitimate interests DPA Sch 1, para 5
Billing, payment, accounting Legal obligation (Tax/Accounting laws); Performance of a contract Not usually applicable (NA)
File archiving and retention Legal obligation (SRA Rules); Legitimate interests (future legal claims) Art. 9(2)(f) Legal claims; DPA Sch 1, para 5
Marketing communications Legitimate interests (for existing clients); Consent (for new contacts) NA
Operating, securing and improving our website Legitimate interests (non-essential cookies require consent) NA
Recruitment & onboarding Performance of contract (pre-contractual steps); Legal obligation (right to work) DPA Sch 1, para 1 (Employment Law)

6.2 Legitimate Interests

Where we rely on legitimate interests, these include: operating and improving our business, performing legal services, preventing fraud, defending legal claims, and maintaining accurate records. 


7. Sharing Your Personal Data

7.1 Recipients

We may share your data with:

  • barristers, advocates and experts;
  • courts and tribunals;
  • regulators (SRA, HMRC, NCA, FCA);
  • opposing solicitors;
  • accountants and auditors;
  • professional indemnity insurers;
  • AML/KYC service providers;
  • cloud hosting and IT providers;
  • banks and payment processors;
  • authorities where legally required.

7.2 No Sale of Data

We do not sell your personal data.

7.3 Processors

All processors must follow our instructions and comply with confidentiality, security and data protection obligations.

 

8. International Transfers

8.1 Safeguards

Where data is transferred outside the UK, we implement appropriate safeguards:

  1. UK International Data Transfer Agreement (IDTA);
  2. UK Addendum to the EU Standard Contractual Clauses;
  3. UK adequacy regulations;
  4. Transfer Risk Assessments (TRAs)

 

9. Data Security

9.1 Measures

We implement appropriate technical and organisational measures, including:

  1. encryption and secure communication;
  2. access controls and multi-factor authentication;
  3. staff data protection training;
  4. secure storage and disposal;
  5. monitoring and audits;
  6. incident response procedures;
  7. secure remote-working protocols.

 

10. Data Retention

10.1 Retention Periods

Category Typical Retention
Client matter files 6–15 years depending on the matter type and associated limitation periods 
Deeds / wills / trust documents Indefinitely or per client instructions
AML/KYC records 5 years after the business relationship ends
Marketing data Until consent is withdrawn or after 24 months dormancy
Recruitment records 12 months after the position is filled
Financial records 6 years

A full retention schedule is available on request.

 

11. Your Rights

11.1 Available Rights

You have the right to request:
a) access;
b) correction;
c) erasure;
d) restriction;
e) objection (including marketing);
f) portability;
g) withdrawal of consent.

11.2 Verification

We may request identification to verify your request.

11.3 Response Times

We aim to respond within one month extendable where requests are complex.

11.4 Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

 

12. Legal Professional Privilege & Exemptions

12.1 Exemptions

We may restrict rights requests where disclosure would:

  1. breach legal professional privilege;
  2. prejudice legal proceedings or legal claims;
  3. hinder crime prevention or detection;
  4. disclose third-party confidential data;
  5. prejudice negotiations or regulatory obligations.

We will explain exemptions unless doing so would undermine legal requirement

 

13. Cookies

 13.1 What Are Cookies?

Cookies are small text files placed on your device that store information about your browsing activity. They help us operate and improve our website.

13.2 How We Use Cookies

We use:

  • Strictly necessary cookies – required for core site functionality
  • Preference cookies – remember your settings (consent required)
  • Analytics cookies – help us improve the site (consent required)
  • Marketing/advertising cookies – used for targeted advertising (consent required)
  • Social media pixels – including Meta/Facebook Pixel (consent required)

You can change your preferences at any time using the “Cookie Settings” link on our website.

Non-essential cookies (including analytics, marketing and social media pixels) will only be set when you provide consent via our cookie banner.

13.3 Third-Party Cookies

Third parties may place cookies when you interact with our site (e.g., analytics providers, advertising networks). We cannot control these cookies.

13.4 Specific Cookies We Use

Below is a list of cookies commonly used on our website, including their purpose, category and retention period.

Cookie Name Provider Purpose Category Expiry
PHPSESSID First-party Maintains user session on the website Strictly Necessary Session
wfvt_* Wordfence or similar security plugin Tracks user session for bot/human verification Strictly Necessary Session / ~24h
wordfence_verifiedHuman Wordfence or similar Confirms visitor is human (security) Strictly Necessary ~24h
_ga Google Analytics Distinguishes users and sessions Analytics 2 years
_gid Google Analytics Distinguishes users within 24 hours for stats Analytics 24 hours
_gat / _ga_throttle Google Analytics Used to throttle request rate Analytics ~1 minute or session
_fbp Meta / Facebook Delivers ads and tracks visitor across sites Marketing 90 days
fr Meta / Facebook Ad delivery and retargeting Marketing 90 days
IDE Google / DoubleClick Targeted advertising across websites Marketing 1 year
test_cookie Google / DoubleClick Checks if browser supports cookies Marketing ~15 minutes

 

14. Updates

This Privacy Notice is reviewed annually or whenever significant changes are made to data processing activities.

Latest version: November 2025

Request a Free No Obligation 20 Minute Call

This introductory call is to discuss your matter so we can provide a well-considered quote.

 

However, please be aware that the free 20 minute call is at our discretion. If you are more looking for advice and guidance on an initial call, we may instead offer a one-hour fixed fee appointment instead.

 

Our fixed fee appointments are between £250 plus VAT to £350 plus VAT* depending on the complexity of the issues and seniority of solicitor taking the call

Name(Required)
Newsletter consent
×
Get In Touch

Contact Us

In need of legal guidance? How can we help?

Name(Required)
Newsletter consent