This Policy explains the types of personal data that Crane & Staples may collect about you when you interact with us. The policy also explains how we will store, handle and protect this data in accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

Crane & Staples may change this policy by updating this page. Please check this page from time to time, to ensure you are aware of any amendments.

We require this information to understand your needs and provide you with a better service. The current data protection law sets out the different reasons why a law firm may collect your personal data. These include:

Contractual obligations

The main purpose for holding your data is to provide you with legal services under the agreement we have with you. This agreement is a contract between us. The law allows us to process your data for the purposes of performing a contract (or for the steps necessary to enter in to a contract).

Legitimate Interests

In certain situations, we may require your data to pursue our legitimate interests, as part of running our business and keeping internal records, and keeping you informed about matters concerning the firm or the law. This does not impact your rights, freedoms or interests.

Legal compliance

If the law requires us to, we may need to collect and process your data. For example, information required by audits or investigations by regulatory bodies.


In some situations, you may consent to us collecting and processing your data.

When do we collect your data?

We normally collect your data when you provide it to us or when it is provided to us by others (Companies House, HM Land Registry, other solicitors for example) during your case. You may give us your data by email; through an online web form; over the telephone; face to face; or by post.

What sort of data do we collect?

How do we protect your data?

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

We take protecting your data very seriously. The data you give us may be subject to Legal Professional Privilege and is often extremely sensitive and confidential.

With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it. We have clear data protection and information security policies and procedures in place (along with Regulatory and other legal obligations to keep your data safe) and these are regularly assessed as part of our compliance processes.

How long will we keep your data?

We will keep your data for as long as necessary for the purpose for which it was given.

The Solicitors Regulation Authority require us to keep client files for a specific time period, depending on the nature of the case. This protects you if you wish to obtain information from that file or have any queries or complaints after your case ends.

When your case is closed, we will inform you how long your file will be stored in our secure archives, before it is safely destroyed.

Who do we share your personal data with?

We sometimes share your personal data with trusted third parties. We only do this where it is necessary for providing you legal services or for the effective operation of our legal practice.

For example, we may share your data with barristers; experts; solicitor agents; translators; interpreters; costs draftsmen; process servers; secure file storage and destruction companies; the SRA, accounts auditors, Lexcel auditors, the Legal Aid Agency etc.

We will only provide other parties with the essential information they need for their services. We ensure that they hold this information securely and do not pass it on.

Where is your data processed?

Your data is stored and processed within the European Economic area (EEA). If we ever have to share your personal data with third parties and suppliers outside the EEA, we will seek your specific consent to do so.

The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway.

What are your rights?

You have rights under the General Data Protection Regulation and these include the right to be informed what information we hold about you. In particular, you have the right to request:

You also have the right to request a copy of any information about you that we hold at any time.

If we choose not to action your request, we will explain to you the reasons for our refusal.

Controlling your personal information

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

You may request details of personal information which we hold about you under the Data Protection Act 1998. If you would like a copy of the information held on you please write to Alistair Williams, Crane & Staples Solicitors, Longcroft House, Fretherne Road, Welwyn Garden City, Hertfordshire AL8 6TU.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

Your right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

Where we rely on our legitimate interest

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

The Regulator

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113 or visit (please note we cannot be responsible for the content of external websites).