Privacy Policy



1. About this Privacy Notice

This Privacy Notice explains how Baker Stirling collects, uses, stores and shares personal data in connection with the provision of legal services and the operation of its business.

This notice is intended for clients, prospective clients, counterparties, witnesses, experts, suppliers, professional advisers, website users, job applicants and other individuals whose personal data may be processed by Baker Stirling.

For the purposes of UK data protection law, including the UK General Data Protection Regulation and the Data Protection Act 2018, Baker Stirlingis the “controller” of the personal data described in this notice, unless stated otherwise.


2. Our Contact Details

Baker Stirling
Level 1, Devonshire House
One Mayfair Place,
London W1J 8AJ
United Kingdom

Email: james.baker@bakerstirling.co.uk
Telephone: 0207 268 4950
Website: bakerstirling.co.uk
Data protection contact: James Baker - COLP


3. Personal Data We Collect

The personal data we collect will depend on the nature of our relationship with you and the services we provide. It may include:

3.1 Identity and contact details

  • Name;
  • Address;
  • Email address;
  • Telephone number;
  • Date of birth;
  • Job title or position;
  • Organisation or employer details.


3.2 Client and matter information

  • Information relevant to your legal matter;
  • Instructions, correspondence and file notes;
  • Documents and evidence provided to us;
  • Information about your family, business, assets, liabilities or transactions;
  • Court, tribunal, regulatory or dispute-related information.


3.3 Identification and compliance information

  • Copies of passports, driving licences or other identity documents;
  • Proof of address;
  • Source of funds and source of wealth information;
  • Anti-money laundering, sanctions and conflict check information;
  • Politically exposed person status, where relevant.


3.4 Financial information

  • Bank account details;
  • Payment details;
  • Billing and invoice information;
  • Transaction records;
  • Information required for client account management.


3.5 Special category data
Where relevant to the services we provide, we may process special category data, including information about:

  • Health or medical conditions;
  • Racial or ethnic origin;
  • Religious or philosophical beliefs;
  • Political opinions;
  • Trade union membership;
  • Genetic or biometric data;
  • Sex life or sexual orientation.


3.6 Criminal offence data
Where relevant, we may process information relating to criminal allegations, offences, convictions, sentencing, investigations or regulatory enforcement.

3.7 Technical and website data
When you use our website or communicate with us electronically, we may collect:

  • IP address;
  • Browser type and version;
  • Device information;
  • Website usage data;
  • Cookies and similar tracking information;
  • Email metadata.


  • 4. How We Collect Personal Data

    We may collect personal data from:

    • You directly;
    • Your authorised representatives;
    • Other parties involved in a legal matter;
    • Courts, tribunals, public authorities and regulators;
    • Other law firms and professional advisers;
    • Experts, counsel, mediators and investigators;
    • Publicly available sources, including Companies House, HM Land Registry, court records and public registers;
    • Credit reference, fraud prevention, identity verification, sanctions screening and anti-money laundering service providers;
    • Our website, IT systems and communications platforms.


    5. How We Use Personal Data

    We may use personal data for the following purposes:

    5.1 Providing legal services

    • Taking instructions;
    • Advising on legal rights, obligations and options;
    • Preparing documents and correspondence;
    • Conducting negotiations;
    • Representing clients in disputes, transactions or proceedings;
    • Managing client files and matter administration.


    5.2 Compliance and regulatory purposes
    • Conducting client due diligence;
    • Carrying out anti-money laundering checks;
    • Conducting sanctions screening;
    • Checking for conflicts of interest;
    • Complying with professional obligations, including obligations imposed by the Solicitors Regulation Authority;
    • Complying with court orders, regulatory requirements or legal obligations.


    5.3 Business administration
    • Managing client relationships;
    • Issuing invoices and collecting payments;
    • Managing accounting and financial records;
    • Handling complaints;
    • Maintaining professional indemnity insurance records;
    • Managing risk, audit and compliance processes.


    5.4 Communication and marketing
    • Responding to enquiries;
    • Sending service-related communications;
    • Providing updates about legal developments, events or services, where permitted;
    • Managing marketing preferences.


    5.5 Recruitment and employment-related purposes
    Where you apply for a role with us, we may process your personal data to assess your application, conduct interviews, carry out pre-employment checks and manage recruitment records.


    5.6 Website and IT security
    • Operating and improving our website;
    • Monitoring security and preventing fraud;
    • Maintaining backups;
    • Protecting our systems and information.


    6. Lawful Bases for Processing

    We process personal data only where we have a lawful basis to do so. Depending on the circumstances, we may rely on one or more of the following lawful bases:

    6.1 Contract

    Processing is necessary to enter into or perform a contract with you, including providing legal services under our terms of engagement.

    6.2 Legal obligation

    Processing is necessary to comply with legal or regulatory obligations, including anti-money laundering, sanctions, tax, accounting and professional regulatory requirements.

    6.3 Legitimate interests

    Processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. These interests may include:

    • Providing and managing legal services;
    • Managing risk and compliance;
    • Protecting our business, clients and staff;
    • Recovering fees;
    • Maintaining business records;
    • Improving our services and website.


    6.4 Consent

    In limited circumstances, we may rely on your consent, for example for certain types of marketing or where required for specific processing. Where we rely on consent, you may withdraw it at any time.

    6.5 Vital interests

    In exceptional cases, processing may be necessary to protect someone’s life.

    6.6 Public task

    Where applicable, processing may be necessary for a task carried out in the public interest or in the exercise of official authority.


    7. Special Category Data and Criminal Offence Data

    Where we process special category data, we will do so only where permitted by law. The relevant condition may include that the processing is necessary for:

    • The establishment, exercise or defence of legal claims;
    • The provision of legal advice;
    • Compliance with employment, social security or social protection law;
    • Substantial public interest reasons;
    • The prevention or detection of unlawful acts;
    • Protecting your vital interests or those of another person.
    • Where we process criminal offence data, we will do so where authorised by law, including where necessary for legal advice, legal proceedings, regulatory compliance, anti-money laundering checks, sanctions screening, fraud prevention or safeguarding our legal rights.



    8. Who We Share Personal Data With

    We may share personal data with:

    • Courts, tribunals and dispute resolution bodies;
    • Barristers, experts, mediators and other professional advisers;
    • Other parties to a matter and their representatives;
    • Regulators, supervisory authorities and law enforcement bodies;
    • HM Revenue & Customs and other public authorities;
    • Banks and payment service providers;
    • Identity verification, credit reference, sanctions screening and anti-money laundering providers;
    • Insurers, brokers and auditors;
    • IT, cloud hosting, document management and cybersecurity providers;
    • External storage, archiving and shredding providers;
    • Translators, transcription providers, process servers, enquiry agents and other service providers;
    • Debt recovery agents, where necessary;
    • Potential purchasers or successors of our business, subject to appropriate safeguards.

    We will only share personal data where it is necessary and lawful to do so.


    9. International Transfers

    Some of our service providers or professional contacts may be located outside the United Kingdom. Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in place as required by data protection law.

    These safeguards may include:

    • An adequacy regulation made by the UK Government;
    • The UK International Data Transfer Agreement;
    • The UK Addendum to the EU Standard Contractual Clauses;
    • Other safeguards permitted by UK data protection law.


    10. How Long We Keep Personal Data

    We will keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, regulatory, accounting, reporting and professional obligations.

    As a general guide:

  • Anti-money laundering records are usually retained for at least 5 years from the end of the business relationship or completion of the relevant transaction;

  • Financial and accounting records are usually retained for at least 6 years;

  • Recruitment records for unsuccessful candidates are usually retained for 6 months, unless a longer period is justified;

  • Marketing records are retained until you unsubscribe or object, unless a longer retention period is required for compliance purposes.

  • We may retain data for longer where necessary for legal claims, regulatory investigations, complaints, professional indemnity insurance purposes or other legitimate reasons.


11. Security of Personal Data

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

These measures may include:

  • Access controls;
  • Encryption where appropriate;
  • Secure document storage;
  • Staff confidentiality obligations;
  • IT security monitoring;
  • Secure file transfer procedures;
  • Backup and disaster recovery arrangements;
  • Supplier due diligence and contractual safeguards.


12. Your Data Protection Rights

Subject to certain legal conditions and exemptions, you may have the following rights:

12.1 Right of access
You may request a copy of the personal data we hold about you.

12.2 Right to rectification
You may ask us to correct inaccurate or incomplete personal data.

12.3 Right to erasure
You may ask us to delete personal data in certain circumstances.

12.4 Right to restriction
You may ask us to restrict processing of your personal data in certain circumstances.

12.5 Right to object
You may object to processing based on legitimate interests or direct marketing.

12.6 Right to data portability
You may request that certain personal data be provided to you or another controller in a structured, commonly used and machine-readable format.

12.7 Right to withdraw consent
Where we rely on consent, you may withdraw that consent at any time.

12.8 Rights relating to automated decision-making
You have rights in relation to decisions based solely on automated processing that produce legal or similarly significant effects. We do not normally carry out such automated decision-making.


13. Legal Professional Privilege and Confidentiality

Some information we hold may be subject to legal professional privilege or duties of confidentiality. Where applicable, these obligations may affect how we respond to requests for personal data or disclosure. We may withhold information where permitted or required by law, including where disclosure would prejudice legal privilege, confidentiality, regulatory obligations, the rights of others or ongoing legal proceedings.


14. Marketing Communications

We may send you marketing communications where permitted by law, including updates about our services, events or legal developments.

You can opt out of marketing communications at any time by:

  • Clicking the unsubscribe link in an email;
  • Contacting us at [Privacy Contact Email];
  • Updating your communication preferences where available.

  • We will not sell your personal data to third parties for marketing purposes.


    15. Cookies and Website Tracking

    Our website may use cookies and similar technologies. Cookies are small files placed on your device that help websites function, improve user experience and collect usage information. We may use:

    • Strictly necessary cookies;
    • Performance or analytics cookies;
    • Functionality cookies;
    • Marketing cookies, where applicable.

    For more information, please see our Cookie Notice at: [Cookie Notice URL].


    16. Complaints

    If you have a concern about how we have handled your personal data, you may make a data protection complaint to us.

    A data protection complaint may include a concern about how we have collected, used, stored, shared, retained or otherwise processed your personal data, or how we have dealt with a request to exercise your data protection rights.

    You can make a complaint by contacting:
    James Baker
    Baker Stirling
    Level 1, Devonshire House, One Mayfair Place, London W1J 8AJ
    Email: james.baker@bakerstirling.com
    Telephone: 0207 268 4950


    We will acknowledge receipt of your complaint within 30 days. We will then take appropriate steps to investigate the matter and will respond to you with the outcome without undue delay. We may ask you for further information where this is necessary to investigate your complaint or verify your identity. You also have the right to complain to the UK Information Commissioner’s Office.

    Information Commissioner’s Office
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire SK9 5AF
    United Kingdom
    Website: https://ico.org.uk
    Telephone: 0303 123 1113


    17. Changes to This Privacy Notice

    We may update this Privacy Notice from time to time to reflect changes in law, regulation, our services or the way we process personal data.
    The latest version will be available at Website URL / Privacy Notice URL. Where appropriate, we may notify you of significant changes.


    18. Further Information

    If you have any questions about this Privacy Notice or how we process personal data, please contact:

    Baker Stirling
    Level 1, Devonshire House,
    One Mayfair Place,
    London W1J 8AJ
    Email: james.baker@bakerstirling.co.uk
    Telephone: 0207 268 4950