Cookies & Privacy

Horwood & James LLP is committed to protecting and keeping confidential all the information that you provide to us, subject to certain legal duties that are explained below. We take your privacy very seriously. Please read this Privacy Policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

When we use your personal data, we are regulated under the UK General Data Protection Regulation (UK GDPR) and we are responsible as ‘controller’ of that personal data for the purposes of the UK GDPR. Our use of your personal data is subject to your instructions, the UK GDPR, other relevant UK legislation and our professional duty of confidentiality.

Key terms

It would be helpful to start by explaining some key terms used in this policy:

We, us, our Horwood & James LLP whose principal office is at 7 Temple Square, Aylesbury, Buckinghamshire, HP20 2QB
Our data protection officer Mr John Reddington

Horwood & James LLP, 7 Temple Square, Aylesbury, Buckinghamshire, HP20 2QB


Tel:  01296 487361

Personal data Any information relating to an identified or identifiable individual
Special category personal data Personal data revealing racial or ethnic origin, health, criminal convictions, sex life or sexual orientation, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data


Information we collect, how we use it, and how long we keep it for

We will only collect information about you if we have a lawful reason to do so. Lawful reasons include performing our contract (where you are our client), where we have a ‘legitimate interest’ (for example, if you are referred to in a matter on which we are advising), and where you have given your permission for us to use your personal information in a particular way (for example, marketing or training updates).

We may collect personal information about you for the following reasons.

  • Providing legal services

We use information about you to provide legal services to our client (this, of course, may also be you). You may have given us this information or it may have been provided by someone else as part of their involvement in the matter.

The information that we hold and process about you will depend on the type of matter we are dealing with. It might simply be your name, address and email address, or may include other personal information such as your date of birth, sensitive personal information such as medical information (for example, if we are dealing with an employment or deputyship/ Power of Attorney case) or financial details (for example, if we are dealing with a trust or will).

We may also have to ask for information about your personal and financial circumstances to assess your ability to pay amounts due which we are instructed to collect or unpaid bills owed to us. This may be necessary to meet our responsibilities under court rules, other regulations and legislation and best-practice guidance issued by industry or professional organisations or to follow our clients’ policies or processes.

We normally keep original file papers for at least six years after we have finished work on a matter, after which we will securely destroy them. If we have electronic copies, we will keep them for at least 6 years after we have finished work on a matter.

We keep our original papers for a longer period if:

  • we are advising or drafting a will (15 years after the death of the will maker);
  • the matter involves land or property (including leases, buying or selling of houses or land) (15 years after end of transaction); or
  • our client tells us to keep our papers for a longer period (up to 15 years). We will meet these requests only if we have a lawful reason to do so.

These files are kept as evidence of the instructions received and the advice given. Identity documentation such as copy passports and source of funds information, such as bank statements, are kept for shorter periods (see “Checking your identity” below).

In addition to ourselves, this information may be held on our behalf by our chosen AML Search provider, presently SearchFlow, who can be contacted at 42 Kings Hill Avenue, Kings Hill, West Malling, Kent, ME19 4AJ and by InfoTrack Finance who can be contacted at Orion Gate 1st Floor, Guildford Road, Woking GU22 7NJ.

Source of funds information will be kept within our locked strong room for up to 9 years, in case of a money laundering investigation necessitating sight of this information.

  • Checking your identity

In some circumstances the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 say that we have to collect proof of identity of our client and certain other people related to them. If we ask you for information for this purpose, we will only use the proof of identity and other personal information you give us as part of this process to prevent money laundering or financing terrorism, unless you later agree to us using it in a different way. We will hold this information for five years after the business relationship with our client ends.

  • Client support

As part of our ongoing support to clients, if we have provided legal services to you we may use your information to update you on changes to the law that relate to the specific matter on which we advised you.

If you do not want to receive this information, please contact or write to the Client Support Team at 7 Temple Square, Aylesbury, HP20 2QB.

  • Marketing

If you have given us permission to do so, we will send you information promoting us and our services. This includes keeping you up to date with news on topics you have opted to receive.

We will not share your information for marketing purposes outside Horwood & James LLP.

You can decide not to receive marketing communications or change how we contact you at any time. If you want to do so, please contact or write to our Marketing Team at 7 Temple Square, Aylesbury, Bucks, HP20 2QB.

If you ask us to not send you marketing emails, we will continue to hold enough information about you to maintain a record of your preference not to receive emails.

We tell other clients and potential clients in general terms (without revealing personal information) about the services we provide. Sometimes they ask for more details on specific examples. If we would like to give these people information specifically about you or the work we carry out for you, we will never do so without asking for your permission.

If you provided information by filling in the general enquiries form on our website, we will use that information to respond to your enquiry and to record and monitor enquiries.

  • Automated decision-making and profiling

Automated decision-making is where a decision is made about you by a computer system without any human involvement. Profiling is the automated processing of personal information to assess certain things about you. We do not use any automated decision-making systems and we do not profile individuals.

  • Recruitment

We will hold any information you have provided on a recruitment application form for recruitment purposes only. We will not pass that information to anyone else without your consent. If your application is unsuccessful, we will hold the information you give us for 12 months, after which time we will delete it.

  • Administration

We also use the information you give us for related purposes, such as:

  • meeting our legal and regulatory obligations;
  • keeping internal records;
  • analysing operational and financial systems; and
  • training and quality control.

Who has access to your information

  • Our client

Our professional obligations mean that we have to share your information with our client if we collect it during the course of a matter we are advising them on.

If we are working with you and another person or organisation on the same matter, (for example, we are acting for your mortgage lender as well as you), or with you on behalf of a another person or organisation (for example, processing an insurance claim in your name on behalf of an insurer), we may have to share information you give us with the other person involved in the matter.

  • Third-party experts and suppliers

When providing our legal services we may need to share your information with:

  • other professional advisers, such as barristers or experts, who we may instruct to advise on our clients’ behalf or who are representing the other side in the case or transaction;
  • the court in matters relating to legal action; or
  • companies or people who carry out typing, photocopying, archiving or other non-legal tasks on our files, or who provide support such as finding missing people or serving court proceedings. All of our suppliers have entered into contracts with us that include terms which protect the information that they hold or process on our behalf.
  • Regulatory purposes and outsourcing

We may need to reveal information about you in other situations to other people, such as:

  • our auditors and the Solicitors Regulation Authority for audit, quality-control and other purposes;
  • our insurers, whether or not you have made a claim against us;
  • our own legal advisers; and
  • regulatory or tax authorities.

Like many businesses, we also outsource some of our computer systems to specialist providers. All of our specialist providers have entered into contracts with us that include terms which protect the information that they hold or process on our behalf.

Cross-border transfers

In the normal course of doing business, we will not transfer any of your information outside of the EEA. However, if we need to use experts or lawyers in other countries, we make sure that appropriate protection is in place to transfer your information securely.

Security precautions

We use a variety of physical and technical measures to keep your information available, safe from loss, accurate, and to prevent unauthorised access to it.

We store electronic data and databases on secure computer systems and control who has access to information (using both physical and electronic means). We use ‘the cloud’, which means that we store client information on servers which we do not own and which are not kept in our offices. We access these servers through secure connections. All of our cloud computing suppliers meet strict requirements for security and confidentiality.

Our staff receive data protection training and we have a set of detailed data protection policies which they must follow when handling personal information.


We have closed-circuit television (CCTV) at our office location. We operate CCTV only for the purpose of the security of our staff, visitors and premises and we have signs which clearly show it is in operation. We keep the images for two months, after which they are automatically overwritten.

CCTV systems are managed and maintained by the Security systems service agent. The system is operated by members of staff we have chosen for this role and by staff of the Security systems service agent.

Cookies and online analysis

Cookies are small text files that websites put on your computer so the site can remember who you are. They contain a unique, anonymous identifier, which is usually a string of letters or numbers.

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website, and also allows us to improve our site.

We use analytical cookies in the form of Google Analytics and Google Tag Manager. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by making sure that users are finding what they are looking for easily. For more information, please view the Google Analytics cookie information page.

These cookies do not identify any person and are used only to track user experience so we can make improvements.

If you failed to choose one of the options when we gave you the cookie notice on entering this website, by continuing to use the site you agree to the way we use cookies.

You can block all cookies by activating the setting on your browser that allows you to refuse the setting of cookies. However, if you do this, you may not be able to access some parts of our site. You can find more information about allowing and disabling cookies at

Your rights

You have the following legal rights.

  • The right to ask us to confirm whether we hold your personal information and, if we do, to get a copy of the information we hold. This is known as a ‘subject access request’. Exemptions, including legal privilege, could mean you may not be entitled to receive all the information we hold on you. We will tell you if there is any information we have not provided and the reason for doing this;
  • The right to have your information erased, although this may not apply if we need to continue to hold or use it for a lawful reason.
  • The right to move your information to another organisation in an electronically readable form.
  • The right to have inaccurate information corrected.
  • The right to object to your information being used for marketing.

Please keep in mind that there are exceptions to the rights above and, although we will always try to respond to your satisfaction, there may be situations where we are unable to do so.

Getting in touch about your rights

If you would like more information on your rights or want to enforce them, please contact our Data Protection Officer by email at or write to him at 7 Temple Square, Aylesbury, Bucks, HP20 2QB.

Keeping your personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

We hope that our Data Protection Officer can resolve any query or concern you may raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at or telephone: 0303 123 1113.

If you are unhappy about any other aspect of our service, you can find our complaints procedure here.

Changes to this privacy policy

This privacy policy was published on 01 May 2018 and last updated on 21 June 2023.

We’ll amend this privacy notice from time to time to make sure it is up to date and accurately reflects how and why we use your personal information. The current version of our privacy notice will always be posted on our website.

How to contact us

Please contact us and/or our Data Protection Officer by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.

Our contact details are shown below:

Our contact details Our Data Protection Officer’s contact details
Horwood & James LLP

7 Temple Square

Aylesbury, Buckinghamshire

HP20 2QB

Mr John Reddington

7 Temple Square, Aylesbury, Buckinghamshire, HP20 2QB


Tel: 01296 487361