GDPR Compliance
Your data protection rights under UK GDPR
ICO Registered Data Controller
Defence Legal Services Ltd is registered with the Information Commissioner's Office (ICO) as a data controller.
ICO Registration Number: ZA198500
Industry-standard encryption and security measures protect your personal data
Full UK GDPR rights including access, rectification, and erasure
Clear information about how we collect, use, and protect your data
1. Right of Access
Request a copy of the personal data we hold about you
2. Right to Rectification
Correct inaccurate or incomplete personal data
3. Right to Erasure
Request deletion of your personal data in certain circumstances
4. Right to Restrict Processing
Limit how we use your personal data
5. Right to Data Portability
Receive your data in a machine-readable format
6. Right to Object
Object to processing based on legitimate interests
Legal Bases for Processing
- Contract: To provide legal services you've instructed us for
- Legal Obligation: To comply with professional and regulatory duties
- Legitimate Interests: To operate our business and improve services
- Consent: For marketing communications (opt-out available)
- Vital Interests: To protect life in emergency situations
Data Minimization
We only collect and process personal data that is necessary for the specific purpose.
Purpose Limitation
We use your data only for the purposes we've told you about and won't use it in ways you wouldn't reasonably expect.
Storage Limitation
We retain data only as long as necessary for legal, regulatory, and business purposes. Legal matter files are typically retained for 6 years after closure.
We implement appropriate technical and organizational measures including:
- HTTPS encryption for all data in transit
- Encrypted storage for sensitive data at rest
- Regular security updates and vulnerability assessments
- Access controls and authentication systems
- Staff training on data protection
- Secure backup and disaster recovery procedures
- Audit logs for accountability
In the unlikely event of a data breach affecting your personal data:
- We will notify the ICO within 72 hours (where required by law)
- We will notify affected individuals without undue delay
- We will provide details of the breach, likely consequences, and mitigation measures
- We will take immediate steps to contain and remedy the breach
To exercise any of your UK GDPR rights, contact us:
Data Protection Enquiries
Email: robertcashman@defencelegalservices.co.uk
Phone: 01732 247427
Please include "GDPR Rights Request" in the subject line
We will respond within one month of receiving your request. This may be extended by up to two months for complex requests.
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk/make-a-complaint
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Our ICO registration number: ZA198500
We encourage you to contact us first so we can try to resolve your concern directly.
Questions About Your Data?
For more information about how we handle your personal data, see our full Privacy Policy