Privacy Policy of Tozers LLP and Tozers Trust Corporation Limited.
Introduction
This Policy gives you information about how Tozers LLP and/or Tozers Trust Corporation collect and use personal data belonging to you or your personnel in the context of providing legal services to you or your business, through your use of the firm's website, ParkLaw app, and through any of the other ways we interact. It also relates to our use of any personal data you provide to us by telephone, in written correspondence (including letter and email), by SMS and in person. Please see below for more detail in paragraph 4 below.
Your data will be controlled by the entity of Tozers LLP and/or Tozers Trust Corporation Limited that you have instructed or that is providing services to you or communicating to you and each such entity is regarded as an independent data controller of your personal data.
This Notice applies to Tozers LLP and/or Tozers Trust Corporation and hereafter we will refer to them as Tozers in this document.
We reserve the right to change this Policy from time to time and in such cases, a revised Policy will be posted on our website. Please check back frequently to see any updates or changes to our Policy.
Questions, comments and requests regarding this Privacy Policy should be addressed to privacy@tozers.co.uk for the attention of the Tozers’ Privacy Officer. Alternatively, please phone us on 01392 207020 and ask to speak to the Tozers’ Privacy Officer or write to the Tozers’ Privacy Officer at Broadwalk House, Southernhay West, Exeter, EX1 1UA.
Having considered the governing laws, thus far decisions have been made to not appoint a Tozers’ Data Protection Officer. The person at Tozers responsible for data protection is Barry Hayes; his details can be found within the ‘Our People’ section of our website.
Whose data do we hold?
The people for whom we may hold data about include;
- Clients and prospective clients
- Beneficiaries under a Trust or Will that we are administering
- Suppliers
- Professional experts and barristers
- Complainants and enquirers
- Employees and prospective employees
- Parties involved with a dispute/complaint with one of our clients or prospective clients
What data will we collect?
Personal data means any information about an individual from which that person can be identified.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name, any previous names, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you interact with and use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.
In certain circumstances, our collection of the different categories of data set out above may include the collection of Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We also may collect Criminal Convictions and Offences Data.
We also collect, use and share aggregated data such as statistical or demographic data. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your data concerning your use of our website to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
If any of the personal data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal data about you, please let us know by sending an email to privacy@tozers.co.uk for the attention of the Tozers’ Privacy Officer.
We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
Children’s data
We are sometimes given information about children, for example while handling a complaint or conducting an investigation or when asked to advise on an issue involving a child. We also hold information provided to us directly by children, for example when they have made a complaint or enquiry to us.
The information in the relevant parts of this notice applies to children as well as adults.
Information about other people
If you provide information to us about any person other than yourself, your employees, counterparties, your advisers or your suppliers, you may do so with consent or we may be processing it in line with one of the alternative lawful basis set out below.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of our engagement with you (as set out in our engagement letter and terms of business), and you fail to provide that data when requested, we may not be able to perform the services set out in the engagement letter. In this case, we may have to stop acting/cancel your instructions to us but we will notify you if this is the case at the time.
How your personal data is collected
We use different methods to collect data from and about you including:
- In the process of carrying out work for you (or your business), where we will in almost all instances act as a controller. In very limited circumstances we may act as a processor in which case we will let you know and ensure that an appropriate contract is put in place.
- When we communicate with you by email or other electronic correspondence, by telephone or using video conferencing software. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- make a request for our services;
- create an account on our website;
- subscribe to our publications;
- request marketing to be sent to you;
- sign up to and use our ParkLaw app;
- complete a survey; or
- provide us with feedback.
- Networking (for example, at in-person or virtual events).
- Through your use of our guest Wi-Fi service.
- Otherwise through providing our legal services and operating our business.
We also collect data from and about you via our website:
- Through your actions (for example when submitting a contact form or using our chat service).
- Through automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
- Through third parties or publicly available sources. We will receive personal data about you from various third parties and public sources.
- Technical Data is collected from analytics providers. The app uses analytics from Google Firebase. This is so we can improve the app by seeing which areas are used, and for what purpose although:
- We do not report on any sensitive or identifiable information relating to any user.
- Analytics can be disabled at any time by navigating to the settings section of the app.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services;
- Identity and Contact Data from data brokers or aggregators;
- Identity and Contact Data from publicly available sources such as Companies House, social media platforms, and the Electoral Register based inside the UK;
Lawful basis for processing
The law requires us to have a lawful basis for collecting and using your personal data. We rely on one or more of the following lawful bases:
- Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
- Legitimate interests: Where it is necessary for our legitimate interests as a legal services provider (or those of a third party) and your interests and fundamental rights do not override those interests. These legitimate interests include our interests in managing our relationship with our clients, prospective clients and their staff, hosting clients and others at our offices, hosting virtual and in-person events and ensuring appropriate standards and compliance with policies, practices or procedures. In relation to an opponent/potential opponent in litigation, we have a legitimate interest in the conduct of this claim on behalf of our clients.
Legal obligation: Where we need to comply with a legal obligation to which we are subject. Our overall purpose in processing any personal data we hold in relation to our clients’ opponents in litigation/potential litigation is compliance with our obligations in respect of case management and the proper conduct of the case as well as our legal obligations as lawyers to our clients and to courts / tribunals.
- Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.
- Where processing of "special category data" is necessary in the context of legal claims or where another legal ground other than explicit consent is available to us under relevant data protection legislation.
- Where our legal services require us to process "special category data" and where we have obtained your explicit consent to do so. If we seek and obtain your consent, you may withdraw it at any time by you advising the Tozers’ Privacy Officer.
- Vital interests: Where we need to protect someone’s life.
- Public task: Where processing is necessary for the performance of a task carried or in the public interest or in the exercise of official authority vested in the controller.
How will we use your data?
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the lawful bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
| Purpose / Use | Type of data | Lawful basis |
|---|---|---|
| To check whether we can act for you as a new or existing client or act across from you as a counterparty or other third party on a matter involving a new or existing client, and carry out all of our regulatory compliance requirements, including conflicts of interest, anti-money laundering, anti-terrorism, sanctions, fraud and background screening |
|
|
| To deliver our services to you including engaging service providers, managing payments, fees and charges and collecting and recovering money owed to us |
|
|
| To manage our relationship with you which will include notifying you about changes to our terms or privacy policy |
|
|
| To enable you to complete a survey |
|
|
| To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
|
|
| To deliver relevant website content to you and measure or understand the effectiveness of the marketing we provide to you |
|
|
| To use data analytics to improve our website, ParkLaw app, products and services, marketing, customer relationships and experiences |
|
|
| To make suggestions and recommendations to you about services that may be of interest to you |
|
|
| ParkLaw app |
|
The app may use third-party services that collect information used to identify you; third-party service providers used by the app include: |
| Legal advice and litigation |
|
|
| To correspond with you using our online chat service |
|
We may collect your personal data through our online chat service, provided in partnership with and HubSpot. |
Direct Marketing
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services may be relevant for you (we call this marketing).
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us, purchased services from us, or if you provided us with your details when you entered a competition, registered for a promotion, or signed up at an event, in each case, you have not opted out of receiving that marketing.
We collect your personal data for our email marketing service in partnership with Hubspot. The data that we collect, how we use it, how we hold it, and who we share it with matches the information laid out in the rest of this document. All persistent data is encrypted, and stored safely and securely to ensure your privacy is respected. Your sensitive data is not transferred to the email provider’s server, it is controlled by the entity Tozers LLP and/or Tozers Trust Corporation Limited.
If you would like to see the data we have collected about you through our email marketing system, manage that data, or opt out of future marketing, then please contact privacy@tozers.co.uk.
ParkLaw app and notifications
The app can receive push notifications. You can choose to receive notifications based on interest, and disable them if you wish.
- Notifications can be disabled when logging into the app for the first time
- Notifications can be disabled at anytime by navigating to the settings section of the app
- Notifications can be disabled at anytime outside of our app using your devices operating system
Third-party marketing
We do not provide your personal data to third parties in order for them to market their services to you.
Opting out of marketing
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of services we are providing to you.
Who will we share your information with?
We will keep your personal data within the organisation except where disclosure if required or permitted by law or when we use third party service providers (data processors) to supply and support our services to you.
In some circumstances we are legally obliged to share information. For example, under a court order or where we cooperate with other authorities in handling complaints or investigations. We might also share information with other regulatory bodies in order to further their, or our, objectives. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.
We may share your data with:
- External Third Parties such as:
- Barristers
- Medical Experts
- Mediators
- Solicitors
- Process Servers
- Courts and Tribunals
- Healthcare professionals, Social and Welfare organisations
- Certainty The National Will Register
- Lexcel/ISO Assessors
- HM Revenue and Customs
- Credit Reference Agencies
- Fraud Prevention Agencies
- Regulators and other like Authorities
- Human Resources Experts
- Accountants and Banks
- Online Payment Providers
- Administration and General Business Support Providers such as It support services, email providers, and transcription service providers
- Specific third parties listed in the table above.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
How long will we keep your information for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for Tozers to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data: see below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
If you want to learn more about our specific retention periods for your personal data established in our retention policy you may contact the Tozers’ Privacy Officer.
Upon expiry of the applicable retention period we will destroy your personal data in accordance with applicable laws and regulations.
Transfers to third countries
We may transfer your personal data to service providers that carry out certain functions on our behalf. This may involve transferring personal data outside the UK to countries which have laws that do not provide the same level of data protection as the UK law.
Whenever we transfer your personal data out of the UK to service providers, we ensure a similar degree of protection is afforded to it.
Normally this will be for the performance of your contract with us or for the exercise or defence of legal claims on your behalf. Sometimes we may transfer for other reasons and we will ensure that appropriate safeguards are in place at all times.
Data Security
Using appropriate technical and organisational measures, we shall ensure that all the information you provide to us is kept secure.
In the event of a personal data breach, we have in place procedures to seek to ensure that the effects of such a breach are minimised and as appropriate we shall liaise with The Information Commissioner and you.
Any transmission of personal data from you to us before it reaches us is at your own risk.
This reflects the fact that the transmission of information via the internet is not completely secure.
What rights do you have?
You have rights under data protection laws in relation to your personal data to:
- Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the lawful basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
- You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes (see Opting out of above for details of how to object to receiving direct marketing communications).
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data (see the table above for details of when we rely on your consent as the lawful basis for using your data). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
- If you want us to establish the data's accuracy;
- Where our use of the data is unlawful but you do not want us to erase it;
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
You may, at any time, ask for the exercise of any of the above rights, by contacting us together with a proof of your identity, i.e. a copy of your ID card, or passport, or any other valid identifying document.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Cookies
In order to facilitate use of this website, we use ‘cookies’. A cookie is a small text file sent by our server to a user’s web browser which enables the server to collect information from the browser. This helps us to monitor the use of the website and users’ browsing patterns, to build up a demographic profile and to review, improve and customise the website’s content and layout (on the basis of data which is totally anonymous and cannot be linked to an individual user). It also assists you to use this website more efficiently (for example, by ensuring your computer is in the same session while you browse from page to page and enabling you to change your personal details easily and to complete more than one form on the website without re-entering your details).
There are two types of cookies – ‘session cookies’ which remain in the cookie file in a user’s browser during the session but are erased once the browser is closed; and ‘persistent cookies’ which remain on a user’s hard drive for an extended period (although they can be removed by the user – see https://support.microsoft.com/en-us/help/260971/description-of-cookies).
When a user accesses the website, information will be temporarily stored in a cookie until the session has been completed (a session cookie). For more information about the cookies used on our site see our Cookies Policy.
Complaints
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to the privacy policy and you duty to inform us of changes
We keep our privacy policy under regular review. This version was last updated on 21 October 2025.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address
Third party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
October 2025