24hr line (Crime)   07596 997 222

Privacy Policy

Kenneth M Barrow & Co

Privacy Policy

We take your privacy very seriously and take all appropriate security measures to safeguard your privacy. This Policy explains how we protect and manage any personal data that you share with us and that we hold about you, including how we collect, process, protect and share that data.

What is ‘Personal Data’

Personal data means any information that may be used to identify you as an individual, including, but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home.

How we obtain your personal data

Information provided by you

You first provide us with personal data when you contact us to discuss instructing us to assist you with the legal issue you have enquired about.  You do this either by meeting with us, or by an online or email enquiry, or by a telephone call. This data includes amongst other things your name, address, date of birth, email address.

We may also keep information contained in any correspondence you may have with us by post or by email or that we note down in a telephone conversation with you.

To enable us to properly act on your behalf we also may obtain sensitive medical information directly from you or from your GP, or a hospital, or other medical institution where you have or are receiving treatment. Please note the provision of sensitive medical information is subject to you giving us express consent. If we do not receive this consent from you, then we are unable to obtain any sensitive medical information about you. We will only ever seek your consent to obtain sensitive medical information where it is necessary.

Information we get from other sources

We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you, for example, to verify your identity.

This information (including your name. address, email address, date of birth, etc.) as relevant to us, will only be obtained from reputable third-party companies that operate in accordance with the General Data Protection Regulation (GDPR).

How we use your personal data

We use your personal data:

  • so we can act for you and provide you the expert level of service that you are entitled to expect from us;
  • to comply with our legal and professional obligations;
  • to assist with the administration of justice;
  • because we consider we have a legitimate interest in doing so.
  • For any other reasons, if you have expressly consented to us holding the data for those purposes, we will do this as both a data controller and data processor. We will take all reasonable security measures to protect your persona data that we hold.

Do we use your personal data for marketing purposes?

We will only do this where we are holding your data because we consider we have a legitimate interest to do so and where we have conducted a legitimate interest assessment as recommended by the Information Commissioner’s Office.  In these limited circumstances we might contact you by any reasonable means to inform or advise you of the services we can provide. You would then have the right to require us to then stop the marketing to you and in that event we would of course no longer contact you for any marketing purposes.

Information about cookies

A cookie is a small text file stored on your browser, for example Internet Explorer. We do not currently use cookies on our website, but should our website change and become cookie enabled you would be notified of this through our website and asked to provide consent to this at that time.

Sharing information

We will keep information about you confidential but we will from time to time share your personal data with other third parties where this is necessary for one of the reasons stated above “How we use your personal data and why we use it”. We require all third parties who we provide with your data to respect the security of your data and to process this in accordance with the law.

Transfer of your personal data outside of the European Economic Area (EEA)

We do not currently transfer your personal data outside the EEA if in the future we transfer your personal data, in accordance with the terms of this Policy outside of the EEA, we will make sure that the receiver agrees to provide the same or similar protection as we do and that they only use your personal data in accordance with our instructions.

How long do we keep this information about you?

We keep information in line with our own retention policy and as required by law or our professional regulator. These retention periods are in line with the length of time we need to keep your personal information to be able to act on your behalf and after that is concluded, to answer any questions you might have and to enable us to inform you of any other services that we provide that might be of interest or of use to you. They also take in account our need to maintain records to meet any legal, statutory and regulatory obligations. These reasons can vary from one piece of information to the next. In all cases, our need to use your personal information will be reassessed on a regular basis and information which is no longer required will be disposed of.

Data subject rights

Subject access requests

The General Data Protection Regulation (GDPR) grants you as the “data subject” the right to access particular personal data that we hold about you. This is referred to as a subject access request. We shall respond promptly, and certainly within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the personal data we hold about you, including the following:

  • sources from which we acquired the information;
  • the purposes for processing the information; and
  • persons or entities with whom we are sharing the information.

Right to rectification

You, the data subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Taking into account the purposes of the processing, you, the data subject, shall have the right to have incomplete personal data completed, including by means of providing supplementary statement

Right to erasure

You, the data subject, shall in the majority of circumstances have the right to obtain from us the erasure of personal data concerning you without undue delay. Where you have requested that we erase your personal data and we consider that we cannot or should not do so we will inform you of this as soon as possible and in any event within 28 days and provide you with the reason why we have refused your request.

Right to restriction of processing

Subject to exemptions, you, the data subject, shall have the right to obtain from us restriction of processing where:

  1. the accuracy of the personal data is contested by you, the data subject, and is restricted until the accuracy of the data has been verified;
  2. we no longer need the personal data for the purposes of processing, but it is required by you, the data subject, for the establishment, exercise or defence of legal claims;
  3. you, the data subject, have objected to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections.

Right to data portability

You, the data subject, shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.

Right to object

You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you; unless we have a reason that supercedes this, in which case we will inform you and discuss this with you.

Right to not be subject to decisions based solely on automated processing

We do not carry out any automated processing, which may lead to an automated decision based on your personal data

Invoking your rights

More information about your data subject rights can be found on the Information Commissioner’s Office website:

If you would like to invoke any of the above data subject rights with us, or have a complaint about the use of your data you should contact us by either writing to us at our office address of 15/16 Adelaide Row, Seaham, County Durham, SR7 7EF and address your letter to Mr Sunny Singh Thandi or you should email us at and address your email to Mr Sunny Singh Thandi.

Accredited by