Privacy Policy


1. Introduction 

This statement explains how we may use personal data which we obtain about you. It sets out who we are, how and why we collect, store, use and share your personal data and the basis on which we do so. It also explains your rights in relation to personal data and explains how to contact us or the relevant supervisory authority should it be necessary.


2. Who we are and how to contact us

Brennan & Partners Limited is incorporated and registered in England and Wales with company number 10226819 and registered office at Wilmington House, High Street, East Grinstead, West Sussex RH19 3AU, United Kingdom (“B&P”).

Our website may be found here:

Should you have any queries about our policy or wish to exercise any of the rights described herein, please contact us in writing at:


Address: 35 Berkeley Square, London, W1J 5BF



3. Key terms 

Personal data – any information relating to an identified or identifiable individual.

Special category personal data – information revealing an individual’s racial or ethnic origin, data about ethnic origin, religious, philosophical, and political beliefs, trade union membership, health and genetic data and data concerning a person’s sex life and sexual orientation.


4. Scope 

Our use of personal data is regulated by the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).


5. Personal data we may collect

We may collect the following types of personal data about you:

  • Identity and contact details (e.g. Company name, Contact Name, email address)
  • Technical and usage data (including information about how individuals use our website).
  • Information used to provide our services (e.g. information provided to us by or on behalf of our clients or otherwise provided to us or generated by us in the course of providing services to our clients).


6. How we collect your personal data 

We collect personal data in a variety of ways, including:

  • Directly from you via electronic means (e.g. email and instant messaging), post, telephone and in person.
  • IT systems that we use (e.g. automated monitoring of our website, our computer network and electronic communications systems). For further information, see item 13 ‘Cookies, online forms & third-party websites’ below.


7. How we use your personal data 

Under the UK GDPR the lawful bases we rely on to use your personal data are that:

  • We have a contractual obligation with you or your company to perform a contract with you or your company or in order to take steps at your request before entering into a contract.
  • We have a legal or regulatory obligation.
  • We have a legitimate business interest. This is when we have a business or commercial reason to use your personal data which is not outweighed by your own interests and rights. Legitimate business interests include, but are not limited to fraud prevention, ensuring network and information security, identifying possible criminal acts, etc.


8. Who we will share your personal data with

We may share your personal data with certain trusted third parties, including:

Where we are legally obliged to, as personal data may also be shared with regulatory authorities (including the Information Commissioner’s Office (‘ICO’) and courts, tribunals, government agencies and law enforcement agencies. We will use reasonable endeavours to notify you before we do this unless we are legally restricted from doing so.


9. How we protect your personal data

We take all reasonable steps to protect your personal data but cannot guarantee the security of any data you disclose to us online. Please note that email is not a secure medium and should not be used to send confidential or sensitive information. You accept the inherent security risks of providing information over the internet and will not hold us responsible for any breach of security unless this is due to our negligence or willful default.

In line with the data protection laws and any applicable guidance, we use a variety of technical and organisational measures to prevent unauthorised access, loss, use, disclosure, alteration or destruction of personal data. We have put in place appropriate training measures to inform our staff about keeping personal data secure.

We have also put in place procedures to deal with any suspected data breach. We will notify you and any applicable regulator of a suspected personal data breach where we are legally obliged to do so.


10. Transferring your personal data out of the UK

To deliver services to you, it may sometimes be necessary for us to share your personal data outside the United Kingdom (‘UK’). For example, this may happen:

  • Where your and our service providers are located outside the UK.
  • If you are based outside the UK.

Where we transfer personal data outside the UK, we ensure that it is permissible under the special rules governing such transfers under UK data protection legislation. These special rules may include where a data protection “adequacy decision” has been made by the UK which found that the country where your personal data is transferred offers essentially the same level of data protection that exists in the UK.

They may also include where we have reached a binding agreement containing Standard Contractual Clauses with the organisation to whom we transfer your personal data ensuring that it will provide the same level of data protection as the UK.


11. Data storage & retention period 

B&P holds personal data in physical and electronic forms. Where data is held in physical form, it is stored securely either on our premises or in secure off-site storage. Where data is held electronically, it is securely stored on our servers which are located in the UK.

B&P will process personal data in accordance with its records retention practices or as long as required by the terms of a contract. In setting retention periods, we take account of the purpose for which personal data was collected and any legal and regulatory obligations on us to retain information, limitation periods for legal action and our business purposes.

Where it is no longer necessary to retain your personal data, we will delete or anonymise it.


12. Your rights to access personal data 

You have the right to receive information about the personal data which we hold about you.

You may do this by making a written request known as a ‘data subject access request’.

If you are concerned that any of the information we hold on you is incorrect, please contact us (see item 14 ‘Data subject rights’ below).


13. Data subject rights 

Under the UK GDPR you have a number of important rights which you may exercise unless a national law prevents us from complying. Where you do exercise your rights, this will be free of charge. In summary, your rights include:

  • Access – you have the right to request a copy of the information that we hold about you (see ‘Your rights to access personal data’ above).
  • Rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • To be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • To restrict processing – where certain conditions apply to have a right to restrict the processing.
  • Portability – you have the right to have the data we hold about you transferred to another organisation.
  • To object – you have the right to object to certain types of processing such as direct marketing.
  • To object to automated processing, including profiling – the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you, or similarly, which significantly affects you.


If you would like to exercise any of your rights, please write to Data Protection, 35 Berkeley Square, London, W1J 5BF or email us at:

  • Provide enough information for us to correctly identify you (e.g. your full name, address and matter number);
  • Provide us with proof of your identity and address (e.g. a copy of your driving licence or passport and a recent utility or credit card bill);
  • Inform us which right you wish to exercise; and
  • Let us know the information to which your request relates, including any applicable matter number(s), if you have them.


14. Cookies, online forms & third-party websites 

When accessing our website, B&P collects standard internet log information for statistical purposes and to provide the website experience.

We use cookies to collect information in an anonymous way, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Please visit the cookies page on our website for further information. When we collect personal data, for example via an online form, we will explain what we intend to do with it.

Where our website contains a link to third party websites, we are not responsible for the content or privacy practices of those websites, nor is this Privacy Policy intended to deal with the privacy practices of such third parties.


15. Changes to this Privacy Policy 

We keep our Privacy Policy under regular review and may occasionally modify it. When this happens, we will publish details on the web page.

The Privacy Policy was last reviewed in October 2021.


16. Questions and complaints 

If you have any comments, queries or complaints in connection with B&P’s Privacy Policy, please contact us using the details set out in section 2 entitled “Who we are and how to contact us” above.

While we hope to be able to resolve any concern that you may have, the UK GDPR also gives you the right to lodge a complaint with the supervisory authority for data protection issues. In the UK, the supervisory authority is the ICO.

The ICO’s website is: The ICO’s telephone number is: 0303 123 1113