Privacy Policy
This Privacy Policy explains how LexVentus Solicitors ("we", "us", or "our") collects, uses, stores, and protects your personal data when you visit our website www.LexVentus.co.uk, engage with our services, or communicate with us in any capacity. We are committed to handling your personal data with the utmost care, discretion, and in full compliance with applicable data protection law.
1. Who We Are
LexVentus Solicitors is a boutique corporate commercial law firm authorised and regulated by the Solicitors Regulation Authority (SRA), SRA number 8014470. We are the data controller in respect of the personal data we collect and process.
If you have any questions about this policy or how we handle your data, please contact us:
Email: compliance@lexventus.co.uk Post: LexVentus Solicitors, 83 Baker Street, London, W1U 6AG Website: www.LexVentus.co.uk
2. Our Legal Framework
We process personal data in accordance with the following legislation:
-
The UK General Data Protection Regulation (UK GDPR)
-
The Data Protection Act 2018
-
The Privacy and Electronic Communications Regulations 2003 (PECR)
-
The Solicitors Regulation Authority (SRA) Standards and Regulations
As a firm of solicitors, we are also subject to strict professional duties of confidentiality that sit alongside and complement our data protection obligations.
3. What Personal Data We Collect
We may collect and process the following categories of personal data, depending on how you interact with us:
Information you provide to us directly:
-
Your name, job title, and organisation
-
Contact details including email address, telephone number, and postal address
-
The content of any enquiry, instruction, or correspondence you send to us
-
Identity verification documents where required for client onboarding and anti-money laundering compliance
-
Financial information where relevant to the matter we are advising on
Information we collect automatically when you visit our website:
-
Your IP address and browser type
-
Pages visited and time spent on our website
-
Referring website or search terms used to find us
-
Device and operating system information
-
Cookie and tracking data, as detailed in our Cookie Policy
Information we receive from third parties:
-
Information provided by introducers, referrers, or professional intermediaries
-
Publicly available information, including from Companies House, the Land Registry, and other public registers
-
Information from credit reference or identity verification agencies where required
4. How We Use Your Personal Data
We use your personal data for the following purposes, each supported by a lawful basis under UK GDPR:
To provide legal services and fulfil our retainer Lawful basis: Contract / Legal obligation We process your data to carry out the legal services you have instructed us to provide, including advising, drafting, and representing your interests.
To communicate with you Lawful basis: Contract / Legitimate interests We use your contact details to respond to enquiries, provide updates on your matter, and correspond with you in the ordinary course of our relationship.
To comply with our legal and regulatory obligations Lawful basis: Legal obligation As a firm regulated by the SRA (SRA number 8014470), we are required to verify client identity, conduct anti-money laundering checks, maintain certain records, and report specific matters to regulatory authorities where the law compels us to do so.
To manage and improve our website Lawful basis: Legitimate interests We use analytics data to understand how visitors use our website and to improve its performance, content, and accessibility.
To send you relevant updates and communications Lawful basis: Consent / Legitimate interests Where you have expressed an interest in our services or have an existing relationship with us, we may send you legal updates, firm news, or event invitations. You may opt out at any time.
To protect our legitimate business interests Lawful basis: Legitimate interests This includes maintaining the security of our systems, preventing fraud, resolving disputes, and enforcing our agreements.
5. Legal Professional Privilege
Where personal data is contained within legally privileged communications or documents, that data is subject to the additional protection of legal professional privilege. We will not disclose privileged information without your authority, save where we are compelled to do so by law or a court of competent jurisdiction.
6. Anti-Money Laundering and Client Due Diligence
As a regulated firm of solicitors, we are required by law to verify the identity of our clients and, in certain circumstances, the source of funds involved in a transaction. This is a legal obligation we cannot waive, and it applies to all clients regardless of the nature or scale of the instruction.
The information collected for this purpose is processed solely to fulfil our legal obligations and is retained in accordance with the requirements of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
7. Who We Share Your Data With
We treat your personal data with the strictest confidence. We do not sell, rent, or trade your data with third parties for commercial purposes. We may, however, share your data in the following limited circumstances:
-
With counsel, expert witnesses, and other professional advisers engaged in connection with your matter
-
With courts, tribunals, regulatory bodies, and law enforcement agencies where required by law
-
With our IT systems providers, document management platforms, and other service providers who process data on our behalf under strict data processing agreements
-
With the Wix platform, which hosts our website, in accordance with Wix's data processing terms
-
With other parties to a transaction, to the extent necessary and with your authority
-
With our professional indemnity insurers, auditors, and legal advisers in connection with the management of our practice
Where we engage third-party processors, we ensure they are bound by appropriate contractual terms and provide sufficient guarantees regarding data security and compliance.
8. International Data Transfers
Where personal data is transferred outside the United Kingdom or the European Economic Area, we ensure that appropriate safeguards are in place. These may include adequacy decisions made by the UK Government, standard contractual clauses approved by the Information Commissioner's Office (ICO), or other recognised transfer mechanisms.
Our website is hosted by Wix Ltd, which may process data in jurisdictions outside the UK. Wix is certified under the EU-U.S. Data Privacy Framework and maintains appropriate safeguards for international data transfers.
9. Data Retention
We retain personal data only for as long as is necessary for the purposes for which it was collected, and in accordance with our legal and regulatory obligations. Our general retention practices are as follows:
-
Client matter files are retained for a minimum of six years following the conclusion of the matter, in accordance with SRA guidance and limitation periods under the Limitation Act 1980
-
Anti-money laundering records are retained for five years from the end of the client relationship, in accordance with the Money Laundering Regulations 2017
-
Website analytics data is retained in accordance with the retention periods set by the relevant analytics provider
-
Marketing communications data is retained until you withdraw your consent or opt out
Where data is no longer required, it is securely deleted or anonymised.
10. Your Rights
Under UK GDPR, you have the following rights in respect of your personal data:
-
The right to be informed about how your data is used, as set out in this policy
-
The right of access to the personal data we hold about you
-
The right to rectification of inaccurate or incomplete data
-
The right to erasure, in certain circumstances
-
The right to restriction of processing, in certain circumstances
-
The right to data portability, where processing is based on consent or contract and carried out by automated means
-
The right to object to processing based on legitimate interests or for direct marketing purposes
-
Rights in relation to automated decision-making and profiling
To exercise any of these rights, please contact us at compliance@lexventus.co.uk. We will respond to all requests within one month, in accordance with UK GDPR requirements. In complex cases, this period may be extended by a further two months, and we will notify you accordingly.
Please note that some rights are subject to exemptions, including where processing is necessary for the establishment, exercise, or defence of legal claims, or where we are subject to a conflicting legal obligation.
11. Data Security
We take the security of your personal data seriously. We maintain appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, destruction, or disclosure. These measures include encrypted communications, secure document management systems, access controls, and staff training on data protection obligations.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, inform you without undue delay.
12. Cookies
Our website uses cookies and similar tracking technologies. For full details of the cookies we use, the purposes for which we use them, and how to control your cookie preferences, please refer to our Cookie Policy at www.LexVentus.co.uk/cookie-policy.
13. Third-Party Websites
Our website may contain links to third-party websites. This Privacy Policy applies solely to our website and our processing activities. We are not responsible for the privacy practices of any third-party sites and encourage you to review their privacy policies before providing any personal data.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When material changes are made, we will update the date at the top of this page. We encourage you to review this policy periodically.
15. How to Complain
If you are dissatisfied with how we have handled your personal data, we encourage you to contact us in the first instance so that we may seek to resolve your concern.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters:
Website: www.ico.org.uk Telephone: 0303 123 1113 Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
This Privacy Policy should be read alongside our Cookie Policy and our Terms of Use. It does not form part of any contract for legal services. LexVentus Solicitors is authorised and regulated by the Solicitors Regulation Authority, SRA number 8014470. © 2026 LexVentus Solicitors. All rights reserved.