Legal Cost Specialists

Privacy Policy

We are committed to our obligations under relevant legislation to protect personal data (information) that we collect and process in the course of the work that we do. Please read this Privacy Policy carefully as it contains important information about us and:

  •  Who we are
  •  Whose information we hold
  •  What information we collect including any special categories of information
  •  The bases on which we collect and process information
  • How information is used
  •  Who we may share information with
  •  How long information is kept
  • Transfer of information outside of the EEA (to third countries)
  •  Security arrangements
  •  Your rights, and
  •  Who to contact for further information or if you have a complaint
Who We Are
The Gibbs Wyatt Stone Partnership (GWS) is a ‘controller’ under the General Data Protection Regulation 2018 (GDPR) and the Data Protection Act 1998.
Whose Information We Hold

We may collect and process information about the following people (being ‘information subjects’ for the purposes of the relevant legislation and this Policy):

  • Employees
  •  Customers and clients
  •  Suppliers and service providers
  •  Advisers, consultants and other professional experts, and
  •  Complainants and enquirers
What Information We Collect

We will only collect and process information from you that is relevant to the matter that we are dealing with on your behalf. In particular, we may collect the following information from you which is defined as ‘personal information’:

  •  Personal details including address, telephone number, email address, date of birth and so on
  •  Family, lifestyle and social circumstances
  •  Financial details, and
  •  Business activities of the person whose details we are processing
Special Categories of Information

We may also collect information that is referred to as being in a ‘special category’. This could include:

  • Physical or mental health details
The Bases on Which We Collect and Process Information

The basis on which we collect and process personal information is one or more of the following:

  •  It is necessary for the performance of our contract with an information subject or to take steps at the information subject’s request prior to entering into a contract with the information subject
  •  It is necessary for the establishment, exercise or defence of legal claims or whenever courts/tribunals are acting in their judicial capacity
  •  It is necessary for us to comply with a legal obligation
  •  It is in our legitimate interest to do so
  •  You have given your consent (this can be withdrawn at any time by advising our Information Protection Officer – see below)
How Information Is Used

We may use your information for the following purposes:

  •  Provision of legal services including advising and acting on behalf of information subjects
  •  Promotion of our goods and services
  •  Maintaining accounts and records
  • Supporting and managing staff
Who We May Share Information With
There are very strict rules about who we can share your information with and this will normally be limited to other people who will assist with your matter. These may include:
  •  Barristers/solicitors or other consultants or advisors we are working with on your behalf
  •  Medical experts
  • Healthcare professionals, social and welfare organisations
  • Courts and tribunals
Where you authorise us, we may also disclose your information to your family, associates or representatives and we may also disclose your information to debt collection agencies if you do not pay our bills.
How Long Information Is Kept
  • We will normally keep your information throughout the period of time that we do work for you and afterwards for a period of 6 years as we are required to do by law and also by the regulations that apply to us
  •  In some cases, we may retain your information for a longer period and we will advise you of this at the time
  •  More information is set out in our Information Retention Policy which is available on request from the Information Protection Officer (see below)
Transfer of Information Outside the EEA (To Third Countries)
  • We may transfer your information to a country outside of the EEA for operational purposes only and where this is the case, we will ensure that appropriate safeguards are in place at all times. If you require further information about this, you should contact our Information Protection Officer (see below)
Receiving Direct Marketing and Further Information from Us
  • We may send you information about our products and services which may be of interest to you. Such information could be sent by post or email
  • We will ask whether you would like us to send you further information including our newsletter on the first occasion that you provide any relevant contact information. If you do opt in to receive such information from us, you can opt out at any time (see ‘ Your Rights’ below for further information). If you have any queries about how to opt out, or if you are receiving communications from us that you do not want, you can contact us (see below)
Security Arrangements
  • We shall ensure that all the information that an information subject provides to us is kept secure using appropriate technical and organisational measures
  •  In the event of a personal information breach we have in place procedures to ensure that the effects of such a breach are minimised and shall liaise with the ICO and with you as appropriate
  • More information is available from the Information Protection Officer (see below)
Your Rights

You have the following rights under the GDPR:

  •  Right to be informed
  •  Right of access
  •  Right to rectification
  •  Right to erasure
  •  Right to restriction of processing
  •  Right to object
  •  Rights concerning automated decision-making and profiling
Right of access and to rectification
  • You have a right to see the information we hold about you and to ask us to correct any mistakes
  • To access the information we hold about you and to ask us to correct any mistakes, you will need to provide a request in writing to our Information Protection Officer (see below), together with proof of identity
  • We will usually process your request free of charge and within 30 days. However, we reserve the right to charge a reasonable administration fee and to extend the period of time by a further two months if the request is manifestly unfounded or vexatious and/or is very complex
  • Full details are available in our Information Subject Access Policy which is available on request from our Information Protection Officer (see below)
Right to erasure
  • You have a right to ask us to erase your personal information in certain circumstances (details may be found in Article 17 of the GDPR)
  •  We will deal with your request free of charge and within 30 days but reserve the right to refuse to erase information that we are required to retain by law or regulation, or that is required to exercise or defend legal claims
  •  To exercise your right to erasure please contact our Information Protection Officer
Right to ask us to stop contacting you with direct marketing
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:
  •  Email, call or write to our Information Protection Officer (see below)
  •  Let us have enough information to identify you, and
  •  Let us know what method of contact you are not happy with if you are unhappy with certain ways of us contacting you for direct marketing purposes (for example, you may be happy for us to contact you by email but not by post)
From time-to-time we may also have other methods to unsubscribe from any direct marketing including for example, unsubscribe buttons or web links. If such are offered, please note that there may be some period after selecting to unsubscribe in which marketing may still be received while your request is being processed.
Who to Contact for Further Information or If You Have a Complaint
  • If you have any questions about our Information Protection Policy, would like more information on it or are unhappy about how we are using your information, or how we have responded to a request you have made concerning your personal information, then initially you should contact our Information Protection Officer. Our Information Protection Officer is William Wyatt and can be contacted here:
Gibbs Wyatt Stone
68 Clarendon Drive
London, SW15 1AH E : T : 0044 (0) 20 7096 0940
  •  If you have a complaint that remains unresolved then you can contact the Information Commissioner’s Office (ICO) details available at

Client Testimonials

Scroll to Top