Cartref > Polisi Preifatrwydd

Polisi Preifatrwydd

In the course of providing legal and professional services to our clients and running our businesses, we gather and use personal information about a number of different categories of people. We have developed this privacy notice in order to be as transparent as possible about the personal information we collect and use.
 This privacy notice applies to :

  • our clients and people that represent them or who work for them;
  • customers of our clients, that our clients have instructed us to act for;
  • people who make enquiries about our services;
  • people who receive our legal updates, newsletters or invitations to our seminars and events and those who attend such events;
  • people who visit our websites or who follow us on our various social media channels;
  • people whose personal information is required in order to enable our clients (or their customers) to obtain legal advice or otherwise establish, exercise or defend legal rights;
  • people (and their representatives) who are involved in one of our client’s matters including witnesses and the other parties to litigation or on the other side of transactions;
  • business contacts of Cyfreithwyr Lloyd Evans & Hughes;
  • suppliers that we use or that our clients use; and
  • our regulators, insurers, auditors, professional advisers and certification bodies.

This privacy notice does not apply to employees, workers and contractors and any prospective employees.

This notice contains important information about:

  • the personal information that we collect and use;
  • the lawful bases we rely on to collect and use it;
  • why we collect and use personal information;
  • where we get the personal information from;
  • with whom we share personal information;
  • when we transfer personal information outside the EEA;
  • how long we keep information and how we ensure it is secure; and
  • your privacy rights.

Data Controller

Your information will be held by  Cyfreithwyr Lloyd Evans & Hughees as the data controllers.  Our  appointed a dedicated Data Protection Officer (DPO) is Sara Lloyd Evans who is one of the company’s directors.

Sara Lloyd Evans
20 Heol y Dwr

01286 881 078

Personal Information that we hold

The personal information that we collect includes:

  • basic information, such as your name, maiden name, job title, marital status, title, date of birth and gender.  
  • contact information, such as your postal address, email address and phone number(s).
  • Instruction Data – we will collect information about your circumstances that have led to you wishing to use our services. This may include instructions, payments, requests and retainer information.
  • if you are involved in one of our client’s matters, we will collect information about you that is relevant to the matter. This may include special category data – such as data concerning your health, sex life or sexual orientation.
  • financial information, such as payment-related information and information relevant to funding and other information including details of bank account and payment card details.
  • technical information collected when you visit our website or digital or in relation to materials and communications we send to you electronically, which includes information about the type of device you are using, your IP address and geographic location, your operating system and version, browser type, the content you view and the search terms you enter.

If we collect or receive your personal information in the context of our provision of legal services we might receive information from third parties such as your relatives, employer, other parties involved in the services we are providing (e.g. other parties in litigation or transactions) or others such as regulators and authorities. The information we collect will be relevant to the legal services that we are providing to our client and may include special categories of data where lawful for us to process it.

How we use/process your personal information?

We rely on the following legal bases to process your personal information:

Performance of a contract

This applies where we need to collect and use your personal information in order to take steps to enter into a contract with you or perform our obligations under a contract with you.

Legal obligation

This applies where we need to collect and use your personal information to comply with applicable laws and regulatory requirements.

Legitimate interests 

We may collect and use your personal information to further our legitimate business interests. We only do this where we are satisfied that your privacy rights are protected satisfactorily. You have a right to object to any processing of your personal information based on this legal basis (see below).

Establishment, exercise or defence of a legal claim

This applies where we need to collect or use personal information to enable us to establish, exercise or defend a legal claim of our own or when we are working on matters for our clients or their customers.


We may (but usually do not) need your consent to use your personal information. You can withdraw your consent by contacting us (see below).

Public interest

Although we are not a public body, we do collect and use some personal information where this is necessary to perform tasks that are in the public interests

Why we collect and use  the personal  information

To manage and administer our relationship with our clients and to provide legal and financial advice services to them

To undertake background checks on potential clients including checking identity and checks undertaken for anti-money laundering, anti-terrorism reasons, to avoid conflicts of interest, financial and reputational checks.

To assist our clients (or their customers) to obtain support with their matters from experts counsel, professional advisers and funders

To ensure that we provide excellent standards of client service through our own audit, review and quality assurance checks or by those undertaken by our clients, regulators, auditors, professional advisers and certification bodies

To manage and administrate our relationships with suppliers of good and services to us

To otherwise carry out the day-to-day operations of our businesses efficiently including managing our financial positions, business capability, planning, communications, corporate governance and audit

To look into any complaints or queries

To undertake activities designed to promote and market our services including sending out newsletters, legal updates, holding events and seminars, inviting you to enjoy our hospitality and hosting you, and keeping records of your interests in these activities

To undertake on-line marketing activities including using a variety of digital and social media channels

To train and develop our staff and people who work for us

To prevent and respond to actual or potential fraud or illegal activities

To establish, exercise or defend our legal rights or for the purpose of legal proceedings in which we may be involved

Sources of Information

The personal information we have comes from a range of sources.

  • You give us your personal information directly, when you engage with us, including via our websites or digital media channels
  • We obtain additional information in the course of undertaking checks in order to comply with our statutory and regulatory obligations or where such checks are in our legitimate business interests (ID Checks including through electronic means)
  • We obtain contact details and other information from our business contacts
  • We collect personal information while monitoring our technology tools and services, including our websites, email and social media communications.

Sharing your personal data

During the course of our engagement it is likely that we will share personal data with the following third parties. This includes :

  • Professional advisers who we will instruct on your behalf – barristers, accountants, surveyors, doctors, tax advisors.
  • Our suppliers, bound by obligations of confidentiality, who provide goods, services and professional advice to us to help us run our businesses  - accountants, pr
  • Third parties involved in our clients’ matters such as other parties in litigation and transactions, their representatives and other advisers, courts and tribunals, government agencies and law enforcement agencies
  • Third parties who wish to offer our financial advice clients’ financial products

We may also be required to share personal information with regulatory authorities, government agencies and law enforcement agencies. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.

We do not sell, rent or otherwise make personal information commercially available to any third party.

The firm may on occasions use a telephone answering service, to provide switchboard and telephone answering services.  As part of this service the company  will take personal details, included but not limited to contact details, about you to allow them to notify us that you have called us and so that we may call you back.

Transfers outside the European economic area (EEA)

We do not send personal data outside the EEA as a matter of course. None of the service providers we use to help us run our businesses are based outside of the EEA.
Transfers of personal data outside the EEA can arise where we are acting for individuals or business clients with interests outside the EEA, such as you are based outside the EEA or there is an international element to the matter which we are advising you.  

Choosing not to give personal information

If you choose not to provide us with certain personal data you should be aware that we may not be able to offer you certain services. For example, we cannot act for you unless we are able to check your identity and run anti-money laundering checks.

Keeping personal information

Our policy is to not hold personal information for longer than is necessary. We have established data retention timelines for all of the personal information that we hold based on why we need the information. The timelines take into account any statutory or regulatory obligations we have to keep the information, our ability to defend legal claims, our legitimate business interests, best practice and our current technical capabilities. We have developed a Data Retention Policy that captures this information. We delete or destroy personal information securely in accordance with the Data Retention Policy.

How to complain

Please contact our Data Protection Officer  if you are unhappy with how we have used your personal information. To notify us of a concern please contact Sara Lloyd Evans on 01286 881 078 or by email

You also have the right to complain to the Information Commissioner’s Office. Find out on their website ( how to report a concern.

Changes to this privacy notice

This privacy notice was updated on  23rd August 2021. We keep this privacy notice under regular review and may change it from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We would encourage you to check this privacy notice for any changes on a regular basis.

“Chi, Eich Teulu, Eich Dyfodol”