Privacy Policies

Privacy Policy Statement



The UK General Data Protection Regulation (GDPR) was enacted by the Data Protection Act 2018. UK GDPR includes rules on giving privacy information to data subjects in Articles 12, 13 and 14.  These are more stringent than in the DPA and place an emphasis on making Privacy Notices more understandable and accessible.


Privacy Statement

This Privacy Statement explains the personal information we collect from you, either directly or indirectly, and how we will use, process and store it.

“Personal Data” is any information that relates to you and identifies you personally, either alone or in combination with other information available to us.

The Statement also elaborates on the choices you can make about the data we collect, and how you can control these decisions.


Who we are?

You are giving your information to Curtis Solicitors Limited. In this statement “we”, “us” and “our” refers to Curtis Solicitors Limited unless otherwise stated.

Our Head Office address is Belthorn House, Walker Office Park, Walker Road, Guide, Blackburn BB1 2QE.

Our Data Protection Officer is Tasleem Riaz.


When we will collect your “Personal Data”


The sorts of data we collect

We may initially collect the following Personal Data about you, but this is not an exhaustive list:


If we enter into a Contract with you, we must undertake Due Diligence checks, as required by law and will ask you to provide copies of documents to prove your identity, such as a Driving Licence or a Passport. Such documents will provide us with details such as your full name, address, date of birth and facial image.  Your Passport will also show your place of birth, nationality and gender.

The other categories of Personal Data that we may collect about you will include:

This is not an exhaustive list.


We will primarily store and process your data electronically.  The Company and its employees follow strict protocols for handling and processing data.


Why we collect your data

We will collect your personal data for some or all of the following reasons:


Who we may share your data with

We will treat your personal information with care and confidentiality and will only share it if we have a legal basis to do as follows:

  1. Consent – in specific situations, we can collect and process your data with your consent for example when you tick a box to say you are happy for us to take out a policy of After the Event Insurance (ATE) for you. We will set out to you the data required, why we require it and who it may be shared with.
  1. Contract – in certain circumstances we need your personal data to comply with our contractual obligations, for example, if we have entered into a retainer with you to bring a claim for personal injury, we will submit a Claims Notification Form (CNF) to the relevant Third Party Insurer, or instruct a Medical Expert to prepare a report upon your injuries.
  1. Legal Obligation – if the Law requires us to, we may need to collect and process your personal data, for example we can pass on details of people involved in fraud or other criminal activity to law enforcement.
  1. Legitimate Interests – in specific situations we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example we may use your address details to send you direct marketing information by post, telling you about other services we can offer that may be of interest to you. Or in a recruitment scenario, to ensure we make the best recruitment decisions for Curtis Law Solicitors.


Depending on the area of law you have instructed us upon, we may share your data with a number of Third Party Solution Providers such as: -


For a complete list of such Third Party Providers, please click here  


How long will we keep your data for?

We will not retain your data for longer than required and will keep this, for as long as required by law, or until we no longer have a valid reason for keeping it or until you request us to stop using it.

We comply with the following retention schedule:


Matter Type

Minimum Period Required

Exceptions/reasons for retaining file for longer than the minimum period

Property sale

7 years


Property purchase and (re)mortgage

15 years


Landlord and tenant

7 years or lease term plus 3 years (if longer)


Family, including divorce, separation, custody and contact, injunctions, children, court of protection

15 years

If young children involved, 21 years to cover all periods of childhood

General civil litigation

12 years


Employment (non-contentious)

7 years


Personal Injury

7-15 years, depending on the seriousness of injury and complexity of case

Longer if involves children and/or complex issues e.g. lifetime or provisional damages awarded

Clinical and dental negligence

15 years

If client is disabled

Company and commercial

12 years

Longer if complex issues


Your Rights

We will respect your individual legal rights to your data, which cover:

We are publishing this Privacy Statement to keep you informed as to what we do with your personal information.  We strive to be transparent about how we use it.

You have the right to obtain confirmation that your data is being processed and access to it. We will provide you with a copy of the information free of charge. However when a request is deemed to be manifestly unfounded or excessive, particularly if it is repetitive, we may either refuse to respond or charge you a “reasonable fee”.  We will confirm the amount of this fee to you in writing.  We will provide the information to you within one month of receipt but if the case is complex or contains numerous requests, we may extend compliance by a further two months.  We will explain to you in writing why such an extension is necessary or if we refuse to respond, you will have the right to complain to the ICO and SRA. We will ask you to verify your identity before complying with any request for access to data.

You have the right to have inaccurate personal data rectified or completed if it is incomplete.  You can request this either verbally or in writing. We will respond to your request within one calendar month. In certain circumstances, we can refuse a request for rectification and we will confirm our reasons in writing and advise you of your right to make a complaint to the ICO or SRA.

Sometimes referred to as “the right to be forgotten”. You have the right to have your personal data erased if it is no longer necessary for the purpose which we originally collected or processed it for, if you withdraw your consent, there is no overriding legitimate interest to continue, you object to your data being processed for direct marketing purposes, or your data has been processed unlawfully. If your data has been disclosed to others, we will contact each recipient and inform them of the erasure, unless this proves impossible or involves disproportionate effort.  Your right of erasure may not however apply if the processing is necessary to comply with a legal obligation or for the establishment, exercise or defence of legal claims. We can refuse to comply with a request for erasure if it is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature.  If this is the case, we can request a reasonable fee to deal with your request or even refuse to deal with it.   In either case we will justify our decision in writing to you within one month of receipt of the request. This will include how and to whom you may make a complaint and your ability to seek enforcement.  If we need more time to comply with your request for erasure, we will be permitted a further 2 months, if the request is complex or we have received a number of requests from you.  We may need you to provide additional evidence as to your identity before complying with such requests.

You have the right to ask us to restrict how we process your data.  This means we are permitted to store your data but not further process it.  We just keep enough data to make sure we respect your request in the future.

We must allow you to obtain and re-use your personal data for your own purposes across services in a safe and secure way without this effecting the usability of your data.  The data must be held by us by consent or for the performance of a contract.

You have the right to object to us processing your data even if it is based on our legitimate interests.

You can withdraw your consent to share your personal data at any time by sending us a request in writing as follows:

Marketing purposes – please write to our Data Protection Officer, Ms Tasleem Riaz at our Head Office Address cited above or via email to

Case purposes – please write to or email your file handler/case advisor, the details of whom will be set out to you in any recent communications we have sent to you

In either case, you should set out the precise consent that you are withdrawing.

If personal information is necessary in order to provide a service to you under a contract then we will not be able to enter into that contract or provide that service without that information.


You have the right to complain to the ICO if you feel that we are not meeting our obligations under the UK GDPR or we have not responded to your requests if you have a problem. The ICO’s contact details are:


Exercising your Rights

In order to instigate a Subject Access Request (SAR) or to action any of the above Rights, apart from your Right to complain to a Higher Body, please click here.


Changes to our Privacy Statement

We may change this Statement from time to time in the future.  Any such changes will be posted here and where appropriate, notified to you in writing.  We advise you to check back frequently to see any updates or changes.


This Statement was last updated in October 2023.


Get free, no-obligation advice

If you need help, get in touch for free no-obligation advice. Simply fill out this form and we will be in touch within the hour.

Get in touch

By submitting this form, I consent to the processing of the personal data that I provide SQ in accordance with and as described in the Privacy Policy.