Fentons Commercial Law Limited

Registered in Scotland as company number SC613315

Registered office address: 38 Elliot Road, Dundee DD2 1TB

Authorised and regulated by the Law Society of Scotland

Dundee: +44 (0) 1382 848458

Vancouver: +1 604-260-6830


  • White LinkedIn Icon

Privacy Policy

This policy explains what personal data we collect about you, why we collect it, and how we use it. It also explains how you may object to our use of personal data.


Who are we?

Fentons is a trading name of Fentons Commercial Law Limited (“Fentons”, “we”, “us”), which is a limited company registered in Scotland as company number SC613315. Our registered office is at 38 Elliot Road, Dundee, DD2 1TB.

The use of personal data by Fentons is regulated under the EU’s General Data Protection Regulation (GDPR), and the UK’s Data Protection Act 2018 (DPA 2018). Fentons is responsible as ‘controller’ of personal data that you give to us. We are registered with the UK’s Information Commissioner’s Office (registration number ZA485160).

What kinds of personal data do we collect about you?


Most of our clients are business organisations, such as companies and partnerships, but we will still need to process personal data about individuals who work for our clients. This will include full names and contact details.


Personal data we must collect


  • Your name, address, telephone number(s), email addresses

  • Information to enable us to check and verify your identity, such as date of birth or passport details

  • Information relating to the matter in which you are seeking our advice or representation

  • Information to enable us to undertake a credit or other financial checks on you

  • Financial details about you, to the extent that we are required by anti-money-laundering laws to collect this information

Personal data we may collect, if relevant, and depending on why you have instructed us

  • Your National Insurance and tax details

  • Your bank and/or building society details

  • Details from your professional online presence, such as your LinkedIn profile

  • Personal identifying information, such as your eye colour or your parents’ names


How we collect your personal data


We collect most of this information directly from you:

  • when you or your organisation contact us for information or services;

  • when you browse, or provide information to us through, our website;

  • when you engage with our staff, for example by enquiring about our services; for business-related purposes;

  • when you attend an event we organise, or as our guest; and

  • where you or your organisation provide services to us.

We may also collect information from third party sources including: 

  • publicly accessible sources such as Companies House or Registers of Scotland;

  • credit reference agencies or government agencies; and

  • third party organisations that you have or have had dealings with.


Cookies on our website


Most websites automatically install one or more “cookies” on your computer or device when you visit. A cookie is a small piece of data that lets the website do a few things, such as recording information about visitors to the site, or improving the browsing experience for the person visiting. For example, cookies allow users to set up an account with a website and be recognised by the website on their next visit.

The internet is full of "analytics" technologies. Enormous companies entice firms like ours to install tracking cookies on our websites so we can learn more about who visits, and they can figure out what you might want to buy. Honestly, that's just creepy. We don't need that kind of surveillance in our lives. Anyway, you found our website just fine without them.

You can delete cookies


If you do not want any cookies stored on your computer, simply follow the instructions below, which are slightly different for each browser. However, please note this may affect the features you can use on all websites.


Each of the major browser suppliers provide information on how to remove and block cookies:

Google Chrome   Internet Explorer   Mozilla Firefox   Opera

Safari (iPhone or iPad installations)   Safari (Mac installations)

Legal basis for using your personal data

Under the GDPR and the DPA 2018, we must have a proper and legal basis for using your personal data.

A “legitimate interest” means that we have valid business reasons to use your information and our reasons are is not overridden by your own rights and interests.

The above table does not apply to “special categories” personal data, which we only process in accordance with Article 9 of the GDPR. We collect special-category data only when it is necessary and relevant. These data can include information about your health (including information you provide about your dietary requirements when attending meetings); racial or ethnic origin; religious or political beliefs; trade union membership; sex life or sexual orientation; genetic or biometric data; or philosophical beliefs.


Direct Marketing

We may use your personal data to send you marketing materials or news about legal developments that we think could be of interest to you. You have the right to opt out of receiving marketing from us at any time by:


We do not sell personal data to anyone for any purpose, and we will not give your data to others for their own use.


Who we share your personal data with


We may give the following parties access to personal data as part of providing our services or to comply with our legal duties, and only to the extent permitted by law:

  • third parties involved in any matter, including courts, tribunals, counterparties, experts, private investigators, and other third parties involved in a matter;

  • suppliers we use in providing our services, such as postal and courier services, document storage, IT, and data storage;

  • banks, debt collectors, credit reference agencies;

  • our own auditors, legal advisors, insurers, and insurance brokers;

  • government agencies, regulators and other authorities, such as the Information Commissioner’s Office;

  • our professional bodies and business associates; and

  • law enforcement agencies and regulatory bodies.


We only allow our service providers to handle personal data if we are satisfied that they take appropriate measures to protect it. All service providers’ contracts require them not to use your personal data except as instructed by us as the controller.


Where your personal data is held

We use Microsoft Office 365 to provide digital file storage, and they store the data they hold for us on servers located in the UK. We also hold personal information at our office in Scotland.

We may engage third parties that are based outside the European Economic Area. For more information, including on how we safeguard your personal data when this occurs, see below: ‘Transferring your personal data out of the EEA’ below.

How long your personal data will be kept

We will keep your personal data after we have finished advising or acting for you or your organisation. We will do so for one of these reasons:

  • to respond to any questions, complaints or claims made by you or on your behalf;

  • to show that we treated you fairly; and

  • to keep records required by law


When it is no longer necessary to retain your personal data, we will delete or irreversibly anonymise it.

If you have any questions in this regard, or any concerns about how long we keep your information for, please contact us using the details below.

Transferring your personal data out of the EEA

To deliver our services, we may need to send personal data outside the European Economic Area (EEA), such as:

  • if you or one of our service providers is located outside the EEA;

  • if you are based outside the EEA; or

  • if we are advising you on an international matter.


These transfers are subject to special rules under European and UK data protection law.


The following countries to which we may transfer personal data have been assessed by the European Commission (EC) as providing an adequate level of protection for personal data: Canada.


If we need to send data to a non-EEA country that the EC has not assessed as having adequate data protection laws, we will only send the data after agreeing with the recipient the standard "controller-to-processor" data protection contract clauses approved by the European Commission. You can see a copy of these standard clauses on the EC website.

If you would like further information please contact us.


Your legal rights

This section details your rights, which you can exercise free of charge.


If we are processing your personal data based on your consent, you can withdraw that consent any time. However, please note that if you withdraw consent, we may still process your personal data as required or permitted by law, in order to defend our legal rights or meet our legal and regulatory obligations.


You can ask us to:

  • provide you with a copy of your personal data;

  • correct mistakes in the personal data we hold about you;

  • delete your personal data from our records (subject to the GDPR and DPA 2018);

  • restrict the processing of your personal data in some circumstances, such as where you contest the accuracy of the data; and

  • provide you with a copy of the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party - in certain situations.


You can object: 

  • at any time to your personal data being processed for direct marketing;

  • in certain other situations to our continued processing of your personal data, such as where we carry out processing on the basis of our legitimate interests.


If you would like to exercise any of those rights, please email us at data.protection@fentonslaw.com. Your objection (or withdrawal of consent) may mean we can no longer provide you with services. We will advise you where this would be the case.

You also have the right to complain to the Information Commissioner's Office where you believe we may have breached data protection law. We would, however, appreciate the chance to resolve your concerns before you approach the Information Commissioner, so we ask that you contact us first.

For more general information, the Information Commissioner’s Office has an excellent Individuals Rights section on its website.

Keeping your personal data secure


We have appropriate security measures to prevent personal data from being lost accidentally or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain


We hope that we can resolve any query or concern you may have about our use of your information.

The GDPR also gives you right to lodge a complaint with the data protection regulator in the UK, where we are located, or in the EU/EEA member state where you are located. The supervisory authority in the UK is the Information Commissioner, found on the web at https://ico.org.uk/concerns or by calling +44 (0)303 123 1113.


Changes to this privacy policy

This privacy policy was published on 8 January 2019. We periodically review this policy and we will publish any changes on this website.

How to contact us


If you have any questions about either this policy or the information that we hold about you, please contact us using the form at the bottom of this page, or by post, email, or telephone using the details at the bottom of this page.

Practical help in plain English

Commercial lawyers for small and mid-sized business in Scotland, England, Wales, and Canada.