Privacy Policy

This policy explains:

  • who we are

  • why we collect personal data about you

  • what kinds of personal data we collect

  • where we get it from

  • how we use it;

  • who we might share it with;

  • how we store and secure it;

  • how long we keep it; and

  • your rights, including how you can object to our processing of your personal data.


Fentons Commercial Law Limited (“Fentons”, “we”, “us”) is a company registered in Scotland as number SC613315, with registered office at 38 Elliot Road, Dundee, DD2 1TB. Fentons is regulated by the Law Society of Scotland and authorised to operate as a firm of solicitors.

Fentons is the ‘controller’ of personal data that you give to us. We are registered with the UK’s Information Commissioner’s Office (registration number ZA485160).


Most of our clients are companies. To serve them, we use personal data about some of their employees. Mostly this is just names and contact details, but for some individuals (such as company directors) we are required by law to collect more information.

We may also collect names and contact details of potential clients so that we can market our services directly to them.

We never sell personal data to anyone for any purpose. We will not give your data to others for their own use without your permission.



We do everything possible to minimise the amount of personal data we collect.


Personal data we always collect:

  • Names and contact details (telephone number(s) and email addresses)

  • Information relating to the matter in which you (or your organisation) are seeking our help

Personal data we sometimes collect, depending on the circumstances:

  • Information to verify your identity, such as date of birth, passport details, and proof of address (typically a utility bill or bank statement)

  • Financial details about you, but only as required by law to combat money laundering and terrorist financing

  • Information to enable us to undertake a credit or other financial checks on you (we will inform you before doing any credit check)



Most of the time, we collect personal data about you directly from you. Sometimes we get the information from others in your organisation. Occasionally, we collect information from third parties, including:

  • publicly accessible sources such as Companies House or Registers of Scotland;

  • credit reference agencies;

  • government agencies; and

  • organisations you have previously dealt with.


Our use of personal data is governed by the UK’s Data Protection Act 2018 (DPA 2018) and the EU’s General Data Protection Regulation (GDPR). It may also be governed by laws in your local area, such as Canada's federal privacy law PIPEDA and equivalent laws in most provinces.

Each of these laws requires that we process your data lawfully, fairly, and transparently. Depending on our purposes for using data, we rely on one of three legal bases:

  • to perform our contract with you (applies only if our client is an individual rather than an organisation)

  • in pursuit of a legitimate interest* of ours; or

  • to comply with the law.

For full details of which legal basis we rely on for using each kind of personal data, click here.

*When we say we have a "legitimate interest", it means we have a valid business reason to use the data, and we've carefully evaluated  how this balances against your rights and interests. If you believe we are not striking the right balance, you can object by contacting us or the Information Commissioner.

Direct Marketing

We may send you marketing materials or news about legal developments that we think might interest you. You have the right to opt out of receiving marketing from us at any time by:

We never sell personal data to anyone for any purpose. We will not give your data to others for their own use without your permission.


We sometimes share personal data with third parties as part of providing our services or to comply with our legal duties. These parties can include:

  • those involved in any matter you instruct us for, including courts, tribunals, opposing parties, experts, and private investigators;

  • suppliers we use in providing our services, such as postal and courier services, document storage, IT, and data storage;

  • banks, debt collectors, credit reference agencies;

  • our own auditors, legal advisers, insurers, and insurance brokers;

  • government agencies, regulators and other authorities, such as the Information Commissioner’s Office;

  • our professional bodies and business associates; and

  • law enforcement agencies and regulatory bodies.

We only allow service providers to handle personal data if we are satisfied that they take appropriate measures to protect it. All service providers’ contracts require them not to use your personal data except as instructed by us.



We hold personal data at our office in Scotland. We also use Microsoft OneDrive to hold client files on Microsoft's servers in the UK.

We have appropriate security measures to protect your personal data against misuse. Only those within our business with a genuine business need have access to your data, and all are under a legal duty of confidentiality.

Transferring your personal data outside the EEA


To deliver our services, we may need to send personal data outside the European Economic Area (EEA), such as:

  • to a non-EEA office in our corporate group;

  • if you or one of our service providers is located outside the EEA;

  • if you are based outside the EEA; or

  • if we are advising you on an international matter.

These transfers are subject to special rules under European and UK data protection law.

The following countries to which we may transfer personal data have been assessed by the European Commission (EC) as providing an adequate level of protection for personal data: Canada.

If we need to send data to a country that does not have adequate data protection laws, we will only send the data after agreeing with the recipient standard data protection contract clauses approved by the European Commission (PDF file opens in a new window). 


We will keep your personal data after we have finished advising or acting for you or your organisation. We will do so for one of these reasons:


When it is no longer necessary to retain your personal data, we will delete or irreversibly anonymise it.



You can exercise any of your rights in this section free of charge by contacting us by email at or by phone on +44 (0)1382 848458 (UK) or +1 604-260-6830 (Canada).


You can ask us to:

  • provide you with a copy of your personal data;

  • correct mistakes in the data we hold about you;

  • delete your personal data from our records (subject to the GDPR and DPA 2018);

  • restrict the processing of your personal data in some circumstances, such as where you contest the accuracy of the data; and

  • in certain situations, provide you with a copy of the personal data you provided to us in an easily portable format.


You can object to our use of your data: 

  • at any time when we use it for direct marketing; and

  • any other time we are relying on "legitimate interest" as our legal basis for using the data.

If we are relying on your consent (permission) to use your personal data, you can withdraw your consent any time. 

For further information on your rights, please contact us. You can also review the Information Commissioner’s Office webpage on Individual Rights.



You can complain about our use of personal data to the Information Commissioner on their website ( or by calling +44 303 123 1113. However, we would appreciate the chance to deal with your concerns before you approach the Information Commissioner so please contact us in the first instance.

The GDPR also gives you right to lodge a complaint with the data protection regulator in the EU/EEA member state where you are located.



This privacy policy was last updated on 9 February 2020. We periodically review this policy and we will publish any changes on this website.



Please contact us by post, email, or telephone if you have any questions about either this policy or the information that we hold about you:


Fentons Commercial Law Limited

38 Elliot Road, Dundee, DD2 1TB



t: +44 (0)1382 848458

t: +1 604-260-6830

Practical help in plain English

Commercial lawyers for small and mid-sized business in Scotland, England, Wales, and Canada.

Fentons Commercial Law Limited

Registered in Scotland as company number SC613315

Registered office address: 38 Elliot Road, Dundee DD2 1TB

Authorised and regulated by the Law Society of Scotland

Dundee: +44 (0) 1382 848458

Vancouver: +1 604-260-6830

  • White LinkedIn Icon