Your personal data can, by itself, or with other data, be used to identify you. This information notice sets out how we, Thompson Smith and Puxon (TSP), the data controller, will use your personal data.  Our Data Protection Officer (DPO), Sean Stuttaford, can be contacted at Stable 6, Stable Road, Colchester, Essex, CO2 7GL if you have any questions.

If you are not satisfied with our processing of your data, you have the right to make a complaint, at any time, to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. Your complaint will be dealt with under our formal complaints handling procedure which can be downloaded from our website.


We will tell you if providing some personal data is optional, particularly if we ask for your consent to process it. In all other cases we will only collect and hold the minimum amount of data that we need from you for the purpose for which we are collecting it.


We will use your personal data for the reasons set out in the section “Using your personal data: the legal basis and purpose”, and, if you become a client of the firm, to provide our service to you. We will collect most of the data we use from you directly. Where we collect personal data indirectly the sources are detailed below.

For clients and prospective clients: If you ask us to quote for our services and / or become a client of Thompson Smith and Puxon the details we will collect from you include:

  • Your full name and personal contact information (e.g. home address, personal email address, home and personal mobile telephone numbers) plus
  • Any additional information necessary to assess whether we can proceed as your legal advisor and/or to provide you with an initial quote for our services, this may for example be the address and purchase price of the house you are purchasing or financial details in order to assess your Inheritance Tax position.

If you are to become a client, please note that your provision of documents for identity verification purposes is necessary for us to comply with our legal and statutory obligations. Failure to provide these documents will result in our being unable to undertake identity verification as required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and, subsequently, we will not be able to act for you or the organisation instructing us, as applicable. Please also note that we may obtain information about you from third parties in order to electronically verify your identity (see below).

If you give us personal data on behalf of a named third party you must have their authority to provide this data and you must share this information notice with them beforehand together with details of what you have agreed on their behalf.

For payment purposes: If you wish to pay a TSP invoice using a credit or debit card and you are not present the details we will collect from you include:

  • Full name, matter no. (if applicable), invoice number, card details (including card number, expiry and CSV), card billing address and personal email address

 For recruitment purposes: If you apply for a position at Thompson Smith and Puxon details we will collect from you include:

  • Full name and personal details including contact information (e.g. home address, email address, home and mobile telephone numbers)
  • Your CV (as provided to us by you) which will include education and employment details
  • Your covering letter
  • Additional information that you may provide us with during the recruitment process such as current salary

Third party sources of your data: We may have received your details from a recruitment agency. You will have provided the recruitment agent with your authority to provide your personal data to TSP. We will provide you with a copy of this information notice upon receipt of your details.

Third party data you give to us: Personal data about your referees including name, job role and company and contact details. You must have their authority to provide their personal data and you must share this information notice with them beforehand together with details of what you have agreed on their behalf.

For Professional Purposes: If you are a professional contact of TSP details we will collect from you include:

  • Full name, job role and company details, including professional contact information (e.g. company address, company email address, company landline and company mobile telephone numbers)
  • Additional information as may be contained on your business card, website, promotional material, or in your email footer

Third party sources of your data: We may have been referred to your service by a professional contact or we may have collected your details from information that is in the public domain such as your company website. If we have collected your data in this way we will provide you with a copy of this information notice.

WEBSITE: If you have visited our website we will have told you about the cookies that we use and their purpose and asked you to set your own preferences in relation to these cookies. Our cookie policy is available on our website at

Our website may contain links to other websites. This information notice only applies to and data collected from it. When you visit other websites you should read their respective privacy notice. We do not control these third-party websites and are not responsible for their privacy statements.

CCTV: If you attend our offices in person you should be aware that we operate CCTV. Images are monitored for the purpose of public safety, crime prevention, and the detection and prosecution of offenders.


Subject to applicable laws we will monitor emails, text messages, social media messages and other communications with you in relation to our dealings with you. We may monitor telephone calls and video conferences but will always tell you if we intend to record a telephone call or video conference. Our monitoring is for regulatory compliance, self-regulation, supervision and quality control and training purposes, to protect the security of our communications systems and to check for obscene content. We may also use this monitoring/ recording to  progress and assist with your matter where necessary and this is justified by our legitimate interests or legal obligations

USING YOUR PERSONAL DATA: THE LEGAL BASIS AND PURPOSE: Thompson Smith and Puxon will process your personal data:

As necessary to manage and perform our contract with you for the matter on which we are acting as your Legal Advisor, for example:

  • To take steps, at your request, to discuss your matter with you and/or to provide you with a quote before entering into it
  • To decide whether or not to proceed as your Legal Advisor
  • To update our records
  • To trace your whereabouts to contact you about your matter
  • To advise you on other professional services that you may require as part of your contract with us
  • To act on any feedback you may give us

As necessary for our own legitimate interests or those of other persons or organisations, for example:

  • To advise you on additional legal services that you may require
  • To advise you on other professional services that you may require
  • To send you TSP marketing communications by email or post, which may include invitations to events
  • To manage your My TSP account which includes processing and recording your online invoice payments
  • To use (and offer) a range of resources and alternative ways to deliver, support and improve our services to our clients in a modern and efficient way, including third party call answering and secretarial services, collaborative platforms and legal technology solutions including third party electronic Know Your Client (KYC) providers
  • For market research, analysis and developing statistics
  • To monitor emails, calls and other communications in relation to your dealings with us
  • To be able to carry out conflict of interest checks in future years
  • To be able to deal with any queries, complaints or claims that you might raise in the future
  • To enable us to deal with recovery of any unpaid costs
  • CCTV: for monitoring and protecting our buildings, our private grounds and the vehicles of our staff and clients

As necessary to comply with a legal obligation, for example:

  • When you exercise your rights under data protection law and make requests
  • For compliance with legal and regulatory requirements and related disclosures
  • For the establishment and defence of legal rights
  • For activities relating to the prevention, detection, and investigation of crime
  • To verify your identity, fraud prevention and anti-money laundering checks
  • To monitor emails, calls and other communications as part of your matter
  • To keep secure any Wills and Deeds that we have been asked to store

Based on your consent, for example:

  • When you request that we disclose your personal data to other persons or organisations such as your accountant or land agent, or otherwise agree to disclosures
  • When we process any special categories of personal data about you at your request (e.g. your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation). This will most usually be during the establishment or exercise of a legal claim, for example
  • To send you marketing communications where we have asked your consent to do so

You are free at any time to change your mind and withdraw your consent. The consequence may be however that we cannot do certain things for you.

In the Vital Interests of the individual: From time to time, when representing individuals who may be troubled, in danger, very young, or otherwise unable to exercise due care for their own safety, we may, in extreme circumstances, use information about you or a person connected with you in order to take action to protect them.


Subject to applicable data protection law we may share your data with, for example:

  • Other parties directly connected or named on your matter
  • Third parties who, with your permission, you wish to deal with the matter on your behalf
  • Sub-contractors and other persons who assist TSP in providing our services, such as barristers and medical experts,
  • Other professional advisors, including your accountant, auditors, bank, land or estate agent for example
  • Government bodies and agencies in the UK and overseas e.g. HMRC, Land Registry, Companies House, Information Commissioners Office, Financial Conduct Authority
  • Courts, to comply with legal requirements and for the administration of justice
  • If you pay your TSP invoice or bill through our website your payment information will be shared with Legl. You should ensure that you read their privacy statement.
  • Third party email marketing software platforms, used and controlled by TSP, to assist with the delivery of TSP marketing communications.
  • With third parties providing goods or services to us for the purpose of supporting our work on a Matter / improving client service (e.g. call answering and secretarial services, and providers of legal technology, including electronic KYC providers (see below), collaborative platforms and secure data rooms primarily managed in cloud based IT environments)
  • Your recruitment agent (if you are applying for a role with us and have engaged one)
  • Anyone else where TSP have your consent to do so or as required by law

ELECTRONIC VERIFICATION OF YOUR IDENTITY: As part of our regulatory responsibilities, we may need to obtain information about you from third parties in order to verify your identity. In performing this electronic Know Your Client (KYC) check, personal information provided by you will be disclosed to third parties which may keep a record of that information.

TSP use the Legl Engage platform to conduct electronic KYC checks on individuals and businesses. Legl uses a number of sub-processors. These are detailed in their privacy policy here.

As part of the electronic KYC check, details supplied by individuals are cross- referenced against a range of verified databases, including credit bureaus. This part of the KYC check is powered by Onfido on behalf of Legl.

As detailed on the Onfido website: this check leaves an Identity Generic Footprint (IG), otherwise known as a soft footprint on an individual’s credit file. This footprint is not visible to lenders and will not affect an individual’s credit rating. The footprint is only visible to the individual when they request their own credit file from one of the Credit Bureaus.

Legl Know Your Business (KYB) checks are powered by creditsafe.

We may also need to undertake periodic electronic identity verification checks of your identity whilst you remain a client.


Your personal data may be transferred outside the UK but only to countries which have adequate protections for personal data under applicable laws. Following Brexit, all of the countries in the European Economic Area (EEA) have been deemed as adequate.

DATA SECURITY: We have in place appropriate security measures to prevent your data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.


Whether or not you become a client the following criteria are used to determine how long we will keep your data for:

  • Retention in case of queries: We will retain your data as long as necessary to deal with any queries you might have (about your enquiry or quote for example)
  • Retention in case of claims: We will retain your data for as long as you might legally bring a claim against us
  • Retention in accordance with legal and regulatory requirements: We will retain your personal data after your matter is finished based on our legal and regulatory requirements, e.g. anti-money laundering and terrorist financing regulations
  • Consent: if we are contacting you on the basis of your consent we will revisit your consent to be contacted after 2 years

Examples of retention periods:

  • Name, address and date of birth – Indefinite, in order to enable us to carry out conflict of interest checks in the future
  • Identification evidence – For at least 6 years after the end of the matter or of our business relationship with you, or such longer period as anti-money laundering and terrorist financing regulations may require
  • Wills and Deeds – Until the legal owner requires us to part with them
  • Matter files – Until sufficient time has passed since the file was closed for us to be satisfied that there are unlikely to be any queries, complaints or claims raised with us
  • Payment information – For at least 6 years
  • Recruitment information – For at least 6 months or longer if you have asked us to
  • CCTV images are stored for 30 days


You have a number of rights regarding the processing and storage of your personal data (from 25 May 2018). Some rights do not apply in all circumstances.

  • The right to be informed about the processing of your personal data
  • The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed
  • The right to object to the processing of your personal data
  • The right to restrict processing of your personal data
  • The right to have your personal data erased (the right to “be forgotten”) subject to certain restrictions, e.g. data still required for lawful reasons
  • The right to access your personal data and information about how we process it
  • The right to move, copy or transfer your personal data (portability)

When we receive a request regarding your rights under Data Protection Law we may need additional information from you to help us to confirm your identity. This is to ensure that we do not disclose personal data to anyone who does not have the right to receive it.

We will acknowledge any request that you make and try to respond within one month. If your request is complex or you have made a number of requests it may occasionally take longer but we will keep you informed if this is the case.


We will not undertake any automatic decision making or profiling in relation to your personal data


Your personal data may be converted into statistical or aggregated data which can’t be used to identify you, and then used to produce statistical research and reports. This aggregated data may be used and shared in all of the ways described above


This notice is kept under regular review and any updates will be added to this page. This information notice was last updated on 15 February 2024 and is version no.11 of this notice.


Check you are using a secure site: When your browser displays our website you will notice that the URL at the top of the browser window starts with https. You will also see a closed padlock icon which will be shown in a different position depending on which browser you are using.  The padlock icon  tells you the page and any personal details submitted are protected using 128 bit encryption when transmitted over the Internet. We use Secure Socket Layer (SSL) technology, which is an industry standard.

If you share your PC or use a facility in a public place make sure you are not overlooked as you enter your details and, if applicable, log off when you have finished, and close the browser window,.

Making a Payment Online using my TSP

We can only accept online payments via our website for payment of TSP invoices. We cannot accept payments through our website for deposits or purchase monies or for any other type of payment. Payments may only be made in GBP Sterling and to a maximum value of £5,000.

Third Party Payments: We are unable to accept payments intended for third parties through our website, for example to a Bank for a debt or a mortgage deposit. If you do make this type of payment, we will have no choice but to refund and return your payment which could take up to ten working days, and could result in significant delays to your case.

Processing Your Payment: All payments made through our website are processed by our secure online payment facility, Legl. When making a payment, please ensure that you read Legl’s Privacy Policy for details of how they will process the data you submit to them on their website.

We accept debit and credit cards, electron and maestro cards but we do not accept American Express.

Refund Policy: A refund may be necessary if a payment has been made to us in error via our website. If  a refund should be made we can only process a refund once the original payment has cleared into our bank account, which can take between 2 and 5 working days. It is also likely that a refund will take a similar time to process back into the account from which it came.  Any refund will be made to the card from which payment was made.

Other payment arrangements are available and details will be provided to our clients through our Terms of Business and other client care material.

Assistance: If you need any assistance with or have a query about a payment you have made or if a payment has been made in error, please contact our accounts team at or by telephone at 01206 574431.