Privacy Policy



This page details how we process the personal data we hold on you, as a client of the company, and how you can control the retention and use of that data.


When you begin a business relationship with our company, the data you provide may be used for different purposes and may be treated in different ways.


Essentially, we seek only to use and retain such data which is necessary either for the performance of our contract with you (i.e. dealing with your case in accordance with our professional and legal requirements and your instructions), or where some other lawful purpose is engaged (e.g. holding data for accounting record purposes or audit by the Legal Aid Agency etc).


In order to act for you, we ask that you review, and accept and consent to this data protection policy.  Note, however, that Nunn Rickard Litigation relies upon Article 6(1)(b) of GDPR which is necessary for the performance of a contract.


All data that is held by ourselves (or those who act on our behalf) is encrypted, backed up on at least a daily basis, and stored on servers or computers based in the EU. Where data is held on, or capable of being accessed by desktop, laptop or tablet computers, that equipment is (a) password protected, (b) encrypted and (c) secured by two-factor authentication. We are registered with the Information Commissioner’s Office. We have satisfied ourselves that all third-parties who hold your data on our behalf will comply with GDPR from the date of commencement, which is 25th May 2018, at the latest.


Our core position in relation to the processing of data is this: ‘Nunn Rickard Litigation wishes at all times to comply with both the letter and spirit of data protection legislation. We will work openly with you to resolve any concerns that you have.’


The new regulations are complex and we, like other businesses, are still carefully working through the implications in order to implement compliant solutions, therefore the contents of this page will evolve over time.


If you wish to see the data that we hold or request its deletion, please send an email via the website contact page and we will contact you to facilitate this. We aim to comply with all requests within 20 working days.



Where your account is paid online, or an invoice is paid via debit/credit card or direct debit, these transactions are handled by third-party card companies. We therefore have no access to your financial data at all. These company’s  are approved financial institutions and you should contact them directly if you have questions in relation to your data use.


Where a payment is made, the transaction is recorded by our bank/payment processor, we have access to your identity and payment confirmation in order to reconcile your account, these details are retained for a period of 6 years from date of payment.


Your Case

We ask for: your name, address, business address, email address and telephone contact number. In addition to using this information in order to communicate with you and to deal with your matter, we also use these details to generate invoices and create accounting records for HMRC and other accounting purposes (i.e. ‘legal obligations’ under GDPR).


We will also ask you for all relevant details needed for the progression of your case, and where necessary speak to and obtain information from others, e.g. witnesses. When necessary we will also obtain information and discuss your details with others, e.g. a barrister who we intend to instruct to represent you, or other experts who we will instruct on your behalf. We may also receive data about your case from other parties, e.g. disclosure on your case from the Crown Prosecution Service or the Probation Service. All data received from you or in relation to your case is covered and protected by this data policy in addition to our professional rules which ensure client confidentiality.


These details are retained and stored for a period of 6 years from the date of the completion of your case. After 6 years the file will be destroyed unless there is a specific reason not to do so.


Unsolicited contact

You may contact us via email, or other social media. You should note that we may maintain a record of that exchange. In particular please note that our email systems are hosted on a platform that allows for permanent and unlimited storage of emails. You do of course have the right to have such data deleted.