Onsidelaw.co.uk is the website of Onside Law LLP, registered in the United Kingdom (company number OC435521, registered address 642A Kings Road, London SW6 2DU, England). Any reference in this policy to “Onside Law”, “we”, “us” or “our” is to Onside Law Limited.

When you interact with us through our website (or otherwise) you may provide, or we may collect, certain information from which you are personally identifiable (which is referred to as personal data). For the purposes of the UK General Data Protection Regulation (and all other laws relating to the use your personal data), we are the “controller”, meaning that we are responsible for deciding how your personal data is used and more importantly, for keeping your data safe and only using it for legitimate reasons.

We are committed to protecting your privacy and will take all steps necessary to comply with our legal obligations when using your personal data. This Privacy Policy explains how we fulfil this commitment, so please read this document carefully.

What personal data do we collect and what do we use it for?

You may provide to us, or we may collect from you, the following types of personal data (non-exhaustive) when you become a client of Onside Law or otherwise when you directly interact with us (when using our website or otherwise) or as necessary in the course of providing legal services whether to you or to a third party:

  • Identity – first name (including prefix or title), surname, the company you work for (if applicable), your title or position (if applicable), date of birth, passport information (or other identity information), tax status.
  • Contact – email address, telephone numbers and postal address.
  • Financial – all payment related information including bank account details and background information provided by you or collected as part of our business acceptance processes.
  • Business Information – provided to us by or on behalf of clients, suppliers, advisors or applicants, or generated by use in the course of providing services to our clients, which may include special categories of data. Special categories of personal data cover data about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. It also covers genetic data and biometric data and data concerning health, sex life or sexual orientation. This data is naturally more sensitive in nature and we will always treat it accordingly.
  • Marketing – contact information to send you newsletters, publications and invitations, your marketing preferences

We may collect the following types of information from you when you use our website, through cookies and other tracking technologies. For more information, please read our Cookies Policy:

  • Technical – this might include your IP address, browser information, location information, operating system and system configuration, network and software identification and device information
  • Usage Data – this includes information about how you use our website, such as click throughs, time spent on page, download errors etc.

Certain of the above information will not identify you directly but may do so when combined with other information.

The table below sets out how we use your personal data and our lawful basis for doing so. We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using it. Importantly, we will only use your personal data when the law allows us to.

Reason why we use the dataWhat dataLegal ground for using the data
Register you as an Onside Law client and carry out our business acceptance procedures (including anti-money laundering, conflict and financial checks)Identity, Contact, FinancialPerformance of a contract with you

Necessary to comply with a legal obligation
To provide you with legal servicesIdentity, Contact, Business InformationPerformance of a contract with you

Processing is necessary for the establishment, exercise or defence of legal claims
To issue invoices for our services, process payments to our suppliersIdentity, Contact, FinancialPerformance of a contract with you
To fulfil our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claimsAllPerformance of a contract with you

Necessary to comply with a legal obligation

Processing is necessary for the establishment, exercise or defence of legal claims
To liaise with our suppliers and advisorsIdentity, Contact, FinancialPerformance of a contract with you
For the purposes of recruitmentIdentity, Contact, Business InformationNecessary for our legitimate interests (recruitment of personnel)
For internal administration and record keeping purposesAllPerformance of a contract with you

Necessary to comply with a legal obligation

Necessary for our legitimate interests (for effective business administration and service provision)
Notify you of changes to our Privacy Policy, our Terms of Business or other changes to our servicesIdentity, ContactPerformance of a contract with you

Necessary to comply with a legal obligation
To provide information requested by you which may involve contacting you by post, e-mail or phoneIdentity, Contact, Business InformationPerformance of a contract with you

Necessary for our legitimate interests (to ensure our clients are informed and satisfied with our services)
To promote our services, including sending legal updates, publications and details of eventsIdentity, Contact, Marketing, Technical and UsageNecessary for our legitimate interests (to develop our business and provide pertinent information to our clients and business contacts)

To improve your experience of our websiteTechnical, UsageNecessary for our legitimate interests (to develop our business, improve our service and overall user experience)
Verify your identity and detect fraud and security issuesAllNecessary for our legitimate interests (to prevent and detect fraudulent activity, security incidents and criminal activity)
Hosting a meeting at our offices or an event at our offices or at a business partner’s officeContact, Identity, Business Information (including
special categories of personal data about dietary or access requirements)
Performance of a contract with you

Necessary to comply with a legal obligation


If you fail to provide personal data

Where we are legally obliged to collect personal data or in order to process your instructions or perform a contract we have with you and you fail to provide the relevant data, we may not be able to perform our contracted services or commence the same. We will notify you if this is the case at the time.


If you receive marketing communications from us and no longer wish to do so, you can opt-out at any time either by Contacting Us or by using the opt-out function detailed in the relevant marketing email. Please note that we may still need to send you service notifications by email, such as advising you of updated privacy terms or terms of business.

Who do we share your data with?

We do not pass your personal data onto any third parties for them to market their products/services to you. If in the future we decide that we want to, we will only do so if we have your consent.

We do however share your personal data with third parties to help us deliver our services to you in the most effective way possible. These include third parties who assist us with:

  • Delivering relevant Onside Law email marketing (to the extent you have not unsubscribed)
  • Detecting fraud or criminal activity

We may also share your personal data with certain trusted third parties in accordance with contractual arrangements in place with them, including:

  • Our professional advisers (including our EU Representative listed below) and auditors
  • Suppliers to whom we outsource certain support services such as word processing, translation, photocopying and document review
  • IT service providers
  • Third parties engaged in the course of the services we provide to clients and with their prior consent, such as barristers and local counsel
  • Third parties involved in hosting or organising events or seminars

Where necessary, or for the reasons set out in this policy, personal data may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.

If we share personal data with third parties, we will ensure that access is limited on a strictly need to know basis and is subject to suitable obligations relating to confidentiality and security.

Do we send any of your data outside of the EFA?

The European Economic Area or “EEA” is deemed to have good standards when it comes to data privacy. As such, we consciously limit the occasions when we may need to transfer or handle your data outside of the EEA. Where we do, for example where we are required to share your data with our Swiss or Australian offices or our service providers are based outside of the EEA, we make sure that your data is still treated fairly and lawfully in all respects (including making sure we have a legal ground for sending your data outside the EEA and putting in place all necessary safeguards for such arrangement).

Where relevant, you will have the right to see a copy of any safeguards we put in place for international transfers of your data. Just get in touch with us if you would like to find out more.

How do we keep your data secure?

We adopt industry standard processes to ensure your data is kept safe and secure and to prevent unauthorised access or use or loss of your data. We also make sure that third parties who need to handle your data when helping us to deliver our services are subject to suitable confidentiality and security standards.

Despite the security measures we implement, please be aware that the transmission of data via the internet is not completely secure. As such, we cannot guarantee that information transmitted to us via the internet will be completely secure and any transmission is at your own risk.

How long do we keep your data for?

We will keep your data for as long as you are an Onside Law client and/or where you are still happy to hear from us about our latest news, events and services. Once you no longer wish to be engaged with Onside Law we may still need to keep hold of your data based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and Onside Law’s business purposes.

Changes to our privacy policy

If we amend our Privacy Policy, it will be published on our website so please check back regularly to see if there have been any updates. If we make any substantial changes, we may also email you if it’s appropriate.

Your rights

In certain situations, you are entitled to:

  • access a copy of your personal data;
  • correct or update your personal data, which you can do by contacting us and informing us of any changes;
  • erase your personal data;
  • object to the processing of your personal data where we are relying on a legitimate interest (as set out in the above table);
  • restrict the processing of your personal data;
  • request the transfer of your personal data to a third party; or
  • where you have provided your consent to certain of our processing activities, in certain circumstances, you may withdraw your consent at any time.

Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see ‘what personal data do we collect and what do we use it for? section) or that you may not be able to make use of the services offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal data to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.

If you want to exercise any of these rights, please Contact Us. The good news is that you don’t have to pay a fee to exercise your rights, unless your request is clearly unfounded, repetitive or excessive (in which case we can charge a reasonable fee). Alternatively, we may refuse to comply with your request in these circumstances. Where your request is legitimate, we will always respond within one month (unless there is a legal reason to take longer, such as where your request is particularly complex). We may also need you to confirm your identify before we proceed with your request if it is not clear to us who is making the request.

In addition to the above, you may get in touch with the ICO (Information Commissioner’s Office) if you are concerned about the way in which we are handling your personal data. However, where possible, we would really appreciate you speaking with us first if you have any concerns.

European Representative

In relation to all personal data processing activities undertaken by Onside Law that relate to individuals in the EEA and/or the activities of individuals in the EEA, our European Representative is Nataf Fajgenbaum & Associes and can be contacted at: office@nfalaw.com. In the first instance, we would appreciate that you contact us first to discuss any concerns.

Contact us

If you would like to discuss anything in this policy or if you want to exercise your rights, please get in touch:

Email: info@onsidelaw.co.uk

Please write to us at:
The Practice Manager
Onside Law Limited
642A Kings Road
United Kingdom