NLS Solicitors


Privacy Statement

1.Introduction and Terms

NLS Solicitors (“We” or “us”) are committed to protecting and respecting your personal information and privacy.  This privacy and cookie policy relates to our use of any personal information we collect from you in relation to any of our services.  Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal information, including the Data Protection Act 1998 (DPA) and the General Data Protection Regulation (GDPR) from May 2018.

NLS Solicitors is registered with the Information Commissioners Office (ICO).  Our registration number is ZA046322.

2.How to Contact Us

You can contact us using the following details:

Mail: For the attention of the Data Protection Manager, Mrs Sue Evans, NLS Solicitors, 17 Mansel Street, Swansea, SA1 5SG


Telephone: 01792 687717 and ask to speak to Mrs Sue Evans, The Data Protection Manager.

  1. Your Rights

Under the GDPR your rights are:

  • The right to be informed – We must make available this privacy statement with emphasis on the transparency of how we process your data.
  • The right of access – You are entitled to find out what details we may hold about you and why we hold them.
  • The right to rectification – We are obliged to correct or update your details.
  • The right to erasure – You have a right to ask us to remove your information from our database.
  • The right to restrict processing – You have the right to stop the processing by us of your personal data.
  • The right to data portability – You have the right to obtain and reuse the personal data that you have provided to us.
  • The right to object – You have the right to object to us using your personal data in relation to marketing and or profiling.
  • Rights in relation to automated decision making and profiling – We do not use automatic decision making or processing.


  1. Who we are

For the purposes of the DPA and the GDPR data controller is NLS Solicitors of 10 St Andrew’s Crescent, Cardiff CF10 3DD.  If you need more information about our privacy policy or data protection you should contact your Data Protection Manager or write to us at the address in section 2.

  1. What information we will collect and how

We process both Personal and Sensitive (Special) categories of data.

  • Personal data may include name, address, email addresses, home and mobile numbers and may also include IP addresses and cookies.
  • Sensitive (Special) categories of data include medical details, racial or ethnical origin and passport numbers.

We collect the data by the following methods:

  • Through engagement of our services
  • By communications (letters/emails/phone calls)
  • Through service providers and referring bodies
  • Through the contact form on our website
  1. How the data is used

We will use the information that we hold about you in the following ways to enable us to provide you with the information and services that you request from us arising from any contract entered into between you and us.

We utilise social media and may wish to process any comments made by you in order to improve our services.

  1. When we will contact you and will this be marketing?

We do not use any of the personal or sensitive data that we hold about you for marketing purposes except for contacting you regarding your specific case.

  1. How do we protect your information?

All personal information is held securely.  Information held electronically is password protected.

  1. Will your information be shared?

We will keep your information within the firm except where disclosure is required or permitted by law or when we use third party service providers (data processors) to supply and support our services to you.  We will not sell, trade or otherwise transfer to any other outside body.

We have contracts in place with our data processors, to ensure that they can not do anything with your personal information unless we have instructed them to do so.  They will not share your information with any other organisation apart from us and will hold it securely and retain it foe the length of time that we instruct.

Our data processors services are listed below.

  • IT Support and Cloud Service
  • Case Management System
  • Email provider
  • Secure document disposal service
  • Secure storage facility
  • WIFI Provider
  • HR and payroll service providers
  • Telephone line provider and VoIP services

We may also disclose your personal data to law enforcement agencies in connection with any investigation to help prevent unlawful activity.

  1. How long do we keep information?

Our data retention policy is dictated by the DPA, GDPR and the requirements of our regulator, the Solicitors Regulation Authority (SRA), a copy of which can be requested.  We also have a legal obligation to retain documents for inspection by HM Revenue and Customs and the Legal Aid Agency to comply with their regulations.

No personal information is retained by our website following the completion of a contact form.

  1. Can you request that your information is deleted?

Under GDPR you have the right to erasure under certain circumstances, which will be decided upon on a case by case basis.  Please contact us if you require more information.  However please note that as our data retention policy is dictated by regulations outside of our organisation this is unlikely to be possible in many cases.

  1. Can you request your information is corrected or updated?

If your information is incorrect or out of date, please contact either you fee earner of the Data Protection Manager  and we will correct or update your data at the earliest opportunity.

  1. Can you find out what details we hold about you?

An individual can find out if we hold their personal information and what information we hold by making a ‘subject access request’ (under DPA) or ‘right of access request’ (under GDPR).

If we hold information about you, we will respond in writing within one calendar month of your request.

The information that we supply will:

  • Confirm that your data is being processed
  • Verify the lawfulness and the purpose of the processing
  • Confirm the categories of data that are being processed
  • Confirm if we have or will disclose your information to any recipient and the reason for doing so
  • Let you have a copy of the information in an intelligible form.

To make a request for personal information please write to us at the address in section 2 of this policy.  Please note that you may need to provide identification to access your data.

If we do not hold information about you, we will confirm this in writing without delay.

  1. Changes

Our privacy statement is under regular review and changes may be made from time to time.  The current version of the privacy statement will be posted on our website at all times.

  1. Complaints

You have the right to complain about the processing of your personal information.  Please contact us using the details in section 2 above.  If you are still dissatisfied, you have the right to complain to the Information Commissioners Office .