Town Legal LLP is a boutique planning law firm. We are committed to safeguarding your personal information and dealing with it responsibly and in accordance with UK law and data protection principles. Town Legal LLP is the data controller of any personal information collected by, or provided to, us in connection with our business.

This privacy policy explains what personal information we collect and how it is obtained, used, stored and protected. It explains the legal basis for our use of your personal information, who we share it with and what your rights regarding your personal information are. You may at any time request to see and, if appropriate, amend the personal data we hold about you. Details are given below under ‘Your data privacy rights’.

We are registered with the UK Information Commissioner’s Office with registration number ZA221370. Our Data Privacy Partner is Elizabeth Christie and her deputy is Raj Gupta.

Your data privacy rights

You have a number of rights regarding any personal information of yours that we process. You have the right to ask us for:

  • Access: You can request copies of your personal information (this is sometimes called a subject access request) and ask us for information about how it is processed.
  • Rectification: You can ask us to rectify information you think is inaccurate or complete information you think is incomplete.
  • Erasure: You can ask us to erase your personal information.

In certain circumstances, you may also object to our processing of your personal information or restrict the processing of your information.

The extent to which we must comply with your request will depend on the circumstances, including our reason for processing your information. You can find out more about your rights by visiting the Information Commissioner’s Office website at

If you have provided us with your consent to the processing of your personal information (for example, when subscribing to one of our mailing lists) you have the right to withdraw your consent at any time and we will cease processing your information for that purpose. We may, however, continue to process your personal information for other purposes where we have another legitimate basis for doing so.

If you have any requests concerning your personal information or any queries concerning our processing, please contact us at or in writing to our Data Privacy Partner, 10 Throgmorton Avenue, London EC2N 2DL. We will respond to your enquiry within 30 days unless the query is complex.

You will not have to pay a fee to access your personal information (or to exercise any other right as data subject). However, we may charge a reasonable fee, if your request is clearly unfounded or excessive.

How we obtain personal information

We obtain personal information in the course of our business from or about a number of different categories of people and from a number of different sources. This information may be provided directly by you or:

  • Provided by organisations you own, control or work with including our clients and other third parties involved in matters for our clients (such as our client’s advisers and counterparties).
  • Obtained from searches we conduct of information that is in the public domain (we may search the original source ourselves or use a third party databases of open source material).
  • Collected as a result of your interaction with our website or when you request information or receive marketing services.
  • From Experian as part of our anti-money laundering checks but only with your consent. Experian process data in accordance with the Credit Reference Agency Information Notice.
  • Collected from people with whom we have a business relationship, for example, if you give us your business card.

What we collect

We collect personal information which can include one or more of the following:

  • Basic information such as your name, title or position, and related information such as the organisation you work for or your relationship with a person.
  • How to contact you, including by phone, email or post.
  • Identification information collected as part of our business acceptance process. This includes information about individual clients (name, address, title and role, nationality, date of birth, business interests and track record) and similar information about individuals that own, control or manage client organisations and groups.
  • Financial information such as payment related information and credit history.
  • Technical information, such as information from your visits to our website.
  • Information to help us help you when you attend events such as access or dietary requirements.
  • Other personal information provided to us or generated by us in the course of providing legal service to our clients.

This information may include special category data which the law requires us to treat with extra care. Special category data can include information about your health, racial or ethnic origin, religious or political beliefs, trade union membership, sex life or sexual orientation.

What we do with your personal information

We collect, create, hold and use personal information for the purpose of providing legal services to our clients pursuant to contracts for services with the clients. We process that information in order to perform the legal services that have been requested and also for background purposes including business acceptance (conflict, anti-money laundering and reputational checks), billing and finance purposes and administration of the matter. This information may be disclosed to third parties to the extent necessary to provide our legal service to our clients.

We also use personal information for our own business purposes including:

  • To provide information requested by you.
  • To promote our services, including details of events, seminars, publications and sending legal updates. We send very occasional mailings, by post and by email, of marketing information that we believe is of interest to you. You have the right at any time to be removed from our marketing mailing list or to request only one type of mailing (email or post).
  • To manage and administer our relationship with you and our clients.
  • To provide our website and improve its use including monitoring and auditing.
  • For the purposes of recruitment.
  • To fulfil our legal, regulatory and risk management obligations, this may include disclosures to our regulator (the Solicitors Regulation Authority), auditors, legal or professional advisors, insurers and insurance brokers (in the course of establishing, exercising or defending legal claims).
  • For fraud prevention (including money laundering and bribery) and for the prevention or detection of crime (although use of any CCTV on our premises is the responsibility of our landlord).

We do not make decisions based on automatic profiling.

What is the basis for processing your personal information?

We will only process your personal information where we have a lawful basis for doing so. The lawful basis for processing personal information are set out in UK legislation and are explained in detail on the Information Commissioner’s Office website at The lawful basis we rely on to process your data are:

  • Performance of a contract for the provision of legal services. This includes taking steps prior to entering into such a contract.
  • Compliance with our legal and regulatory obligations.
  • To pursue our legitimate interests.
  • To establish, exercise or defend legal claims.
  • You have provided express consent to our use of your information (for example, when subscribing to one of our mailing lists). You have the right to withdraw your consent at any time.

Sharing personal information

We are based in England. If you are outside the UK, any personal information you transfer to us will be transferred to and stored in the UK. This may involve a transfer of your personal information out of the European Economic Area or another geographical area where information protection may be higher than offered in the UK. We use cloud services for storing information. Consequently, your personal information will be stored in the cloud. Details about how we protect your personal information are set out below.

We may share your personal information with third parties where this is permitted under UK data protection law including with:

  • Other organisations and professionals involve in matters for our clients including barristers, planning consultants, architects, developers, accountants, auditors and technology service providers such as data room and case management services.
  • Courts, tribunals and other government bodies involved in our client’s planning, compulsory purchase and rating matters.
  • Suppliers and vendors, including IT service providers, who provide support services to us.
  • Organisations we work with when hosting events.
  • Exceptionally, with regulatory authorities and law enforcement agencies to comply with legal and regulatory obligations.

We do not sell personal information to third parties.

Protecting your personal information

We use trusted IT suppliers to protect and preserve personal information we process and control. They employ up-to-date data storage and security techniques to protect your personal information from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss. All our employees and any third parties we engage to process your personal information are obliged to respect the confidentiality of your personal information.

Keeping personal information

We hold personal information and other information for different periods reflecting both good data protection practice and our regulatory, statutory and contractual requirements. These periods are set out in our data retention policy, which is revised from time to time. Please contact us if you would like to know the retention period for your own data.

Personal data supplied for the purpose of due diligence checks is used only for that purpose. It will be kept for a minimum of five years after the termination of the business relationship between us and destroyed when your client file is destroyed. This will usually be between six and ten years after the last matter file is closed.

Town Legal LLP’s website

We are committed to safeguarding the privacy of visitors to our website.

You are not required to provide any personal information on the public areas of our website. However, you may choose to do so by completing the contact form on our website. If you do, your personal information will be treated as set out in this policy.


Cookies are small text files that are downloaded to your device when you visit a website and automatically retrieve information about your use of the website. We use cookies to help us improve our website and improve our services. Information from cookies is used in aggregate form and does not identify the individual visitor, and, where you are known to us, we may use this information in an identifiable form to build a profile for you for marketing purposes. You can delete and block cookies by changing your browser settings. Please see for instructions on how to do this.

You consent, by continuing to use this website without changing your settings, to our use of cookies.

Other websites

Our website may contain links to other websites (such as that are outside our control and which are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.


This site uses cookies to keep our site secure and provide our users with the best possible experience. For more information, click here.

I Decline I Accept