Freephone 9am to 8pm, Monday to Saturday0800 368 6162

Request a Callback Start My Settlement

Speak to a Settlement Specialist now on 0800 368 6162 or request a callback

    Information on how we handle your data is in our Privacy Policy.

    Privacy Policy

    Overview

    Settlement Agreement Solicitors Ltd (the “Company”) is a company registered in England and Wales (Company Number 12589585) with its registered office at Thomas House, 84 Eccleston Square, London, SW1V 1PX. Our firm operates the website www.settlementagreement.com (the “Website”).

    Scope and Purpose

    This privacy notice explains how the Company collects, uses, and processes personal data when you interact with our website. It applies to information you provide when you contact us via enquiry forms, telephone, email, or post, as well as when you subscribe to newsletters or interact with us in any other way.

    Please take the time to read this privacy notice carefully, as it outlines how we collect, use, store, and share your information. It also details your rights concerning your personal data and provides guidance on how to contact us or the Information Commissioner’s Office (ICO) should you have any concerns.

    This privacy notice is intended to supplement any additional privacy notices that may be provided for specific data processing activities. It does not override other notices and should be read alongside them. We are legally required to inform you of these details under UK data protection laws.

    This policy applies to all personal data, regardless of the format in which it is stored, whether electronically, on paper, or on other materials.

    Please note: This website is not intended for use by children.

    Your use of this website is also subject to our Terms of Use and Cookie Policy.

    Changes to this policy

    We regularly review and update this privacy notice to ensure it remains compliant with applicable data protection regulations. Any modifications will be posted on our website, and we encourage you to review this notice periodically to stay informed. By continuing to use our website after changes are posted, you accept the terms of the updated notice.

    Your queries

    Our Managing Director, Nigel Downing, oversees privacy matters at Settlement Agreement Solicitors Ltd. If you have any questions about this privacy notice or wish to exercise your legal rights, you can contact him via:

    • Email: privacy@settlementagreement.com

    • Phone: 0800 368 6162

    • Post: Settlement Agreement Solicitors Ltd, Thomas House, 84 Eccleston Square, London, SW1V 1PX

    If you believe we have not addressed your concerns appropriately, you have the right to file a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk/concerns or by calling 0303 123 1113.

    Controller

    The Company obtains, keeps and uses information about you for a number of specific lawful purposes. The Company is a data controller, meaning we determine the purposes and means of processing your personal data. Our firm is registered with the ICO under registration number ZA803213.

    Third Party Links

    Our website may include links to external websites, plug-ins, and third-party applications. Clicking on these links may allow third parties to collect or process your personal data. We do not control these third-party websites and are not responsible for their privacy policies or data handling practices. We encourage you to review the privacy policies of any external websites you visit.

    Data protection principles

    Settlement Agreement Solicitors Ltd adheres to the following principles when processing personal data:

    • Lawfulness, Fairness & Transparency: Personal data is processed legally, fairly, and transparently.

    • Purpose Limitation: Data is collected only for specified, explicit, and legitimate purposes.

    • Data Minimisation: We process only the data necessary for the relevant purpose.

    • Accuracy: We take reasonable steps to ensure data accuracy and correct or delete incorrect data promptly.

    • Storage Limitation: Personal data is stored only as long as necessary for its intended purpose.

    • Security: Appropriate security measures are in place to protect against unauthorised access, loss, or damage.


    How we define processing

    The Company processes personal data in accordance with legal obligations and industry best practices. Processing includes, but is not limited to:

    • Collection, Recording & Storage – Securely obtaining and keeping personal data.

    • Organisation & Structuring – Managing data in an orderly manner.

    • Modification & Updating – Ensuring the data remains relevant and correct.

    • Retrieval & Consultation – Accessing data as required.

    • Transmission & Sharing – Transmitting data securely where necessary.

    • Restriction & Erasure – Limiting access or deleting data when no longer needed.

    Automated systems may be used for certain data processing activities, always in compliance with data protection laws and security protocols.

    What information we collect, use, and why

    We collect or use the following information to provide and improve products and services for clients:

    • Names and contact details
    • Addresses
    • Occupation
    • Date of birth
    • Third party information (such as family members or other relevant parties)
    • Financial data (including income and expenditure)
    • Transaction data (including details about payments to and from you and details of products and services you have purchased)
    • Usage data (including information about how you interact with and use our website, products and services)
    • Employment details (including salary, sick pay and length of service)
    • Health information (such as medical records or health conditions)
    • Audio recordings (eg calls)
    • Records of meetings and decisions
    • Account access information
    • Website user information

    We collect or use the following personal information for the operation of client or customer accounts:
    • Names and contact details
    • Addresses
    • Purchase or service history
    • Account information, including registration details
    • Information used for security purposes
    • Marketing preferences
    • Technical data, including information about browser and operating systems


    We collect or use the following personal information for information updates or marketing purposes:

    • Names and contact details
    • Addresses
    • Profile information
    • Marketing preferences
    • Website and app user journey information
    • IP addresses


    We collect or use the following personal information for research or archiving purposes:

    • Names and contact details
    • Website and app user journey information


    We collect or use the following personal information to comply with legal requirements:

    • Name
    • Contact information
    • Identification documents
    • Client account information
    • Racial or ethnic origin
    • Religious or philosophical beliefs
    • Trade union membership
    • Health information
    • Sexual orientation information


    We collect or use the following personal information to protect client welfare:

    • Names and contact information
    • Client account information
    • Health and wellbeing information
    • Emergency contact details


    We collect or use the following personal information for recruitment purposes:

    • Contact details (eg name, address, telephone number or personal email address)
    • Date of birth
    • National Insurance number
    • Copies of passports or other photo ID
    • Employment history (eg job application, employment references or secondary employment)
    • Education history (eg qualifications)
    • Right to work information
    • Details of any criminal convictions (eg Disclosure Barring Service (DBS), Access NI or Disclosure Scotland checks )
    • Racial or ethnic origin
    • Health information


    We collect or use the following personal information for dealing with queries, complaints or claims:

    • Names and contact details
    • Address
    • Payment details
    • Account information
    • Purchase or service history
    • Call recordings
    • Customer or client accounts and records
    • Information relating to health and safety (including incident investigation details and reports and accident book records)
    • Correspondence

    Lawful bases and data protection rights

    Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

    Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

    If you make a request, we must respond to you without undue delay and in any event within one month.

    To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

    Our lawful bases for the collection and use of your data

    Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:

    • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
    • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
    • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
      • Core Service Delivery We have a legitimate interest in collecting and using personal information to ensure the efficient delivery of our legal services and compliance with professional obligations. This includes: -Managing and processing client cases accurately and effectively. -Ensuring timely communication and updates on legal matters. -Maintaining accurate case records to provide continuity and consistency in legal representation. -Enhancing service quality through internal performance monitoring and audits. We take appropriate measures to balance these interests against the privacy rights of individuals, ensuring that data is used fairly, securely, and only for the stated purposes.
      • Service Improvement & Innovation We have a legitimate interest in improving our legal services by analysing client interactions and service performance. This includes: -Using anonymised data to identify trends and refine legal strategies. -Implementing AI-assisted tools for document analysis and case research, ensuring accuracy and efficiency. -Automating administrative processes to reduce delays and improve response times. -Conducting service feedback surveys to understand client needs and enhance the client experience. We ensure that all data used for service improvement is handled with appropriate safeguards, including anonymisation where necessary, to protect individual rights.


    Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:

    • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
    • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
    • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
      • We have a legitimate interest in collecting and processing personal information to ensure the smooth operation and management of client accounts. This includes:
        • Account administration and maintenance – Ensuring accurate record-keeping, billing, and service continuity.
        • Security and fraud prevention – Verifying client identities, detecting fraudulent activity, and protecting sensitive legal data.
        • Efficient service delivery – Streamlining client interactions, document processing, and communications to improve response times.
        • Regulatory compliance support – Retaining account-related records to meet industry, legal, and regulatory obligations.

    We balance these interests with strict security measures and transparent client controls to ensure fairness and data protection.

      • We also have a legitimate interest in leveraging technology, including AI-driven tools, to enhance the efficiency and security of client account management. This includes:
        • Automating routine administrative processes, such as document verification and case tracking, to reduce delays and improve accuracy.
        • Enhancing client support through AI-assisted chatbots and smart case management, ensuring faster and more effective responses to client inquiries.
        • Using AI for risk detection and security monitoring, helping to identify unusual activity or potential breaches in client accounts.
        • Improving data accessibility and organisation, enabling clients to securely access their case files and legal documents with ease.

    We ensure that all AI and automation processes are used in compliance with data protection laws, with human oversight where necessary, to safeguard client rights and privacy.


    Our lawful bases for collecting or using personal information for information updates or marketing purposes are:

    • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
    • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
      • We have a legitimate interest in using personal information to provide relevant updates and marketing communications that benefit our clients. This includes:
        • Keeping clients informed about legal updates, regulatory changes, and industry developments that may affect their rights or obligations.
        • Providing information about relevant services that could support clients in their legal matters. Personalising communications based on past interactions to ensure that clients receive only relevant and useful information.
        • Improving our client engagement and service offerings through insights gained from marketing analytics.

    We ensure that all marketing communications comply with data protection regulations, provide clear opt-out options, and do not override the rights or freedoms of individuals. Clients can withdraw their consent or opt out of marketing communications at any time.


    Our lawful bases for collecting or using personal information for research or archiving purposes:

    • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
    • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
    • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
      • We have a legitimate interest in collecting and using personal information for research and archiving purposes to enhance our legal services and ensure compliance with professional obligations. This includes:
        • Improving legal services by analysing case outcomes and refining our legal strategies to benefit future clients.
        • Maintaining historical records to ensure continuity in legal representation and accurate case referencing.
        • Using anonymised data for legal research and trend analysis to identify emerging employment law issues and best practices.
        • Enhancing compliance and risk management by reviewing past cases for internal auditing and quality assurance purposes.
        • Ensuring regulatory and professional compliance, as required by the Solicitors Regulation Authority (SRA) and other governing bodies.

    All research and archiving activities are conducted with strict data protection measures, and personal data is retained only as long as necessary for these legitimate purposes. Where possible, data is anonymised to protect individual privacy.

    • Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.


    Our lawful bases for collecting or using personal information to comply with legal requirements:

    • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
    • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.


    Our lawful bases for collecting or using personal information to protect client welfare are:

    • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
    • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
      • We have a legitimate interest in collecting and using personal information to safeguard client welfare, ensuring that they receive appropriate legal support, protection, and security. This includes:
        • Providing clear and accurate legal guidance to help clients understand their rights and options.
        • Ensuring confidentiality and data security to protect sensitive client information from unauthorised access or misuse.
        • Identifying and mitigating risks to client well-being, including cases where a client may be in a vulnerable position or at risk of unfair treatment.
        • Maintaining effective communication to keep clients informed about their legal matters and any necessary actions they need to take.
        • Complying with professional duties and ethical obligations, including those set by the Solicitors Regulation Authority (SRA).

    We balance these interests with strong privacy protections, ensuring that personal data is handled securely and in accordance with clients’ rights under data protection laws.

    • Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.


    Our lawful bases for collecting or using personal information for recruitment purposes are:

    • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
    • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
    • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
    • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
      • We have a legitimate interest in collecting and using personal information for recruitment purposes to attract, assess, and hire qualified candidates who meet the needs of our organisation. This includes:
        • Processing job applications to evaluate suitability for open positions based on skills, experience, and qualifications.
        • Managing interview and selection processes to ensure fair and effective hiring decisions.
        • Maintaining a talent pool of qualified candidates for future job openings (where appropriate and subject to retention policies).
        • Ensuring compliance with fair hiring practices and diversity policies to promote equal opportunities in recruitment.
        • Protecting the integrity of our recruitment process, including verifying references and conducting background checks where necessary and lawful.

    We balance these interests with appropriate safeguards to protect candidate privacy, including data minimisation, security measures, and clear retention policies. Candidates can request the deletion of their data if no longer needed for recruitment purposes.


    Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

    • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
    • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
    • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
      • We have a legitimate interest in collecting and using personal information to manage and resolve queries, complaints, and claims efficiently. This includes:
    • Providing timely responses to client and third-party inquiries to ensure high-quality service and transparency.
    • Investigating complaints fairly and thoroughly, ensuring appropriate resolutions and service improvements.
    • Maintaining accurate records of complaints and claims to monitor trends, prevent recurring issues, and improve our services.
    • Defending or pursuing legal claims, where necessary, in accordance with our professional duties and legal rights.
    • Complying with regulatory and insurance obligations, including reporting and resolving complaints under SRA requirements and professional indemnity coverage.

    We ensure that personal data used for these purposes is processed lawfully, securely, and proportionately, with clear rights for individuals to access and rectify their information where necessary.

    Where we get personal information from

    • Directly from you
    • Regulatory authorities
    • Legal bodies or professionals (such as courts or solicitors)
    • Publicly available sources
    • Previous employment
    • Providers of marketing lists and other personal information
    • Suppliers and service providers
    • Third parties:
      • Referring law firms and solicitors – Where legal matters involve collaboration with other professionals or referrals.
      • Employers or former employers – For employment law cases or when advising employees on settlement agreements.
      • Regulatory bodies and government agencies – Such as the Solicitors Regulation Authority (SRA), HMRC, or the Information Commissioner’s Office (ICO) when necessary for compliance and verification purposes.
      • Financial institutions and payment providers – For processing transactions and verifying payment details.
      • Professional indemnity insurers – For handling complaints, claims, or legal disputes.
      • Marketing and analytics service providers – To improve client engagement and understand service performance.

    All data received from third parties is processed in accordance with UK GDPR requirements and handled securely.

    How long we keep information

    We will not retain your data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of data. We generally keep your personal data so that we can:

    • respond to any questions, complaints or claims made by you or on your behalf;
    • show that we treated you fairly;
    • keep records required by law;
    • prevent fraud;
    • comply with our regulatory requirements.

    When it is no longer necessary to retain your personal data, we will delete securely in accordance with our Data Retention Policy.

    In summary your data will be retained as follows:

    • Website Users: your data will be aggregated and retained for 6 years.
    • Prospective Clients: enquiries will be retained for 6 months after which period the data may be aggregated.
    • Promotional: If you enquired about our services or subscribed to receive our promotional notifications, we will retain your name, email address, organisation and your contacting preferences until you withdraw your consent or until you request us to stop processing data.
    • Third Parties: information will be retained for 6 months if such information is provided by Prospective Client and 7 – 12 years depending on the nature of the matter if the Prospective Client becomes a Client or if such information is provided by a Client.

    Who we share information with

    Data processors

    Cloud Storage and IT Service Providers (Technology Sector, UK & EEA) 

    • These data processors provide us with secure cloud-based services to store and manage client files, emails, and case-related data. 

    Case Management and CRM Software Providers (Legal Tech Sector, UK & EEA) 

    • These platforms help us manage client information, automate documentation, and streamline case handling.

    Cybersecurity & Compliance Services (Cybersecurity Sector, UK & EEA) 

    • Our cybersecurity partners monitor and protect against threats, ensuring compliance with data protection laws.

    Payroll & HR Systems (Finance & HR Sector, UK)

    • These providers manage payroll, employee records, and HR compliance.

    Marketing & Analytics Services (Marketing Technology Sector, UK & EEA) 

    • We use analytics tools to improve service delivery and client engagement while ensuring compliance with data protection regulations.

    Communication & Collaboration Services (Telecom & Tech Sector, UK & EEA) 

    • Our business communication platforms facilitate secure emails, video calls, and messaging.

    Others we share personal information with

    • Other financial or fraud investigation authorities
    • Insurance companies, brokers or other intermediaries
    • Professional or legal advisors
    • Emergency services
    • Regulatory authorities
    • External auditors
    • Organisations we’re legally obliged to share personal information with
    • Publicly on our website, social media or other marketing and information media
    • Previous employers
    • Suppliers and service providers
    • Professional consultants

    Sharing information outside the UK

    Where necessary, our data processors may share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.

    For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

    Organisation name: Google LLC
    Category of recipient: Marketing & Analytics Services, Cloud Storage & IT Services (Technology Sector)
    Country the personal information is sent to: EEA, USA
    How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs)

    Organisation name: Zoho Corporation
    Category of recipient: Case Management & CRM Software (Legal Tech Sector)
    Country the personal information is sent to: EEA, USA, India
    How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs)

    Organisation name: RingCentral Inc.
    Category of recipient: VoIP & Business Communication Services (Telecom Sector)
    Country the personal information is sent to: EEA, USA
    How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs)

    Organisation name: Trustpilot A/S
    Category of recipient: Online Review & Reputation Management Services (Marketing Sector)
    Country the personal information is sent to: EEA, USA
    Transfer mechanism: UK data bridge (Adequacy Regulations) (EEA-based processing)

    Organisation name: Anthropic PBC
    Category of recipient: AI-Powered Legal Research & Content Generation (AI Technology Sector)
    Country the personal information is sent to: EEA, USA
    Transfer mechanism: The International Data Transfer Agreement (IDTA)

    Organisation name: OpenAI LLC
    Category of recipient: AI-Powered Content Support & Automation (AI Technology Sector)
    Country the personal information is sent to: EEA, USA
    Transfer mechanism: The International Data Transfer Agreement (IDTA)

    How to complain

    If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

    If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

    The ICO’s address:           

    Information Commissioner’s Office
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire
    SK9 5AF

    Helpline number: 0303 123 1113

    Website: https://www.ico.org.uk/make-a-complaint

    Last updated 9th March 2025