Lucas & Wyllys Solicitors

Lucas & Wyllys Solicitors


Privacy Notice & Data Protection

Lucas & Wyllys are committed to protecting your personal data. The purpose of this notice is to explain to you how we collect, handle and use your personal data.

Data Protection Officer

We have appointed a Data Protection Officer who is responsible for overseeing questions and compliance in relation to this notice. If you have any questions about this notice, including any requests to exercise your legal rights to access or transfer your personal data, please contact our Data Protection Officer, Amy Church. Amy’s details are as follows:-

E-mail address:

Telephone number: 01493 855555

Postal address: 11 Queen Street, Great Yarmouth, NR30 2QP


If an occasion arises and you need to make a complaint about the way we have dealt with your personal data then please do not hesitate to contact Amy in the first instance. You do also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) (

Changes to this notice.

This notice has been updated in accordance with the change in recent law; the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) that came into force in the UK on 25th May 2018.

We will undertake a regular review of this notice and may amend it as and when the need arises. Please ensure that you take the time to read this notice and check our website regularly for any amendments or updates.

If you are viewing this notice on our website and would like a hard copy then please contact Amy.

It is important that the personal data we hold for you is accurate and up to date. Please keep us informed of any changes in your personal data, for example a change of address or telephone number. You can inform Amy (or your lawyer) of those changes by either email or post.

Data Protection Principles

Current data protection law states that personal data should be:-

(a)       Processed lawfully, fairly and in a transparent manner.

(b)       Collected only for specified, explicit and legitimate purposes.

(c)       Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

(d)       Accurate and where necessary kept up to date.

(e)       Not kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data is processed.

(f)        Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss,  destruction or damage.

(g)       Not transferred to another country without appropriate safeguards being in place.

(h)       Made available to data subjects and allow data subjects to exercise certain rights in relation to their personal data.

We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

What Data do we collect and how do we store and use that data?

We collect and process personal data about you when:

  • you instruct us to provide our legal services;
  • you enquire about a potential engagement with us;
  • you use this website, including when you submit an enquiry.

Some of your personal data is held and stored in paper and other data is held and stored electronically. We primarily use your personal data for the provision of our legal services to you. The information may also be used for related purposes including updating and enhancing client records, analysis to help us manage our practice, statutory returns and legal and regulatory compliance. When we record and use your personal information we:

  • only access it when we have a good reason
  • only share what is necessary and relevant
  • don’t sell it to commercial organisations

Our use of that information is subject to your instructions, the GDPR and our duty of confidentiality. Please note that our work for you may require us to give information to third parties such as expert witnesses and other professional advisers. We do not allow our third parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Please contact us if you require further information about the third parties we use.


We may use Cookies from time to time on this site to monitor usage. We do not use cookies to collect any further personal information when you use this site.

It is possible to configure your web browser not to accept cookies. Please refer to your browser support for guidance on how to do this.

Third-party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of our engagement with you, (such as identity data we are required to collect under money laundering regulations) and you fail to provide that data when requested, we may not be able to provide our services to you. If so, we may have to terminate our engagement with you but we will notify you if this is the case at the time.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. This includes (but is not limited to), Antivirus and firewall systems in place to constrict access to our systems remotely. As part of our business continuity and disaster recovery plan and procedures, data held on your behalf is backed up to a fully secure offsite facility.

Our staff have regular training in data security and we have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available on request by contacting us using the details above.

Your legal rights and access to your personal data

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:-

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact us.

We will aim to respond to all legitimate requests within one month. If your matter is particularly complex it may take us longer to respond but we will inform you and keep you updated. Usually you will not have to pay a fee to access your personal data (or to exercise any of the other rights). Upon any request we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Lucas & Wyllys solicitors is the controller of data for the purposes of the current data protection law. We are registered with the ICO and our registration number is Z5296275

Registration with the ICO

If you wish to exercise any of the rights set out above, please contact us.