UK Client Data Protection Policy

1. INTRODUCTION
FP Law UK LLP respects your privacy and is committed to protecting your personal data. This Client Data Protection Policy (“Policy”) will inform you as to how we process personal data in the course of acting for our clients.

2. ABOUT US

Purpose of this Policy

2.1. This Policy aims to give you information on how we collect and process personal data belonging to you, your personnel (including your directors, shareholders, partners, employees, workers and agents),(where relevant) your family members and other individuals relating to you or who you deal with in the context of our providing legal services to you or your business.

2.2. It is important that you read this Policy together with any other privacy notice or policy we may provide when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

Controller
2.3. This Policy is issued on behalf of FP Law UK LLP, a limited liability partnership formed under the laws of Delaware and with an establishment in the UK with its place of business at Warnford Court, 29 Throgmorton Street, London, EC2N 2AT ("FP UK", "we", "our", or "us"). FP UK is the data controller of the personal information we hold about you.

Contact details
2.4. We are not required to appoint a formal Data Protection Officer under UK data protection laws.However, we have appointed a Privacy and Data Protection Manager. If you have any questions about this Policy or our privacy practices, please contact us in the following ways:

Full name of legal entity: FP Law UK LLP
Email address: DataPrivacy@fisherphillips.com
Postal address: 1200 Abernathy Road, Suite 950, Atlanta, GA 30328

Keeping your information up to date
2.5. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

3. THE DATA WE COLLECT ABOUT YOU

3.1. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
3.2. We may collect, use, store and transfer different kinds of personal data which we have grouped together as follows:

(a) Identity Data includes first name, maiden name, last name, title, date of birth, signature(s), utility bills, bank statements, national identification and identification documents, national insurance number(s) and photographic identification data.
(b) Contact Data includes name, business (including billing and delivery) address, email address and telephone numbers.
(c) Financial Data includes bank account and payment card details, financial details which are relevant to your instructions (such as the source of your funds) and other information to enable us to carry out a credit or other financial checks on you.
(d) Matter Data includes information relating to the matter in which you are seeking our advice or representation, including personal data contained in emails, correspondence and other documents which you may provide to us; this may include data relating to criminal convictions and offences.
(e) Biographical Data includes details of your spouse or partner and dependants or other family members (e.g. if you are instructing us on a matter which requires this information).
(f) Transaction Data includes details about payments to and from you and other details of services you have obtained from us.
(g) Technical Data includes information we obtain from our IT and communications monitoring; information from cookies on our website and similar tracking technologies used in our marketing emails; this may also include information from building access controls.
(h) Marketing and Communications Data includes your preferences in receiving marketing from us (and, if relevant, third parties) and your communication preferences.
(i) Third Party Sourced Data includes information from company registrars (e.g. Companies House in the UK) and information from your professional online presence (e.g. website, LinkedIn profile etc.).

3.3. We may also collect, use and share Anonymised Data such as statistical or demographic data for any purpose. Anonymised Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.
3.4. In certain circumstances, our collection of the different categories of data set out above may include the collection of Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). We also may collect Criminal Convictions and Offences Data.
If you fail to provide personal data
3.5. Where we need to collect personal data by law, to carry out your instructions, or under the terms of our engagement with you (as set out in our engagement letter and terms of business), and you fail to provide that data when requested, we may be delayed or unable to perform our services to you.
Personal data of affiliated individuals
3.6. Where the personal data relates to your directors, shareholders, beneficial owners, employees, agents, associates, family members or other individuals that you deal with or have personal data about, you confirm that your provision of this personal data to us is lawful under applicable data protection laws.

4. HOW WE COLLECT YOUR PERSONAL DATA

4.1. We use different methods to collect data from and about you including:

(a) when we collect the information from you directly, particularly when we communicate with you by email or other electronic correspondence, by telephone or using video conferencing software. You may give us your Identity, Contact, Matter and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

• make a request for our services;
• subscribe to our publications;
• request marketing to be sent to you;
• complete a survey; or
• provide us with feedback.

(b) in the process of carrying out work for you and your business;
(c) networking (for example, at in-person or virtual events);
(d) via our website - we may use cookies on our website and similar tracking devices in our marketing emails (for more information on our use of cookies and similar tracking devices, please see our Cookie Policy, which can be found on our website);
(e) via our information technology systems, including our case management, document management and time recording systems, building access control systems, by virtue of our access to CCTV footage, through your use of our guest Wi-Fi service and from our reception logs;
(f) from publicly accessible sources, (for example, UK Companies House);
(g) from third parties (for example, client due diligence providers, credit reference agencies, or advisors, consultants and other professionals you or we may engage); and/or
(h) otherwise through providing our legal services and operating our business.

5. HOW WE USE YOUR PERSONAL DATA

5.1. We will only use your personal data when we have a legal basis to do so. Most commonly, we will use your personal data in the following circumstances:
(a) where we need to perform the contract that we are about to enter into, or have entered into, with you;
(b) where it is necessary for our legitimate interests as a legal services provider (or those of a third party) and your interests and fundamental rights do not override those interests. These legitimate interests include our interests in providing legal services, managing our relationship with our clients, prospective clients and their staff, hosting clients and others at our offices, hosting virtual and in-person events and ensuring appropriate standards and compliance with policies, practices or procedures;
(c) where we need to comply with a legal obligation to which FP UK is subject (for example, to meet our anti-money laundering requirements);
(d) where processing of Special Category Personal Data is necessary in the context of legal claims or where another legal ground other than explicit consent is available to us under relevant data protection legislation; and
(e) where our legal services require us to process Special Category Personal Data or where we have obtained your explicit consent to do so. If we seek and obtain your consent, you may withdraw it at any time.

5.2. The table in the next section below further explains the purposes for which FP UK will use your personal data and our legal basis for doing so.

Purposes for which we will use your personal data

5.3. We have set out below, in a table format, a description of the ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose or activity	Type of data	Lawful basis for processing including basis of legitimate interest
To check whether we can act for you as a new or existing client, or across from you as a counter party or other third party on a matter involving a new or existing client, and carry out all of our regulatory compliance requirements, including conflicts of interest, anti-money laundering, anti-terrorism, sanctions, anti-fraud and background screening checks.	Identity, Contact, Financial, Matter, Biographical, Transaction, Third Party Sourced.	As is necessary to comply with a legal or regulatory obligation. Where the above does not apply, as is necessary for our legitimate interests (to detect and prevent, among other things, the commission of fraud, money laundering and terrorism offences). We consider this use to be necessary for our legitimate interests and proportionate.
To deliver our services to you including engaging service providers, managing payments, fees and charges and collecting and recovering money owed to us.	Identity, Contact, Financial, Matter, Biographical, Technical, Transaction, Third Party Sourced, Marketing and Communications.	For the performance of our contract with you. Where the above does not apply, as is necessary for our legitimate interests (to deliver our services, manage payments and recover debts due to us). We consider this use to be necessary for our legitimate interests and proportionate.
To manage our relationship with you which will include notifying you about changes to our terms, this Client Data Protection Policy or other applicable terms and policies.	Identity, Contact, Financial, Matter, Biographical, Technical, Transaction, Third Party Sourced, Marketing and Communications.	For the performance of our contract with you. Where the above does not apply, as is necessary for our legitimate interests to manage our client relationships. We consider this use to be necessary for our legitimate interests and proportionate.
To carry out associated administration, record keeping and accounting in connection with your matters and other processing necessary to comply with our professional, legal and regulatory obligations.	Identity, Contact, Financial, Matter, Biographical, Technical, Transaction, Third Party Sourced, Marketing and Communications.	For the performance of our contract with you. Where the above does not apply, as is necessary to comply with our legal and regulatory obligations or otherwise as is necessary for our legitimate interests to carry out appropriate administration and record keeping expected in our industry. We consider this use to be necessary for our legitimate interests and proportionate.
To comply with our internal business policies and for operational reasons, such as improving efficiency, training and quality control.	Identity, Contact, Financial, Matter, Biographical, Technical, Transaction, Third Party Sourced, Marketing and Communications.	It is in our legitimate interests or those of a third party to adhere to our own internal procedures so that we can deliver an efficient service to you. We consider this use to be necessary for our legitimate interests and proportionate.
To address any complaints or claims and/or to enforce legal rights or defend or undertake legal proceedings.	Identity, Contact, Financial, Matter, Biographical, Technical, Transaction, Third Party Sourced.	As is necessary for our legitimate interests to manage our client relationships. We consider this use to be necessary for our legitimate interests and proportionate. Otherwise, and where necessary, as is necessary for the establishment, exercise or defence of legal claims.
To protect the security of our systems and data used to provide services and to prevent unauthorised access and modifications to our systems.	Identity, Contact, Matter, Technical.	As is necessary to comply with a legal or regulatory obligation. Where the above does not apply, as is necessary for our legitimate interests to prevent and detect activity that could be damaging for FP UK, you and/or anyone else. We consider this use to be necessary for our legitimate interests and proportionate.
To make suggestions and recommendations to you about services that may be of interest to you or to otherwise carry out marketing (including sending you alerts, newsletters, announcements, updates, legal developments or other notifications which may be of interest to you).	Identity, Contact, Technical, Third Party Sourced, Marketing and Communications.	It is in our legitimate interests to market our services in order to promote and grow our business. We consider this use to be proportionate and will not be prejudicial or detrimental to you. In some cases, we may rely on your consent (e.g. for the use of non-essential cookies or similar tracking technologies we use within our marketing emails to track delivery and log when emails are opened).
To carry out credit reference checks.	Contact, Identity, Financial, Matter, Transaction, Third Party Sourced.	It is in our legitimate interests to carry out credit control and to ensure our clients are likely to be able to pay for our services. Where carried out, we consider this use to be necessary for our legitimate interests and proportionate.
To assist with external audits and quality checks.	Contact, Identity, Financial, Matter, Biographical, Transaction, Third Party Sourced.	As is necessary to comply with a legal or regulatory obligation. Where the above does not apply, as is necessary to maintain our accreditations so we can demonstrate we operate at the highest standards. We consider this use to be necessary for our legitimate interests and proportionate.

Marketing
5.4. We may use your personal data to notify you by email, telephone, post or SMS about important legal developments and services which we think you may find valuable, by sending you newsletters, invitations to seminars and similar marketing.
5.5. We will send you marketing information based on your consent where required by law. Otherwise, we may send you marketing where we have a legitimate interest in using your personal data for marketing purposes (see the table above).
5.6. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us (using the contact details provided above).

Change of purpose
5.7. FP UK will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to obtain an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

Special category data
5.8. Some of the personal data which you provide to us, or which we may receive, may be Special Categories of Personal Data (see section 3 for the definition). We process these Special Categories of Personal Data on the basis of one or more of the following:

(a) where you have given explicit consent to the processing of the personal data for one or more specified purposes;
(b) where the processing is necessary for the establishment, exercise or defence of legal claims; and/or
(c) where the processing is necessary for reasons of substantial public interest, in accordance with applicable law.

Criminal convictions and offences
5.9. We may collect and store Criminal Convictions and Offences Data (including the alleged commission of offences) only where necessary for the purposes of:

(a) the prevention or detection of an unlawful act and is necessary for reasons of substantial public interest;
(b) providing or obtaining legal advice; or
(c) establishing, exercising or defending legal rights.

Email monitoring
5.10. Emails which you send to us or which we send to you may be monitored by FP UK to ensure compliance with professional standards and our internal compliance policies. Monitoring is not continuous or routine but may be undertaken on the instruction of a partner (or someone with appropriate seniority) where there are reasonable grounds for doing so.

Acting as processor
5.11. In most cases, FP UK acts as a controller in relation to the processing of personal data as set out in this Policy. However, in some circumstances we may process personal data on our client’s behalf as a processor for the purposes of data protection laws. Where we process any personal data on your behalf as your processor, the terms set out in our data processing addendum, a copy of which we would make available where applicable, shall apply.

6. DISCLOSURES OF YOUR PERSONAL DATA

6.1. We may share your personal data with the parties set out below for the purposes set out in section 5 above.

(a) FP UK partners, staff and consultants as necessarily required;
(b) other entities and offices which are affiliated with FP UK (including FP offices outside the UK which include Fisher & Phillips LLP in the US);
(c) third party processors, service providers, representatives and agents that we use to make our business more efficient and for security purposes, including for our IT services, IT infrastructure, information security, risk and compliance, monitoring, email hosting, communications (e.g. video calls), document management, collaboration and storage systems, expenses, printing, post, access controls, device management, data storage/back-up and marketing;
(d) professional advisers, including counsel, lawyers (e.g. in other jurisdictions), bankers, accountants, financial advisors, surveyors, auditors and insurers;
(e) our bankers for the purposes of making payments to you or on your behalf;
(f) our professional indemnity insurers or brokers, and our auditors, or risk managers who we or they may appoint;
(g) debt collection lawyers or agencies;
(h) if we consider disclosure to be required by law or the rules of any applicable governmental, regulatory or professional body. These may be tax authorities, law enforcement agencies, regulators and professional bodies (including the SRA and the Law Society in England and Wales) and other authorities. In certain circumstances, we may be prohibited from telling you that a disclosure has been made;
(i) third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then we will ensure you are notified accordingly, and the new owners may use your personal data in the same way as set out in this Policy.

6.2. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Where processing of personal data is carried out by a third party processor on our behalf, we endeavour to ensure that the processor provides sufficient guarantees to implement appropriate technical and organisational measures so that processing will meet the requirements of data protection laws.

7. INTERNATIONAL DATA TRANSFERS

7.1. To deliver services to you, it is necessary for us to share and store your personal data outside the UK, or the European Economic Area (together “European Territories”) as follows:

(a) with other entities and offices which are affiliated with FP UK (including FP offices outside the UK which include Fisher & Phillips LLP in the US);
(b) with our service providers located outside the European Territories;
(c) if you are based outside the European Territories; and/or
(d) where there is an international aspect to the matter on which we have been instructed.

7.2. Where applicable data protection laws apply, and personal data is transferred by us to, and stored outside, the European Territories, we take steps to provide appropriate safeguards to protect your personal data, including:

(a) transferring your personal data to a country, territory, sector or international organisation which the appropriate supervisory authority has determined ensures an adequate level of protection, as permitted under applicable data protection laws;
(b) entering into standard contractual clauses in a form approved by the appropriate supervisory authority, obliging recipients to protect your personal data as required under applicable data protection laws;
(c) in the absence of an adequacy decision or of appropriate safeguards as referenced above, we will only transfer personal data to a third country (that is, outside the European Territories) where permitted under applicable data protection laws, including where the transfer is necessary for the establishment, exercise or defence of legal claims.

7.3. Please contact us (using the details set out above) if you would like further information on the specific mechanism we use when transferring your personal data out of the European Territories.

8. DATA SECURITY

8.1. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
8.2. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8.3. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet.

9. DATA RETENTION

How long will you use my personal data for?
9.1. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements or any legitimate business purposes. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
9.2. We have a data retention policy which governs our retention of your personal data and determines the appropriate periods for retaining it. Further details regarding our data retention policy can be obtained from our Privacy Manager whose details are given above.
9.3. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

10. YOUR LEGAL RIGHTS

10.1. Under certain circumstances, you have rights under data protection laws in relation to your personal data to:

(a) Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of your personal data which we are processing. We may refuse to comply with a subject access request (partly or wholly where applicable) if the request is:

- - - - manifestly unfounded or excessive or repetitive in nature;
        
        in relation to information in respect of which a claim to legal professional privilege could be maintained in legal proceedings; and/or
        
        in respect of information in respect of which we owe a duty of confidentiality to our client.

(b) Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. We may refuse to comply with a request for correction if the request is manifestly unfounded or excessive or repetitive.
(c) Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, your right of erasure arises only in certain circumstances and that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
(d) Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

- - - - If you want us to establish the data's accuracy.
        
        Where our use of the data is unlawful but you do not want us to erase it.
        
        Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
        
        You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

(e) Request transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. This right only applies to information processed by automated means which you initially provided consent for us to use or where we used the information to perform a contract with you.
(f) Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We may advise you if this is the case at the time you withdraw your consent.

10.2. You also have the right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. Where you object on this ground, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. You also have the right to object where we are processing your personal data for direct marketing purposes.
10.3. Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply. We may refuse a request for erasure, for example, where the processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defence of legal claims.

How to exercise your rights
10.4. You can exercise any of your rights as described in this Policy and under data protection laws by contacting our Privacy Manager (see contact details above).

No fee usually required
10.5. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you
10.6. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond
10.7. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

11. COMPLAINTS
You have the right to lodge a complaint to your national data protection authority. If you are in the UK, information on how to contact the Information Commissioner is available at www.ico.org.uk. If you are located in the EU, further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

We would, however, appreciate the chance to deal with your concerns before you contact the regulator so please contact us (using the contact details in section 2 above). Where we receive a complaint relating to the processing of your personal data, we will acknowledge receipt of the complaint no later than 30 days from when we received the complaint and, without undue delay, take appropriate steps (making enquiries into the subject matter of the complaint, to the extent appropriate) to respond to the complaint, keeping you up-to-date on the progress and informing you of the outcome of the complaint.

12. CHANGES TO THIS POLICY
We keep our Client Data Protection Policy under regular review and may change it from time to time. This version was last updated on June 1, 2026.

Disclaimer of Warranties

The content of this website is not guaranteed to be up to date, and we expressly disavow any obligation to update any previously posted material that may later be overruled, repealed or superseded. We make no representations or warranties as to the completeness of the material presented herein, and we assume no responsibility for errors that may appear. We also disclaim responsibility for the contents or privacy practices of any third party websites that you may access through this site. Your use of this website, and other sites accessed through this website, is at your own risk and we will not be held responsible for transmission of viruses or other harmful effects that may result from such use. Your sole remedy for your dissatisfaction with the contents or performance of this website is to cease using the website.

Proper Use

You agree that your use of this site will at all times be for lawful and proper purposes. You agree not to attempt to gain access to non-public areas of this site or to files, servers or other data of Fisher Phillips by “hacking” or other unauthorized means. You further agree not to disrupt the operation of the website by any electronic or other means. You agree not to transmit messages or material via the e-mail addresses accessible on this site that is obscene, defamatory, threatening or unlawful, and you agree not to send e-mail messages in such numbers that will result in damage or disruption to the operations of this website or of the firm.

Indemnification

You agree to indemnify Fisher Phillips for any damages or harm caused by your violation of these Terms of Use. You further agree to defend, indemnify and hold harmless Fisher Phillips, its partners, employees, agents and affiliates, from any and all third-party claims, demands, damages, losses, costs, attorneys’ fees and expenses resulting from your violation of these terms of service. You agree that the exclusive venue for any litigation alleging a violation of these Terms of Use shall be the courts of Fulton County, Georgia or the United States District Court for the Northern District of Georgia.

For Questions or further Information, please contact us at info@fisherphillips.com.

UK Client Data Protection Policy

Disclaimer of Warranties

Proper Use

Indemnification

Connect With A Team That Understands Your Business