1. About
1.1 We are v3 Legal Limited, a law firm authorised and regulated by the Law Society of Northern Ireland. We are the data controller for the Personal Data described in this notice.
1.2 Personal Data: Means any information relating to an identified or identifiable individual. For you, Personal Data means your personal data. Special Category Data: Means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, or data about sex life or sexual orientation.
1.3 This notice explains how we collect, use, and protect Personal Data. It applies to everyone whose Personal Data we hold: clients, contacts, suppliers, and anyone whose data we receive in the course of our work. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1.4 Please read this notice carefully. It contains important information about your rights. This notice does not cover third party websites that may link to ours. If you are a client, read this notice alongside our engagement terms, which contain further provisions on confidentiality.
2. Personal Data
2.1 Data we will collect from all clients: Your name, address, and telephone number; email address and other electronic contact details; information to verify your identity (eg, date of birth, passport or driving licence details); occupation; information relating to the matter in which you instruct us.
2.2 Data we may collect depending on your matter: Financial details relevant to your instructions (eg, source of funds, bank details); company or business information; payment details (card or bank information for transfers and direct debits); employment status and details (where relevant to your matter); details of family members (where relevant, eg, in shareholder or partnership disputes with personal dimensions).
2.3 Data we collect from website visitors: IP address, browser type, and operating system; pages visited and how you interact with our website; data you submit through contact forms or by contacting us; cookie data (see below).
2.4 Data we receive about third parties: In acting for clients, we may receive Personal Data or Special Category Data about individuals who are not our clients. In this regard, we process your data because it is necessary for our client's legitimate interests in connection with the matter on which we act. In many cases, we will not contact you directly to tell you we hold your data. This is because our duty of confidentiality and legal professional privilege may prevent disclosure (Article 14(5)(d) UK GDPR), and/or doing so would be impossible or involve disproportionate effort, particularly where the data relates to a large number of individuals (Article 14(5)(b) UK GDPR). This notice serves as the publicly available information required in those circumstances.
2.5 Where providing Personal Data is required: Where we need Personal Data to provide legal services or comply with a legal obligation, providing it is a requirement of our engagement. If you do not provide the data we need, we may be unable to act for you or continue to act.
2.6 Some matters may involve Special Category Data: Where this arises, we process it where the processing is necessary for the establishment, exercise, or defence of legal claims (Article 9(2)(f) UK GDPR), and/or where the processing is necessary for the purpose of obtaining legal advice or in connection with legal proceedings, which is a substantial public interest condition under Article 9(2)(g) UK GDPR, read with paragraph 33 of Schedule 1, Part 2 of the Data Protection Act 2018.
3. Collecting Personal Data
3.1 We collect most Personal Data directly from you through our communications with you.
3.2 We also collect information from: Publicly accessible sources; our clients; third parties acting on your behalf or involved in your matter; AML and identity verification providers as required by the Money Laundering Regulations 2017; credit reference agencies; our website; our IT and practice management systems.
4. Using Personal Data
4.1 We can only use Personal Data if we have a lawful reason: Under contract to fulfil our engagement with you or to take steps before entering into one; under a legal obligation to comply with laws and regulations that apply to us; under our legitimate interests where we have a business reason to use your data, provided this does not override your rights.
4.2 Where we rely on legitimate interests, we carry out an assessment to ensure our interests do not override yours. You have the right to object to processing based on legitimate interests (see below).
| What we use Personal Data for | Lawful basis |
|---|---|
| Providing legal services to you | Contract |
| Verifying your identity and conducting AML/KYC checks | Legal obligation |
| Conflict of interest checks | Legal obligation |
| Screening for sanctions and embargoes | Legal obligation |
| Complying with LSNI regulatory requirements | Legal obligation |
| Preventing and detecting fraud | Legitimate interests |
| Enforcing or defending legal rights | Legitimate interests / legal obligation |
| Pursuing claims or proceedings on behalf of our clients against third parties | Legitimate interests |
| Responding to regulatory enquiries and audits | Legal obligation / legitimate interests |
| Business administration, quality control and training | Legitimate interests |
| Maintaining the security of our systems and data | Legitimate interests / legal obligation |
| Statistical analysis to manage and improve our practice | Legitimate interests |
| Dealing with complaints and claims | Legal obligation / legitimate interests |
| Keeping client records accurate and up to date | Contract / legal obligation |
| Marketing our services to existing and former clients | Legitimate interests / consent |
| Website analytics and monitoring website performance | Legitimate interests |
5. Sharing Personal Data
5.1 We share Personal Data only where necessary and with appropriate safeguards. We ensure all third parties who handle your data operate under agreements or arrangements consistent with our legal and professional obligations.
5.2 Who we share with: Other professionals involved in the matter, such as other lawyers, experts, agents, etc; AML and identity verification providers; IT, software, and technology providers, including cloud hosting, email, practice management systems, and artificial intelligence tools used to assist in delivering our services; accounting and financial software providers; insurers and brokers; our bank; courts, tribunals, and regulatory bodies; other parties' solicitors; external auditors and advisors; law enforcement and government agencies; any other third party where sharing is necessary to fulfil our legal and professional obligations.
6. International transfers
6.1 Personal Data is primarily held at our offices and on secure cloud systems within the UK and the European Economic Area (EEA).
6.2 Personal Data may be transferred outside the UK or EEA only in limited circumstances: For example, where a matter involves parties or proceedings in another jurisdiction, or where a service provider processes data in a third country. Where any such transfer takes place, we ensure appropriate safeguards are in place in accordance with UK GDPR.
7. Personal Data retention
7.1 We retain Personal Data for as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, regulatory, accounting, or reporting requirements. We generally retain client files for 7 years minimum from the conclusion of a matter. Different retention periods may apply depending on the nature of the matter.
7.2 When we no longer need it, we securely delete or anonymise Personal Data.
8. Your rights
8.1 You have the following rights under UK GDPR, which you can generally exercise free of charge: Access (ask us for a copy of Personal Data); Rectification (ask us to correct inaccurate Personal Data); Erasure (ask us to delete Personal Data in certain circumstances); Restriction (ask us to limit how we use Personal Data in certain circumstances); Data portability (ask us to transfer Personal Data you provided in certain circumstances); Object (object to processing based on legitimate interests; object to direct marketing at any time); Withdraw consent (if we rely on your consent, you can withdraw it at any time). If there is a charge, we will tell you.
8.2 To exercise any of these rights, please contact us (see below). Please provide enough information to identify you (eg, your full name and matter reference), and tell us which right you want to exercise. We will respond within one month. In some cases, exemptions may apply (eg, we cannot delete data that we are required by law to retain).
9. Personal Data security
9.1 We take Personal Data security seriously: We have appropriate technical and organisational measures to protect your data from unauthorised access, use, alteration, or loss. Access to Personal Data is limited to those with a genuine business need. Everyone who handles your data is subject to a duty of confidentiality. We require third party service providers to implement appropriate security measures to protect Personal Data.
9.2 We have procedures to deal with suspected data breaches. We will notify you and the Information Commissioner's Office (ICO) where required to do so.
10. Marketing
10.1 We may occasionally send you information about our services: Where we do so without your consent, we rely on legitimate interests as our lawful basis. You can opt out of marketing at any time by contacting us, or using the unsubscribe link in any marketing email.
10.2 We will never sell or share Personal Data with third parties for their marketing purposes.
11. Cookies
11.1 Our website uses cookies: These are small text files placed on your device to help it work properly and to understand how visitors use our site. Some cookies are essential for the website to function. Others help us analyse how the site is used so we can improve it.
11.2 We use strictly necessary cookies which are essential for the website to function (for example, session cookies that keep you logged in during a visit) and which cannot be switched off. We use analytics cookies to understand how visitors use our site, such as which pages are visited most often. These collect information anonymously and help us improve the site, and they are only set with your consent.
11.3 You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling strictly necessary cookies may affect website functionality.
12. Other terms
12.1 Automated decision-making: We do not use automated decision-making or profiling that produces legal or similarly significant effects on you. Where we use technology tools to assist our work, decisions are always made or reviewed by a qualified person.
12.2 Amendments: We may update this notice from time to time. When we make significant changes, we will publish the updated version on our website.
12.3 Governing law: This notice is governed by the laws of Northern Ireland. The courts of Northern Ireland have exclusive jurisdiction in relation to any dispute arising from or connected with this notice.
13. Contact and complaints
13.1 If you have questions about this notice or want to exercise your data protection rights, contact us at des@v3.legal, or write to us at our registered office at The Metro Building, Donegall Square South, Belfast, Northern Ireland, BT1 5JA.
13.2 If you have concerns about how we use Personal Data, please contact us first. Please explain the issues in detail. We will do our best to resolve the issue. You also have the right to complain to the ICO: ico.org.uk/make-a-complaint.
v3 Legal
1 April 2026