Privacy notice


This notice explains what personal information we collect, how it is used and shared. It applies to users of this website, our customers and clients.

Notice updated: 2 February 2020 to incorporate our podcast
Previous version


Who we are

Corrick, Wales & Partners LLP is the controller of the personal information we process unless otherwise stated. We are a limited liability partnership registered in England and Wales at Companies House, registration number OC419984. For data protection and privacy we are regulated by the UK’s Information Commissioner’s Office where our registration number is ZA297189.

How to get in touch

You can contact us regarding your rights and this privacy notice by:
Twitter: @corrickwales


We get your information either directly, indirectly or automatically.


Most of the personal information we process is provided to us directly by you for one of the following reasons:
> we met in person or online and exchanged contact details
> you contacted us to make an enquiry
> you signed up to an event or to receive event invitations from us
> you signed up to receive news from us
> we are providing a product or service for you or your company
> you have applied to work with us
> you are working with us as a partner, associate, contractor or employee
> you, or your company, are a supplier to us


We may also receive information about you indirectly, in the following scenarios:
> someone recommended you to us or included you in communications with us
> a friend or colleague invited you to an event
> you have an existing relationship with our team
> you are working for one of our clients
> a previous employer or contact may provide us with a reference


We collect some information about you automatically in the following ways:
> We use services, such as WordFence, to keep our website secure, they may notify us of your IP address if they identify suspicious activity
> We do not use cookies on our website
> Statistics are gathered automatically for email newsletters and event invitations - these include how many emails were opened and clicks on links in the emails.
We use SoundCloud to host and publish our podcasts, they are the data controller and collect information automatically for the purposes of providing anonymised usage statistics, such as the number of downloads. To find out more please read their privacy policy.


For what purposes do we use your information?

We use the personal information we collect to provide our services, to improve and optimise what we do, to protect you and Corrick, Wales & Partners LLP. We may use this information to:

 > do business with you, including invoice or make payments
 > share documents with you securely
 > provide you with information that you request from us
 > send you news and updates
 > provide, publish and distribute our podcasts
 > invite you to events and manage event attendance
 > inform you of any changes to our products, services or website
 > maintain legally required records, such as for accounting and tax
 > prevent fraud
 > employ, contract or work with you
 > manage you and your work if you are employed or contracted by us

What are the lawful basis for processing?

The lawful bases we rely upon for processing your data are:

Contractual obligation - if you ask us to do something before entering into a contract, and for providing products and services under contract - such as orders and purchases.

Legitimate interests - where you are a customer we may use this lawful basis, where you’d reasonably expect us to get in touch beyond the direct contract - such as to update you with relevant news and information or new products or services that might be of interest to you. Where we use this basis we will test the purpose, necessity and balance of rights for using it.

Consent - if you would like to receive newsletters or event invitations from us and you are not an existing customer. We provide a way to unsubscribe in every email newsletter and event invite. Or you can contact with the heading “Unsubscribe”.


For rights requests please contact

Can I get a copy of the information you’ve collected about me?

This is the right to accessibility. You have the right to ask us to confirm if we are processing your personal data, for copies of your personal information, and supplementary information. When you ask for a copy of your data it is sometimes referred to as a ‘Subject Access Request’.

Can I correct information you’ve collected about me?

You have a right to have inaccurate data about you corrected (rectified). We try to keep our records up to date, but if we’ve got it wrong or your details have changed let us know. You also have the right to ask us to complete information you think is incomplete.

Can you delete my information?

This right only applies in some circumstances. For example, there are some records which contain personal information that we are required to keep for other regulatory reasons, such as for finance and tax. Such information will not be deleted until seven years after the end of the contract with you.

Can you restrict the processing of my information?

This right applies only in some circumstances. When we receive a request for processing to be restricted we are permitted to store the data, but we cannot use it. You might request your information to be restricted in order to establish, exercise or defend a legal claim or if you think we’ve unlawfully processed your data but you do not wish us to delete it.

Can I object to you processing my information?

This right applies to you if we have used your data under the lawful basis of “legitimate interests”. For example, if you are a customer and we have used your information to get in touch with you about new products, you can object to us doing so.

Can I ask you to move, copy or transfer my personal data from us to elsewhere?

This right is often referred to as “data portability”. This right applies only to personal information you have provided to us about you, for example orders you have made. When moving, sending you a copy or transferring this data we will only do so in a secure manner using a structured, commonly used and machine readable format.

Do you use any automated decision making or profiling?

We do not.

Want to know more?

To find out more about your data protection and privacy rights the ICO - the UK's information regulator - provides information for individuals on the Your Data Matters pages of their website.


We aim to reply and acknowledge your request as soon as possible and will document that a request has been received. For security reasons and to prevent others from trying to access your information fraudulently, we may ask you to verify in a secure manner who you are before we can complete a data rights request.

Once we’ve verified who you are, we will aim to complete the request or respond appropriately as soon as we can. We have up to a calendar month to get back to you. If we are providing you with a copy of your information we will do so in a manner that keeps it secure and in a commonly used electronic format.

Find out more about time limits for responding to data rights requests.


View our list of third party suppliers.

How is information stored?

To manage our business we use a number of third party services who process your data on our behalf. This is for tasks such as to operate our email, host this website, manage documents, process orders and communicate with clients.

Each of our suppliers processes personal data strictly according to a written contract that stipulates what data they may process, how long they may retain it and how they must protect it.

Where is data transferred?

The website servers we use are located in the UK. Where a company is not based in the UK or European Economic Area (EEA), or where data may be transferred outside the EEA, we have put in place agreements to ensure that your data is processed as per European law.

How long do you keep data for?

We do not store your data longer than necessary. We regularly review our records to remove or anonymise data if it should no longer be retained. The criteria we use for this is:
 > do we still carry out the activities for the purposes the data was provided?
 > is this information still up to date?
 > are we required to keep this data for other regulatory purposes?
 > are there contractual requirements?

We are required to retain some records by law for certain lengths of time, including for tax and employment purposes.

How is information kept secure?

Wherever we can, we protect data in our systems with strong encryption, both when the data is at rest and when it is being transferred. We only allow access to our systems via strong authentication protocols, such as TLS and ssh, and administrative access is limited to key individuals. Where possible, we use two-factor authentication for all access.

We, and our third party service providers, use appropriate organisational and technical measures to keep personal data processed by us, or on our behalf, secure. We have written agreements with our service providers, requiring them to implement sufficient security measures to protect the personal data they have agreed to process, in accordance with applicable personal data protection laws.

We may retain and disclose your personal information if legally required to do so. For example, if required by law or by a Court order or if we believe that action is necessary to prevent fraud or cyber-crime or to protect Corrick, Wales & Partners LLP or the rights, property or personal safety of any person.

All such requests are assessed and we will challenge the basis of the request if it is not made by an officer with proper authority, the request lacks a proper statutory basis or appears too broad or vague as to its scope or purpose.


If we have been unable to resolve a query relating to this privacy notice, or if you are unhappy with how we have used your data, you can also contact the UK’s Information Commissioner’s Office:
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: +44 (0)303 123 1113