Privacy Notice

This notice explains how Consensus Law Limited collects, uses and protects your personal data.

About this notice

This notice explains how Consensus Law Limited handles your personal data. It is provided under Articles 13 and 14 of the UK General Data Protection Regulation and the Data Protection Act 2018.

Who we are

Consensus Law Limited is the data controller for the personal data we hold about you. Our registered office is at Solar House, 915 High Road, London N12 8QJ. We are a company registered in England and Wales (company number 16096696) and we are authorised and regulated by the Bar Standards Board (BSB entity reference number 193596).

Data Protection Officer

We are not required to appoint a Data Protection Officer under Article 37 UK GDPR. Day-to-day responsibility for data protection rests with the Director, Matei Clej.

The personal data we collect

Identification information: name, date of birth, address, nationality, identification documents.
Contact information: postal address, email, telephone number.
Case information: the facts of the matter on which you instruct us, including documents, correspondence, witness statements, court papers, and information from third parties.
Special-category data: where relevant to a matter — for example, information about your physical or mental health, sexual orientation, religious or philosophical beliefs, or racial or ethnic origin.
Criminal-offence data: alleged offences, charges, convictions, sentences, cautions and related information, where relevant.
Financial information: billing information, payment records, source-of-funds information where required.
Website data: if you contact us through the form on this site, the information you submit and the date of submission.

Why we process your data and our lawful bases

To provide legal services to you — Article 6(1)(b) UK GDPR (contract).
To comply with our legal and regulatory obligations — Article 6(1)(c).
To pursue our legitimate interests — Article 6(1)(f), including practice management, billing, and the establishment, exercise or defence of legal claims.
For special-category data — Article 9(2)(f) and (where applicable) (g), with Schedule 1, Part 2, paragraphs 12 and 13 of the Data Protection Act 2018.
For criminal-offence data — Article 10 with paragraph 33 of Schedule 1, Part 2 of the Data Protection Act 2018.

Who we share your data with

We do not sell your data. We share it only where necessary for your matter or where required by law. Recipients may include courts, tribunals, the police, prosecuting authorities, the Home Office and other public bodies relevant to your case; instructing solicitors, experts, interpreters, translators; our regulators (Bar Standards Board, Legal Ombudsman, ICO) and our professional indemnity insurer; cloud-storage and email providers we use to run the practice; and persons to whom we must disclose under court order, the Proceeds of Crime Act 2002 or the Terrorism Act 2000.

International transfers

Some email and cloud-storage providers we use are based in, or process data through, the United States or other countries outside the UK. Where personal data is transferred outside the UK, we rely on adequacy regulations (including the UK Extension to the EU–US Data Privacy Framework), the International Data Transfer Agreement / UK Addendum to the EU Standard Contractual Clauses, or the Article 49 derogations — in particular Article 49(1)(e) (transfers necessary for the establishment, exercise or defence of legal claims).

How long we keep your data

Client files are retained for seven years from closure of the matter. Records of complaints are retained for at least six years from closure. Financial and tax records are retained for at least six years. Website-form submissions that do not lead to instructions are retained for up to twelve months.

Security

We take appropriate technical and organisational measures to protect personal data, including encrypted email and storage, multi-factor authentication, access controls, and secure disposal of hard-copy material.

Cookies and analytics

The Consensus Law website does not set tracking or marketing cookies. The site loads font files from Google Fonts, which may result in your IP address being made available to Google. We use no first- or third-party analytics. Contact-form submissions are processed by our hosting provider (Netlify) and forwarded to us by email.

Automated decision-making and children's data

We do not make decisions based solely on automated processing, and we do not profile data subjects. Our services are not directed at children.

Your rights

Under UK GDPR you have rights of access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent (where consent is the basis). Some rights are qualified where we hold your data in connection with legal proceedings. To exercise a right, contact info@consensus-law.com. We will respond within one month of receiving a valid request.

Complaints to the Information Commissioner

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Telephone: 0303 123 1113
Website: ico.org.uk

Changes to this notice

We may update this notice from time to time. The "last reviewed" date at the foot of the page reflects the date of the most recent revision.

Last reviewed: 11 May 2026.