Privacy Policy

This Privacy Policy applies to Cartys Solicitors and explains how we collect, use, and protect your personal information.

1. Who we are

Cartys Solicitors (“we”, “us”, “our”) is a firm of Scottish solicitors regulated by the Law Society of Scotland. We are the data controller of the personal data covered by this Privacy Policy.

Our contact details are:

Cartys Solicitors
3 Cadzow Street
Hamilton
ML3 6EE
Email: info@cartylaw.co.uk
Website: www.cartylaw.co.uk
Telephone: 0345 241 4553

We do not have a formal Data Protection Officer. Responsibility for data protection matters sits within the firm and any queries can be directed using the contact details above.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details above.

2. What this policy covers

This Privacy Policy explains how we collect, use, store and share personal data through our website and in connection with enquiries made through our website, by email, by telephone, or otherwise.

It applies to:

• Visitors to our website.
• People who contact us through our website, by email or by phone.
• Prospective clients.
• Clients.
• Other individuals whose personal data we may process in the course of providing legal services.
• Job applicants, where they apply through our website or contact us through it.

3. The personal data we collect

The personal data we collect depends on how you interact with us, but may include:

• Your name.
• Address.
• Email address.
• Telephone number.
• Details of your enquiry.
• Information you provide to us about your legal matter.
• Identification and verification information.
• Payment and billing information.
• Correspondence between you and us.
• Website usage data, such as IP address, browser type, device information, pages visited and time spent on the website.
• Cookie and similar technology data.
• Marketing preferences.

Where relevant to the legal services we provide, we may also process more sensitive information, including:

• Health information.
• Information about family circumstances.
• Information revealing racial or ethnic origin, religion or other special category data.
• Criminal offence data.

We process this type of information only where it is necessary for the provision of legal services, the establishment, exercise or defence of legal claims, compliance with legal obligations, or where otherwise permitted under applicable data protection law.

4. How we collect your personal data

We may collect personal data:

• Directly from you.
• From forms completed on our website.
• When you email, call or write to us.
• From documents you send to us.
• From third parties involved in your matter, such as courts, other solicitors, counsel, experts, witnesses, estate agents, lenders, insurers, local authorities, government bodies or regulators.
• From publicly available sources.
• Through cookies and website analytics tools (including Google Analytics).

5. How we use your personal data

We may use your personal data to:

• Respond to your enquiry.
• Assess whether we can act for you.
• Open and manage your file.
• Provide legal advice and legal services.
• Verify identity and carry out anti-money laundering, fraud prevention and compliance checks.
• Communicate with you about your matter.
• Take payment and manage billing.
• Manage complaints and feedback.
• Improve our website, services and internal systems.
• Keep our website, systems and data secure.
• Comply with legal and regulatory obligations.
• Establish, exercise or defend legal claims.
• Send legal updates or marketing communications where we are entitled to do so.

6. Our lawful bases for using your personal data

We process personal data only where we have a lawful basis to do so. These include:

• Contract – Where processing is necessary to take steps at your request before entering into a contract, or to perform our contract with you. This applies to most client-related work.
• Legal obligation – Where we must use your data to comply with the law or regulatory requirements, including anti-money laundering obligations and professional duties.
• Legitimate interests – Where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights. This includes responding to enquiries, operating our business, maintaining security, and improving our services.
• Consent – Where you have given us consent, such as for certain marketing communications or the use of non-essential cookies.
• Legal claims and other permitted conditions – Where required for special category or criminal offence data, including where processing is necessary for the establishment, exercise or defence of legal claims or the provision of legal advice.

7. Who we may share your personal data with

We may share your personal data where necessary with:

• Our staff, partners, consultants and contractors.
• IT providers, website hosts, cloud storage providers and software suppliers.
• Payment providers (such as Tyl by NatWest or similar providers) for the purpose of processing payments. Payment card details are processed securely by the payment provider and are not stored by us.
• Counsel, solicitor advocates, expert witnesses and other professional advisers.
• Courts, tribunals and government bodies.
• Lenders, banks, insurers and payment providers.
• Search providers, identity verification providers and anti-money laundering providers.
• Other solicitors or parties involved in your matter.
• The Scottish Legal Aid Board, where relevant.
• Regulators, law enforcement agencies or other authorities where required by law.
• Auditors, insurers or professional indemnity insurers.
• Any person or organisation where you ask us to share the information, or where sharing is necessary for your matter.

We require service providers acting on our behalf to respect the security of your personal data and to process it lawfully.

8. International transfers

Some of our service providers, such as email, cloud storage or analytics providers, may process personal data outside the UK.

Where this occurs, we ensure that appropriate safeguards are in place in accordance with data protection law, such as adequacy regulations or the use of approved contractual clauses.

9. How long we keep your personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, regulatory, professional, accounting and reporting requirements.

Retention periods may vary depending on the type of matter and our legal obligations.

For example:

• Website enquiry data where no matter is opened: Typically up to 12 months.
• Marketing records: Until you unsubscribe or ask us to stop, and for a reasonable period afterwards for suppression purposes.
• Client files and related records: Typically retained for a minimum of 6 years from the date of file closure, although this may be longer depending on the nature of the matter and applicable legal or regulatory requirements.

Where we do not have a fixed retention period, we determine retention by considering the nature of the data, the purpose for which it is held, legal and regulatory obligations, limitation periods and operational requirements.

Further guidance on file retention can be found here.

10. Your rights

Under data protection law, you may have the right to:

• Request access to your personal data.
• Request correction of inaccurate or incomplete personal data.
• Request erasure of your personal data in certain circumstances.
• Request restriction of processing in certain circumstances.
• Object to processing in certain circumstances.
• Request transfer of your personal data to you or another provider, where applicable.
• Withdraw consent at any time where we rely on consent.

These rights are not absolute and may not apply in every case.

If you wish to exercise any of your rights, please contact us using the details above.

11. Complaints

If you are unhappy with how we have used your personal data, please contact us first so we can look into the issue.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113

12. Cookies and similar technologies

Our website uses cookies and similar technologies to ensure the site functions properly, improve performance, and understand how visitors use the website (including through tools such as Google Analytics).

Some cookies are strictly necessary for the operation of the website. Others, including analytics cookies, are used only where you have given consent where required by law.

You can manage your cookie preferences through our cookie banner or your browser settings.

For more detailed information, please see our Cookie Policy.

13. Marketing

If we send you marketing communications, we will do so only where we are entitled to under data protection and electronic marketing laws, including the Privacy and Electronic Communications Regulations.

You can opt out at any time by:

• Clicking the unsubscribe link in emails.
• Contacting us directly.
• Updating your preferences where available.

We may still contact you regarding your matter or for service-related communications where necessary.

14. Security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

15. Third-party websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. You should read their privacy policies separately.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page and, where appropriate, notified to you in another way.

Last updated: April 2026