1.1 Introduction

Z&Z Solicitors is committed to protecting your personal data and respecting your privacy. This Privacy Notice explains how we collect, use, store, and protect personal data when you contact us, instruct us, visit or use our website, or communicate with us electronically.

Z&Z Solicitors is a criminal defence law firm. We process personal data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • Solicitors Regulation Authority (SRA) Standards and Regulations

This Privacy Notice applies to all clients, former clients, witnesses, third parties, and others whose personal data we may process in the course of our work.

1.2 Data Controller

Z&Z Solicitors is the data controller for the purposes of data protection law.

Principal and Data Protection Officer (DPO): Mr Ziyad Lunat

If you have any questions about this Privacy Notice or how we handle your data, please contact ziyad@zandzsolicitors.com.

1.3 Personal Data We Process

In providing criminal defence and related legal services, we may process and store personal data, including special category data and criminal offence data.

This may include, but is not limited to:

  • Name, address, telephone numbers, email addresses
  • Date of birth and other identifiers
  • National Insurance numberand Legal Aid reference numbers
  • Passport, driving licence, visa and immigration information
  • Financial information (including means assessment information for Legal Aid)
  • Details of family members, dependants, and relationships
  • Information relating to alleged or proven criminal offences
  • Police records, court documents, custody records, and case papers
  • Health information, including mental health information
  • Ethnic origin, religious beliefs, or other special category data where relevant
  • Social media or digital information where relevant to your matter
  • Information relating to children or vulnerable individuals
  • Online identifiers where you interact with our website

1.4 Website Data and Online Communications

When you visit our website or contact us online, we may collect your:

  • IP address
  • browser type and device information
  • pages visited and time spent on the site
  • information submitted via online enquiry or contact forms

This data is used to:

  • respond to enquiries
  • manage potential client relationships
  • improve website functionality and security
  • comply with legal and regulatory obligations

We do not use website data for automated decision‑making or profiling.

1.5 Cookies

Our website uses cookies and similar technologies. Strictly necessary cookies enable the website to function, but non‑essential cookies (such as analytics cookies) are only used with your consent. You can control or disable cookies through your browser settings.

1.6 Where Your Data Comes From

We may collect personal data from:

  • You directly (in person, by telephone, email, post, or through our website)
  • The police, courts, CPS, Probation Service, or other criminal justice agencies
  • The Legal Aid Agency (LAA)
  • Experts, counsel, or other professionals involved in your case
  • Other solicitors or firms transferring a file to us
  • Third parties such as family members, witnesses, or co-defendants

1.7 Why We Process Your Data

We process personal data for the following purposes:

  • To provide criminal defence legal services
  • To advise, represent, and act for you in criminal proceedings
  • To comply with Legal Aid Agency requirements and audits
  • To comply with legal and regulatory obligations
  • To maintain accurate case files and financial records
  • To deal with complaints, audits or claims
  • To meet our professional indemnity insurance requirements

1.8 Lawful Basis for Processing

Under UK GDPR, the lawful bases we rely on include:

1.8.1     Personal Data (Article 6 UK GDPR)

  • Performance of a contract – Article 6(1)(b)
  • Compliance with a legal obligation – Article 6(1)(c)

1.8.2     Special Category Data (Article 9 UK GDPR)

  • Establishment, exercise or defence of legal claims – Article 9(2)(f)
  • Substantial public interest – Article 9(2)(g)
  • Explicit consent, where required – Article 9(2)(a)

1.8.3     Criminal Conviction Data

Criminal offence data is processed in accordance with Schedule 1 of the Data Protection Act 2018, as necessary for legal proceedings and criminal defence work.

1.9 Who We Share Data With

We may share your data where necessary with:

  • Staff within Z&Z Solicitors
  • Counsel (barristers)
  • Courts and tribunals
  • The Crown Prosecution Service (CPS)
  • Police and other law enforcement agencies
  • The Legal Aid Agency
  • Experts (medical, forensic, psychiatric, etc.)
  • IT, compliance, and professional service providers
  • Our professional indemnity insurers

All third parties are required to maintain appropriate confidentiality and data protection standards.

1.10 International Transfers

Your data is primarily stored in the United Kingdom. If it becomes necessary to transfer data outside the UK (for example, where you are located abroad), we will ensure appropriate safeguards are in place or seek your consent where required. You must be aware that third countries do not all offer the same degree of protection as the UK and in particular email correspondence might be subject to government surveillance or other interception or monitoring. We are not responsible for data security in third countries. If requested we will agree suitable password protection (or other encryption) for email correspondence.

1.11 International Transfers

We retain client files and personal data for only as long as necessary and in accordance with legal, regulatory, and professional requirements.

Criminal defence files are retained for a minimum of 6 years.

Legal Aid files may be retained for longer where required by the Legal Aid Agency.

Some records may be retained longer where required due to the nature of the case, limitation periods, or regulatory obligations.

Website enquiry data is retained only as long as necessary.

Data is securely destroyed when no longer required.

1.12 Security of Your Information

We take the security of your personal data seriously. Measures include:

  • Encrypted systems and secure backup systems
  • Password-protected access to files and data
  • Anti-virus and firewall protection
  • Documented and robust data protection and information management policies
  • Staff training on confidentiality and data protection

1.13 Your Data Protection Rights

Under UK GDPR, you have rights including:

  • Right of access – to request a copy of your data
  • Right to rectification – to correct inaccurate data
  • Right to erasure – in limited circumstances
  • Right to restrict processing
  • Right to object to certain processing
  • Right to data portability, where applicable

Some rights may be limited where data is processed for legal proceedings.

1.14 Complaints

If you have concerns about how your data is handled, please contact:

Mr Ziyad Lunat
Principal and Data Protection Officer
Z&Z SolicitorsEmail: ziyad@zandzsolicitors.com.

If you are not satisfied, you may complain to the Information Commissioner’s Office (ICO):

  • Website: https://ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

1.15 Responsibility & Review

The Principal is responsible for this policy and will review it at least annually, or upon LAA contract amendment or regulatory change.

 

Approved by Ziyad Lunat, Principal and COLP