Privacy Notice

Clayton Employment Law is wholly committed to treating you fairly and protecting your privacy relating to your personal information, and how it is processed and used, and will only process and use your personal information in accordance with the current data protection law in the United Kingdom, as set out in this Privacy Notice and seek to ensure that policies comply with the following principles:

  1. Processing must be lawful and fair.
  2. The processing purposes must be specified, explicit and legitimate.
  3. Personal data must be adequate, relevant and not excessive in relation to the purpose for which it is processed.
  4. Personal data must be accurate and, where necessary, kept up to date.
  5. Personal data must be processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisation measures.

This Privacy Notice describes how Clayton Employment Law aims to uphold your data protection rights which have arisen as a result of you sharing your personal data with us.

This Privacy Notice only applies to personal information we store relating to individuals (the “Data Subject”). It does not apply to information we hold about companies and other corporate entities and organisations.

Please note that whenever you provide your personal data, you are thereby consenting to its collection and use in accordance with this privacy notice, including but not limited to our use of cookies.


As a result of the European Union’s General Data Protection Regulation (“ GDPR”) which became enshrined in UK law as a result of the Data Protection Act 2018 (“DPA”) and the enabling Regulation, “Personal Data” is defined (under section 3 of the DPA) as meaning:

… any information relating to an identified or identifiable living individual by reference to an identifier such as a name, an identification number, location data or an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.”


A Data Controller is defined, in sections 3 and 32 of the DPA, as the individual or legal person who controls and is responsible for keeping and using personal data in paper or electronic files.

A Data Processor means any person who processes personal data on behalf of the controller (other than a person who is an employee of the controller).

Clayton Employment Law is the Data Controller, as defined by relevant data protection laws and regulation.


Processing is broadly defined to include obtaining, recording, holding, using, disclosing or erasing data (section 1(1), DPA).

The necessary conditions for lawful processing are set out in Article 6 of the GDPR and section 8 of DPA.

One or more of the following six conditions must apply, each and every time personal data is to be processed:

  1. The processing has been done with the “freely given, specific, informed and unambiguous” consent of the data subject for one or more specific purposes. In this instance, you will have given Clayton Employment Law your informed consent for your personal data to be processed for a specific purpose.
  2. It is necessary for entering or the performance of a contract to which the data subject is party. In this instance, the processing is necessary for a contract you have with Clayton Employment Law, or Clayton Employment Law has asked you to take specific steps before entering into a contract.
  3. It is necessary for compliance with a legal obligation to which the controller is subject. This would mean that the processing is necessary for Clayton Employment Law to comply with the law; though not including contractual obligations, which are dealt with at paragraph 2, above.
  4. Is necessary for protecting the vital interests of the data. This would occur where processing is necessary to protect your vital interests, such as your life.
  5. Is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data is disclosed (see Section 8, Data Protection Act 2018 for public interest grounds).
  6. Is necessary for the purposes of the legitimate interests pursued by the controller or a third party except where those interests are overridden by the interests or fundamental rights and freedoms of the data.  In such circumstances, the processing is necessary for Clayton Employment Law’s legitimate interests, or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.


Clayton Employment Law may collect and process various types of personal data about you including, but not limited to: Personal information, such as name and address, telephone number, email and Internet Protocol address; your password for password protected platforms or services used by us; gender and family details; employment and education and training data; information collected from publicly available resources; health-related information;   contractual information (for example, goods and services provided to or by you, as the data subject) and information about relevant and significant litigation or other legal proceedings brought by or against you or a third party related to you (corporate or individual) and any relevant connection with you.


We may collect personal data about you in a number of circumstances, including (but not limited to) when you or your firm, company or organisation:

  1. seek services for litigation purposes;
  2. are a party to a litigation case;
  3. browse, make an enquiry or otherwise interact with us, on our website;
  4. sign up to receive any information from Clayton Employment Law;

In some circumstances, we may collect personal data about you from a third-party source. For example, we may collect personal data from your firm, company or organisation, other firms, companies or organisations with whom you have dealings, government agencies, credit reporting agencies, and an information or service provider or from publicly available records.


The information we collect helps us to better understand your needs and requirements and provide you with a better service, in particular for the following reasons:

  1. to inform decisions about the services provided;
  2. for internal record keeping;
  3. to generally improve our products and services;
  4. to meet our regulatory and legal obligations, such as knowing you as our client or potential client, GDPR, anti-money laundering and fraud prevention;
  5. to send emails, texts and letters to you about our products/services, events or other information which we think you may find interesting, using the contact details you will have provided to us.  You can change your mind on how you receive these messages or choose to stop receiving them at any time.  Even if you tell us to not use a particular method of communication we will continue to use your other contact details to provide you with important information about our funding and or we need to tell you something to comply with our regulatory obligations.


We may use your personal data for the following purposes only (“Permitted Purposes”):

  1. to evaluate, supervise and manage litigation cases;
  2. to provide any services requested by you or your firm, company or organisation;
  3. to manage and administer your or your firm’s, company’s or organisation’s business relationship with Clayton Employment Law, including administering payments, accounting, auditing, invoicing, compliance and all collection and necessary support services;
  4. to comply with investigation and screening or recording obligations (e.g. anti-money laundering, fraud and crime prevention purposes), which may include automated checks of personal data or other information you provide about your identity against applicable sanction lists, whilst conducting business;
  5. to analyse and improve our services and communications;
  6. to protect the security of, and administer access to, our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious or wrongful activities;
  7. compliance with our legal and regulatory obligations and requests, domestically and anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
  8. compliance with court orders and applications and/or so as to uphold or defend our legal obligations and rights;
  9. keeping you up to date on the latest announcements, events and other new information which we feel might be of interest to you;
  10. collecting information about your preferences to create a user profile to personalise our communication and interaction with you.


  1. The right to request subject access. You, as the data subject, shall have the right to obtain from us, as the data controller, confirmation as to whether or not personal data concerning you is being processed. Where such data is being processed, you have the right to be provided with the following information:
    1. The purposes of the processing.
    2. The categories of personal data concerned.
    3. The recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations.
    4. Where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period.
    5. The existence of the right to request from us, as the data controller, rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing.
    6. The right to lodge a complaint.
    7. Where the personal data is not collected from you, the data subject, any available information as to its source.
    8. The existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you as the data subject.
  1. The right to rectification. This is the right to accuracy. This means that you will be able to request us, as the controller, to correct inaccurate personal data, and to obtain completion of incomplete personal data.
  1. The right to erasure or right to be forgotten. We, as the controller, shall communicate any rectification or erasure of personal data carried out in accordance with the DPA to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
  1. The right to restriction of processing. We, as the controller, shall communicate any restriction of processing carried out in accordance with the DPA to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
  1. The right to be informed. We, as the controller, shall inform you, as the data subject, about those recipients if the data subject requests it, in accordance with the DPA.
  1. The right to data portability. You have the right to have provided to you or other controllers, free of charge, a copy of your personal data in an electronic and structured format that allows for further use by the data subject. The statute states that the right only applies in the following circumstances:
    1. Where you have provided the data to the controller.
    2. That you, as the data subject, have given your consent to the processing, or the processing is based on the performance of a contract.
    3. The processing is carried out by automated means

Where technically feasible, you as the data subject can request to have the data transmitted directly from one controller to another. The right of data portability shall not adversely affect the rights and freedoms of others. We, as controller, will respond without undue delay and at the latest within one month, although this can be extended to two months where the request is complex.

  1. The right to object. You have a right to object, based on grounds relating to your particular situation, to our data processing activities (including profiling): (i) carried out in the public interest or in the exercise of official authority vested in the controller, and (ii) carried out on the basis of a legitimate interest of the controller. We, as the controller, must stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you, as the data subject, or for the establishment, exercise or defence of legal claims.

You also have the right to object to processing for direct marketing purposes and you are not required to indicate specified justifications.

  1. The right not to be subject to a decision based solely on automated processing. The DPA includes rights in relation to processing that involves automated decision-making. At any time by written notice, you may require us, as the data controller, to ensure that no decision significantly affecting you is based solely on the automated processing of your personal data for the purpose of evaluating matters relating to you (such as creditworthiness or employment or business status). This right will not, however, apply where the decision concerns entering into or performing a contract with the individual and the decision has the effect of granting a request of the individual (for example, the individual is granted the loan applied for) or steps have been taken to safeguard his legitimate interests (for example, the individual is given the opportunity to make representations).

In certain circumstances, you, as the data subject, have the right to an explanation as to how any automated decisions taken about you have been made. This right arises where any automated processing is the sole basis for a decision which significantly affects you. In this case, you will have the right to be informed by us, as the data controller, that the decision was made on that basis and to require us to reconsider or take a new decision on another basis.


Information is stored by Clayton Employment Law on its computers, which are located in the United Kingdom.


As an authorised and regulated financial service provider of litigation funding, we often have to disclose client details to other organisations, including, for example, to credit-reference agencies. Although an individual’s financial information is not classified as sensitive personal data, it will be considered personal data and as such it will be processed in compliance with the DPA and the eight data protection principles, as set out above. Accordingly, we may exchange your personal information with certain third parties to assist in managing, administering and executing services including, but not limited to:

  1. That which is required by law or in the public interest.
  2. That which is made with your express or implied consent.
  3. Our accountants, solicitors, actuaries, valuers and insurers.
  4. Businesses who are upgrading and maintaining our information technology system and providing information technology services.
  5. Businesses undertaking verification services.
  6. Businesses undertaking reviews of the accuracy of our information.

We may disclose your Personal Data to third-parties (outside of Clayton Employment Law) if, but only when, we have a legal basis to do. Such recipients include, but are not limited to: legal counsel, solicitors/barristers/experts/foreign law firms ; Clayton Employment Law’s outsourced IT providers and other suppliers; HMRC; the Solicitors Regulation Authority; the Law Society; the Financial Conduct Authority; the Information Commissioner’s Officer the Home Office and Passport Services.


As a data controller, Clayton Employment Law will retain all your information inside the European Economic Area (EEA). In circumstances where Clayton Employment Law may transfer your data to a third party, we will seek to ensure that the third party processes your data inside the EEA, or has been allocated an “adequacy” rating by the European Commission.


We will not retain your personal data for longer than necessary and we will hold it only for the purposes for which it was obtained. The length of time we retain your personal data will depend on the purposes for which we use it and/or for as long as is necessary to comply with applicable laws and to establish, exercise or defend our legal rights.


Where permitted by applicable law or regulation, you have the right to object to us processing your personal data or to tell us to stop processing it (including for purposes of direct marketing). Once we have received this request, we shall no longer process your personal data unless permitted by applicable laws and regulations.



Cookies are small text files that are placed on your computer, smartphone or other device when you access the internet.

This website, along with many others, use cookies. Cookies let users navigate around sites and (where appropriate) let us tailor the content to fit the needs of our site’s visitors.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you should be able to modify your browser setting to decline cookies, if you wish. This may prevent you from taking full advantage of the website.

We only use website cookies that help us to measure how users interact with our website content. None of the cookies we use collect your personal information and they cannot be used to identify you.

In addition to the cookies we use on our website, we also use cookies and similar technologies in some emails. These help us discover whether you have opened an email and how you have interacted with it.

They also ensure that if you unsubscribe, we do not email you again. If you have enabled images, cookies may be set on your computer or device. Cookies will also be set if you click on any link within the email.

For further information, please refer to our Cookie Policy.

Our website may contain links to other websites of interest. However, once you use these links and leave our site, please note that we do not control the other website(s) and cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites.

Such sites are not governed by this privacy notice. We recommend you exercise caution and look at the privacy statement applicable to the website(s) in question.


We may review and update this privacy notice  from time to time by publishing the amended version on our website.  We may change our Privacy & Cookie Policy at any time without giving notice and we, therefore, suggest that you check this policy each time you visit our website.  We will ensure the most recent version is available on our website and we will tell you directly when there’s an important change that may impact you. It will be your responsibility to view the revised privacy statement and policy on the above website.


This privacy statement and policy was last updated in February 2022.


If you are not satisfied with our response to any complaint you might have made, or if you believe our processing of your information does not comply with the relevant data protection law, you can make a complaint to the Information Commissioner’s Office (“ICO”) at the following address:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Telephone: 0303 123 1113


The Commissioner is responsible for enforcing the regime under the DPA. However, the Commissioner encourages individuals concerned about the use of their personal data to contact the relevant data controller in the first instance. If the data controller fails to respond appropriately (or at all) to complaints or requests, the data subject may then make a complaint to the Commissioner or, in certain circumstances, go directly to the courts to enforce his rights.

In particular, an individual has a right, where he believes himself to be directly affected by the processing of personal data, to make a request to the Commissioner for an assessment on whether the processing complies with the DPA (section 42). On receiving such a request, the Commissioner is obliged to carry out the assessment (which may include serving an information notice on the data controller requiring it to provide information to assist the Commissioner in making the assessment), and to notify the person making the request whether an assessment has been made and of any view formed or action taken as a result.

Where it finds a breach of the DPA, the Commissioner may serve data controllers with:

  1. Information notices, requiring data controllers to provide information about their processing operations (unless the information is self-incriminating or the subject of legal privilege).
  2. Special information notices.
  3. Enforcement notices, requiring data controllers to comply with the data protection principles.
Scroll to Top
Scroll to Top