Privacy Policy | Cummings Law

Privacy Policy

This privacy policy (the “Policy”) explains how Cummings Law Ltd collects, uses and shares the information you provide to us and the information we collect in the course of operating our business (the “Personal Data”).

Cummings Law Ltd

Cummings Law is responsible for your Personal Data. In this Policy, references to Cummings or “we”, “us”, or “our” means Cummings Law Ltd. Our registered office is at 42 Brook Street, London W1K 5DB and we are authorised and regulated in the UK by the Solicitors Regulation Authority (

What types of data do we process?

As described above, "Personal Data" is any information that can be used to identify you or that we can link to you and which we have in our possession or control.

We process Personal Data about lots of different categories of people, including our clients, people involved in matters we act on for our clients, people we or our staff have relationships with, and other third parties who interact with us (either directly).

Because of the nature of the services we provide, the types of data we process can be quite varied, but will usually include full names, contact details, and associated client information. Depending on the nature of our relationship with you, we may also process information about your business and company affiliations; identification (including copies of your passport); financial affairs; family, lifestyle and social circumstances; education and employment background; the services we provide you or your company; and the goods or service you or your company provide us; and your use of our website.

In some circumstances we may process special categories of Personal Data about you, in which case we take particular care to only process such data in accordance with the strict legal parameters. This type of data can include information about your health; racial or ethnic origin; religious or political beliefs; trade union membership; sex life or sexual orientation; genetic or biometric data; or philosophical beliefs.

We may obtain such Personal Data from you directly, from our clients, from third parties involved in matters we act on for our clients, and from other third parties (including publicly available information).

Where you are our client, it will sometimes be necessary for you to provide us with information directly, and in those cases, it is your responsibility to ensure that all such information is complete in all material respects and not misleading. The accuracy and appropriateness of our advice may be affected as a consequence of your failure to do so. If any information changes, please let us know so that we can keep it updated on our systems.

How we use the information we collect

We may do the following with your Personal Data:

  1. use it to provide legal services to the relevant client;
  2. use it to engage in marketing and business development activity in relation to our legal services. This may include sending you legal updates, invitations to events and other information that may be of interest to you;
  3. to discharge legal and regulatory obligations;
  4. use it to establish, exercise or defend our legal rights or for the purpose of legal proceedings;
  5. record and monitor your use of our websites or our other online services for our business purposes which may include analysis of usage, measurement of site performance and generation of marketing reports;
  6. use it for our legitimate business interests, such as undertaking business research and analysis, managing the operation of our websites and our business. This may include sending you legal updates, invitations to events and other information that may be of interest to you;
  7. use it to look into any complaints or queries you may have; and
  8. use it to prevent and respond to actual or potential fraud or illegal activities.

Also, we may collate, process and share any statistics based on an aggregation of information held by us provided that any individual is not identified from the resulting analysis and the collation, processing and dissemination of such information is permitted by law.

What basis do we have for processing your data?

We will only process your Personal Data where we have a lawful basis for doing so. In general, our lawful basis will be one of more of the following:

  • Consent - if we need and have obtained your consent to use your Personal Data. You can withdraw your consent by contacting us.
  • Performance of a contract - we may need to collect and use your Personal Data for the performance of a contract to which you are party or in order to take steps at your request prior to entering a contract.
  • Legitimate interest - we may use your Personal Data is as necessary for the purposes of pursuing our legitimate interests (this includes carrying out the business of providing legal services and pursuing our general business interests).
  • Compliance with law or regulation - we may use your Personal Data as necessary to comply with applicable law/regulation.

How we share information with third parties

In providing services to our clients and in complying with our legal obligations, we may share the Personal Data that we obtain about you, insofar as we are permitted by law to do so, with the following:

  • third party agents/suppliers or contractors, bound by obligations of confidentiality, in connection with the processing of your Personal Data for the purposes described in this Policy. This may include, but is not limited to, IT service providers such as cloud providers of software as a service, data room providers and providers of our IT servers and communications service providers;
  • third parties relevant to the legal services that we provide. This may include, but is not limited to, counterparties to transactions or litigation, other professional service providers, regulators, authorities, governmental institutions and stock exchanges; and/or
  • to the extent required by law, regulation or court order, for example, if we are under a duty to disclose your Personal Data in order to comply with any legal obligation.

Where we transfer your Personal Data outside Europe, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information.

Keeping your information and information security

How long we hold your Personal Data for will vary and will depend principally on:

  • the purpose for which we are using your Personal Data - we will need to keep the information for as long as is necessary for the relevant purpose, and
  • legal obligations - laws or regulation may set a minimum period for which we have to keep your Personal Data.

We will ensure that the Personal Data that we hold is subject to appropriate security measures.

What are your rights?

You have the right to lodge a complaint with the Information Commissioner in respect of our processing of your Personal Data. Information can be found at If you would like to raise your complaint with us in the first instance, please contact us.

You have rights under data protection laws to request from us access to, rectification of, or erasure of your Personal Data. You also have the right to request the restriction of any processing or to object to our processing of your Personal Data. Finally, you have the right to data portability. Please use the contact details below to exercise your rights. You can find more information about your rights at

How to contact us

If you would like further information on the collection, use, disclosure, transfer or processing of your Personal Data or the exercise of any of your rights listed above, please contact us by emailing