Privacy Statement
Revised March 2026
This Privacy Statement is provided in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018. It explains how Boyd Legal Limited (“we”, “us”, “our”) collects, uses, stores and protects personal data.
Who We Are
We are the law firm of Boyd Legal Limited, a company registered in Scotland. Our principal place of business is at 21–22 Queensferry Street, Edinburgh, EH2 4RD. We also operate branch and virtual offices at the locations listed below.
Boyd Legal Limited is the data controller for the personal data we process, unless stated otherwise.
Privacy Contact
If you have any questions about this Privacy Statement or how we use your personal data, you can contact us at:
- Address: 21–22 Queensferry Street, Edinburgh, EH2 4RD
- Telephone: 0131 226 7464
- Email: newenquiries@boydlegaluk.com
We have not appointed a Data Protection Officer, as we are not required to do so under UK GDPR. We have appointed Diana Boyd as our data protection lead. She can be contacted at our Head Office, 21-22 Queensferry Street, Edinburgh or by phoning 0131 226 7464.
Personal Data We Process
We may process the following categories of personal data:
- Identity data (such as name, date of birth, marital status)
- Contact details (such as address, email address, telephone number)
- Financial information relevant to a legal matter
- Case‑related information and correspondence
- Technical data (including IP address, device identifiers and website usage information)
- Special category personal data where necessary to provide legal services
How and Why We Use Personal Data
Lawful Bases for Processing
We process personal data only where we have a lawful basis to do so under UK GDPR.
Clients
Where you instruct us, we process your personal data because it is necessary for the performance of a contract, namely the provision of legal services in accordance with our Terms of Business.
Where special category data is processed, this is necessary for the establishment, exercise or defence of legal claims or otherwise permitted by law. Special category data is processed under Article 9(2)(f) – legal claims and Schedule 1 DPA 2018 (legal services condition)
Third Parties and Other Solicitors
Where we receive personal data from another solicitor or organisation in connection with a transaction or case, processing is carried out on the basis of our legitimate interests and those of our client in properly and lawfully pursuing or defending legal matters.
We have assessed these interests and consider that such processing does not override individuals’ rights and freedoms.
Where We Act as a Data Processor
In some matters, we act as a data processor on behalf of another organisation. In those cases, we process personal data strictly in accordance with their instructions, and their privacy notice will apply.
Marketing Communications
We may contact you from time to time to provide information about other legal services we offer or updates that may be relevant to you. This is carried out on the basis of our legitimate interests in maintaining client relationships.
You have an absolute right to object at any time to receiving such communications at any time. If you do so, we will stop without delay. Please contact us directly to opt-out of any such communications.
Who We Share Personal Data With
We may share personal data with:
- Counsel, expert witnesses and other professional advisers
- Courts, tribunals and regulatory bodies
- Banks, insurers and auditors
- IT and cloud service providers who support our systems
All service providers processing data on our behalf are subject to contractual obligations to protect confidentiality and comply with UK GDPR.
International Transfers
We do not routinely transfer personal data outside the United Kingdom.
Where personal data is processed outside the UK by a service provider, we ensure appropriate safeguards are in place, including UK‑approved international data transfer agreements or adequacy regulations.
How Long We Keep Personal Data
We retain personal data only for as long as necessary and in accordance with legal, regulatory, professional and insurance obligations. Such retention periods apply also to any third parties involved in transactions such as enquirers, witnesses, defenders and beneficiaries.
Client files are retained in line with our data retention policy and the guidance of the Law Society of Scotland. Retention periods depend on the nature of the matter and applicable limitation periods.
Prospective client enquiries are generally retained for up to 12 months from last contact where no instruction follows.
Third‑party data is retained in accordance with client instructions and legal requirements.
Further details of our retention practices are available on request.
Your Rights Under UK GDPR
You have the right to:
- Access your personal data
- Correct inaccurate or incomplete data
- Request erasure of data in certain circumstances
- Restrict processing in certain circumstances
- Receive personal data in a portable format where applicable
- Object to processing based on legitimate interests or for direct marketing
- Withdraw consent at any time where processing is based on consent
- Right to restrict processing
- Right to object to legitimate-interest processing
- Right not to be subject to automated decision-making
We do not carry out automated decision‑making or profiling.
To protect confidentiality, we will verify your identity before responding to any request.
Complaints
If you have concerns about how we use your personal data, please contact us in the first instance.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
- Website: www.ico.org.uk
- Helpline: 0303 123 1113
Cookies Policy
Last updated: 26/3/26
1. What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help the website function properly, improve your experience, and provide information to us about how the site is used.
2. Types of Cookies We Use
Strictly Necessary Cookies – These cookies are essential for the website to operate. They enable functions such as page navigation and secure access to certain areas. The site cannot function properly without them.
Analytics and Performance Cookies – We use these cookies to understand how visitors use our website so we can improve its performance. They gather anonymous statistics such as page visits and traffic sources.
3. Third-Party Cookies
Some cookies may be placed on your device by third-party service providers (for example, analytics tools such as Google Analytics). These providers may collect information about your online activities over time and across different websites.
4. How You Can Manage Cookies
You can control or delete cookies through your browser settings. You can also block certain types of cookies, although doing so may affect how our website functions.
To learn more, visit – www.allaboutcookies.org
5. Changes to This Policy
We may update this Cookies Policy from time to time. Any changes will be posted on this page with a revised “Last updated” date.
6. Contact Us
Boyd Legal
21 – 22 Queensferry Street, Edinburgh, EH10 6UG
0131 226 7464