GDPR (General Data Protection Regulation)

The General Data Protection Regulation (GDPR) will replace the current Data Protection Act 1998 on 25 May 2018. Further information on the GDPR can be found at the Information Commissioners Office website at
NBM Policy
Your privacy is an important factor that NBM Solicitors considers in the provision of our services. This policy explains generally how we receive information about you and what we do with that information once we have it.
Data Controllers
The Data Controllers who have overall responsibility for the day-to-day implementation of this policy are the partners for the time being of NBM Solicitors.
What is "personal information” or “data”?
For us, "personal information" means information which identifies you like your name, date of birth, address, email address and the Internet protocol (IP) address used to connect your computer to the Internet. It also includes debit card and bank account details. Any information that falls outside of this is "non-personal information".
By accepting our conveyancing quote and instructing us, you will also be accepting that we will collect and hold your personal information under the terms of this policy. We will ensure that any personal data we hold is accurate, adequate, relevant and not excessive. If you ask that we correct inaccurate personal data relating to you, this will be done as soon as we can.
How do we learn information about you?
We learn information about you when:
  • you give it to us directly;
  • we receive information or documents from a third party (e.g. from estate agents, mortgage companies, financial advisers)
What do we do with your information once we have it?
When you give us personal information, we will only use it in the course of our conveyancing retainer for which you've given us permission. We will only disclose information during a conveyancing transaction to a third party when it is necessary to progress the transaction (see “When do we share your information with others?” below).
NBM Solicitors will not sell your personal information to a third party and will not use it for marketing purposes. However, if you have requested a conveyancing quote, we may follow this up at a later date with an offer of a further discount.
How do we store and protect your personal information?
We will store your data securely:
  • If stored on paper, it will be kept in a secure place and will not allow unauthorised personnel to access it
  • Printed data will be shredded or safely destroyed when it is no longer needed
  • Data stored on a computer will be protected by strong passwords
  • If data is stored on CDs or memory sticks, these will be kept securely when not being used
  • Servers containing personal data will be kept in a secure data centre in the UK or the EU and protected by security software and a strong firewall with an uninterruptible power supply, climate control etc and 24/7 engineer support
  • Our website is protected by OAuth2 OpenId industry standard and we will be implementing a location based monitoring system. It is protected from man in the middle attacks by TLS encryption certificates
  • Your debit card details are inputted into a TLS encrypted connection and then hashed into the database using the highest available seeded encryption algorithm library
  • We cannot see clients’ passwords to access our case tracker once they have been set. Clients can change their own passwords whenever they want
We are committed to protecting your personal information once we have it. We implement physical, business and technical security measures. Despite our efforts, if we learn of a security breach, we will notify you so that you can take appropriate protective steps.
We also do not want your personal information for any longer than we need it. After normally at least 6 years we take steps to destroy it and your file unless we are required by law to keep it longer.
All staff will receive training on this policy. Future training will be provided whenever there is a substantial change in the law or our policy and procedure and will include the law relating to data protection and our data protection and related policies and procedures.
When do we share your information with others?
  • When we have received your specific permission to share it
  • Generally, during a conveyancing transaction, we might have to provide this information to a third party such as a mortgage company to allow them to liaise with us on the phone or we might provide information to help them make a decision on proceeding with the transaction
  • For processing or providing a service to you but only if those entities receiving your information are contractually obligated to handle the data in ways that are approved such as mortgage companies, the Land Registry, search agents etc
  • We will give your name, address and email address(es) to the Land Registry which will be stored on their records which are open to public inspection
  • If we are holding your Will, this will be released to the executor(s) appointed therein or their legal representative
  • When the law or regulations requires it. We follow the law whenever we receive requests about you from the Law Society, a government agency or as a result of a court order. We will notify you when we're asked to hand over your personal information in this way unless we're legally prohibited from doing so. When we receive requests like this, we'll only release your personal information if we have a good faith belief that the law requires us to do so. Nothing in this policy is intended to limit any legal defence or objection that you may have to a third party's request to disclose your information
  • When we believe it is necessary to prevent harm to you or someone else. We will only share your information in this way if we have a good faith belief that it is reasonably necessary to protect the rights, property or safety of you, our other clients or the public
  • If our organisational structure or status changes (if we undergo a restructuring or merger) we may pass your information to a successor or affiliate
Subject access requests
If you request in writing details of the personal information we hold on you, we will have a month to comply. We can refuse or charge for requests that are manifestly unfounded or excessive. If we refuse a request, we will tell you why and you have the right to complain to the supervisory authority and possibly to a judicial remedy
What else should you know?
We also use service providers whose computers may also be in various countries. This means that your information might end up on one of those computers in another country and that country may have a different level of data protection regulation than ours. By giving us information, you consent to this kind of transfer of your information. No matter what country your information is in, we comply with applicable law and will also abide by the commitments we make in this privacy policy.
What if we change this privacy policy?
We reserve the right to modify this privacy policy and our notices at any time. Changes and clarifications will take effect immediately upon being posting on our website. Your continued use of our service after the effective date of such changes constitutes your acceptance of such changes.
Can I have my personal information deleted?
We are obliged by the Law Society to retain a file and client information for at least 6 years. However, if such a period has expired since the registration of a property in your name and/or redemption of your mortgage when we last acted for you, you are free to ask us to delete your name and other personal contact information from our systems. If so, please send a request to