Privacy Policy

Last updated: March 2026

1. Who We Are

Norman Lawson & Co., Solicitors is a trading name of Legal Eagle Scotland Ltd (Company No. SC677101). Our registered office is located at:

3rd Floor, St. George’s Building
5 St. Vincent Place
Glasgow G1 2DH
United Kingdom

We are regulated by the Law Society of Scotland under Firm Number 63171. We are the data controller for any personal information you provide to us.

For queries about how we handle your data, you can contact our data protection lead at mu@normanlawsonsolicitors.co.uk or by telephone on 0141 275 4844 during office hours (Monday to Friday, 9am to 5pm).

2. What Information We Collect

As a legal practice, we collect various categories of personal information depending on the nature of the legal services we provide. This includes:

• Identity Information: Full name, date of birth, passport number, national identity card details, and other identity documents needed for legal work, particularly in immigration cases.
• Contact Information: Address, telephone numbers, email addresses, and emergency contact details.
• Case-Related Information: Detailed information about your legal matter, court documents, correspondence, statements, evidence, and outcome details.
• Financial Information: Bank details, payment information, invoicing details, and information related to legal aid applications and billing.
• Special Category Data: In immigration, asylum, and human rights cases, we often process sensitive personal data including information about national or ethnic origin, religious beliefs, political opinions, trade union membership, genetic data, biometric data (for identification purposes), health information, and sex life or sexual orientation. This information is necessary to conduct immigration appeals, asylum claims, human rights applications, and family reunification cases.
• Website Usage Data: Information about how you use our website, including IP addresses, browser type, pages visited, and cookie data (see section 10 below).
• Communications Data: Records of emails, telephone calls, and other correspondence with us, including recordings or notes of consultations where permitted.

3. How We Collect Your Information

We obtain information about you through several methods:

• Directly from you: When you contact us for advice, complete application forms, attend appointments, or provide documents during the course of our legal work for you.
• From third parties: Including courts and tribunals, the Home Office and UK Visas & Immigration (UKVI), the Scottish Legal Aid Board, other solicitors or legal representatives, barristers and advocates, medical professionals and expert witnesses, interpreters, regulatory bodies, and government departments as part of immigration or legal proceedings.
• From our website: Through contact forms, enquiry submissions, and analytics services.
• Automatically: Through cookies and similar tracking technologies on our website.

4. Why We Process Your Data (Legal Bases Under UK GDPR)

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we must have a lawful basis for processing personal data. We process information on the following bases:

• Contract Performance (Article 6(1)(b)): We process your information to provide you with legal services you have instructed us to provide, prepare court documents, conduct negotiations, and manage your case.
• Legal Obligation (Article 6(1)(c)): We must comply with law, including anti-money laundering regulations, accounting rules, professional conduct standards set by the Law Society of Scotland, court orders, and obligations to provide information to regulatory bodies and the Home Office.
• Legitimate Interests (Article 6(1)(f)): We process information to manage our business effectively, prevent fraud, enforce our legal rights, conduct quality assurance and staff training, and improve our services.
• Consent (Article 6(1)(a)): Where you have given us explicit consent to process particular information, such as marketing communications or sensitive data in specific circumstances.
• Vital Interests (Article 6(1)(d)): In limited circumstances involving human rights applications or immigration cases where vital interests require immediate action.
• Public Task (Article 6(1)(e)): Where we are carrying out legal work that serves a public interest, including immigration appeals and human rights cases.

5. How We Use Your Information

We use the information we collect for the following purposes:

• Providing legal advice and representation to you.
• Preparing court and tribunal documents, applications, and appeals.
• Communicating with you about your case, including updates, advice, and invoicing.
• Making applications for legal aid to the Scottish Legal Aid Board.
• Conducting court proceedings, tribunal hearings, and interviews with regulatory authorities.
• Complying with our professional obligations under Law Society of Scotland rules and UK law.
• Complying with financial regulations, accounting rules, and anti-money laundering requirements.
• Managing our business, including accounting, payroll, and HR purposes.
• Contacting you about our services and responding to enquiries.
• Monitoring the quality of our service and conducting staff training.
• Preventing fraud and securing our systems.
• Improving our website and services based on usage patterns.

6. Special Category Data (Sensitive Personal Information)

As an immigration and human rights law practice, we regularly process special category data under Article 9 of the UK GDPR. This includes information about:

• National or ethnic origin (relevant in immigration and asylum cases)
• Religious or philosophical beliefs (often relevant in asylum persecution claims)
• Political opinions and trade union membership (relevant in refugee and human rights applications)
• Genetic and biometric data (used for identity verification in visa applications)
• Health data (relevant in asylum claims based on medical conditions, torture, or medical evidence)
• Sex life or sexual orientation (relevant in asylum and human rights applications under Article 8)

Legal Basis for Processing Special Category Data: We process this sensitive information because it is necessary for the purposes of carrying out obligations and rights under employment, social security or social protection law; protecting vital interests; processing data which is manifestly made public by the data subject; establishing, exercising or defending legal claims; and substantial public interest reasons (e.g., protecting asylum seekers, supporting human rights claims, or addressing discrimination).

Special category data is held securely and accessed only by staff directly involved in your case. We never share sensitive data except where legally required for immigration proceedings, court cases, or where you have explicitly consented.

7. Who We Share Your Data With

We only share your personal information where necessary for legal, regulatory, or contractual reasons:

• Courts and Tribunals: We provide necessary information and documentation to courts, tribunals, and judicial authorities in the course of legal proceedings.
• Home Office & UK Visas & Immigration (UKVI): In immigration and asylum cases, we submit applications and provide supporting information required by immigration authorities.
• Scottish Legal Aid Board (SLAB): We provide information required to assess legal aid eligibility, obtain funding certifications, and report on case outcomes.
• Barristers and Advocates: Where you are represented by counsel, we share necessary case information and instructions.
• Expert Witnesses and Medical Professionals: We may share relevant information with doctors, psychiatrists, or other experts to obtain supporting evidence or medical reports for your case.
• Interpreters: Professional interpreters may need access to relevant documents and information to assist with communications.
• Regulatory Bodies: The Law Society of Scotland may require us to provide information in response to complaints or investigations. We comply with professional conduct rules.
• Other Solicitors: Where we work with co-solicitors or transfer your matter, necessary information is shared.
• Insurance Companies: Professional indemnity insurance may require us to disclose certain information about claims or complaints.

International Transfers: When communicating with overseas authorities (such as foreign governments, embassies, or international organisations) as part of immigration or human rights work, your data may be transferred outside the UK. We apply safeguards including standard contractual clauses, adequacy decisions, or explicit consent to ensure your information remains protected.

8. Data Retention

We retain your personal information in accordance with professional standards set by the Law Society of Scotland and UK law:

• Active Cases: While we are acting for you, we retain all information necessary to conduct your case.
• After Case Conclusion: After your matter concludes, we retain case files and related information for six years from the date the matter ends. This complies with Law Society guidance and the Limitation Act 1980, which requires records to be available in case of future disputes or complaints.
• Legal Aid Records: Records related to legal aid applications are retained for six years or as required by the Scottish Legal Aid Board.
• Regulatory Requirements: Some information is retained longer if required by law, such as money laundering records (which we retain for five years) or other statutory obligations.
• Destruction: Once retention periods expire, information is securely destroyed. We use secure methods including shredding of paper documents and permanent deletion of electronic data.
• Exceptions: If a complaint is made to the Law Society or legal action is threatened, we may retain information longer until the matter is fully resolved.

9. Your Rights Under UK GDPR

You have several rights regarding your personal information:

• Right of Access (Article 15): You can request a copy of the personal information we hold about you at any time. We will provide this within 30 days of your request.
• Right to Rectification (Article 16): If information about you is inaccurate or incomplete, you can ask us to correct or update it.
• Right to Erasure (Article 17): In some circumstances, you can request that we delete your information, though this may not apply if we have legal obligations to retain it (such as for case records or regulatory compliance).
• Right to Restrict Processing (Article 18): You can ask us to limit how we use your information in certain circumstances, such as if you dispute its accuracy while we investigate.
• Right to Data Portability (Article 20): You can request your information in a structured, portable format suitable for transferring to another organisation.
• Right to Object (Article 21): You can object to our processing of your information on grounds relating to your particular situation, though this does not apply where we are processing data to provide legal services you have asked for.
• Rights Related to Automated Decision-Making (Article 22): You have rights if we make decisions about you entirely by automated means. We do not carry out fully automated decision-making in relation to legal advice or service provision.

To exercise any of these rights, contact us at:
Email: mu@normanlawsonsolicitors.co.uk
Telephone: 0141 275 4844
Address: 3rd Floor, St. George’s Building, 5 St. Vincent Place, Glasgow G1 2DH

Note: Some rights may be limited where we are processing data to provide legal services you have instructed. Please contact us to discuss your specific situation.

10. Cookies and Website Technologies

Our website uses cookies and similar technologies to enhance your experience and improve our services:

• Essential Cookies: These are necessary for the website to function properly and process contact forms. They do not require your consent but are necessary for service delivery.
• Analytics Cookies: We use analytics tools to understand how visitors use our website, which pages are popular, and how we can improve our services. This helps us tailor content and improve user experience.
• Third-Party Cookies: Our website may use third-party services that place cookies on your device.

Managing Cookies: Most web browsers allow you to control cookies through their settings. You can typically delete cookies and configure your browser to refuse new ones. However, please note that refusing cookies may affect the functionality of our website and your ability to contact us through web forms.

11. Data Security

We take data security seriously and implement appropriate technical and organisational measures to protect your information:

• Encryption: We use encryption for data in transit (such as through SSL/TLS on our website) and for sensitive data at rest.
• Access Controls: Only staff directly involved in your case have access to your information. We operate on a need-to-know basis.
• Secure Systems: Our computer systems are protected with firewalls, anti-virus software, and intrusion detection systems.
• Staff Training: All staff receive training on data protection and confidentiality, including handling sensitive information and recognising phishing and security threats.
• Physical Security: Our offices are secured and only authorised personnel can access client files and documentation.
• Breach Notification: If a personal data breach occurs that affects your information, we will notify you and the Information Commissioner’s Office as required by law, typically within 72 hours of discovering the breach.

However, no security system is completely impregnable. While we take all reasonable steps to protect your information, we cannot guarantee absolute security.

12. International Data Transfers

During the course of providing legal services, we may need to transfer your data to recipients outside the United Kingdom, particularly in immigration and asylum cases where:

• We communicate with overseas governments, embassies, or consulates
• We work with witnesses or representatives abroad
• Information is required by foreign authorities in relation to your case

Where such transfers occur, we ensure appropriate safeguards are in place, including:

• Recipient countries with adequacy decisions from the UK Government
• Standard contractual clauses or binding corporate rules with processors
• Your explicit consent to the transfer
• Necessity for the legal services you have requested

13. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in law, our practices, or other operational reasons. Any changes will be posted on this page with the date of the latest update. If we make significant changes, we will notify you by email if we have your email address on file. Your continued use of our services after such changes constitutes your acceptance of the revised policy.

14. How to Contact Us

If you have any questions about this privacy policy, how we handle your data, or wish to exercise your rights, please contact us:

15. Complaints and Rights Before the Information Commissioner’s Office

If you are dissatisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the independent UK authority responsible for data protection:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113 (local rate)
Website: www.ico.org.uk

Please note that you should attempt to resolve any concerns with us directly before escalating to the ICO. We are committed to addressing data protection concerns promptly and will cooperate fully with any ICO investigation.