Privacy Policy

Last updated 19 February 2026.

1.  Who we are and what our obligations are

1.1 As a law firm, we take your privacy seriously. We understand just how important your privacy is and that it should be protected. We recognise and respect the trust individuals place in us when sharing their personal data. We are committed to protecting the privacy and security of any personal data we collect from visitors to our website and from the clients to whom we provide legal and related services.

1.2 When we use the terms Jamieson Law, we, us or our within this policy, we might mean either of our registered law firms, or our separate Irish company, as follows:

  • Jamieson Law Ltd is a limited company registered in Scotland under company number SC588503, with its registered office at Hudson House Business Centre, Hudson House, 8 Albany Street, Edinburgh, Scotland, EH1 3QB. Jamieson Law Ltd is a law firm registered with the Law Society of Scotland. 
  • Jamieson Law Ireland is a sole proprietorship, registered in Ireland. The sole proprietor is Barbara Neilan, and its registered office is at 9 The Old Golf Links, Malahide, Dublin, K36 AX66. Jamieson Law Ireland is a law firm registered with the Law Society of Ireland. 
  • Jamieson Law Ireland Ltd is an Irish company, registered under company number 686804, and it doesn’t provide regulated legal advice.

1.3 We are the controller responsible for your personal data and we are responsible for this website. 

1.4 We are registered with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk). If you have any concerns about data protection, we would appreciate if you contacted us first so we can discuss these with you before you approach the ICO. You also have the right to make a complaint at any time to the ICO. For data protection matters, please email us at info@jamiesonlaw.legal

1.5 When you provide us with your personal data, whether through our website, by email, in person or over the phone, you attend a legal strategy call, or you engage us to provide you with legal services, you acknowledge that it will be processed in accordance with this policy. We may also provide additional notices at the point of collection to explain particular uses of your personal data and, where appropriate, to give you the opportunity to opt in or opt out of specific processing activities.

1.6 This policy doesn’t apply to third party websites that may be accessed through links on our website. Jamieson Law is not responsible for the content or privacy practices of those websites. If you access any third party website, you should review its own privacy policy before submitting any personal data. 

2. What personal data we may collect about you

2.1 Personal data/information means any information about an individual from which that person can be identified. It does not include anonymous data. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Basic personal details, such as your name and job title.
  • Contact data, such as your phone number, email address, or correspondence address.
  • Identity data and other information used to verify your identity for due diligence purposes, including know your client (KYC) and anti-money laundering (AML) checks, such as copies of your passport, driving licence or ID card, and supporting documentation such as bank statements or utility bills.
  • Financial data, such as payment card details, your bank account details and billing information. Please note that payment card information is processed securely by our third party payment provider and is not stored by us.
  • Profile data, such as information about your preferences or interests.
  • Transaction data, such as details about payments to and from you and other details of the services or goods you have purchased from us.
  • Communications data, such as records of correspondence and communications with you, including emails, telephone call notes and, where applicable and notified to you, audio or video recordings of meetings or video calls, which may include your image and voice.
  • Technical data, such as details of visits to our website or information collected through cookies or other similar technologies.
  • Personal data we received by or on behalf of our clients, or obtained or generated by us in the course of providing legal services, including in connection with corporate transactions such as mergers, acquisitions, asset or share sales and purchases, and which may relate to directors, shareholders, employees, consultants or other counterparties. This may include special category personal data where relevant to the services provided.
  • Recruitment data, such as a copy of your curriculum vitae (CV), employment history, education, details of any professional memberships, and any other similar information provided during recruitment.

3. How we collect your personal data

We may use collect, use or receive your personal data in different ways:

  • You may provide personal data to us directly, such as where you contact us via our website, by email, phone, social media, or post.
  • As you interact with our website, we will automatically collect technical data through cookies and similar technologies.
  • We may use publicly available sources, such as Companies House, Google, and LinkedIn, to keep the contact details we have for you up to date, or to undertake client due diligence, including KYC and AML checks.
  • We may receive personal data from third party sources, such as identity verification providers, payment service providers, data room platforms, counterparties to transactions, other professional advisers, or recruitment agencies for recruitment purposes.

4.  How we use your personal data

4.1 We will only use your personal data where we are permitted to do so by applicable law. In accordance with UK, EU and other applicable data protection laws, we need to rely on one or more legal bases to process your personal data. The lawful bases we rely on when we process your personal data are:

  • Performance of a contract: where we need to perform the contract we are about to enter into or have entered into with you. 
  • Legitimate interests: where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Legal obligation: where we need to comply with a legal obligation.
  • Legal claims: where your personal data is necessary for us to defend, prosecute, or make a claim involving you, us or a third party. 
  • Consent: where you have provided us with your explicit consent to use your personal data (and you have a right to withdraw that consent). 

4.2 We may use your personal data in the following ways. In each case, we set out the lawful basis that we rely on to use your personal data.

  • To provide our legal services and operate our business: this includes:
    • administering and delivering our services,
    • performing our obligations under any agreement between you and us,
    • advising on and supporting corporate transactions such as mergers, acquisitions and asset or share sales and purchases, including carrying out due diligence and reviewing or analysing personal data relating to directors, shareholders, employees, consultants or other counterparties where relevant to the transaction,
    • maintaining records of meetings and communications, and, where notified to you, recording video or telephone calls for service delivery, training, monitoring or regulatory purposes

Where we provide legal services, our standard terms of engagement will apply.

 Legal grounds: performance of a contract, compliance with legal obligations, establishment, exercise or defence of legal claims, legitimate interests in delivering our  services and managing our business, and consent where required.

  • To facilitate use of our website and ensure its content is relevant: this includes responding to enquiries, providing requested information and ensuring website content is presented effectively for you and your device.

Legal grounds: legitimate interests in operating and improving our website, consent where required, and performance of a contract where applicable.

  • To operate our online shop and process purchases: this includes processing orders for goods and digital products on our website, taking payment, delivering digital products and dealing with any related enquiries, refunds or customer support.

Legal grounds: performance of a contract, compliance with legal obligations and legitimate interests in operating and improving our business.

  • For marketing and business development: this includes sending our newsletter where you have opted to receive it. Each email will include an option to unsubscribe, or you may opt out by emailing us at info@jamiesonlaw.legal.

Legal grounds: legitimate interests in promoting and developing our services and maintaining relationships with clients and contacts, and consent where required.

  • For research and development: this includes analysing client needs and market trends to better understand our clients, improve our services and develop our offerings.

Legal grounds: legitimate interests in improving and developing our services.

  • For recruitment: this includes processing cover letters and CVs sent to us directly by you, or received from third parties on your behalf.

Legal grounds: legitimate interests in making appropriate recruitment decisions and taking steps at your request prior to entering into a contract.

  • To comply with legal, regulatory and risk management obligations: this includes carrying out client due diligence, know your client checks, anti-money laundering, anti-bribery, sanctions screening, conflict checks and fraud prevention, as well as complying with legal and regulatory reporting requirements and protecting our legal rights or the rights of third parties. Where false or inaccurate information is provided and fraud is identified or suspected, details may be shared with fraud prevention agencies and recorded by us or them.

Legal grounds: compliance with legal obligations, establishment or defence of legal claims and legitimate interests in cooperating with regulators and preventing crime and fraud. Where special category data is processed, we may also rely on substantial public interest or legal claims.

  • To ensure payment of our fees: this includes recovering sums due to us and, where necessary, engaging debt collection agencies or pursuing legal proceedings.

Legal grounds: performance of a contract, establishment or defence of legal claims and legitimate interests in cooperating with regulators and preventing crime and fraud. Where special category data is processed, we may also rely on substantial public interest or legal claims.

  • To inform you of changes: this includes notifying you about changes to our services, our standard terms of business or this policy.

Legal grounds: legitimate interests in keeping you informed about changes affecting you.

  • To reorganise or restructure our business: if we merge, combine, transfer or dispose of part of our business, we may share or transfer personal data to a relevant third party or its advisers as part of a due diligence process or business transfer, for the purposes set out in this privacy notice or to assess a proposed reorganisation.

Legal grounds: legitimate interests in managing and developing our business.

4.3 In the course of providing legal services, we may process special category personal data, including information relating to health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation or other sensitive matters, where this is relevant to the services we provide. We may also process information relating to criminal convictions and offences where relevant to our advice or regulatory obligations. We will only process such data where permitted by law and where one or more of the following conditions apply:

  • the processing is necessary for the establishment, exercise or defence of legal claims;
  • the processing is necessary for reasons of substantial public interest, including compliance with legal and regulatory obligations; or
  • you have given explicit consent, where appropriate.

5. Who we may share your personal data with

5.1 We may share your personal data with the following categories of third parties where necessary:

Our professional advisers, including legal, financial, business, risk management and other advisers, as well as our bankers and auditors.

Our insurers and insurance brokers.

  • Third party payment processors, such as Stripe, who process payments securely on our behalf. Stripe will process payment information in accordance with its own privacy notice.
  • Third party advisers or experts engaged in connection with the services we provide to our clients, and with the relevant client’s prior consent where appropriate, such as local counsel, barristers, data room providers, and document review platforms.
  • Third party service providers who support our regulatory compliance and business operations, including identity verification and anti-money laundering service providers such as Credas.
  • Third party debt collection agencies or other service providers engaged to recover sums owed to us.

5.2 We may also process and disclose your personal data where necessary to comply with legal or regulatory obligations or in the course of engagement with our regulators. This may include sharing personal data with government, regulatory or law enforcement bodies in connection with enquiries, proceedings or investigations, whether in the UK or overseas, or where we are otherwise required to do so by law. Where permitted, and unless doing so would prejudice the prevention or detection of crime, we will seek to direct such requests to you or notify you before responding.

6. How we protect your personal data

6.1 We recognise that information security is an integral part of data protection. We have implemented appropriate physical, technical and organisational measures to safeguard the personal data we collect and process against unauthorised or unlawful access, use, disclosure, alteration or destruction, in accordance with applicable data protection laws. These measures include:

  • storing data on secure platforms and servers operated by us or our service providers;
  • password protected systems and restricted access controls;
  • internal security policies and standards governing the handling of personal data; and
  • contractual safeguards with third party hosting, AI and other service providers who process personal data on our behalf.

6.2 Access to personal data is limited to those employees, agents, contractors and other third parties who have a genuine business need to know. They will only process personal data on our instructions and are subject to appropriate confidentiality obligations.

6.3 We have procedures in place to deal with suspected personal data breaches. If we become aware of a breach affecting your personal data, we will take appropriate steps to mitigate its impact and prevent recurrence. Where we are legally required to do so, we will notify you and the ICO without undue delay.

6.4 Where we have given you, or where you have chosen, a password enabling you to access certain parts of our website or online services, you are responsible for keeping that password confidential and for complying with any security procedures notified to you. You must not share your password with anyone.

6.5 Although we take appropriate steps to protect personal data, the transmission of information via the internet is not completely secure. Any transmission to our website is at your own risk.

7. Where we transfer your personal data

7.1 In the course of providing our services, operating our website and engaging third party service providers, we may transfer, store or access personal data outside the United Kingdom and  the European Economic Area (EEA). This may include transfers to service providers or advisers located overseas, engaging local counsel or other professional advisers in foreign jurisdictions in connection with client matters, or where data is hosted on servers outside the UK.

7.2 Where personal data is transferred outside the UK or the EEA, we will ensure that an appropriate level of protection is afforded to it in accordance with applicable data protection laws. This will be achieved by implementing one or more of the following safeguards:

  • transferring personal data to countries that have been recognised by the UK government as providing an adequate level of protection for personal data;
  • putting in place appropriate contractual safeguards, such as the International Data Transfer Agreement or the International Data Transfer Addendum to the European Commission’s standard contractual clauses, together with any supplementary technical or organisational measures where required.

7.3 Where third party service providers or overseas advisers process personal data on our behalf outside the UK, we ensure that appropriate contractual protections are in place to safeguard that data.

7.4 Please contact us if you would like further information about the specific safeguard relied upon for any particular transfer of your personal data, or to request a copy of the relevant transfer mechanism.

8. How long we retain your personal data for

8.1 We will only retain your personal data for as long as reasonably necessary to fulfil the purposes for which it was collected, including any related or compatible purposes, and to satisfy any legal, regulatory, tax, accounting or reporting requirements

8.2 In determining appropriate retention periods, we take into account the nature, amount and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data and whether those purposes can be achieved through other means, as well as applicable legal and regulatory obligations and limitation periods for claims.

8.3 Where personal data is processed for more than one purpose, we will retain it until the latest applicable retention period has expired. However, we will cease using the data for any purpose whose retention period has ended.

8.4 In particular, we are generally required to retain basic client information, including contact, identity, financial and transaction data, for at least six years after the end of the client relationship for tax, regulatory and risk management purposes. We may retain certain transaction details and correspondence relating to legal services until the expiry of relevant limitation periods for potential claims.

8.5 Where deletion is not possible due to legal, regulatory or contractual obligations, we will restrict further processing of the data and retain it only for those specific purposes.

8.6 Once the applicable retention period has expired, personal data will be securely deleted or anonymised. Anonymised data, which can no longer be linked to an identifiable individual, may be retained for research, statistical or service improvement purposes without time limit.

9. What your rights are in relation to your personal data

9.1 Under applicable data protection laws, you have a number of rights in relation to your personal data. Subject to certain exemptions and limitations, these may include the right to:

  • Request access to the personal data we hold about you and receive a copy of it.
  • Request correction of any incomplete or inaccurate personal data we hold about.
  • Request erasure of your personal data in certain circumstances, including where there is no lawful basis for us to continue processing it, where you have successfully objected to processing, or where the personal data has been processed unlawfully. 
  • Object to processing of your personal data where we are relying on legitimate interests as our legal basis. You also have an absolute right to object to the processing of your personal data for direct marketing purposes.
  • Request restriction of processing of your personal data in certain circumstances, for example while we verify the accuracy of the personal data, where processing is unlawful but you do not want the personal data erased, where you require the personal data for the establishment, exercise or defence of legal claims, or where we are considering an objection you have made.
  • Request the transfer of your personal data to you or to a third party in a structured, commonly used and machine readable format, where processing is based on consent or on a contract and is carried out by automated means.
  • Withdraw consent at any time where we rely on consent as the legal basis for processing. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.

9.2 If you wish to exercise any of these rights, please contact us at info@jamiesonlaw.legal. We may request information to verify your identity before responding, to ensure that personal data is not disclosed to someone who is not entitled to receive it.

9.3 We will usually respond to legitimate requests within one month. Where a request is particularly complex or numerous, we may require additional time, in which case we will inform you. You will not normally be required to pay a fee, although we may charge a reasonable fee or refuse to comply where a request is manifestly unfounded or excessive.

9.4 Your rights are subject to certain legal exemptions and limitations, including where processing is necessary to comply with legal obligations, to establish, exercise or defend legal claims, to maintain legal professional privilege, or to protect the rights of others or the public interest.

9.5 If you are not satisfied with how we handle your personal data or our response to your request, you have the right to lodge a complaint with the ICO.

10. What information applies to U.S. residents

10.1 If you are a resident of the United States, certain U.S. state privacy laws may apply to our processing of your personal data, including the California Consumer Privacy Act as amended by the California Privacy Rights Act and similar legislation in other states.

10.2 We process personal data of U.S. residents in connection with the provision of our legal and related services, the operation of our website and our business activities, as described in this policy.

10.3 The categories of personal data we collect and the purposes for which we use it are set out above in this policy. We do not sell or share personal data for cross contextual behavioural advertising purposes. We do not knowingly sell or share personal data of individuals under the age of 16.

10.4 Subject to applicable law and certain exceptions, U.S. residents may have the right to:

  • request confirmation of whether we process their personal data and access a copy of that data;
  • request correction of inaccurate personal data;
  • request deletion of personal data;
  • request information about the categories of personal data collected, the categories of sources, the purposes of collection and the categories of third parties to whom personal data is disclosed;
  • opt out of the sale or sharing of personal data, where applicable;
  • not be subject to discrimination for exercising their privacy rights.

10.5 We do not use personal data for profiling in furtherance of decisions that produce legal or similarly significant effects.

10.6 If you are a U.S. resident and wish to exercise any applicable privacy rights, please contact us at info@jamiesonlaw.legal. We may need to verify your identity before responding to your request. We will respond within the timeframe required by applicable law.

10.7 Where permitted by law, you may designate an authorised agent to make a request on your behalf. We may require evidence of the agent’s authority and verification of your identity.

10.8 If you believe that we have not complied with applicable U.S. privacy laws, you may have the right to lodge a complaint with the relevant state regulator.

11. What cookies our website uses

11.1 Our website uses cookies and similar technologies to distinguish you from other users, enhance your browsing experience and help us improve our website and services. Where applicable, cookies may also be used to analyse website traffic and, if enabled, support our marketing activities.

11.2 A cookie is a small text file placed on your device when you visit a website. Cookies allow a website to recognise your device and store certain information about your preferences or past actions. Some emails and webpages may also contain small electronic files known as web beacons, which allow us to monitor whether communications have been opened or pages visited.

11.3 When you first visit our website, you will be presented with a cookie banner that allows you to accept, reject or customise your preferences in relation to non-essential cookies. Strictly necessary cookies do not require consent.

11.4  We may use the following cookies:

  1. Strictly necessary cookies. These are required for the operation of our website and enable core functionality such as security, network management and accessibility.
  2. Analytical or performance cookies. These help us understand how visitors use our website, including which pages are visited and how users navigate the site, so that we can improve its performance and usability. In particular, we use Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies to collect information about how visitors use our website, including the number of visitors, pages visited, duration of visits and referral sources. IP anonymisation is enabled where required.
  3. Functionality cookies. These allow the website to remember choices you make, such as language or region, and provide enhanced, more personalised features.
  4. Marketing or targeting cookies, where enabled. These may be used to deliver content or advertising that is more relevant to you and your interests. In particular, we may use:
    • Google Tag Manager, which allows us to manage and deploy website tags and tracking technologies through a single interface. Google Tag Manager does not itself set cookies, but it may be used to deploy other analytics or marketing tags on our website.
    • The Meta Pixel provided by Meta Platforms, Inc., which helps us measure the effectiveness of our advertising and may collect information about your interactions with our website in order to deliver more relevant advertisements.
    • Google Ads cookies, which are used to measure the effectiveness of our advertising campaigns and to deliver advertisements that may be relevant to you based on your interactions with our website.

11.5 When you first visit, a cookie banner lets you accept, reject or customise non-essential cookies. You can change your choices at any time by clicking “Cookie Settings” in the website footer. Most browsers also let you block or delete cookies through their settings; see www.allaboutcookies.org  for instructions.

12. When we might update this policy

12.1 We may update this privacy and cookie policy from time to time to reflect changes in our services, our use of personal data, legal or regulatory developments, or updates to our website and use of cookies. The latest version will always be available on our website and will show the date of the most recent update at the top of the policy.

12.2 We encourage you to review this policy periodically to remain informed about how we use and protect personal data.

12.3 It is important that the personal data we hold about you is accurate and up to date. Please inform us of any changes to your personal data during your relationship with us, for example if you change your name, address or email address.