Privacy and Transparency Notice

Data Controller – who are we?

Chiltern Law is the provider of legal services to private individuals, organisations and companies and we specialise in criminal defence, motoring law and regulatory matters.  We are the Data Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection.  Our full registered address is below:

Chiltern Law Limited
Coxon House
Newtown Road

Further contact details are available from – the Site.

Purposes of processing

Your data will be processed in order to:

  • market Chiltern Law services to you;
  • provide services under contract to you;
  • provide services to others (in so far as this does not breach client confidentiality)
  • comply with regulatory and other legal obligations (such as anti money laundering regulations); and
  • protect Chiltern Law against potential claims.

Special category data

Special category data is personal data which the GDPR says is more sensitive, and so needs more protection, the following are example of such data which aren’t asked for by us but might be data which is processed by us as part of evidence and disclosure from the police, Crown Prosecution Service, Council, HSE or other Government agencies who prosecute.

  • race
  • ethnic origin
  • politics
  • religion
  • trade union membership
  • genetics
  • biometrics (where used for ID purposes)
  • health
  • sex life; or
  • sexual orientation.

Legal basis

Your data will be processed on the basis that Chiltern Law has a legitimate interest in being able to achieve the aims of processing set out above. Where special category data is provided, the provider of the data warrants that they consent to Chiltern Law processing that data or that they have obtained written consent from you (the “data subject”).

Personal data held

As a minimum, Chiltern Law is required to positively identify its clients. This also includes positively identifying a director in the case of a corporate client. In addition, Chiltern Law holds whatever information is provided to it by its clients and others. This will rarely include special category data (examples of which are listed above).

Chiltern Law is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this Privacy Policy.

When you call us, visit our web site, engage with “live chat” or fill out a form in connection with our activities, services or resources we may collect information about you including, but not limited to, the following:

  • Name
  • Telephone number
  • Contact information, including email address and business address
  • Demographic information such as location, age and gender
  • IP address

We require this information to respond to requests and queries, understand your needs and provide you with a better service. We will also use the information to improve our products and services, detect fraud, administer accounts and to comply with contractual obligations you have with us.

If you request it, we will periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.

Data Sources – how do we collect personal data from you?

Chiltern Law obtains most personal data from its clients and those who have indicated that they have an interest in our services. Chiltern Law also obtains some personal data from other correspondents. Chiltern Law also collects some data from publicly available sources (e.g. Companies House).  We collect information from you when you use our website, if you complete our enquiry forms on our website, if you call us, email or engage in “live chat”.

Your data will be automatically collected when using our website and using “live chat” which will include your IP address, device specific information, location information and unique reference numbers pertaining to that engagement.

Non-personal identifiable information

We will collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information will include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilised and other similar information.


Cookies are small text files stored on your device when you access most websites on the internet or open certain emails. Among other things, cookies allow us to recognise your device and remember if you’ve been to this website before. We use the term cookie to refer to cookies and technologies that perform a similar function to cookies (eg tags, pixels, etc).

Our Site uses cookies in order to make it easier for you to use, to support the provision of information and functionality to you, as well as to provide us with information about how the Site is used so that we can make sure it is as up to date, relevant and error free as we can make it. We also use cookies to ensure that our online adverts reflect the interests of web users. Further information about the types of cookies that are used on this Site is set out below.

By using this Site you agree to our use of cookies, including setting and reading cookies on your device. You can choose to delete, restrict or block cookies through your browser settings at any time. For more information about how to do this, and about cookies in general, you can visit:

Please note that certain cookies may be set as soon as you visit our Site, but you can remove them using your browser settings.

However, please be aware that restricting or blocking cookies set on a website may impact the functionality or performance of the website or prevent you from using certain services provided through that website.

Please note that third parties (including, for example, advertising networks and providers of external services like website analytics services) may also use cookies, over which we have no control, although we may receive services from these third parties (including, for example, for targeted advertising purposes and website analytics). These cookies are likely to be performance cookies or targeting cookies (as described below).

The following categories of cookie are currently used by us:

  • JSESSIONID, PHPSESSID [stores your session id]
  • MoneypennyHistory, MoneypennyRef, MoneypennyVisit [used by our online chat service]
  • log [Internal tracking id]
  • __utma, __utmc, __utmz [Google Analytics traffic monitoring]
  • utmcsr [Google Analytics traffic monitoring]
  • utmccn [Google Analytics traffic monitoring]
  • utmcmd [Google Analytics traffic monitoring]
  • ga, gat, gid [Google Analytics traffic monitoring]

AdWords Re-marketing cookie

We use Google AdWords Re-marketing to advertise our services to you across the Internet. AdWords Re-marketing will display relevant ads tailored to you based on what parts of our website you have viewed by placing a cookie on your machine.


The cookie is used to say “This person visited this page, so show them ads relating to that page.”

To summarise, the Google AdWords re-marketing Cookie connects the activity of www.Chiltern with the AdWords advertising network and the DoubleClick Cookie.

You can opt out of the cookie tracking here:

Failure to Provide Data

If you fail to provide Chiltern Law with certain data required we won’t be able to positively identify you or comply with anti money laundering regulations, in such circumstances we would not be able to act for you.  Further, you will not receive services or marketing.

Where we store your personal data

We have procedures in place to store your personal data and this is protected by encryption.  All information you provide to us is stored on secure servers.  Where necessary and as part of fulfilling our obligations to you, we will transfer data to third parties such as counsel, experts and courts and this will be done by secure email.

Recipients and sharing data

Any data provided by a client is treated as confidential to that client and will only be shared with others in so far as this is necessary in order to provide the services contracted for by the client, to comply with regulatory and other legal obligations and to protect Chiltern Law against a potential claim. In order to provide its services, Chiltern Law relies on the services of certain data processors. These include secure cloud storage for files and emails. In each case, Chiltern Law ensures that data is processed in compliance with this policy.  Such sharing of data will ordinarily take place when instructing experts in your case.

Sharing data with Cabvision Network Limited

We will share all personal subscription data that you have provided but not any confidential information that relates to any legal matters with Cabvision Network Limited. Cabvision will hold all personal data under their own GDPR Policies.

Third countries and safeguards

Other than where required in order to provide services as required in individual client matters, data is rarely sent to other countries. Where it is, the relevant devices are password protected and equipped with tracking and remote wipe software. The devices are personally accompanied.

Retention period

Data is held for six years from the end of the relevant matter or for six years where not associated with a particular matter.  The retention period is not arbitrarily set, it is to allow data to be stored should there be any claim against us and coincides with certain limitation periods prescribed by law for such actions.

Data subject’s rights – your rights

You have the right (subject to client confidentiality) to:

  • withdraw consent to the processing of your data;
  • right to be forgotten
  • complain to a supervisory authority regarding the processing of your data (;
  • obtain a copy of the data held on you and to correction of any errors in that data.

If consent is withdrawn to process your data it will delay or prevent us from fulfilling our contractual obligations to you.  It will also mean that we won’t be able to provide our services.

You also have the right to be forgotten, where you object to our use of your personal data, request us to delete your data or cease using it if there is no need for us to keep it.  There are good reasons for keeping data, legal and accountancy reasons for example.


As part of our professional service we agree to take reasonable measures protect your data in accordance with applicable laws.

Contact us

If you have any questions about this Privacy Policy, the practices of this Site, or your dealings with this Site, please contact us at:

Coxon House
Newtown Road
Henley On Thames

01491 848822

Mr Darren Rogers
Director and Data Protection Officer

Help Me!
Need Urgent Help?

Use the legal advice phone number below or email us