Privacy Policy

Spencer Elliott is a firm of Licensed Conveyancers in York.

We are what is known as the 'Controller' of the personal data you provide to us. There are six available lawful bases for processing the information you provide to us. These are:

  • Consent
  • Performance of a contract
  • Compliance with a legal obligation
  • Your vital interests
  • Public interest
  • Spencer Elliott's legitimate interests

The bases upon which we rely are referred to within this document.

Privacy policy

We are committed to protecting and respecting your privacy.

This Policy explains when and why we collect personal data about our clients ('You'), how we use it, the limited conditions under which we may have to disclose it to others and how we aim to keep it secure. We may change this Policy from time to time but access to an up to date version will be provided whenever you instruct us to act for you. By using our services, you are also agreeing to be bound by this Policy. Any questions regarding this Policy and our privacy practices should be sent to us using the contact details supplied at the end of this Policy.

How we collect information from you

We obtain information about you and your transaction from the time that you instruct us to act for you. We may already have some information if we have previously acted for you but we will ask you to provide information whenever you instruct us as it is an opportunity to check that the information we already hold is accurate, appropriate and up to date.

We may collect this information by telephone or email, during a face to face meeting or from standard information forms that we ask you to complete. This is normally collected at the start of the transaction but further additional information may be requested as your matter progresses.

The type of information that we collect from you

The personal data we collect will include your name(s) (and any former name), address, email address, contact telephone number(s), and dates of birth. We will also ask for your national insurance number. We also scan or copy photo-identification documents such as your passport or driving licence and residence confirming documents such as utility or credit card bills for compliance with money laundering regulations. We will also request your bank account details if you ask us to transmit funds to you electronically.

We collect this information in order to perform the contract made between us. In other words, to enable us to provide the services you have instructed us to provide and in order to comply with regulatory requirements we need to collect this information.

What your information will be used for

We may use your information to:

  • provide the services you have instructed us to provide
  • carry out our obligations arising from any contracts entered into by us on your behalf
  • carry out money laundering and identity checks
  • seek your views or comments on the services we provide
  • notify you of changes to our services
  • send you communications you have requested
  • transmit funds to you electronically if requested to do so
  • store Deeds and other documents which you have asked us to keep on your behalf

Parties that have access to your information

We may pass your information to third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf or for compliance with our legal obligations (for example to carry out money laundering checks). When we use third party service providers, we disclose only the personal data that is necessary to deliver the service and we have contracts in place that require them to keep your information secure and not to use it for any other purpose including their own direct marketing purposes.

We will not disclose your information in any other circumstance unless we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime. We will not sell or rent your information to third parties or share it for marketing purposes.

Our third party providers:

Veriphy Limited: for money laundering checks. This information is retained for five years and is for compliance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

Retention Periods

We are legally required to hold some types of information to fulfil our statutory or legal obligations but we will only hold your personal data on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.


In the event of a sale of some or all of our business and assets to a third party or as part of a business restructuring, we may transfer your personal data to a third party. If this occurred, we would take steps to ensure that your individual rights under GDPR continue to be protected.

Accessing and Updating your information

The accuracy of your information is important to us. We're working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or if any of the other information we hold is inaccurate or out of date, please contact us using the contact details supplied at the end of this Policy. You have the right to ask for a copy of the information we hold about you.

Security measures to protect the loss, misuse or alteration of your information

When you give us personal data, we will take steps to ensure that it is stored securely and confidentially.

Your email address and the contents of any emails passing between us are transmitted normally over the Internet, and as such cannot be guaranteed to be 100% secure. Therefore, whilst we will strive to protect your personal data, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive such information, we store it securely and confidentially on our systems.


In common with many other websites, Spencer Elliott’s website ( use cookies. 'Cookies' are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. Cookies collect statistical data about your browsing actions and patterns; they do not identify you as an individual. It is necessary to enable cookies if you wish your selections to be remembered for future visits on the same computer.

It is possible to switch off cookies by setting your browser preferences. Most web browsers allow some control of most cookies through the browser settings. For more information about cookies and instructions on how to adjust your browser settings to restrict or disable cookies, see the IAB website at Turning cookies off may result in a loss of functionality when using our websites.

Links to other websites

This Privacy Policy only applies to our website, which may from time to time contain links to other websites run by other organisations. We would recommend that you read the privacy statements on any other websites you visit as we cannot accept responsibility for the privacy policies and practices of other sites even when you access them using links from our websites.

Additionally, if you link to our website from a third party site, we are not responsible for the privacy policies and practices of the owners and operators of any such third party site and, again, recommend that you check the policy of that third party site.

Transferring your information outside of Europe

As part of our services offered to you, the information you provide to us may be transferred to countries outside the European Union ("EU"). For example, if any of the servers we use are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you are agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will of course take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Privacy Policy.

Similarly, if you use our services while you are outside of the EU, your information may be transferred outside the EU in order to provide you with those services.

Your Rights

If at any point you believe the information we hold on you is incorrect you can request to see this information and have it corrected or deleted.


If you wish to raise a complaint on how we have handled your personal data, you can contact our Client Services Directors, Sandra Elliott or Elizabeth Spencer on or you can write to them using the address provided below. Your matter will then be investigated. Following this, if you are not satisfied with our response or believe that we are processing your personal data in a way that is not in accordance with the law, you can complain to the Information Commissioner's Office (ICO). Contact details for the ICO are available on their website and their helpline number is 0303 123 1113.

Our Contact Details

For any information regarding this Policy and to submit any requests:

Post: Spencer Elliott, 3 New Street, York, YO1 8RA

We keep this Policy under regular review and it was last updated in May 2018.

You have the right to withdraw your consent to use of your personal data for the above-mentioned purposes at any time by contacting us either via email or post as above.

Last updated: 15 May 2018