Data Controller – Alexander A. Adeyemo , Director at the Firm.
Purposes of Processing – Your (clients and others that do business with the firm) data shall be processed for us to comply with your instructions to act on your behalf or otherwise do business with the firm’s partners.
A.Y. Sovereign Solicitors (the firm) services to you include the following:
Providing services under contract to you and others; Comply with regulatory and other legal obligations; Protect A.Y. Sovereign Solicitors against potential claims
Legal Basis – Your data shall be processed on the basis that A.Y. Sovereign Solicitors has a legitimate interest in being able to achieve the aims of processing set out above. Where special category data is provided, the provider of the data warrants that they consent to A.Y. Sovereign Solicitors processing the data or that they have obtained written consent from the data subject (the individual).
Personal Data Held – As a minimum, A.Y. Sovereign Solicitors is required to positively identify its clients. This also includes positively identifying a director in the case of a corporate client. In addition, A.Y. Sovereign Solicitors holds whatever information is provided to it by its clients and others. This will rarely include special category data.
Special category data refers to sensitive personal data that requires additional protection under data protection laws, such as the GDPR.
Definition and Importance
Types of Special Category Data
The GDPR identifies several categories of data that fall under this classification, including:
- Racial or ethnic origin: Information about a person’s race or ethnicity.
- Political opinions: Data reflecting an individual’s political beliefs.
- Religious or philosophical beliefs: Information regarding a person’s faith or philosophical views.
- Trade union membership: Data about an individual’s affiliation with trade unions.
- Genetic data: Information related to inherited or acquired genetic characteristics.
- Biometric data: Data processed for the purpose of uniquely identifying a person (e.g., fingerprints, facial recognition).
- Health data: Information concerning an individual’s physical or mental health.
- Data concerning a person’s sex life or sexual orientation: Information about an individual’s sexual preferences or orientation.
Legal Implications
Failure to provide data – If a potential client or a client fails to provide A.Y. Sovereign Solicitors with the data required, the firm is unlikely to provide its services to the client.
Data Sources – A.Y. Sovereign Solicitors obtains most of its personal data from its clients and those who have indicated that they have an interest in A.Y. Sovereign Solicitors services. A.Y. Sovereign Solicitors also obtains some personal data from other permissible legal sources including publicly available sources (e.g. Companies House).
Recipients – Any data provided by a client (and others that do business with the firm) is treated as confidential to that client and will only be shared with others in so far as this is necessary to provide the services contracted for by the client to comply with regulatory and other legal obligation and to protect A.Y. Sovereign Solicitors against a potential legal claim. To provide its services, A.Y. Sovereign Solicitors relies on the services of certain data processors and these include secure cloud storage for filing an email. In each case, A.Y. Sovereign Solicitors ensure that data is processed in compliances with this policy.
How we protect your data and keep it secure
We are committed to doing all that we can to keep our clients’ (and others that do business with the firm) data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data – for example, we protect your data using varying levels of encryption.
We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.
Third Countries and safeguards – other than where required to provide services as required in individual client matters, data is rarely sent to third countries. Relevant devices are password protected and equipped with tracking and remote wipe software.
Retention Period – Data is held for six years from the end of the relevant matter or for six years where not associated with a particular matter.
Data subject’s rights – Where relevant, the data subject (the individual) have the right (subject to client confidentiality) to request:
- information about how your personal data is processed
- a copy of that personal data
- that anything inaccurate in your personal data is corrected immediately
You can also:
- raise an objection about how your personal data is processed
- request that your personal data is erased if there is no longer a justification for it
- ask that the processing of your personal data is restricted in certain circumstances
- Withdraw consent to the processing of your data
You also have the right to data portability, under regulations like the UK GDPR, and this allow individuals to request and receive their personal data in a structured, commonly used, and machine-readable format. The subject (you) can then transmit this data to another organization or request the original organization to transmit it directly. This right is designed to empower individuals by making it easier to switch between service providers.
1
- Complaint to a supervisory authority regarding the processing of your data
(https://ico.org.uk/); and Obtain a copy of the data held on you and to correction of any errors in that data
Person responsible for this policy including its annual review – Mr. Alexander A. Adeyemo
Alex Adeyemo
10th July 2025