top of page

Privacy Policy

Theseus Partners LLP (trading as “Theseus”) is a limited liability partnership registered in England with registered office at 42 Berkeley Square, London W1J 5AW, United Kingdom and company number OC458042.

​

Theseus ("we", "us", "our") acknowledges that our use of personal data has important implications and we are committed to adhering to the principles enshrined in applicable data protection law.

​

This privacy statement seeks to ensure that you are appropriately informed about how we collect and use your personal data, why we need it and what protections we have put in place to keep it secure. Further information concerning our processing of your personal data which we provide directly to you may supplement or expressly take precedence over this privacy statement.

​

Application

​

This privacy statement concerns information about individuals, i.e. personal data, and not information relating to companies or other business structures.

​

This privacy statement is for the benefit of individuals whose personal data we process including, but not limited to clients (when such clients are individuals), client personnel, counter-parties, counter-party personnel, other solicitors/advisors, witnesses, suppliers, supplier personnel, job applicants and individuals to whom we send marketing communications – referred to in this privacy statement as “you” and “your”.

​

Data controller

​

Under the laws of the United Kingdom and European Union, a data controller is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. Theseus is a data controller in relation to your personal data.

​

Obtaining your personal data

​

In some circumstances, we may obtain your personal data from you directly but, more typically, we will obtain your personal data from a third-party source, for example, we may collect information from clients or clients’ personnel, agents and advisers, other law firms or advisers which represent you, the company for whom you work, other organisations and persons with whom you have dealings, government agencies, recruitment agencies, information or service providers and publicly available records.

Personal data that you provide to us

​

If you provide information to us about someone else (such as one of your associates, directors or employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that information to us and that, without taking any further steps, we may process that information in accordance with this privacy statement.

Personal data types

​

We collect and use different types of personal data, which will vary depending on the circumstances and purpose of processing. Please consider the following illustrative and non-exhaustive examples (not all of which necessarily constitutes personal data):

  • data about you: name, address, date of birth, marital status, nationality, race, gender, preferred language, job title, work life and restrictions and/or required accommodations, possibly about your family life;

  • data to contact you at work or home: name, address, telephone, and e-mail addresses;

  • other data which may identify you: photographs and video, passport and/or driving license details, electronic signatures; and

  • data required to process payments: bank account details, HMRC numbers and references (where applicable).

 

The reasons why we process your personal data

 

We need to collect and use your personal data for a number of reasons, the primary purpose being to provide legal advice and services to our clients. This will involve the use of your personal data in connection with our clients’ instructions and within our client and matter files.

​

We may also process your personal data for effective business management purposes which may involve the use of your personal data in the following (non-exhaustive) ways:

  • to engage and contact suppliers;

  • to carry out internal reviews, investigations, audits;

  • to conduct business reporting and analytics;

  • to advertise and market the services that we provide;

  • to help measure performance and improve our services;

  • for recruitment purposes;

  • for regulatory and legislative compliance and related reporting; and

  • for the prevention and detection of crime.

 

Our legal basis for processing your personal data

​

In accordance with applicable data protection legislation, we must identify a lawful basis for processing your personal data which may vary according to the type of personal data processed and the individual to whom it relates. The following bases, singly or in combination, apply.

Performance of a contract with you (where applicable):

We are entitled to process the personal data it requires in order to fulfil its obligations under its contract with you. This will be the relevant legal basis if you are an individual client or supplier or other individual with a direct contractual relationship with us.

​

Legitimate interests of Theseus or a third-party

​

We may process some of your personal data on the basis that it is in its legitimate interests and/or the legitimate interests of a third-party to do so. This will primarily concern the processing of personal data that is necessary to provide legal advice and services to our clients. Our legitimate business interest in such instances is the proper performance of its function as an authorised and regulated provider of legal services. Our clients’ also have a legitimate interest (and more general right in law) in obtaining legal advice and services.

​

Our broad interest in the provision of legal services as a basis for processing your personal data, and our clients’ corollary interest in the receipt of such services, can be broken down into more discreet categories which may include, but are not limited, to:

  • the interest in contacting individuals relevant to our work and our clients’ matters, which may involve the use of your personal data;

  • the interest in reviewing documents and correspondence that have been disclosed to us, our clients and third-parties which may contain your personal data;

  • the interest in reviewing and analysing all evidence available to us and our clients, which may contain your personal data;

  • the interest in adducing legal arguments, creating documents and correspondence, which may contain your personal data;

  • the interest in disclosing documents and correspondence, which may contain your personal data, to various parties in the furtherance of our clients’ objectives;

  • the interest in instructing third-parties on behalf of our clients;

  • the interest in receiving payment from our clients and third-parties and to facilitate payments to and from our clients and third-parties; and

  • in order to allow for all of the above, the secure management and storage of your personal data, within our IT environment and hard-copy filing systems.

 

We may also process your personal data on the basis that it is necessary for its legitimate business interests in the effective management and running of Theseus which may include, but is not limited to: engaging suppliers and supplier personnel; ensuring that its systems and premises are secure and running efficiently; for regulatory and legislative compliance, and related auditing and reporting; for insurance purposes; for recruitment/hiring purposes; for marketing purposes; and to facilitate, make and receive payments.

​

We do not consider that the processing of your personal data, on the basis that it is within our legitimate interests (whatever such interests might be), is unwarranted because of any prejudicial effect on your rights and freedoms or your legitimate interests.

​

Compliance with a legal obligation to which we are subject

​

In certain circumstances, we must process your personal data in order to comply with its legal obligations. This might include, but is not limited to, personal data required: for tax and accounting purposes; for conflict checking purposes as required by the law and our regulators; and for us to fulfil its compliance and other obligations under relevant legislation/regulation.

​

More information relating to legal bases for processing personal data can be found on the Information Commissioner’s website (see details below) or by contacting us.

​

Special category and criminal records personal data

​

If we processes your criminal records personal data or special category personal data relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, health data, biometric data or sexual orientation, we will obtain your explicit consent to those activities unless this is not required by law (because, for example, it is processed for the purpose of exercising or defending legal claims) or the information is required to protect your health in an emergency. Where we are processing personal data based on your consent, you have the right to withdraw that consent at any time.

​

Cookies

​

Our website uses cookies. To learn more about the cookies we use and how to disable them please review our cookies policy.

​

Sharing your personal data

​

We may disclose your personal data to third-parties (outside of Theseus and Theseus personnel) if, but only when, we have a legal basis to do. Such recipients include but are not limited to: co-counsel, other solicitors/barristers/experts/foreign law firms whom we instruct on your behalf; our insurance brokers and underwriters; our banks, capital providers, auditors and accountants; our outsourced IT providers and other suppliers; HMRC; the Inland Revenue Service; the Solicitors Regulation Authority; the Law Society; the other side/other parties on any given matter (lay and solicitor).

​

Protecting your personal data

​

We have security arrangements in place to guard against unauthorised access, improper use, alteration, destruction or accidental loss of your personal data. We take appropriate organisational and technical security measures and have rules and procedures in place to ensure that any personal data we hold is not accessed by anyone unauthorised to access it. We have in place, and abide by, a specific information security policy about the security standards used to protect your personal data.

When we use third-party organisations to process your personal data on our behalf, they must also have appropriate security arrangements, must comply with our contractual requirements and instructions and must ensure compliance with applicable  data protection legislation.

International transfers

​

We may transfer your personal data to other organisations located in “third countries” (those outside of the UK). In addition to the security arrangements mentioned above in relation to our engagement of third-party organisations, where such transfers are required we will ensure that your personal data is adequately safeguarded, for example, by using a contract for the transfer which contains specific data protection provisions. You may ask for further information about the safeguards we have put in place for such transfers by contacting us at info@theseusllp.com.

Retaining your personal data

​

It is our policy to retain your personal data for the length of time required for the specific purposes for which it is processed by Theseus and which are set out in this privacy statement. However, we may be obliged to keep your personal data for a longer period, for example, where required by our legal and regulatory obligations or in order to ensure we have effective back-up systems. In such cases, we will ensure that your personal data will continue to be treated in accordance with this privacy statement, restrict access to any archived personal data and ensure that all personal data is held securely and kept confidential.

​

Your rights

​

Individuals, in certain circumstances, are afforded a right to access their personal data, to object to the processing of their personal data, to rectify, to erase, to restrict and to port their personal data.

​

We have specific procedures in place in relation to Data Subject Access Requests (“DSARs”) that you may be entitled to make. Put simply, a DSAR is a request made by you which requires us to provide you with details of your personal data which we hold and process and a description of how we process it. Any questions or requests should be put in writing to us.

There are exceptions to the rights of individuals in relation to their personal data and, particularly when we are processing your personal data for the purpose of providing legal advice to our clients, your rights may be limited. We will, at all times, respect your personal data and seek to be as transparent as possible but please be aware that, in some instances, we may be restricted from even acknowledging that we process your personal data.

​

Get in touch

​

If you would like further information about our processing of your personal data, please contact info@theseusllp.com.

​

How to make a complaint

​

If you are unhappy with the information provided in this privacy statement or have concerns about the way in which we processes your personal data we request that you contact us in the first instance at info@theseusllp.com, and if you remain dissatisfied then you may apply directly to the Information Commissioner for a decision.

​

Website: www.ico.org.uk
Email: casework@ico.org.uk
Telephone: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Theseus Partners LLP (trading as "Theseus") is a limited liability partnership incorporated in England with registered office at 42 Berkeley Square, London W1J 5AW, United Kingdom and company number OC458042. A list of its partners and their professional qualifications is available upon request. No reserved legal activities (as defined in section 12 of the Legal Services Act 2007) are carried on by the firm. © 2025 Theseus Partners LLP

Legal Notice
Privacy Policy

bottom of page