Privacy Policy


This Data Privacy Notice explains how Sony Sadaf Haroon Solicitors (referred to as ‘we’ or ‘us’ in this Notice) protect and process personal data on behalf of clients and others using our services and website.

Please read this Data Privacy Notice carefully to understand why data is collected and what we do with that data once it is in our possession.

Clients of the firm should also refer to our Terms of Business which provide further information on confidentiality, data privacy and disclosure.

The website covered by this Notice is ‘’. The Notice does not apply to any websites that may have a link to ours.


Data is collected, processed and stored by Sony Sadaf Haroon Solicitors; and we are what is known as the ‘data controller’ of the personal information you provide to us.

Sony Sadaf Haroon Limited is an ABS, authorised and regulated by the Solicitors Regulation Authority under number 635480. We trade as Sony Sadaf Haroon Solicitors.

Our Data Protection Officer is Sony Haroon. She can be contacted by telephone on 01727568353 or by email at


Our website and services are not aimed specifically at children because in legal work children are generally represented by their parent or guardians. If you are a child and need further advice or explanation about how we would use your data, please email


The exact information we will request from you will depend on what you have asked us to do or what we are contracted to do for you. This Data Privacy Notice is intended for clients and prospective clients only.

Typically we will need your personal data which is the general information that you supply about yourself such as your full name, address, date of birth, e-mail and telephone numbers and if a transaction is involved, your banking details may be needed too.

In other cases we may need to ask you about medical or other information of a sensitive nature if this is required to carry out your work. Sensitive personal data: is, by its nature, more sensitive information and may include your racial or ethnic origin, religion, sexual orientation, political opinions, health data, philosophical views, biometric and genetic data.

To comply with our legal obligations to verify your identity we are likely to require you to provide copies of certain documents and to respond to any queries we may have. If a transaction is involved we will be asking about the source of funds and requesting supporting documents. Once your matter has been concluded the file will be archived for at least six years.


Information about you may be obtained from a number of sources; including:

  • You may volunteer the information about yourself
  • You may provide information relating to someone else – if you have the authority to do so
  • Information may be passed to us by third parties in order that we can undertake your legal work on your behalf. Typically these organisations can include but are not limited to:
      • Home Office
      • Medical or financial institutions – who provide your personal records / information
      • Police
      • Victim Support
      • Cafcass
      • Social Services
      • Courts/Tribunals
      • HMRC
      • Other solicitors
      • Process Servers


The primary reason for asking you to provide personal data is to allow us to carry out your requests- which will ordinarily be to represent you and carry out your legal work. Your personal information will normally be retained in a database and used by Sony Sadaf Haroon Solicitors for purposes such as:

  • administering our relationship with you, providing services, and responding to enquiries
  • processing applications
  • Verifying your identity and to establish the funding of any transaction you have asked us to carry out on your behalf. In a limited number of cases, where funding is being provided by a family member or third party, we may need to ask you to obtain information from them and personal information provided to us will also be subject to the terms of this Data Privacy Notice;
  • Providing you with advice, to carry out litigation on your behalf or on behalf of any organisation you represent, prepare documents or to complete transactions on yours or your organisation’s behalf;
  • Keeping financial records of your transaction and the transactions we make on your behalf. We do not store payment card information.
  • Seeking advice from third parties in connection with your matter;
  • Responding to any complaint or allegation of negligence against us;
  • Internal management and planning, which includes:
  • Resource management;
  • Planning of tasks or meetings;
  • Keeping records of sources of work and new enquiries; and
  • Storage and archiving of files and documents.


We have a data protection regime in place to oversee the effective and secure processing of your personal data.

During the course of carrying out your legal work we are likely to need to disclose some information to parties outside Sony Sadaf Haroon Solicitors but these disclosures are only made when required by your work. Examples might include, but are not limited to, providing your information to:

  • The Home Office
  • A court or tribunal
  • Family, associates or representatives of the person whose personal data we are processing;
  • Healthcare professionals, social and welfare organisations;
  • Business associates;
  • Accountants and other financial bodies
  • Translation companies
  • HM Land Registry to register a property
  • HM Revenue & Customs; e.g. for Stamp Duty Liability
  • Solicitors acting on the other side
  • Asking an independent Barrister or Counsel for advice; or to represent you
  • Non legal experts to obtain advice or assistance
  • External auditors or our Regulator; e.g. Lexcel, SRA, ICO etc.
  • Bank or Building Society; or other financial institutions
  • Providers of identity verification
  • Any disclosure required by law or regulation; such as the prevention of financial crime and terrorism
  • If there is an emergency and we think you or others are at risk

Your personal information will be retained, usually in a computer or manual files, only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us. For example:

  • As long as necessary to carry out your legal work
  • For a minimum of 6 years from the conclusion or closure of your legal work; in case you, or we, need to re-open your case for the purpose of defending complaints or claims against us
  • Wills and related documents may be kept indefinitely

In the event any of your information is shared with the aforementioned third parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so.

There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.


We do not share personal information with third parties unless we need to do so. Data may be shared to complete client’s legal work and as required by law. As your information will be stored on computer, it could be shared with our system maintainers for fault diagnostics but we will take steps to protect your data should third party access be required. We will never sell your personal information to third parties. We will not share your information with third parties for marketing purposes.


We recognise that your information is valuable and we take all reasonable measures to protect it whilst it is in our care.

We have technological and operational security policies and procedures in place to protect your data from loss, misuse, alteration or unintentional destruction. Our personnel who have access to the information have been trained to respect your confidentiality and to look after the data in our possession.

We use computer safeguards such as firewalls and we enforce, where possible, physical access controls to our buildings and files to keep data safe.


If you think any information we hold about you is incorrect or incomplete or has been changed since you first told us, please let us know as soon as possible so that we can update our records. We do not routinely carry out a data retention review.


The General Data Protection Regulations replace the Data Protection Act 1998 on 25th May 2018. Under both sets of regulations you are entitled to request a copy of your personal data

If you wish to make a subject access request, then please contact our Data Protection Officer, Sony Haroon.

A subject access request entitles you to a copy of the personal data we hold on you. The focus of the information we have to provide is you and will include such things as records of your name, address, contact details, date of birth etc. This means that a subject access request will not normally result in you getting a copy of a file because the focus of the documents it contains are likely to be the transaction or legal matter rather than your personal information.


The General Data Protection Regulations provide you with three rights, the right to object to specific types of processing, the rights to be forgotten and the right to restrict processing.

Depending on the nature of the request, we will comply with it to the fullest extent possible, but in some cases, this could mean that we are unable to continue with your matter, in which case work would cease at the earliest opportunity, but you would remain liable for the fees and disbursements incurred to date.

  1. The right to object: you have the right to object to processing based on legitimate interests; and direct marketing. This right only applies in the following circumstances:
  • An objection to stop processing personal data for direct marketing purposes is absolute – there are no exemptions or grounds to refuse – we must stop processing in this context
  • You must have an objection on grounds relating to your particular situation
  • We must stop processing your personal data unless:
  • We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
  • The processing is for the establishment, exercise or defence of legal claims.
  1. The right to erasure / ‘right to be forgotten’: you have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing. This right only applies in the following specific circumstances:
  • Where the personal data is no longer necessary in regards to the purpose for which it was originally collected
  • Where consent is relied upon as the lawful basis for holding your data and you withdraw your consent
  • Where you object to the processing and there is no overriding legitimate interest for continuing the processing
  • The personal data was unlawfully processed
  • Where you object to the processing for direct marketing purposes
  1. The right to restrict processing: you have the right to request the restriction or suppression of your data. When processing is restricted, we can store the data but not use it. This right only applies in the following circumstances:
  • Where you contest the accuracy of the personal data – we should restrict the processing until we have verified the accuracy of that data
  • Where you object to the processing (where it was necessary for the performance of a public interest or purpose of legitimate interests), and we are considering whether our organisation’s legitimate grounds override your right
  • Where processing is unlawful and you request restriction
  • If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim


Please contact our Data Protection Officer Sony Haroon at if you have any complaint or concern over how your data will be used. She will acknowledge your complaint and reply to your concerns. If you are not satisfied with the response, the UK regulator on data protection issues is the Information Commissioner’s Office. Their telephone number is 0303 123 1113 and website which is


We may contact you for the purpose of direct marketing. This means that we may use your personal data that we have collected in accordance with this privacy policy to contact you about our services, events etc. which we feel may interest you. The direct marketing communications may be provided to you by social media channels, email or post. We will never send marketing communications via SMS or call you without your specific consent; nor do we ever pass on or sell your details to a third party.

Any questions regarding this notice and our privacy practices should be sent by email to


Requests for further information about this Privacy Notice or about how we process personal information can be sent by email to: or by writing to:

Sony Sadaf Haroon Solicitors
Capstan House
182-184 Hatfield Road
St Albans