Follow us
  >  Privacy Policy


Our Privacy Notice clarifies how Goodey Aziz collects and handles your data, while highlighting your rights under the UK GDPR. It pertains to clients, current and potential staff, and other parties connected to our firm’s activities. We are committed to achieving the utmost respect for your privacy.

Important information and who we are


Goodey Aziz is the controller and responsible for your personal data (referred to as the firm, “we”, “us” or “our” in this privacy policy).

Jade Goodey is our Data Protection Manager (DPM), entrusted with handling queries related to this privacy policy. If you have any questions about this policy or want to exercise your legal rights, please reach out to the DPM using the contact information provided below

It is important that you read this privacy policy along with any other privacy-related information we might provide on specific occasions when we collect or process your personal data. This way, you’ll have a complete picture of how and why we use your data. Remember, this policy adds to other notices and privacy info—it doesn’t replace them.

The data protection laws referred to in this privacy policy means the Data Protection Act 2018, The UK General Data Protection Regulation and The EU GDPR 2018, this is dependent on where the data is processed. 

Contact details

If you have any questions about this privacy policy or our privacy practices, please contact Jade Goodey in the following ways:

Goodey Aziz

Email address: [email protected]

Postal address: Compass House Chivers Way Histon Cambridge CB24 9AD

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would appreciate the chance to deal with your complaint before you approach the ICO so please contact us initially.

Changes to the privacy policy and your duty to inform us of changes

We keep our privacy policy under regular review , please notify us of any chances in your personal data during your relationship with us to ensure we hold accurate information.

Please see our website policy for further information.

The data we collect 

The data that our clients provide to us is kept in a number of different places as follows: –

  • On your paper file.
  • On our cloud-based file management system, Quill Interactive whose privacy notice can be 
  • found here – https://www.quill.co.uk/privacy-policy/.
  • Once a matter has concluded, the paper file is stored with Oasis. The privacy notice for Oasis can
  •  be found at https://www.oasisgroup.com/terms-of-use.230.html.  
  • In client cases funded by ‘Legal Aid’, the Legal Aid Agency will also have your data which they will  
  • store in both paper and digital formats.

Failure to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

How is your personal data collected?

We may also receive information about you from third parties such as hospitals, medical professionals, courts, tribunals, regulatory bodies and other advisors and specialists related to your matter. Our clients and matter contacts may also provide us with information about you if you are involved in a matter with one of our clients or have a connection with them such as being an employee or employer of a client.

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your contact details, Identity and financial data by filling in forms or by corresponding with us by phone, email and post. This includes personal data you provide when you:
  • Automated technologies or interactions. – we do not undertake any automated processing .
  • Engage us to provide legal services and give us feedback.


 How we use your personal data

We use your personal data for the following purposes:

  • Providing Services: To deliver the services you request from us.
  • Communication: To respond to your inquiries, provide updates, and send notifications.
  • Legal Compliance: To fulfil our legal obligations and regulatory requirements.
  • Marketing: To send you marketing communications if you have provided consent.
  • Improving Services: To analyse usage patterns and enhance our services.
  • Security: To protect our systems and your data from unauthorised access.

You have the right to withdraw consent to marketing at any time by contacting us.

Purposes for which we will use your personal data

Lawful Basis for Processing

We process your personal data based on the following lawful bases:

  • Legitimate Interests: Processing necessary for our legitimate business interests.
  • Consent: Processing based on your clear and informed consent.
  • Legal Obligation: Processing required to comply with legal obligations.
  • Vital Interests: Processing to protect your vital interests.

Data Sharing and Third Parties

We may share your personal data with:

  • Service Providers: Third parties who assist us in delivering our services such as Hospitals, Courts and Tribunal service and the Legal Aid Agency.
  • Legal Authorities: If required by law or to protect our rights and interests.

Disclosing your data

Your information is securely stored on our UK-based systems, accessible only to our UK staff. Some data may be shared with third parties for processing, including cloud platforms and specialist suppliers. We may also share data with collaborating advisors. Legal obligations or applicable data protection laws might require disclosure. Your data’s security and compliance with our policy are paramount.

International Data Transfer

Your data may be transferred and processed in other countries. We ensure that appropriate safeguards are in place as required by applicable laws.

Your Rights

You have the following rights regarding your personal data:

  • Access: Request information about the data we hold.
  • Rectification: Correct or update inaccurate data.
  • Erasure: Request the deletion of certain data.
  • Restriction: Limit the processing of your data under certain conditions.
  • Objection: Object to specific types of processing.
  • Portability: Receive a copy of your data in a commonly used format.

To exercise these rights, please contact us at [email protected]. We will respond to your requests promptly and in accordance with applicable laws.

Data Security

We implement robust security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction.

Data Retention

We retain your data only for as long as necessary to fulfil the purposes outlined in this policy or as required by law.

Changes to this Policy

We may update this Privacy Policy to reflect changes in our practices. The updated policy will be posted on our website.

Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy, please contact our Data Protection Officer Jade Goodey at [email protected]

You can also contact the Information Commissioner’s Office via https://ico.org.uk/  for information, advice or to make a complaint.