Here at CRS Solicitors we take your privacy extremely seriously, paying due care and attention to our responsibilities and your rights under current Data Protection Bill / Act, which transfers the EU General Data Protection Regulation (GDPR) into UK law from 25 May 2018. This policy relates to all companies within the CRS Solicitors group and all related companies.

It sets out our approach to privacy, data security and data protection. We have gone to great lengths to ensure the integrity and safety of the data we handle, investing in and implementing robust processes and systems as well as conducting comprehensive staff training.

If, however, you feel that we have mishandled / misused your personal data in any way then please get in touch by emailing

Our process for handling requests and complaints related to data protection is set out below.

Our approach to privacy and data security

Our lawful basis for processing personal data, as set out in GDPR Article 6, is:


Due to the nature of work undertaken, it is necessary for companies within the CRS Solicitors group and all related companies to process personal data.

Our lawful basis for processing personal data, as set out in GDPR Article 6, is:

  1. CONTRACTUAL – Processing is necessary for the performance of a contract; and / or
  2. LEGAL – Processing is necessary for compliance with a legal obligation; and / or
  3. LEGITIMATE INTEREST – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

Data access requests and the ‘right to be forgotten’

In order to comply with rules set out by government departments and meet legal obligations, the companies within the CRS Solicitors group are required to retain certain information for a specified period of time.

If, however, you wish to request a breakdown of the information we hold on you and / or ask for this to be erased in line with your ‘right to be forgotten’, please contact us. In line with GDPR, our starting point is that data subject access requests (SARs) and ‘right to erasure’ requests should be responded to free of charge within one month.

Data retention

Companies within the CRS Solicitors group and all related companies must process personal data in order to operate efficiently and comply with statutory requirements.

The type of record determines the length of time we must keep the record must be kept for.

Accountability for data breaches and other grievances

Companies within the CRS Solicitors and all related companies feature on the Data Protection Public Register - a searchable database of organisations that is managed by the Information Commissioner’s Office (ICO).

The ICO is the independent body set up to uphold information rights in the UK.

If you believe that we have mishandled your personal information and would like to report a concern, you can do so by visiting this page of the ICO website and using our ICO registration numbers.

In the unlikely event of a data breach, we will report the incident to the ICO within 72 hours of becoming aware, in line with GDPR requirements.

Data sharing

Companies within the CRS Solicitors group and all related companies will occasionally be required by law to share personal data with certain public and government bodies, such as HMRC, the Home Office, the police and other law enforcement agencies.

In addition, we may from time to time share personal data with other businesses.

Please get in touch more information.

IT and information security

All data held by the CRS Solicitors group and all related companies, including email data, is stored in the UK on a secure VRTX server within a dedicated datacentre.

For additional safety, our server benefits from a UPS (Uninterruptable Power Supply). A UPS is a device that supplies battery backup power to the server and associated electronics, in the event of a power failure.

Third-party software platforms

At the CRS Solicitors group we use a multitude of third-party software platforms in the course of our day-to-day business. We have conducted an audit of all providers and are satisfied that they all comply with relevant cyber and data security requirements under GDPR.

If, however, we become aware of a breach involving personal data held by one of our third-party software partners we will report this to the ICO in line with the process set out above.

Get in touch

If you have any questions or concerns regarding privacy or the way in which the CRS Solicitors group handles your data, please email or call us on 01244 564 506.

Website and website forms

In order to improve the overall experience of using our website, we collect cookies and other anonymous information about our visitors.

If you have contacted us through a form on our website, by ticking the relevant box you consented to us using the data supplied to contact you in line with this privacy policy.

If you enquire via our website about our solutions or services but do not subsequently become engaged or advised by CRS Solicitors, we will erase your details from our systems after three months.

If you were not engaged or advised by CRS Solicitors following your enquiry and would like us to remove your details sooner, please email

+44 (0)1244 564 604