Privacy Policy

Last updated: February 9th, 2024
Contact Information:
For any privacy-specific concerns, please reach out to us via email at
For direct communication, you may also contact our Data Protection Officer (DPO): or via postal mail at 124 City Road, London, EC1V 2NX.
  1. What is the purpose of this document?
Pembury Legal is dedicated to safeguarding your privacy. This policy outlines our practices regarding the collection, use, and protection of personal data through our website,, and our services. As data controllers, we are committed to transparency and ethical data handling.
1.1 Pembury Legal (we or us) are committed to protecting and respecting your privacy. This privacy notice sets out the basis on which we collect personal data about our candidates, clients and users of our website at (our site) and how that information will be processed by us. 
1.2 We are a data controller. This means that we are responsible for deciding how we hold and use personal information about you, and for explaining this clearly to you.
1.3 Please read this privacy notice carefully to understand what we do with your personal information and what rights you have in relation to our activities.
  1. What is personal data and our lawful basis for processing 
2.1 Personal data, or personal information, means any information relating to an individual from which that person can be identified.  There are special categories of more sensitive personal information which require a higher level of protection (see further at section 3.3, below).
2.2 We will only use your personal information when the law allows us to. Our principle lawful basis for processing is set out in the table below.  However, some of our grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
2.3 We may only rely on our legitimate interests (or those of a third party) to process your personal information, if your interests and fundamental rights do not override those interests. Where we rely on legitimate interests for our processing, we have set out the relevant interest, below.
2.4 Generally, we do not rely on consent as a legal basis for processing your personal data. However, where we do so, you have the right to withdraw consent at any time.
2.5 We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
2.6 Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.
2.7 Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to introduce you to a Client).
2.8 If you have any questions as to how we use and protect your data please contact us at the above address.
  1. Data we collect about you
3.1 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
3.2 We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
  • Identity Data includes first name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes your address, email address and telephone numbers, and any other information you provide to us for the purpose of making contact with you.
  • Candidate Data includes your CV, work experience, salary expectations and other information relating to your work history and qualifications. 
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. 
3.3 As part of our usual course of business, we do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. However, we may process such information:
3.3.1 in order to meet our legal obligation to make reasonable adjustments in the provision of our services
3.3.2 to ensure meaningful equal opportunity and diversity and inclusion monitoring and reporting;
3.3.3 where it is needed to protect your vital interests (or someone else’s interests) and you are not capable of giving your consent;
3.3.4 where it is necessary to establish, exercise or defend a legal claim;
3.3.5 where you have manifestly made the information public; or
3.3.6 otherwise with your explicit consent.  
  1. How is your personal data collected?
​​4.1 We use different methods to collect data from and about you including through:
4.2 Direct interactions. You may give us your Identity, Contact and Candidate Data by registering with us, or corresponding with us by post, phone, email or otherwise.
4.3 Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
4.4 Third parties or publicly available sources. We collect personal data about you from various third parties and public sources as set out below:
4.4.1 Feedback from our clients, or from other third parties (such as your referees).
4.4.2 Background information relating to your work history, experience and anything posted by you in public forums on social media sites such as LinkedIn and Twitter;
4.4.3 Information published on any current or previous employer’s website
4.4.4 Identity and Contact Data from publicly available sources, such as the Solicitor’s Roll or other lists of regulated professions.
  1. Purposes for which we will use your personal data
Type of data
Lawful basis for processing including basis of legitimate interest
To register you as a candidate and provide you with information relating to job opportunities and vacancies .
(a) Identity Data (b) Contact Data (c) Candidate Data
Performance of a contract with you
To introduce you to Clients.
(a) Identity Data (b) Contact Data (c) Candidate Data
Performance of a contract with you
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to provide feedback on our services.
(a) Identity Data (b) Contact Data (c) Candidate Data (d)Marketing and Communications Data (e) Technical Data
(a) Performance of a contract with you  (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to manage our services)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)  
(a) Identity Data (b) Contact Data (c) Technical Data
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
We will (where requested by a Client): check you are legally entitled to work in the UK or the country where you are assigned or employed. ascertain your fitness to work;  carry out pre-employment screening checks; verify information about you (which we may do using publically available sources).
(a) Identity Data (b) Candidate Data
Necessary for the legitimate interest of the Client, to establish your right to work and appropriate qualifications for the position. 
5.1 Marketing
  • If you are a Candidate, you will only receive marketing communications from us if you have registered with us  and you have not opted out of receiving that marketing.
  • We may use your Identity, Contact, Candidate Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which opportunities to contact you about. 
  • We may contact you about charity fund raising events that we participate in which may be relevant for you. 
5.2 Third-party marketing
  • We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
5.3 Opting out
  • You can ask us or third parties to stop sending you marketing messages at any time by emailing us at the above address.
  1. Sharing your information
6.1 We share your personal information with third party contractors and service providers to the extent necessary to fulfill your order.
6.2 We share your information with other third parties as follows:
6.2.1 Clients advertising a vacancy which we believe may be of interest to you (we provide anonymised copies of your Candidate Data, and only share your Identity and Contact Data with your consent);
6.2.2 Our regulators, professional advisors, insurance provider and auditors;
6.2.3 HMRC or other government or law enforcement agencies;
6.2.4 If we sell any business or assets, in which case we may disclose your personal information to the prospective buyer of such business or assets;
6.2.5 If we have a legal obligation to do so; and
6.2.6 For the purposes of fraud protection and credit risk reduction.
6.3 The categories of third parties listed above use your personal data for their own purposes and are responsible for their own compliance with data protection legislation.
6.4 We also share your data with third-party service providers who provide services to our business, including our CRM provider, our website host server, IT support and maintenance service, cloud storage provider and email exchange server and other businesses that provide certain services on our behalf. All of our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes.
  1. Data security
7.1 We have put in place:
7.1.1 Appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
7.1.2 Procedures to deal with any suspected data security breach, and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
7.2 If we are required to transfer your information outside the UK or the EEA, we have put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection.
7.3 If you are based outside the UK and the EEA we may transfer personal information to the correspondence address you provide to us to the extent necessary to complete your order. We will take all reasonable steps to ensure that such transfers are secure. By instructing us from outside the UK and the EEA you agree that such transfer is necessary for us to complete your order.
7.4 We use software products owned by The Access Group. Volcanic to build and host our website and Vincere to manage our CRM data base. We may transfer information about you outside the EEA for this purpose. We will only do so where permitted by law.
7.5 The Access Group is one of the leading providers of business management software to small and mid-sized organisations in the UK, Ireland, and Asia Pacific. Access Volcanic is certified to ISO27001, the world's leading Information Security Management System standard. It gives you peace of mind that your site is designed and built following the highest quality processes and rigorous security protocols. You can read Vincere's security data policy here.
  1. Data Retention
8.1 We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
8.2 To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
8.3 We keep basic information about our candidates (including Contact, Identity, Candidate and Transaction Data) for as long as you remain an active contact and for six years after we last placed you.
8.4 In some circumstances you can ask us to delete your data: see your rights below for further information.
8.5 In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
  1. Your rights
Under GDPR, you have rights regarding your personal data, including access, rectification, erasure, restriction of processing, data portability, objection, and not to be subject to automated decision-making. To exercise these rights or if you have any concerns, please contact our DPO.
9.1 You have the following rights:
9.1.1 To be told what we are doing with your personal information. We do this by providing you with this privacy notice;
9.1.2 To be told what we are doing with your personal information. We do this by providing you with this privacy notice; to correct or update the personal information we hold about you.
9.1.3 To object to the processing of your personal information;
9.1.4 To request a copy of the personal information we hold about you;
9.1.5 To ask us to delete the information that we hold about you where there is no good reason for us continuing to process it;
9.1.6 To ask us to stop processing your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground and where there is no good reason for us continuing to process it;
9.1.7 To ask us to restrict how we use your personal information for a period of time if you claim that it is inaccurate and we want to verify the position or in some limited other circumstances;
9.1.8 To ask us to send your personal information to another organisation in a computer-readable format;
9.1.9 To complain to the Information Commissioner’s office if you are unhappy with our use of your personal data: you can do this at Do contact us straight away if you consider that we are not handling your personal information properly so we can try and sort the problem out.
9.2 If we delete your personal information or restrict our use of it, we will not be able to provide our services to you.
9.3 If you want to exercise any of your rights, please contact us at the above address. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).
  1. Changes to Our Privacy Policy
We may update this policy to reflect changes in our practices or legal requirements. We encourage you to review this policy periodically for the latest information on our privacy practices.
  1. Cookie policy
Our website uses cookies to distinguish you from other users of our website. We use cookies for our legitimate interests, to help us to provide you with a good experience when you browse our website and to improve our site. You can view our Cookies Policy on our Site.
  1. Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy.
  1. Complaints
If you have concerns about our data handling practices, we encourage you to contact us first. However, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at
Contact Us: For further information or to exercise your rights, please contact our DPO at or via postal mail at 124 City Road, London, EC1V, 2NX, United Kingdom.