Browse More

Data Protection Essentials

Privacy Notice

This website is operated by Thompsons Scotland LLP.

We at Thompsons Scotland LLP take your privacy seriously and we ask that you read this privacy notice carefully, as it contains important information on:

  • the personal information we collect about you.
  • what we do with your personal information; and
  • who your personal information might be shared with
  • The information we collect will be different depending on the relationship we have with you.

Who we are

Thompsons Scotland LLP are an award-winning firm of solicitors with a passion for justice. We are best known for our expertise in personal injury and employment law claims and are one of the leading firms of accident injury lawyers in Scotland.

We are the data controller for the personal data we process, which means that we are legally responsible for how we collect, hold, and use your personal information. It also means that we are required to comply with data protection laws when collecting, holding, and using your personal information.

We have appointed a Data Protection Officer (RGDP) who ensures that we comply with data protection law. If you have any questions about this policy or how we hold or use your personal information, please contact us by email at GDPR@thompsons-scotland.co.uk or contact our Data Protection Officer by e-mail at info@rgdp.co.uk.

This policy confirms that you consent to your personal information and sensitive personal information being held and used by us as described below.

Website Use

We may also collect information about you via cookie files. A cookie is a small text file that is placed on to your computer or other access device when you visit our website. We may use cookie files for analytics purposes to gather statistical information on your use of our website.

The information we obtain from our use of cookies will not contain your personal information. Although we may obtain information about your computer or other access device, such as your IP address, your browser and/ or other internet log information, this will not identify you personally.

If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website as we only use essential cookies on our website. You cannot opt out of these cookies via the website, only via your browser settings. 

If you are a client

To be able to provide our legal services to you we may require to collect and process personal information about you.

We collect, use and store different types of personal data about you. Detailed below is the data we may collect, what it is used for and our legal basis for processing this data.

Where relevant to your case we may collect the following special category information:

In some cases, we may rely on recognised legitimate interests under the Data (Use and Access) Act 2025, and as defined by the Secretary of State. These include processing that is necessary to safeguard individuals, prevent crime, or comply with regulatory requirements. Where we rely on legitimate interests, we ensure that your rights and freedoms are respected.

If you make an enquiry

If you make an enquiry directly to us by contacting our Legal Enquiries Team or completing an enquiry form on our website, or contact us via social media, make an enquiry via a third party or at one of our events, we may require to collect and process personal information about you.

We collect, use and store different types of personal data about you. Detailed below is the data we may collect, what it is used for and our legal basis for processing this data.

If you are a witness in a case

We collect and use personal data about you if your details are passed on to us by a client or other witness in a case we are progressing.

We collect, use and store different types of personal data about you. Detailed below is the data we may collect, what it is used for and our legal basis for processing this data.

 

If you attend one of our events

If you attend one of our events, we may collect and process personal information about you.

We collect, use and store different types of personal data about you. Detailed below is the data we may collect, what it is used for and our legal basis for processing this data.

 

If you enter a competition

If you enter one of our competitions, we may collect and process personal information about you.

We collect, use and store different types of personal data about you. Detailed below is the data we may collect, what it is used for and our legal basis for processing this data.

 

If you work for us or apply for a job with us

We have a separate Privacy Notice that explains what we do with your personal data when you work with us or apply for a job with us. This can be found here.

Use of Artificial Intelligence (AI) tools

We sometimes use secure, private AI tools integrated within our systems (including Microsoft Co-Pilot within Microsoft 365) to assist our staff with drafting documents, summarising case materials, and retrieving information more efficiently.

These tools operate only within our secure environment. They do not use your information to train public AI models. Your personal data remains stored in Microsoft’s UK/EU data centres (or within our other approved UK/EU providers) and is protected by the same security measures and confidentiality obligations that apply to all of our case files.

All outputs from these AI tools are reviewed by our legal staff before being used. We do not make decisions about your case solely through automated means.

Use of Credit Reference Data

To help us assess and progress PCP-related claims, we may share your personal data with our service providers, Valid8 IP Ltd and Experian, to carry out a “soft search” of your credit file. 

This search will not affect your credit score, but it will be visible to you. The purpose is to identify whether you held any personal contract purchase (PCP) or related finance agreements before 27 January 2021, which may be relevant to your claim.

We rely on both the performance of a contract (Article 6(1)(b) UK GDPR) and your consent (Article 6(1)(a) UK GDPR) as our lawful bases. You may withdraw your consent at any time, although this may affect our ability to progress your claim. The information obtained is used solely to manage your claim and will not be used for marketing.

Who we may collect your personal information from

We may collect personal information about you from the following sources:

  • Directly from you
  • From other organisations who refer you to us e.g. Trade unions, charities, other solicitors
  • Credit reference agencies and fraud prevention agencies. For example Valid8 IP Ltd. More information about how they use your personal data can be found Valid8 | IP
  • Witnesses who provide information about you relevant to your case
  • Professional experts e.g. medical experts, occupational health providers, GPs
  • Department of Work and Pensions and HMRC
  • Recruitment agencies
  • Employers / Former employers

Who we may share your information with

We may share your personal information with the following third parties:

  • Third parties relevant to your case, e.g. opposing party and their solicitors, counsel, mediators, witnesses, courts, search agents
  • Trade Unions or third-party organisations that are supporting you through your case
  • Professional experts, such as medical professionals
  • Third parties who carry out anti-money laundering checks on our behalf, For example CreditSafe and Legl. More information about how these companies use your personal data can be found
  • The police or other law enforcement agencies, government, or regulatory bodies where it is necessary to do so for the purpose of your case, or where we have a legal or regulatory obligation to do so.
  • Our Insurers
  • Our professional advisors such as lawyers and accountants
  • Third parties to whom we outsource certain services such as IT system or software providers, confidential waste disposal, translation services, postal/ courier services and onboarding platforms

If you choose not to give your personal information

If you do not provide us with requested information that we need to collect to meet our legal obligations, or under the terms of the contract we have with you, it may delay or prevent us from being able to perform the contract and/or comply with our own legal obligations.

In some cases, we may be unable to progress your case or may have to withdraw from representing you.

Keeping your records up to date

You should contact us and let us know if any of your personal information changes to allow us to maintain accurate records for your case. It is important that you always inform us if you change address, email address and/or phone number. Please advise us in writing by contacting your case handler, details can be found here Thompsons Solicitors Scotland - contact your case handler or email advicecentre@thompsons-scotland.co.uk.

How long we keep your personal information

For those who make enquiries with us for legal advice, and where we are unable to proceed to open a file and act in any substantive legal manner, we will retain your personal information for a period of five years.

We require to retain this information to satisfy any enquiries or legal actions which may arise following any advice given or view taken by us. We also require to retain this information in order to follow guidelines set out by the Law Society of Scotland.

We will retain client files (which will contain your personal information) for the length of time that we are acting for you in the legal contract in which we have been instructed by you and for a period of ten years after closure of your file. There are some types of personal injury claims where we may retain client files for longer than this, to enable any subsequent claims to be processed.

We require to retain these files to satisfy any enquiries or legal actions arising after the end of your claim and to follow the guidelines set out by the Law Society of Scotland.

In some cases, such as wills, trusts and executries, the nature of the matters, may require us to hold your personal information for longer periods because the time periods for which legal claims can arise are twenty years from conclusion of the Estate.

Call Recordings

Thompsons Scotland LLP uses telephone systems, including Dialpad and Microsoft Teams, to record and retain certain telephone conversations for training, monitoring, quality assurance, and accurate record-keeping to support legal advice. 

Calls made to and from our Contact Centre (Legal Enquiries and Reception) are recorded automatically unless you ask us not to. Certain calls made via Dialpad or Microsoft Teams may also be recorded with your agreement. We do not record calls made directly from work-issued mobile telephones; however, calls made to mobile numbers from Dialpad or Microsoft Teams may be recorded.

Where relevant, call transcripts may be added to your case file to assist in dealing with your claim and to provide a history of the advice given. These transcripts are retained in line with our Data Retention Policy. Recordings stored in Dialpad are retained for 90 days, and recordings stored in Microsoft Teams are retained for 60 days, after which they are securely deleted.

You will be informed at the start of any recorded call.

International Transfers

The information you provide to us will be transferred to and stored on our secure servers in the European Economic Area (“EEA”). However, from time to time, your personal data may be transferred to our trusted partners in a destination outside the EEA (for example in Australia). This will normally be for the purposes of processing a claim we are dealing with on your behalf where international companies are involved. You have the right to object to your personal data being further transferred by our partners to another third party outside the EEA (for example from Australia to the United States). However, please be aware that if you do object, this may adversely affect how we can progress your claim.

Where we transfer your personal data outside the UK, we will ensure that it is protected in a manner consistent with UK data protection law. Under the Data (Use and Access) Act 2025, this means ensuring that the overall level of protection for your personal data is not materially lower than the protection available in the UK. This can be done in a number of ways, for instance:

the country that we send the data to might be approved by the European Commission or a relevant data protection authority;

  • the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data; or
  • where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme.

In other circumstances the law may permit us to otherwise transfer your personal data outside the EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.

You can obtain more details of the protection given to your personal data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us at GDPR@thompsons-scotland.co.uk.

Your Rights

You have the following rights in respect of the personal information we process about you:

Right of access – you have the right to request a copy of the information that we hold about you. We will carry out reasonable and proportionate searches to locate your data. In some cases, we may pause (“stop the clock”) on the one-month response deadline while we verify your identity or clarify the scope of your request,

  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – in some circumstances you have the right to have the information we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated decision-making , including profiling – you have the right not to be subject to a decision based solely on automated processing (including profiling) that has legal effects or similarly significant effects on you. Where we use technology to assist our work (for example, AI tools), decisions about your case will always involve human review, and you have the right to challenge any outcome. 
  • Right to withdraw your consent – if you have given your consent for us to process your information, you have the right to withdraw this at any time.

Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process your personal information, or where personal information may be exempt from disclosure due to reasons of legal professional privilege. 

If you would like to exercise any of your rights above please contact us at GDPR@thompsons-scotland.co.uk in the first instance. You should note that your rights under the UK GDPR and 2018 Act are not absolute and are subject to qualification.

Future Contact and Use of Data 

As part of our ongoing relationship with you, we may contact you in the future regarding your case or other legal matters, such as offering additional legal services or informing you about opportunities related to your claim. This will be done in compliance with data protection laws and only where it is lawful.

If you do not wish to receive future communications, you may opt out at any time by emailing us at GDPR@thompsons-scotland.co.uk. Opting out will not affect our ability to continue providing services related to your current matter.

Contact

If you have any questions or queries about how we use your personal information you can contact us at GDPR@thompsons-scotland.co.uk 

Our Data Protection Officer is RGDP who can be contacted by email at info@rgdp.co.uk or by telephone 0131 222 3239.

If you are not happy with how we process your personal information you should contact us in the first instance. If you remain dissatisfied, you have the right to lodge a complaint directly with the Information Commissioner’s Office (ICO) https://ico.org.uk/ 0303 123 1113.

Complaints

It is important to us that you receive a high level of service, but we are aware sometimes things can go wrong, and if they do, we will address any issues raised as soon as possible.

When this happens, please contact us and let us know and we will ensure that we fully investigate your complaint and do everything we can to put things right for you.

In the first instance please raise your concerns with your case handler. If that is not possible or you would prefer not to do so or if you feel your concern has not been adequately addressed, please contact their supervisor who will try to resolve matters to your satisfaction. Our client Relations Manager is Wendy Durie who has overall responsibility for client relations, she can be reached by wendy.durie@thompsons-scotland.co.uk 

If you are still dissatisfied with our service, you have the right to complain to the Scottish Legal Complaints Commission.

Website:      Scottish Legal Complaints Commission

Email:           enquiries@scottishlegalcomplaints.org.uk 

Phone:         0131 201 2130

Post:             12-13 St Andrew Square, Edinburgh EH2 2AF

Please note there are specific time limits as to when the Scottish Legal Complaints Commission can accept complaints. Please check their website Time limits | Scottish Legal Complaints Commission

We may change this Privacy Policy from time to time. If we do so, we will post the updated version on our site and will indicate when the Privacy Policy was last reviewed. If we make any material changes, we will provide you with additional notice. You should periodically review our current Privacy Policy to stay informed of personal data practices. 

This Privacy Notice was last reviewed September 2025. 

Legal framework

Our processing of your personal data is governed by the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Data (Use and Access) Act 2025, and the Privacy and Electronic Communications Regulations (PECR).

 
Compensation Calculator
Compensation Calculator mobile image
How much can I claim? Find out more…
Survivor Claims Map
Survivor Claims Map Pin
Locations of historical abuse claims…