Comprehensive Privacy Policy

1. Who are we and how to contact us

Morr & Co LLP (“we”, “us” and “our”) is committed to protecting your personal data and respecting your privacy. We are the controller of the personal data described in this privacy notice, unless we tell you otherwise in a specific context. Our head office is Prospero, 73 London Road, Redhill, Surrey, RH1 1LQ. We are registered with the Information Commissioner’s Office under reference Z5564562.

This privacy notice explains what personal data we collect, how and why we use it, who we may share it with, how long we keep it and the rights you have under UK data protection law. It applies to personal data collected through our website, when you contact us, when we provide legal services, when you attend our events, when you apply for a role with us, and in the course of our wider business activities.

If you have any questions about this notice or about how we handle personal data, please contact us at dataprotection@morrlaw.com. If you have a data protection complaint, you can contact our Data Protection Officer by email at compliance@morrlaw.com or by post at The Data Protection Officer, Morr & Co LLP, Prospero, 73 London Road, Redhill, Surrey, RH1 1LQ.

2. Personal data we collect

The personal data we collect depends on your relationship with us and the services or information you request. If you provide personal data about another person, please ensure they are aware of this privacy notice and that you are authorised to share their information with us.

We may collect and use the following categories of personal data:

Information you give us

• Contact and identity information, such as your name, address, email address, telephone number, job title, organisation, client or matter reference, date of birth and identification documents where required.
• Matter and service information, including information you provide when you instruct us, ask for a fee estimate, make an enquiry, attend a meeting, correspond with us, or are involved in a matter on which we advise.
• Financial and transaction information, including billing details, payment information, credit reference information and information required for anti-money laundering, sanctions and client due diligence checks.
• Website and technical information, including IP address, browser type and version, operating system, platform, login information, pages viewed, page response times, downloads, clickstream data and other information about how you use our website.
• Marketing and event information, including your communication preferences, event registrations, attendance details and feedback.
• Recruitment information, including CVs, application forms, employment history, qualifications, references and other information you provide when applying for a role.

Special category and criminal offence data

In some circumstances, particularly when we provide legal services, we may need to process more sensitive personal data. This may include information about health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, sexual orientation, biometric or genetic data, and information about criminal convictions, alleged offences or related proceedings.

We will only process this information where it is necessary, lawful and proportionate, and where an additional condition under UK data protection law applies.

Where we collect personal data from

• directly from you, for example when you complete forms, contact us, instruct us, attend events, make payments, apply for a role or correspond with us;
• from clients, enquirers, personal representatives, trustees, deputies, family members, colleagues, professional advisers, Counsel, medical professionals, experts, courts, court officers, regulatory bodies, enforcement authorities, recruitment consultants and other third parties involved in a matter or request;
• from publicly available sources, credit reference agencies, identity verification providers and sanctions screening providers where this is necessary for legal, regulatory or professional obligations; and
• automatically when you use our website, including through cookies and similar technologies.

3. Cookies

Our website uses cookies and similar technologies to distinguish you from other users, improve your experience, understand how our website is used and, where applicable, support marketing activity. Some cookies are essential for the website to work.

We will only use non-essential cookies where we have obtained any consent required by law. Further information is available in our Cookie Policy.

4. How and why we use personal data

We only use personal data where we have a lawful basis to do so. The main purposes for which we process personal data, and the lawful bases we usually rely on, are set out below.

Purpose	Types of data	Lawful basis
Responding to enquiries and providing fee estimates	Contact, identity, enquiry and matter information	Taking steps before entering into a contract; legitimate interests in responding to enquiries and developing our business
Providing legal services and managing client matters	Contact, identity, matter, financial, special category and criminal offence data where relevant	Performance of a contract; legal obligation; legitimate interests in providing and managing legal services; where necessary, additional conditions for special category or criminal offence data
Client due diligence, anti-money laundering, sanctions, fraud prevention and regulatory compliance	Identity, financial, verification, sanctions and matter information	Legal obligation; legitimate interests in preventing fraud and meeting professional duties
Billing, payments, accounting and debt recovery	Contact, matter, billing, payment and transaction information	Performance of a contract; legal obligation; legitimate interests in managing our finances and recovering debts
Operating, securing and improving our website and systems	Website, technical and usage information	Legitimate interests in maintaining security, improving services and understanding website use; consent where required for non-essential cookies
Marketing, updates and events	Contact, marketing preference, event and feedback information	Consent where required; legitimate interests in promoting relevant services and events; compliance with direct marketing rules
Recruitment and employment applications	Contact, identity, CV, employment, qualification, reference and interview information	Taking steps before entering into a contract; legitimate interests in recruitment; legal obligation where applicable
Complaints, claims, regulatory enquiries and legal proceedings	Contact, matter, correspondence, complaint and evidence information	Legal obligation; legitimate interests in handling complaints and establishing, exercising or defending legal claims

5. Uses made of the information

Some services that we provide require the involvement of third parties.  We have carefully selected these third parties and taken steps to ensure that your personal information is adequately protected.

You agree that we have the right to share your personal information with the following third parties:

• Google Analytics

Our site use Google Analytics, a web analysis service provided by Google Inc. (“Google“). Google Analytics works using cookies.

Google Analytics cookies collect your IP address, however because IP anonymisation is used on our sites, your IP address will be shortened (and therefore anonymised) as soon as technically possible and before it is stored or otherwise used in connection with Google Analytics.

The anonymisation process takes place within the European Union or the European Economic Area, except in exceptional cases, where your full IP address may be sent to a Google server in the USA and shortened there.

We use the information collected by Google Analytics cookies to find out about how visitors use our site.

The IP address sent by your browser in connection with Google Analytics will not be combined by Google, with other data.

You can prevent Google Analytics cookies from being stored by setting your browser software accordingly (see our Cookie Policy for further information). However, please note that you may not then be able to make full use of all our site’s functions.

You can also opt-out of Google Analytics by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

• Sharing with our group companies

The personal information you provide to us is collected by Morr & Co LLP. However where you ask or indicate that we should do so (e.g. in an online form) or where we are otherwise legally permitted to do so in accordance with this privacy policy, we may transfer your personal information between companies within our group.  These are as defined in section 1159 of the UK Companies Act 2006 and include Morr & Co LLP and Morrisons Core Services Limited.

When a group company intends to use your personal information for a new purpose, they will let you know about this.

• Sharing with our service providers

We may share your personal information with our third party service providers based in the UK or the European Economic Area (“EEA”) who we engage to process the information that we collect from you on our site or otherwise, and/or to host and maintain our site, content or services, on our behalf and in accordance with this privacy policy.

We will let you know if we need to transfer your personal information to any third party service providers located outside of the EEA.

Where we employ third party companies or individuals to process personal information provided by us (and not collected by them), they only use this personal information on our behalf and in line with our instructions and this privacy policy.

• Sharing with other selected third parties

We may share your personal information with selected third parties including:

• • business partners and other professionals for the performance of any contract we enter into with you, for example (but not limited to) barristers, medical professionals, other solicitors, care providers and courts;
  • business partners with whom we organise a joint event, for joint or our marketing purposes. Where we do this for joint events, we do it for the purpose of removing duplicates from our invitation list and for event communication management.  We may do this when we hand over the organisation of a regular event to another organisation and we or the new organiser will contact you at that time to let you know.  We will never share your confidential matter or enquiry details with such business partners;
  • analytics and search engine providers that assist us in the improvement and optimisation of our site;
  • credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you;
  • our site offers the possibility to share content on social media channels, e.g., Facebook. The respective social media provider will directly gather personal information only after you click on the corresponding sharing button. Please refer to the privacy policy of the social media providers to learn more about what personal information is collected and used.

We will disclose your personal information to third parties:

• • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
  • If Morr & Co LLP is acquired by a third party or as part of any business restructuring or group reorganisation, in which case personal data held by it about its clients will be one of the transferred assets. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or our terms of business and other agreements; or to protect the rights, property, or safety of  Morr & Co LLP or its group companies (see section 6.ii), our clients, or others. This includes exchanging information with other companies and organisations, regulators and law enforcement agencies for the purposes of preventing and detecting fraud, other criminal offence, credit risk reduction and/or to ensure network and information security.

6. How long we keep personal data

We keep personal data only for as long as is necessary for the purposes for which it was collected, including to provide legal services, comply with legal, regulatory and professional obligations, manage our business, resolve disputes and establish, exercise or defend legal claims.

For client matters, the applicable retention period is usually set out in our terms of business and engagement documentation. We may retain certain information for longer where required by law, regulation, professional obligations, insurance requirements or where it is necessary in connection with a dispute, complaint or claim.

• Original documents, such as wills, deeds and other documents held in safe custody, may be retained until they are returned, destroyed at your request, or dealt with in accordance with applicable legal or professional requirements.
• Even where we delete or restrict matter records, we may need to retain basic file information, such as your name, contact details, matter name and file opening and closing dates, to meet legal, regulatory and professional obligations.
• Marketing preferences and suppression records may be retained so that we can respect your choices and avoid contacting you where you have opted out.

7. Where we store and protect personal data

Personal data may be stored in our offices, in secure off-site storage, on secure electronic systems and with trusted service providers who process data on our behalf. Payment transactions are processed securely by our payment providers.

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. Where we use third-party service providers, we require them to protect personal data and only use it in accordance with our instructions and applicable law.

8. Confidentiality

We recognise that much of the information we handle is confidential. We maintain confidentiality in accordance with applicable law, our professional duties, regulatory obligations and our internal policies and procedures.

9. Your rights

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (when we collect your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on our welcome email or by letting us know when we collect your information.  You can also exercise the right at any time by managing your preferences on our sites (click here) or by contacting us at marketing@morrlaw.com.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

If you wish to:

• Access, confirm, correct, rectify, update, supplement, anonymise, block, restrict or delete your personal information;
• Object to our use of your personal information;
• Withdraw your consent;
• Ask any questions about our processing of your personal information; or
• Transfer your personal information from us to another person or business

please contact us at compliance@morrlaw.com.

Where you request access to your personal information, we will fulfil your request by sending your copy electronically, unless the request expressly specifies a different method. For any subsequent access request, we may charge you an administrative fee. In order to comply with your request, we may ask you to verify your identity.

We will provide you with all rights in relation to your personal information to which you are entitled under applicable law.  If you are unhappy with the way that we have handled your personal information, you can lodge a complaint with us by email to compliance@morrlaw.com or by post to The Data Protection Officer, Morr & Co LLP, Prospero, 73 London Road, Redhill, Surrey RH1 1LQ. Please give as much detail as possible. On receipt of your complaint, we will:

• Acknowledge receipt within 30 days of receipt;
• Investigate and respond without undue delay and provide you with a timetable for doing so throughout;
• Notify the outcome without undue delay.

If you remain dissatisfied you may then escalate the complaint to – Information Commissioner’s Office (ICO), tel: 0303 123 1113, website www.ico.org.uk.

10. Changes to our privacy policy

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

11. Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to compliance@morrlaw.com

Issue date: June 2026

Version history: 2.0