Select Page


We take good care of your data

This website is owned and operated by Miller Rosenfalck LLP trading as ebl miller rosenfalck. We respect your privacy and we process personal data only in strict compliance with the Data Protection Act 2018, the UK General Data Protection Regulation, and, in relation to services we offer to individuals in the European Economic Area, the EU General Data Protection Regulation (together the ‘Data Protection Legislation’).

We ask that you read this Privacy Notice carefully as it contains important information about who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a question or complaint about the way we handle your personal information.


ebl miller rosenfalck is a data controller for the purpose of the Data Protection Legislation and is responsible for your personal data.

Our Data Protection Manager (DPM) is responsible for overseeing questions in relation to this Privacy Notice. Please contact our DPM for any questions and concerns about this Privacy Notice using the details set out at the end of this Privacy Notice.

The types of data that we collect

Our clients’ data

If you are a client of ebl miller rosenfalck, we will collect from you only the data necessary for performing our services to you, where we have a legitimate interest or where we need to comply with a legal or statutory obligation. This may include:

  • Identity Data (such as first name, last name, job title, title, date of birth).
  • Contact Data (such as billing address, correspondence address, email address, telephone numbers and contact history).
  • Financial Data (such as bank account and payment card details and payments to and from you and other details of services you have purchased from us).
  • Regulatory Data (such as relevant information as required by regulatory Know Your Client or Anti Money Laundering regulations).
  • Service Data (other personal information you choose to share with us to help us provide you with our service or is necessary to provide our service to you).
  • Marketing and Communication Data (such as your preferences in receiving marketing from us and your communication preferences).
  • Survey Data (details of your responses when you choose to complete one of our surveys).

We may also, with your express consent or if the processing is necessary to establish, exercise or defend legal claims, process special categories of personal data about you Special categories are information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data (when processed to uniquely identify an individual) or data concerning health, sex life or sexual orientation.

Website and subscriber data

If you are a visitor to our site and/or subscriber to any of our newsletter or publications, we may collect any or all of the following:

  • First name.
  • Last name.
  • Email address.
  • Job title.
  • Company name.
  • Technical data (such as internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website)..

At your option, you may submit further information that will help us to contact you by other methods.

As a client or business contact of ebl miller rosenfalck, you may receive our newsletters and/or guidance notes, which will inform you about products and services related to services, we have provided to you or your field of interest. You can opt out of receiving these at any time by using the ‘unsubscribe link’ at the bottom of our newsletters or by emailing the sender of the guidance note. If you have subscribed to our newsletter, you can unsubscribe in the same way.

How we obtain your personal information

We collect information from you:

  • as part of our business acceptance processes and as necessary in the course of providing legal services;
  • while monitoring our technology tools and services, including our websites and email communications sent to ebl miller rosenfalck;
  • when you provide it to us, or interact with us directly, for instance engaging with our staff; and
  • from other sources, such as keeping the contact details we already hold for you accurate and up to date using publicly available sources.

How we use your personal information

We collect and process personal information about you in a number of ways, including through your use of our website and in the provision of services by us. We use that information:

  • to provide and improve this website, including auditing and monitoring its use;
  • to provide and improve our services to you and to our clients, including handling the personal information of others on behalf of our clients;
  • to provide information requested by you;
  • to promote our services, including sending legal updates, publications;
  • to manage and administer our relationship with you and our clients;
  • to fulfil our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claims; and
  • for the purposes of recruitment.

Disclosure of your personal data

We may share your personal data:

  • with our affiliates;
  • with third parties including certain service providers we have retained in connection with the legal services we provide, such as barristers, consultants, mediators, or experts and other legal specialists such as law firms for obtaining specialist or foreign legal advice, translators, education evaluation services, couriers, auditors or other necessary entities;
  • if we have collected your personal data in the course of providing legal services to any of our clients, we may disclose it to that client, and where permitted by law to others for the purpose of providing those services;
  • on a confidential basis with third parties for the purposes of collecting your feedback on the firm’s service provision, to help us measure our performance and to improve and promote our services;
  • with companies providing services for money laundering and terrorist financing checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared;
  • with courts, law enforcement authorities, regulators, government officials or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process; or
  • if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.

Should we transfer your information to recipients located in other countries, we will use, share and safeguard that information as described in this Privacy Notice. We may be required to transfer your personal information to countries outside of the United Kingdom. If the relevant country is not listed in the UK adequacy regulations, meaning it does not provide an adequate level of protection, we will only transfer your personal information to recipients in these countries if they have entered into Standard Contractual Clauses, signed up to an approved code of conduct or are certified under an approved certification scheme.

In circumstances where these safeguards cannot be put in place, we will only occasionally transfer your personal information to these countries if you have consented to this transfer, where strictly necessary to perform our services to you, to establish, make or defend a legal claim, or for reasons of compelling legitimate interests.

Information collected and stored automatically (in website log files)

We may use certain technologies to record information about your visit to our web pages automatically. The information we gather does not identify you personally. We may automatically collect and store only the following types of information about your visit:

  • the internet domain (such as “” or “”) and IP address (an IP address being a number, “”, which is automatically given to your computer when you serve the web) from which you access this website;
  • the type of browser software and operating system used to access our site;
  • the date and time you access our site;
  • the pages you enter, visit and exit our site from; and
  • if you link to the domain from another website, the address of that website.

We use this information to improve our website, to learn about the number of visitors to our website, the types of technology that visitors use, and to help us identify patterns of use. We only use the information to ensure that our web pages stay compatible with a variety of systems and browsers, to ensure that our pages appeal to as wide an audience as possible. We do not track or record information about individuals and their visits.

For up to date details of our Cookies Policy, see here.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

If you want to learn more about our specific retention periods for your personal data established in our retention policy, you may contact our DPM.

Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Third-party links

Our website may include links to third-party web-sites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Administrative matters

All employees are trained in the implementation of this Privacy Notice. We will take appropriate disciplinary action against any employee who violates this policy.

Complaints and data enquiries

Please send an email to our DPM at [email protected] if you wish to:

  • request access to the personal data that we hold on you;
  • request correction of the personal data that we hold about you (we may need to verify the accuracy of the new data your provide to us);
  • request erasure of your personal data;
  • object to the processing of your personal data;
  • request restriction of the processing of your personal data;
  • request the transfer of your personal data to you or to a third party;
  • withdraw your consent, where we are relying on consent to process your personal data;
  • contact someone with any questions or comments or complaints about this policy and/or personal data that are collected and/or used by us;
  • let us know that you no longer wish to receive marketing materials from us; or
  • make a complaint about any breach of this Privacy Notice.

Data Subject Access Request

Within one month of receiving your request and subject to having received satisfactory confirmation of your identity we will send to you a copy of all the personal data that we are holding on you, unless your request is particularly complex, in which case we may ask you to clarify the scope of your request and we may be entitled to a further two months to provide our response.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.


When we receive your complaint, we will review it and ensure that we are in compliance with our Privacy Notice and all applicable law. We will contact you within one month of receiving your complaint to inform you of the result of our investigation and any proposals that we may wish to make.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would however appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Contact information

To comment on the content of this Privacy Notice, please send an email to our DPM at [email protected]

If you prefer, you may also contact the DPM in writing:

Mr S Rosenfalck, ebl miller rosenfalck, 27 Greville Street, London, EC1N 8TN

This Privacy Notice was last updated on 15 November 2021.