Information security and privacy

O’Neill Patient Solicitors LLP Trading as Cavendish Legal Group is committed to protecting the information that we hold and process on behalf of our clients. We take a structured and pro-active approach to manging Information Security within our organisation, with the full support of our senior management team.

Data Protection Statement
At Cavendish Legal Group we are committed to protecting the security and privacy of all personal data. Cavendish legal Group will use any personal information you provide solely for the purposes of marketing, administration and for the provision of legal services. You are not obliged to provide us with any personal information if you do not wish to do so. If you have any queries regarding Data Protection matters, then please contact: or by post to:

Data Protection Enquiry
O’Neill Patient Solicitors LLP
Chester House
2 Chester Road
Hazel Grove

The purpose of this notice is to explain how and why we collect your personal data, where we collect this data from, and your rights in how we process this data. In this data protection statement, and for the purposes of the Data Protection Act 2018 (‘DPA’), the data controller is: –

O’Neill Patient Solicitors LLP,
Chester House,
2 Chester Road, Hazel Grove,
Stockport, SK7 5NT.

O’Neill Patient Solicitors LLP is a limited liability partnership registered at Companies House number OC322650. We have been registered as Data Controller with the Information Commissioner’s office, registration number Z5454188 since June 2001.
We are certified under ISO 27001:2017 certificate number 205171.

We currently collect and process the following information: –

  • Your name and contact information, including addresses, e-mail address and telephone number(s)
  • Information to confirm your identity, such as: –
    • Your full names
    • Your date of birth
    • Your address and contact details
    • Identity documents which may contain biometric data (e.g., passports)
  • Gender information
  • Billing information, transaction, and payment card information (including bank details for transfers)
  • Details of your financial position
  • Supplier information, such as: –
    • Business details, including contact numbers, addresses, etc.
    • Key contact information
    • Financial information (including bank details for transfers) Information Gathering and Use.

    Most of the personal information we process is provided to us directly by you for one of the following reasons: –

    • You have instructed us to act on your behalf in a legal matter
    • You have contacted us for information on our services
    • You have applied for a career at ONP.

We also receive personal information indirectly, from the following sources in the following scenarios:

  • Various Brokers/Lenders
    • Any data that is passed to us indirectly through a third party will always be done with your consent
  • Publicly accessible sources, such as Companies House, or HM Land Registry
  • A third party with your consent, e.g., your bank or building society
  • Search Providers
  • ID Verification Providers
  • Records Management & Archive Storage companies
  • IT Service Providers
  • The information supplied is primarily used for the provision of legal services to you; however, we may also use your data for the following reasons: –

  • Legal and Regulatory Compliance
  • External audits and compliance checks (ISO 27001 assessment, Cyber Essentials Plus, etc.)
  • Fraud Prevention
  • Data analysis to enhance client records.
  • We will aim to anonymise your personal data where it is practical Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

    (a)Your consent.
    You are able to remove your consent at any time. You can do this by contacting or by post to:
    Data Protection Enquiry
    O’Neill Patient Solicitors LLP
    Chester House
    2 Chester Road
    Hazel Grove
    SK7 5NT
    (b) We have a contractual obligation.
    (c) We have a legal obligation.
    (d) We have a legitimate interest.

    How we store your personal information

    Your information is securely stored within our offices, a highly encrypted Tier 3 data centre, and may be available at other third parties listed within this document (dependent on the nature of information and legitimate interest/legal obligation to maintain this data.) We strictly limit access to your personal data by minimising its availability to employees with legitimate reasons, knowledge, and training to access and process the information. All of employees are subject to a duty of confidentiality and are regularly trained on information security principles.

    Our retention for data is as follows: –

  • Transactions relating to Conveyancing (sale, purchase, or re-mortgage) will be stored for 6 years from the point of matter closure
  • Other matters will be retained for 15 years from the point of matter closure.
  • Financial records will be retained for a period of 6 years from the date of matter completion.
  • Personal data provided to us in order to obtain a quote for our services will be retained for 6 months from the date of the quote (noting that the actual quote will only be valid for the specified time given.)
  • Information pertaining to Wills will be kept indefinitely.
  • When destroying records, the following is implemented:-

  • For physical documents, these are securely destroyed onsite and are certified by a confidential waste management service.
  • For digital media, when data is no longer needed or is outside of the retention period, the data is deleted from any case management/processing applications/services, any back-end files are removed, any archives are purged of the data, and backups are updated to exclude retention of this data. We achieve this through a mixture of automated and manual processes.
  • Your data protection rights

    Under data protection law, you have have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information.
  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances where we do not have a legal obligation to retain your data.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances where it does not impede our ability to provide contractual services to you/on your behalf.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
  • You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

If you wish to make a request, then please contact us at:-
Data Protection Enquiry
O’Neill Patient Solicitors LLP
Chester House
2 Chester Road
Hazel Grove
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to our Data Protection Manager, Paul Churchill, by e-mailing

The DPA also ensures your right to complain directly to the ICO if you are unhappy with how we have used your data.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane

Helpline number: 0303 123 1113

If you are a current or former employee, consultant, or contractor, we may hold additional personal information about you. For more information, please contact