Privacy Policy

We, us, our: Iridium Law Limited and trading styles, including RecoverMyPCP.

Our Data Protection Officer: Chris Davis, Caledonian House, Tatton Street, Knutsford, England, WA16 6AG.

Personal data: Any information relating to an identified or identifiable individual.

Special category personal data: Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic data, biometric data (where used for identification), health, sex life, or sexual orientation.

We do not collect personal information about you unless you provide it directly, including through an online enquiry form or with a member of our team.

Personal data we will collect may include:

• Information to verify your identity, such as date of birth or passport details.
• Electronic contact details, such as email address and mobile phone number.
• Information relating to the matter in which you seek our advice or representation.
• Information needed to conduct credit or other financial checks.
• Financial details relevant to your instructions, including source of funds where required.

Depending on your matter, we may also collect:

• Bank and/or building society details.
• Professional online presence details (for example, LinkedIn profile).
• Details of spouse/partner, dependants, or other family members where relevant.
• Employment status and details, including salary and benefits where relevant.
• Nationality and immigration status and related identification documents.
• Details of pension arrangements where relevant.
• Employment records, including sickness, attendance, performance, disciplinary and grievance records where relevant.

This personal data is required to enable us to provide legal services. If you do not provide requested personal data, it may delay or prevent us from providing services.

We collect most information directly from you, including via online enquiry forms. We may also collect information:

• From publicly accessible sources, such as Companies House or HM Land Registry.
• Directly from third parties, such as sanctions screening providers, credit reference agencies, and client due diligence providers.
• From third parties with your consent, including banks, financial institutions, advisors, consultants, employers, trade unions, professional bodies, pension administrators, and medical professionals.
• Via our website, including potential use of cookies (see our cookies policy).
• Via IT systems, such as case/document/time systems, reception logs, and technical security systems.

Under data protection law, we can only use personal data where we have a lawful basis, including:

• To comply with legal and regulatory obligations.
• For performance of a contract with you, or steps taken at your request before a contract.
• For our legitimate interests or those of a third party.
• Where you have given consent.

We use personal data for purposes including:

• Providing legal services.
• Identity verification and sanctions screening.
• Regulatory compliance, audits, enquiries and investigations.
• Internal policy adherence, security and confidentiality controls.
• Operational improvement, quality control and statistical analysis.
• Preventing unauthorised access and modification of systems.
• Maintaining and updating client records.
• Staff administration, safe working practices and assessments.
• Marketing to existing/former clients and other relevant contacts.
• Credit checks and external quality/accreditation audits.

We only use special category personal data where we have a lawful basis and a permitted condition under data protection law. Usually this is because processing is necessary for establishing, exercising or defending legal claims, including:

• Actual or prospective court proceedings.
• Obtaining legal advice.
• Establishing, exercising or defending legal rights in any other way.

Where this does not apply, we will seek explicit consent before processing special category personal data.

We may use your personal data to send updates by email, text, telephone or post about legal developments or our services (including offers, promotions, or new services).

We rely on legitimate interests for most promotional communications. Where consent is required, we request it separately and clearly. We never sell your personal data and do not share it with other organisations for their marketing.

You can opt out at any time by:

• Contacting us in writing.
• Using the unsubscribe link in emails or STOP number in text messages.

We may routinely share personal data with:

• Professional advisers instructed on your behalf (for example barristers, medical professionals, accountants, tax advisors, experts).
• Third parties necessary to carry out your instructions (for example mortgage providers, HM Land Registry, Companies House).
• Credit reference agencies.
• Our insurers, brokers, external auditors, and bank.
• External service suppliers and representatives (for example typing, marketing, document collation/analysis services).
• Valid8 IP Ltd for a soft credit search with one or more credit reference bureaus.
• Law enforcement agencies and regulatory bodies where required by law.

We require service providers to protect personal data and only process it in line with our instructions. We may also share data with potential buyers during business sale or restructuring processes, subject to confidentiality obligations.

Information may be held at our offices and at offices/systems of third-party agencies, service providers, representatives and agents described above.

We keep your personal data after we finish acting for you where needed to respond to questions, complaints or claims, to demonstrate fair treatment, and to keep records required by law.

We do not retain data longer than necessary. Retention periods vary by data type. When no longer needed, personal data is deleted or anonymised.

To provide services, we may transfer personal data outside the UK and/or EEA, for example where service providers are based overseas, where you are based overseas, or where a matter has an international dimension.

Transfers only occur where allowed under data protection law, including:

• European Commission adequacy decisions.
• Appropriate safeguards (such as standard contractual clauses).
• Applicable legal exceptions (for example explicit consent or legal claims).

For more information or a copy of applicable standard data protection clauses (for clients), contact us by email.

You can exercise the following rights free of charge, subject to legal conditions:

• Access to a copy of your personal data.
• Rectification of inaccurate personal data.
• Erasure (the right to be forgotten) in certain situations.
• Restriction of processing in certain circumstances.
• Data portability in certain situations.
• Objection to processing, including direct marketing at any time.
• Rights relating to automated decision-making and profiling.

To exercise your rights, contact us and provide enough information to identify you, together with proof of identity and address, and details of the right/request.

We use appropriate security measures to prevent accidental loss, unlawful use, or unauthorised access to personal data. Access is limited to people with a legitimate business need and subject to confidentiality duties.

We also have procedures for suspected data breaches and will notify you and any applicable regulator where legally required.

For practical online safety guidance, visit www.getsafeonline.org.

We hope we or our Data Protection Officer can resolve any concern. You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO): https://ico.org.uk/concerns.

This privacy policy was published on 21 January 2026 and updated on 21 January 2026. We may change this policy from time to time and, when we do, we will inform you via email.

Please contact us or our Data Protection Officer by post, email, or phone:

Chris Davis

Caledonian House, Tatton Street, Knutsford, England, WA16 6AG

admin@iridiumlaw.com

+44 3300 567 444

If you would like this policy in another format (for example audio, large print, or braille), please contact us.