Alexander Christian is a law firm. Our address is Harrow Business Centre, 429-433 Pinner Road, North Harrow, London HA1 4HN.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are is the data controller in respect of the personal data we hold about you.

We take our data protection obligations seriously. We collect only the data we need, we use it only for the purposes for which it was collected, and we protect it appropriately throughout its lifecycle.

Identity data: Full name, maiden name, username or similar identifier, marital status, title, date of birth, gender, company names and job title.

Contact data: Postal address, email address, telephone numbers, and other contact details.

Financial data: Bank account details, payment card details, income and assets, source of funds, and source of wealth information where required for compliance purposes.

Transaction data: Technical data

Profile and usage data: Communication data

Special category data: Compliance and due diligence data

Third party data: Where you provide us with information about other individuals, including counterparties, family members, business associates, solicitors, experts, or other third parties, we will collect and process data about those individuals. If you provide us with another person's data you must inform them in advance and provide them with a copy of this privacy policy. You should obtain their consent where required.

We collect personal data through a variety of methods.

• Direct contact when you contact us by telephone, email, through our website, or in person
• Service application when you apply for or engage any of our legal, compliance, or consultancy services
• Pre-onboarding questionnaires completed before or at your initial consultation
• Electronic verification services biometric and source of funds checks conducted through secure third-party platforms
• Publicly available sources including Companies House, the Land Registry, professional directories and public databases
• Third party providers including AML and sanctions screening services, credit reference agencies, and open banking platforms
• Referrers and intermediaries where another professional has referred you to us
• Website and digital channels through cookies and website analytics where you have consented
• Social media and professional networks including LinkedIn and similar platforms
• Marketing and business development when we conduct searches in connection with our marketing or client acceptance processes

We use your personal data for the following purposes.

• To verify your identity and carry out client due diligence before onboarding and throughout the matter
• To provide legal services, AML compliance services, or business consultancy services
• To manage and administer our relationship with you, including billing and payment
• To comply with our legal, regulatory, and professional obligations under the Money Laundering Regulations 2017, the Proceeds of Crime Act 2002, and regulatory requirements
• To comply with our insurers, bankers, accountant or audit service or similar
• To carry out sanctions screening and adverse media checks
• To communicate with you about your matter and about our services
• To send newsletters and other information 
• To comply with any audit, or review services
• To obtain peer to peer support
• To improve our services, website, and communications
• To prevent, detect, and report fraud, financial crime, and other unlawful conduct
• To fulfil our reporting obligations to the SRA, HMRC, Companies House, and other relevant authorities
• To defend legal claims and manage professional indemnity matters

Your data may be used for another purpose if we consider it reasonably necessary and compatible with the original purpose. We will inform you of any new purpose before processing begins.

This website is not intended for use by children and we do not knowingly collect personal data from children.

Under the UK GDPR we must have a lawful basis for processing your personal data. We rely on the following bases depending on the nature of the processing.

• Contract processing necessary for the performance of a contract with you, or to take steps before entering into one at your request
• Legal obligation processing necessary to comply legislation and guidance such as where applicable: Money Laundering Regulations 2017, the Proceeds of Crime Act 2002, Sanctions legislation and guidance, and our SRA regulatory obligations - for instance
• Legitimate interests processing necessary for our legitimate interests, including preventing fraud, protecting the firm and its clients, and improving our services, where those interests are not overridden by your rights
• Consent where we have obtained your express consent for a specific processing activity, such as sending marketing communications or processing certain special category data
• Vital interests in rare cases where processing is necessary to protect the vital interests of you or another person

Where we process special category data we rely on one of the additional conditions in Article 9 of the UK GDPR, including explicit consent, legal claims, or substantial public interest as appropriate.

Service providers

We use third-party providers for certain functions including IT services, case management systems, newsletter and email services, AML and sanctions screening, biometric verification, open banking, cloud backup, and social media platforms. These providers process your personal data as data processors acting on our behalf. We ensure appropriate contractual safeguards are in place.

Identity and verification data

We conduct biometric identity verification through a secure third-party platform. This involves collection of photographic and biometric data. We do not store your biometric data — it is processed by the verification platform under their own privacy framework. We hold only the results of the verification.

Sanctions and risk screening

Electronic verification checks include sanctions screening against UK, US, and UN sanctions regimes, Politically Exposed Person (PEP) checks, adverse media checks, mortality checks, electoral roll checks, and light credit checks. These are required by law. A match does not mean we cannot act for you — it means we are required to take additional steps before proceeding.

Source of funds and wealth

We are required to understand and evidence the source of funds involved in your matter. This may include open banking access with your consent, bank statements, payslips, completion statements, and other documentation. We hold this documentation as part of your compliance file.

You will be asked to undertake a source of wealth and source of funds check, which may include an open banking check in relation to all your accounts in all jurisdictions.

Compliance auditing and corporate clients

Where we provide compliance audit or advisory services to a regulated firm, we will collect personal data relating to the firm's directors, officers, persons of significant control, beneficial owners, controlling persons, referrers, compliance officers, accountants, counterparts, and staff members.

If there are discrepancies between information provided to us and information held by Companies House, we have reporting obligations and may be required to report those discrepancies. 

We also conduct counterparty and third party checks.

Processing without consent

We may process your personal data without your knowledge or consent where required and permitted by law, and that of third parties and counterparties, including where exemptions apply under the UK GDPR and the Proceeds of Crime Act 2002. This includes our obligation to make suspicious activity reports to the National Crime Agency where required by law.

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements.

• Legal matter files retained for a minimum of six years after the conclusion of the matter, in accordance with regulatory and insurance requirements and the Limitation Act 1980. Some files may be retained for longer.
• Compliance records retained for five years after the end of the business relationship.
• Financial records retained for six years.
• Marketing and communication data retained until you withdraw consent or opt out.
• Website and technical data retained in accordance with our cookie policy.

When data is no longer needed we will securely delete or anonymise it. We do not provide any prior notice of such deletion or anonymise other than stated in this privacy policy. In some cases we may be unable to comply with a deletion request where we have a legal obligation to retain the data.

Section 9

Right to access

Request a copy of the personal data we hold about you.

Right to rectification

Request that we correct inaccurate personal data we hold about you, and complete incomplete data.

Right to erasure

In certain circumstances, request that we delete your personal data. This right does not apply where we have a legal obligation to retain the data.

Right to restrict processing

Ask us to restrict processing of your data in certain circumstances, for example while the accuracy of the data is contested.

Right to data portability

Where we process your data on the basis of consent or contract and by automated means, receive that data in a structured, machine-readable format.

Right to object

Object to processing based on legitimate interests, including for direct marketing. We will stop unless we can demonstrate compelling legitimate grounds.

Automated decision-making

The right not to be subject to a decision based solely on automated processing where it produces legal or similarly significant effects.

Right to withdraw consent

Where processing is based on consent, withdraw that consent at any time. Withdrawal does not affect the lawfulness of prior processing.

Our website uses cookies to enhance your browsing experience and help us understand how the site is used.

• Essential cookies necessary for the website to function and cannot be switched off
• Analytics cookies help us understand how visitors interact with the website; we use this information to improve the site
• Marketing cookies used to track visitors across websites; we do not currently use marketing cookies

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality. Where we use analytics cookies we will request your consent via a cookie banner when you first visit.

We do not control third-party websites and are not responsible for their privacy practices. When you leave our website we encourage you to read the privacy notice of any website you visit.

When we contact you by email we may use third-party email and communications software. Personal data processed in this way is handled in accordance with this notice and the provider's own privacy framework.

Section 11

If you have a concern about how we have handled your personal data, please contact us first. We would like the opportunity to address your concern directly. Please write to our Data Protection contact at the address in Section 12 or send an email marked for the attention of the Data Protection contact.

We will acknowledge receipt of your complaint promptly and aim to respond fully within one month. Where a complaint is complex, or if there is any reason for a delay,  we will keep you updated on progress, and this may take more than a month. 

Your right to complain to the Information Commissioner's Office (ICO)

If you are not satisfied with our response, or consider that we have infringed your data protection rights, you have the right to complain to the ICO — the UK supervisory authority for data protection. We would appreciate the chance to resolve your concern with you directly first, but you may contact the ICO at any time.

Name: Information Commissioner's Office

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Telephone: 0303 123 1113 (Monday to Friday, 9am to 5pm)

Website: www.ico.org.uk

Complaints: ico.org.uk/make-a-complaint

The ICO asks that you have first raised your concern with the organisation in question before contacting them. Please contact us first and allow us to respond. The ICO provides guidance on their complaints page to help you before you submit a complaint.

Data Protection Contact

By post: Data Protection Manager, Alexander Christian, Harrow Business Centre, 429-433 Pinner Road, North Harrow, London HA1 4HN

By telephone:020 4578 4684 ·  Monday to Friday, 10am to 4pm

In person: By appointment only at Harrow Business Centre, North Harrow, London

We aim to respond to all legitimate requests within one month. Where that is not possible we will inform you if we need longer and keep you updated.

See our Privacy Page

See our Client Due Diligence Page

See our Pre-onboarding Page

See our Fees Overview Page

Call Us:  020 4578 4684