Privacy Policy - Fiona Johnson Limited

This is a joint Privacy Notice by Fiona Johnson Limited and our Associates pursuant to Article 26 of the UK’s General Data Protection Regulation (the “GDPR”) as joint controllers of your data.

This privacy notice tells you what to expect us to do with your personal information.

Fiona Johnson Limited	means the Company who acts as a Data Controller for the purposes of the data protection legislation when they collect, use and process personal data.
Associate	means the experts that are legally separate trading entities (either self-employed sole traders or limited companies) that are appointed by Fiona Johnson Limited to provide expert witness services for and on behalf of Fiona Johnson Limited. Each Associate acts as a Data Controller in respect of the data protection legislation when they collect, use and process personal data. Each Associate is registered with the ICO and those details can be obtained on request.
We/ our/ us	means Fiona Johnson Limited and any of the Company’s Associates in their capacity as Joint Data Controllers in accordance with the Joint Data Controller Agreement made between them. (Please see below for the agreed roles and responsibilities).
Staff	means direct employees of Fiona Johnson Limited.

Our overriding objective is to respect and protect your privacy, act transparently and be accountable to you in line with the relevant data protection legislation.

Our contact details:

We are Joint Data Controllers but for the purposes of this privacy notice we have appointed a single point of contact for data protection concerns.

Fiona Johnson

Fiona Johnson Limited
7 Stamford Street
Stalybridge
Cheshire
SK15 1JP
Telephone: 0161 304 3400

Email: fj@fionajohnsonltd.com

Why this notice?

This privacy notice aims to:

Describe the personal information collected, stored and otherwise processed about you and the purposes and lawful bases for that processing;
tell you with whom Fiona Johnson Limited and our Associates share this information;
the mechanisms and measures Fiona Johnson Limited and our Associates have put in place to protect your personal information;
your rights in relation to the processing of such information;
how to contact us in the event you need further information or have a complaint.

What type of information we have

Personal data, or personal information, means any information about an individual from which that person may be identified or be identifiable. It does not include data where the identity has been removed (anonymous data).

We are frequently instructed by corporate entities and those entities are not data subjects. As part of those instructions, personal information about other persons may also be provided to us directly.

We collect some or all of the following personal information that you provide, including when providing medico-legal services or references – it is not possible to anticipate exactly which categories of personal information might be obtained in particular cases (and some may not be obtained at all):

personal details (includes names, usernames or similar identifiers, marital status, title, date of birth, gender, your image by way of photos or video recording);
family details;
lifestyle and social circumstances;
financial details (including bank/building society and payment card details);
education, training and employment details;
physical or mental health details (including your medical records where you are a party to actual or contemplated legal proceedings and you have consented to the release of such records for the purposes of investigating or bringing a claim);
criminal records (including driving or other convictions);
racial or ethnic origin;
religious, philosophical or other beliefs;
trade union membership;
sex life or sexual orientation;
genetic information;
biometric information for the purpose of uniquely identifying a natural person
other personal information relevant to instructions to provide medico-legal services, including information specific to the instructions in question;
transaction data, including details about payments to/ from you;
marketing and communications data, such as your preferences in receiving marketing from us, and your communications preferences

How do we get the information?

The personal information we collect comes through one or more of the following:

provided by you when you interact with us by ‘phone, post, SMS, email, fax, social media, or through any agreed communications such as video conferencing platforms (Zoom, Microsoft Teams); at events; in person; or through forms on our website.
provided by third parties:
- legal professionals;
- other legal experts;
- witnesses;
- courts and tribunals;
- family and associates of the person whose personal information Fiona Johnson Limited is assessing;
- other regulatory authorities current, past or prospective employers
- education and examining bodies;
- the intended recipient, where you have asked us to provide a reference.

Why do we have it?

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Your consent is when we have permission from you, after we have given you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

We may use your personal information for the following purposes and with the following lawful bases:

Purpose/reason	Lawful basis of processing	Data controller applicability
to promote and market the services of Fiona Johnson Limited; to promote and market the services of individual Associates	For our legitimate interests or that of a third party – to promote our business and services to existing, former and potential clients Your consent	Fiona Johnson Limited
to provide expert witness services to clients, training and statutory funding advice.	For the performance of a contract to provide expert witness services/ advice (or in order to take steps at your request prior to entering into a contract) Your consent	Fiona Johnson Limited Individual Associates
to recruit staff and associates	For our legitimate interests – to grow our business effectively Your consent	Fiona Johnson Limited
to fulfil equality and diversity and other regulatory requirements	Performing or exercising obligations or rights imposed or conferred by law on us or you in connection with employment, social security or social protection	Fiona Johnson Limited
to manage matters relating to employment (HR, payroll, benefits)	Performing or exercising obligations or rights imposed or conferred by law on us or you in connection with employment, social security or social protection Your consent	Fiona Johnson Limited
the keeping of accounting records and carrying out of office administration	To comply with a legal obligation Our legitimate interest – to run our business effectively Your consent	Fiona Johnson Limited Individual Associates
to check for potential conflicts of interest in relation to future potential cases	Legal obligation	Fiona Johnson Limited
to procure goods and services	For the performance of a contract with you (or in order to take steps at your request prior to entering into a contract) Your consent	Fiona Johnson Limited
to respond to requests for references	Your consent	Fiona Johnson Limited
to respond to potential complaints or make complaints	Our legitimate interests – to defend our reputation and interests Your consent	Fiona Johnson Limited Individual Associates

What do we do with the information?

We do not rent or sell personal information to anyone. We share personal data internally strictly on a need to know basis.

We may share information with outsourced services providers such as accountants, photocopying companies and digital dictation services, but this is pursuant to them confirming they are GDPR complaint via written contracts.

If required, we may share information with the HMRC and the VAT Commissioner as they require, or with others pursuant to a Court Order.

Transfer of your information outside the European Economic Area (EEA)

We do not routinely transfer personal data outside of the European Economic Area. Should the need to do so arise we will ensure that transfers are done using secure methods that offer sufficient assurances and guarantees that your data is afforded the necessary safeguards laid down by the legislation governing the transfer.

How we store your information?

Your information is at all times securely stored either in locked premises where it is in paper form or encrypted devices/ a secure cloud where it is in electronic format.

Our data retention policy is to keep your personal data only for as long as it is needed to fulfil the purposes for which we collected it, including any legal, accounting or reporting requirements. To decide how long we keep your personal data, we consider the amount, nature and sensitivity of the data, the potential risk of harm, the reasons why we process your personal data and whether we still need your data, and any applicable legal requirements.

In general, we will store personal data for at least one year following the expiry of any limitation period (which will usually be 6 years or longer where the information relates to a minor). A client’s name and contact information will be retained beyond this period and until it is no longer required for the purpose of conflict checking.

Personal data contained in records relating to any complaint will be retained for a period of 6 years from the determination of the complaint.

In certain circumstances, we may anonymise your personal data (so that it cannot be associated with you) for research/ training or statistical purposes in which case we may use this information indefinitely, without further notice. We will delete or anonymise your personal information unless:

the lawful basis for collecting it is ongoing;
we are engaged with you in relation to a particular matter or that matter has not finally terminated, or there is an unresolved issue such as a claim or dispute;
we are legally required to; or
there is a legitimate interest (such as protecting safety and security of customers; fraud prevention).

Names and contact details held for marketing will be held until we become aware, or are informed, that the individual in question is no longer a potential or actual client.

Your Rights

Where Fiona Johnson Limited is the Data Controller for information and when a breach has occurred, an immediate investigation will be conducted, and the breach will be reported to the Information Commissioner within 24 hours.
Where an Associate is the Data Controller for information and when a breach has occurred, the Associate will conduct an immediate investigation and the breach will be reported to the Information Commissioner within 24 hours.

Individual Rights

Under data protection law, you have rights including:

Your right of access	You have rights to ask us for copies of your personal information.
Your right to rectification	You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure	You have the right to request your data be deleted by us if it is no longer necessary for the purposes for which it was collected or if you withdraw your consent.
Your right to restriction of processing	You have the right to ask us to restrict the processing of your personal data in certain circumstances.
Your right to object to processing	You have the right to object to processing of your personal data in certain circumstances.
Your right to data portability	You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
Your right to withdraw consent	When we use consent as our lawful basis you have the right to withdraw your consent at any time.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

We are able to translate the content of this privacy notice into child-friendly language and accessible formats should it be required or requested.

How to complain

You have the right to lodge a complaint with the Information Commissioner’s Officer who can be contacted as follows:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
This Privacy Notice was last updated on 26th June 2025 We will from time to time update this Privacy Notice in the light of developments and changed practices.