Privacy Policy

Introduction

This Privacy Policy (“Policy”) explains how OCZO collects, uses, stores, and protects personal data obtained from individuals, whether through this website or by other means.

This Policy should be read together with any other notices or policies made available on this website. Information relating specifically to our use of cookies can be found in the section titled Cookies below.

For the purposes of data protection legislation, OCZO is the data controller in respect of personal data processed in accordance with this Policy.

This Policy is intended to comply with all applicable data protection laws and regulations, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR), together with any replacement or amending legislation (together, the Data Protection Legislation).

Our Commitment to Data Privacy

OCZO is committed to safeguarding your personal data. We undertake:

  • to keep your personal information secure and confidential;
  • to share personal data only where necessary to deliver our services or comply with legal obligations; and
  • never to sell or trade personal data for marketing purposes, whether in identifiable or pseudonymised form.

Please ensure that any personal information you provide to us is accurate and kept up to date and notify us promptly of any changes.

Data Security

We maintain appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

Access to personal data is limited to those employees, agents, contractors, and third parties who have a legitimate business need to know. All such parties are subject to confidentiality obligations and may only process personal data in accordance with our instructions.

We have procedures in place to address any suspected data breaches and will notify affected individuals and relevant regulators where required by law.

How We Use Personal Data

We may collect and process personal data including, but not limited to:

  • name, title, postal address, email address, and telephone number;
  • marketing preferences; and
  • information provided when corresponding with us or instructing us.

Where required by law, we may also collect and retain identification documents for verification purposes, such as passports or driving licences. These may include information such as full name, address, date of birth, photograph, nationality, and place of birth.

We will only collect personal data that is necessary for legitimate business purposes and will use it primarily to:

  • provide legal services and comply with contractual obligations;
  • respond to enquiries and manage client relationships;
  • administer files, transactions, and payments; and
  • comply with legal and regulatory obligations.

We may also send updates, newsletters, or information about events or services that may be of interest where we have an existing relationship and a lawful basis to do so. All such communications will include an option to opt out at any time.

Legal and Regulatory Obligations

There are circumstances in which we are required to process personal data to comply with legal or regulatory duties, including:

  • compliance with anti-money laundering and counter-terrorist financing obligations;
  • responding to lawful requests from regulators, courts, or authorities;
  • investigating complaints or disputes; and
  • meeting internal business and compliance requirements.

By providing personal data to us, you acknowledge and agree that your data may be processed in accordance with this Policy. If you do not agree, please do not provide personal information to us.

Your Rights

Under the Data Protection Legislation, you have various rights in relation to your personal data, including the right to:

  • access your personal data;
  • request correction of inaccurate or incomplete data;
  • request erasure of personal data where appropriate;
  • object to processing based on legitimate interests or for direct marketing;
  • request restriction of processing in certain circumstances;
  • request transfer of your personal data; and
  • withdraw consent where processing is based on consent.

Requests may be made using the contact details published on this website. We may need to verify your identity before responding.

There is usually no fee for exercising your rights, although a reasonable charge may apply where a request is manifestly unfounded or excessive.

We aim to respond to all legitimate requests within one month, although this period may be extended where requests are complex.

Cookies

Our website uses cookies to distinguish users and enhance functionality.

Cookies are small text files stored on your device that help us analyse website usage and improve performance.

We use:

  • Analytical/performance cookies, which help us understand how visitors interact with our site; and
  • Consent cookies, which record your cookie preferences.

Cookie data is not used to identify you personally, and we do not share cookie information with third parties.

You can manage cookie preferences via your browser settings or when accessing the website.

Third-Party Websites

This website may occasionally contain links to third-party websites. We do not control those sites and are not responsible for their privacy practices. We encourage you to review their privacy notices before providing personal data.

Social Media

Information shared via social media platforms may be accessible to third parties. We recommend exercising caution when posting personal information. OCZO accepts no responsibility for information disclosed via third-party social media platforms.

International Transfers

Personal data may be transferred outside the UK or EEA where necessary to support our operations. Where this occurs, appropriate safeguards are implemented to ensure an equivalent level of protection in accordance with Data Protection Legislation.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, regulatory, and professional obligations.

Client files are typically retained for seven years following the conclusion of a matter unless a longer retention period is required. Files are securely destroyed at the end of the retention period.

Changes to This Policy

We may update this Policy periodically to reflect legal or operational changes. The latest version will always be published on this website.

We may update this You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed.

Contact Us

If you have any questions, requests, or concerns regarding this Policy or how we handle personal data, please contact us using the details provided on this website.