Privacy Policy


MHD Law LLP (“we,” “our,” “us”) are the data controller for the purposes of the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulation (“GDPR”) (law as of 25 May 2018) in respect of the personal information which we hold about you.

How we use your information

The information we collect about you will be used to deliver the services agreed upon, and the data we collect will allow us to fulfil your requests by acting on your behalf. Personal data is only ever disclosed to a third party as a matter of necessity.

We will not provide you with legal updates or news on our events unless you provide your consent, and we will only contact you for direct marketing purposes via e-mail. Your information will not be shared with, or sold to, any other companies for further marketing purposes.

As a legal firm we must conduct Anti Money Laundering (AML) and Combating Terrorism Financing (CTF) checks. The personal data you provide us which allows us to conduct these checks will be used solely for fulfilling our AML and CTF obligations.

Your rights

You have the right to:

  • Have your personal information rectified if it is inaccurate or incomplete
  • To have your personal information deleted (in specific circumstances)
  • To restrict the processing of your personal information (in specific circumstances)
  • To obtain details of the personal information we hold about you
  • To ask us not to contact you for marketing purposes and/or withdraw your consent to direct marketing at any time

If you would like a copy of your personal data, would like us to stop processing your data, would like to erase your data, or would like us to correct data that is inaccurate or incomplete, then please contact us (contact details can be found at the bottom of this document).

To note, we may charge a reasonable fee where the request for personal data is manifestly unfounded or excessive.

Keeping your data safe

Your personal information will be kept secure within the firm of MHD Law LLP.

We have strict policies in place to protect personal data from alteration, misuse, loss or destruction and all data is handled and processed confidentially and in accordance with the Data Protection Act and General Data Protection Regulation.

Who has access to your data?

We will not transfer your personal details to any third party for the purpose of direct marketing without your permission. In the process of carrying out your legal work we may have to disclose some of your information to third parties. We have data protection compliancy contracts in place with those third parties we use regularly and, when your personal data is provided to them, we ensure that they do not use your personal information for anything other than the services required.

We will hold your details on our CRM system and therefore our provider, Denovo Business Legal Intelligence, may also have access to your information during essential maintenance. We would advise that, in the event that our bank requests information from us about who we hold funds for, we are required by law to disclose this information to them.

How long do we keep your data for?

All paper records are sent to First Scottish for digitisation and destruction. The original paper file is destroyed after three months. Your personal data will be kept for the length of time necessary to complete our service for you, the duration of which will vary according to the service being attended to.

When the matter is complete, we keep your personal data in accordance with Law Society of Scotland guidelines, the details of which follow:

Service type Data kept for
Guardianship 10 years after the end of the guardianship
Divorce and consistorial 5 years after completion (e.g. after maintenance, residence and contact orders, etc., have ceased to have effect, or children have reached majority)
Civil court 10 years after completion
Executry 10 years after completion (although an executry may never be complete. Relevant documents and papers might be sent to the Executor for safekeeping since prior rights and legal rights only prescribe if not claimed in 20 years after becoming enforceable)
Continuing trust 10 years after termination of trust
Conveyancing 10 years after completion, or
1 year after sale
Company work 10 years after completion
Endowment/investment Until policy has matured
Simple debt collection On completion (i.e. after the time for appeal has elapsed)
Solemn cases Duration of the sentence if more than three years
Summary cases 3 years (a copy of the complaint or indictment and a copy of the legal aid certificate should be kept indefinitely)
Sale 1 year after completion (i.e. after implementing Letter of Obligation; dealing with any funds retained; and after Missives have ceased to have effect). However, MHD will keep these files for ten years after competition of business.
Other correspondence files 5 years after completion of the business
Money Laundering / Customer Due Diligence Records Later of 7 years and the destruction of the transaction file for that client in compliance with Law Society of Scotland guidelines for retention and destruction of files.

It is important to note that your data may be kept longer than the dates specified above if there is a legitimate reason for doing so, for example, a file may be retained to provide material for an adequate defence in the event of a claim.

Wills and related documentation may be kept indefinitely, this also applies to deeds relating to unregistered properties as they may be needed as evidence of ownership.

Lawful basis

GDPR legislation specifies that we must inform you of our lawful basis for processing your personal information. Our lawful basis varies in accordance with the service we are conducting for you. If you have any questions regarding the legal basis for processing of your data, then please ask your solicitor.

Contact us

If you have any questions, comments or requests you can contact us at, or write to Kieran Fitzpatrick at MHD Law, 45 Queen Charlotte Street, Leith, Edinburgh, EH6 7HT.

You can contact the Information Commissioner’s Office (ICO) by calling their helpline on: 0303 123 1113.

MHD Law Website

Who we are

Our website address is:

What personal data we collect and why we collect it


If you leave a comment on our site you may opt in to saving your name, e-mail address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.