Privacy Policy



Note: This notice relates to how Smith Medicolegal Limited (‘Smith Medicolegal’) processes personal data as a data controller. It covers information collected and processed:

  • Pre contract (Customer & Medical Expert)
  • Post contract (Customer, Medical Expert & Client)
  • When using our website (

If you are an instructing party please refer to our data processor privacy notice.

This Privacy Notice will change from time to time and, if it does, the up-to-date version will be reflected on this website ( and will be effective immediately. This privacy notice was last updated on 20 April 2024.


Welcome to the ‘Smith Medicolegal Limited Privacy Notice. ‘Smith Medicolegal ’ is an independent medical reporting and administration provider.

‘Smith Medicolegal ’ takes data protection seriously and is committed to respecting and protecting your personal data. Personal data is:

  • any information ‘relating’ to an identified or identifiable person (‘data subject’);
  • an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

For the purposes of this Privacy Notice, “Data Protection Legislation” means all applicable data protection and privacy legislation in force from time to time in the UK including without limitation the EU Regulation 2016/679 as it forms part of the law of England and Wales by virtue of section 3 of the European Union (Withdrawal) Act 2018, the Data Protection Act 2018 or any successor legislation.

This Privacy Notice explains how we will collect, store and use any personal data to enable us to form business relationships with Customers, Medical Experts, Clients, Website users and our legal obligations when contracts have terminated.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) the UK supervisory authority for data protection issues ( We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance.

If you have any questions you can contact our Data Protection Officer at:

E-mail – 

Post – 18 Luker Avenue, Henley on Thames, Oxon, RG9 2EU

Registration Number: 14853446 ICO Registration Number: ZB544789 

  • The data we may collect about you

We will collect, or be provided with, and process personal information about you, your personnel through various means, including:


  • Your name and title;
  • Contact information, including telephone number, postal address and email address;
  • Information relating to your location, preferences and/or interests;
  • Personal data may be included in our pre-contract checks with:some text
    • Companies House;
    • The Solicitors Regulation Authority (SRA) Register;
    • The Information Commissioner’s Office;
    • Internet searches;
    • The Financial Conduct Authority (FCA).

Medical Experts

  • Your name and title;
  • Correspondence address, email address and contact number;
  • Your Curriculum Vitae (CV);
  • Photographic identification;
  • Personal data may be included in our pre-contract checks;
  • Governing body registration;
  • Indemnity insurance;
  • List of consulting venues;
  • ICO certificate;
  • Medco certificate;
  • DBS certificate;
  • Correspondence address, email address and contact number.


Each time you visit our website, we will automatically collect the following information:

  • Web usage information (e.g. IP address);
  • Information about your visit, including the full uniform resource locators (URLs) clickstream to, through and from our website;
  • If you register for access to the Secure Client Area (Portal) we will collect company details, name, email and telephone number, user name and password.

We may ask you for information when you report a problem with our website.

Client Data

Collected as Smith Medicolegal activities as a data processor but is processed as a data controller after the contract is complete (invoice paid) with the Customer.

  • Full name and title;
  • Correspondence address, email address and contact number;
  • Medical Records when requested;
  • Medical Reports;
  • Information around rehabilitation.

If you contact us by phone your conversation may be recorded.

The personal data described above may relate to any of the following categories of person:

  • Medical Experts;
  • Prospective Customers;
  • Those who submit enquiries through our website or whose details are otherwise entered into our marketing management system.


We use cookies to track how users navigate through its pages, therefore helping us to evaluate and improve your experience and understand who has visited the website.  Please see our Cookies Policy for further information.

How we use your information

We may use your information for the following purposes:

  • To complete our processes to allow us to enter into a contract with you;
  • To respond to any query that you may submit to us pre-contract stage;
  • To manage our relationship with you (and/or your business), including by maintaining databases of customers and other third parties for administration and relationship management purposes;
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests;
  • Where we need to comply with a legal or regulatory obligation (for example keeping invoice information for HMRC requirements and other details to comply with statutory issues such as complaints or potential litigation claims);
  • To send you any relevant information on our services and events that may be of interest to you using the email and/or postal address which you have provided, but only if you have given us your consent to do so or we are otherwise able to do so in accordance with applicable Data Protection Legislation. You can withdraw your consent to marketing activity at any time using the unsubscribe link located in any of our marketing emails or by emailing us at 
  • To determine what is most effective about our website, and to help identify ways to improve it, and to tailor it to be more effective;
  • To comply with any other professional, legal and regulatory obligations which apply to us or policies that we have in place;
  • As we consider necessary to prevent illegal activity or to protect our interests;
  • To share with companies in our group for the purpose of them sending to you any relevant information about their products/services that may be of interest to you.

Legal grounds for processing your information

We will rely on the following legal bases under Data Protection Legislation for processing your personal data:

  • Entry into a contract such as arranging appointments with medical experts, collecting medical records, when requested, providing medical reports and organising rehabilitation treatments;
  • Compliance with a legal obligation to which we are subject i.e. Invoices for HMRC;
  • We have a legitimate interest in doing so as a services provider:some text
    • Completing due diligence on prospective Customers or Medical Experts;
    • Helping administrate the website, its contents and to provide data analytics to improve our products and services and user experience;
    • Helping respond to statute of limitations or litigation claims.
  • Where processing of ‘special category of data’ is necessary in the context of the establishment, exercise or defence of legal claims;
  • In certain circumstances, where we have express consent to do so. Where we collect consent, we will explain that it may be withdrawn at any time in accordance with the information we provide at that time;
  • For direct marketing, which we will generally only do with your consent (further details below).

Sharing your information

We will share your details with third parties instructed by us to enable us to fulfil our contractual obligations to you and/or your clients in the course of business.  These include:

  • Our carefully selected service providers who provide IT and system administration services to enable us to communicate effectively with you, provide services to you, and to give you access and use of the Secure Client Area (Portals);
  • You specifically request this or it is necessary to provide our services to you, for example disclosure to expert medical providers;
  • We consider other companies’ products and services in our group of companies may interest you;
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation.

We will not sell your information.

What we do to protect your personal data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we have put in place procedures to deal with any suspected personal data breach and, in the event of a breach, will notify you and any applicable regulator of a breach where we are legally required to do so.

Storage and retention of your personal data

We retain your personal data in line with our internal retention policies and guidelines. These have been developed to ensure our compliance with regulatory obligations and professional practice. The time periods vary depending on the particular circumstances.  

We will not store your information for longer than is reasonably necessary or required by law.

Following the completion of any contract between us, we may also need to retain your personal data for legal and regulatory purposes, including

  • Pursuing any outstanding payments, and
  • For HMRC audit purposes following payment of an invoice;
  • For use in breach of contract or negligence claims.

Sending your information outside of the UK

Your information will be predominantly processed in the UK. If your information is transferred outside the UK or the EEA you can expect a similar degree of protection in respect of your information as provided by processing in the UK.

Your information rights

Data Protection Legislation gives you the right to access information held about you.

We will aim to respond to any requests relating to your rights without undue delay and in any case within one month of receipt of your request.

We may ask you to confirm your identity so that we can validate a request. If you would like to make a request, please email or write to the DPO using the contact details provided above.

You have the right to:

  • Request access to your personal data and check that we are lawfully processing it;
  • Request correction of the personal data that we hold about you if you consider that it is inaccurate;
  • Request the transfer of your personal data to you or to a third party;
  • Request erasure of your personal data. This includes where you have been successful in exercising your right to object to processing (see below). However we may not be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
  • Request restriction of processing of your personal data. This may be the case if you want us to establish the data’s accuracy or where our use of the personal data is unlawful but you do not want us to erase it;
  • Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms.

Where you exercise your rights to request erasure, or request a restriction in the processing of your personal data or to object to processing of your personal data, we may still need to keep basic contact information about you if you are already or will shortly be an active customer as we will require this for contractual purposes.

We will not charge a fee unless we feel the request for your personal information is clearly unfounded or excessive (repeated requests) where we will either charge a reasonable fee or refuse to deal with the request.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer (