Privacy Policy

How we protect your data

Last Updated: 10 September 2025 – Created in partnership with Compliance Direct Solutions Ltd.

1. Who We Are

Costs ADR (referred to as "we", "us", or "our") is a dispute resolution organisation operating in the United Kingdom.

We are registered with the Information Commissioner's Office (ICO) under registration number: ZA212746.

Contact Details

  • Address: CADR, 218 Strand, London, WC2R 1AT
  • Email: registrar@costsadr.com
  • Telephone: (+44) 01279 744 123
  • Data Protection Officer: Gareth Ellis

2. What This Privacy Notice Covers

This notice explains:

  • What personal data we collect
  • Why we collect it
  • How we use it
  • How long we retain it
  • Your legal rights
  • Who we share it with
  • How we protect your data

This applies to:

  • Users of our website
  • Clients and parties to mediation or ADR services
  • Panel mediators
  • Legal professionals and experts involved in our services
  • Any other individual whose personal data we process

3. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract – To provide ADR or mediation services
  • Legal Obligation – Where we are required by law (e.g. to retain tax records or report misconduct)
  • Consent – For marketing and cookies
  • Legitimate Interests – For internal administration, fraud prevention, service improvement
  • Vital Interests – Rarely, e.g. in emergencies
  • Public Task – In matters involving public functions or court-related mediation

4. Data We Collect

a) Personal Data

  • Name, address, email, telephone
  • Employment details
  • Legal role or case information
  • Financial details (for payments)

b) Special Category Data

  • Racial or ethnic origin
  • Religious beliefs
  • Health/disability information
  • Criminal convictions (where necessary)

We only collect special category data where it is strictly necessary and with appropriate safeguards.

5. How We Collect Data

  • Directly from you (e.g. contact forms, email, phone)
  • Through our website (via cookies or analytics tools)
  • From third parties (legal representatives, courts)
  • From public sources (Companies House, legal databases)

6. How We Use Your Data

We process your data to:

  • Deliver mediation and ADR services
  • Manage panel members and contractors
  • Respond to enquiries or complaints
  • Maintain business records and compliance
  • Improve our services
  • Send updates (with consent)

7. Sharing Your Information

We may share your data with:

  • Legal professionals (solicitors, barristers)
  • Panel mediators
  • Courts or tribunals
  • Insurers and regulators
  • Police or law enforcement (if legally required)
  • IT/cloud service providers (bound by contract)
  • Professional advisers

We do not sell your data to third parties.

8. International Transfers

All data is currently stored in the UK. If we ever need to transfer data outside the UK, we will ensure an adequacy decision exists or appropriate safeguards are in place (e.g. SCCs).

9. Data Retention

  • Client records – 6 years from case closure
  • Financial records – 7 years (for HMRC compliance)
  • Website analytics – Up to 26 months
  • Panel mediator data – While active + 6 years

We securely delete or anonymise data once the retention period ends.

10. Your Rights

Under UK GDPR, you have the following rights:

  • Access – to request a copy of your data
  • Rectification – to correct inaccuracies
  • Erasure – to delete data (the "right to be forgotten")
  • Restriction – to limit processing
  • Data Portability – to obtain and reuse your data
  • Objection – to certain uses (e.g. marketing)
  • Withdraw Consent – where processing is based on consent
  • Complain – to the Information Commissioner's Office (ICO)

To exercise any of these rights, contact us at registrar@costsadr.com

11. Cookies & Tracking Technologies

Our website uses cookies to enhance user experience.

a) What are cookies?

Cookies are small text files placed on your device to collect information about browsing behavior.

b) Types of cookies we use

  • Essential – Needed for site functionality
  • Performance – Analytics (e.g. Google Analytics)
  • Marketing – Advertising and retargeting (only with consent)

We require your explicit consent before placing non-essential cookies.

12. How We Protect Your Data

We implement technical and organisational measures to keep your data safe:

  • Encryption and secure file transfer
  • Access control and role-based permissions
  • Regular security reviews
  • Staff training and confidentiality agreements

13. Complaints

If you are concerned about how we handle your data, please contact us first. You also have the right to complain to the Information Commissioner's Office:

Website: https://ico.org.uk
Phone: 0303 123 1113

14. Changes to This Privacy Notice

We may update this notice from time to time. Any updates will be posted on our website and dated accordingly.

Last updated: 10 September 2025

Need Help or Have Questions?

Contact us at registrar@costsadr.com