Steve Martin Associates

SMA Logo

Privacy Statement

Data Security

SMA wish to process data lawfully and meet the requirements of the General Data Protection Regulation (GDPR). We consider this to be important in ensuring our professional reputation is maintained, safeguarding your clients’ confidentiality and establishing and maintaining a successful working relationship with you. Steve Martin Associates (SMA) wish to process data lawfully and within the General Data Protection Regulation (GDPR). Information on the GDPR can be found on this web site:

Privacy Statement

As a ‘data controller’ as defined by the GDPR we are required to be open and transparent by sharing with you the nature and extent of the data we collect, why we need to have the data and how it will be stored, who that information will be shared with and how long we will retain the information. We are also obliged to tell you that you have a right of access and can correct or instruct us to delete or destroy information at any time (subject to legal and regulatory requirements). However, refusing us the right to process data may have consequences.

We have to receive a positive affirmation from you to indicate your consent for us to process the data.

Please be aware that this notice will be updated as necessary to reflect best practice in data management and to ensure compliance with any changes or amendments made to the Data Protection Act 1998 and GDPR.

Why are we collecting your personal data (The Lawful Basis)?

In order to fulfil our obligations to you, your client and the Court, we need to record and maintain personal data such as your organisational contact details and information relating to your client, including their litigation friend and other contacts. We will also gather information through the assessment process and in the course of our work we may take photographs and video footage. This information is used to manage our instructions from you, including the provision of reports, letters, emails, telephone conversations and related invoicing and debt recovery procedures.

What is being collected and how will it be processed?

SMA collects organisational and personal data from you and your clients, other experts involved in the case, schools and employers as deemed appropriate. This includes information that you will provide to us and information that we will collect as part of our role as an expert witness. Only appropriate information will be gathered and only to the extent that it is needed to fulfil our operational needs or to comply with any legal and regulatory requirements.

How we store your information

We have a secure office on a business park in Chipping Norton. Information will be stored electronically in our office and on the computer systems of consultants working on your case. We will take the appropriate technical and organisational security measures to safeguard information. We will ensure that the data collected is processed in line with this privacy notice, your rights under the Data Protection Act 1998 and the GDPR.

Our consultants agree to store data in accordance with our Information Governance Statement (available on request) and also take the appropriate technical and organisational security measures to safeguard information.

SMA and our consultants make use of cloud services operated by Microsoft, Dropbox and Xero. It is our understanding that these organisations meet the requirements of the GDPR but we cannot be held responsible for a data breach emanating from these companies.

SMA computer systems are password-protected and SMA reports sent by email to you will be password-protected. We also employ branded anti-virus software and we routinely back up our data stores.

In addition to our electronic records, we also hold paper-based files and documents that you send to us. Some of these papers will be scanned and destroyed but some paper-based documents will inevitably be retained, for a period of time.

Who will we share your personal data with?

We will share data within the known litigation team including your firm, other experts, witnesses and the case manager in order to meet our obligations to you and the Court.

We will share data where we are required to do so by law or other regulation.

We will not distribute data to other parties unless:

1. The information has already been made public by you, the Court or the client.

2. We have to conduct any legal proceedings, obtain legal advice or defend a legal right.

How long will we keep information?

We continually review the information we hold, and delete what is no longer required. Added to this; when you write to us saying that the litigation, or our involvement in the case, is concluded, we will review the information we hold, and delete specific items that are no longer required such as other expert reports. The remaining data will be subject to review but all personal data will be destroyed or deleted within six years subject to any legal, regulatory or insurance obligations and other operational practices.

Financial data pertaining to the recovery of our fees and debts or pertaining to VAT and our accounting and statutory and regulatory obligations will be retained for a period of six years from the end of the financial year in which the last invoice was raised.

Who has access to your data?

You have the right to ask for a copy of the personal data that we hold.

Within one calendar month we will send this information to you electronically. We have the right to make a charge for requests that are repetitive or excessive.

Your SMA consultant and our office personnel will have access to your data. Some ‘virtual’ personnel will have access to limited data sets depending upon their job function. They will be trained in data protection practices and best practice.

All staff and contractors are aware that a breach of the rules and procedures identified in this privacy statement or the Information Governance Statement may lead to disciplinary action being taken against them and that the Information Commissioner’s Office (ICO) and other law enforcement agencies will be informed in the event of a serious or malicious information breach.

Your right to complain

In the event that you wish to complain about the way your personal data has been handled by SMA, you should write to, stating your case. Your complaint will be investigated and you will receive a response as soon as reasonably practicable. If you remain dissatisfied, you may refer the matter to the Information Commissioner’s Office at: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or email:, Telephone: 0303 123 1113.


We may, very occasionally, contact you with information concerning SMA consultants, services or issues such as change of address. We will not contact you if you do not want us to.

Data Breaches

GDPR introduces a duty on all organisations to report certain types of data breach to the Information Commissioner and, in certain cases, to the individuals who will be directly affected. Internal records of all data breaches will be kept by SMA.

Where a data breach is likely to result in a high risk to the rights and freedoms of you or your clients, we will notify you, any individuals affected and the ICO without undue delay, in order to mitigate any potential loss.

Where notification to the ICO is required, it will include:

1. The name of a senior director at SMA

2. The nature of the breach

3. The type of data breach and the people affected

4. The likely consequences

5. Measures taken by SMA to mitigate adverse effects


The GDPR requires us to obtain your specific agreement to the use of your information and your client’s data as detailed in this notice. Without your consent we will be unable to take your instructions and should consent be withdrawn, we will no longer be able to meet our obligations to you or the Court.

Within our Terms & Conditions, you are asked to individually confirm that:

1. you agree to us holding and using your personal/organisational information;

2. you agree to us contacting you occasionally regarding SMA;

3. you are authorised to agree the terms of the SMA privacy statement and your client is aware that their information will be passed onto third parties, such as expert witnesses.


Please note details on this page are subject to review. Changes will be kept to the minimum but may be required to reflect alterations to our policies or legislation.