Access the header Access main content Access footer

This website is operated by Ondra LLP and its group companies. Ondra LLP is a limited liability partnership with registered number OC340822, whose registered office is at 125 Old Broad Street, London, EC2N 1AR). Ondra LLP appears in the Financial Services Register (Registration No. 493592) and its VAT registration number is 940 500 265. The Ondra group is referred to as “Ondra”, “we”, “us” and “our” in this Privacy Policy.

We respect your privacy and are committed to protecting your personal data. This Privacy Policy describes how we process your personal data when you visit our website (regardless of where you visit it from) and your privacy rights. It also describes how we use cookies. “Personal data” is any data that can be used to identify you or that Ondra can link to you and which Ondra has in its possession or control.

Purpose of this Privacy Policy

This Privacy Policy aims to give you information on how we collect and process your personal data through your use of our website. Ondra is the data controller in respect of your personal data, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.

Contact Details

If you have any questions about this Privacy Policy, please contact us in the following ways:

  • Postal address: 125 Old Broad Street, London, EC2N 1AR

You have the right to make a complaint at any time to the relevant supervisory authority based on the jurisdiction in which you are resident. For example:

We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so, please do contact us in the first instance.

Changes to the Privacy Policy

We keep our Privacy Policy under regular review. This version was last updated in May 2025.

Data we collect about you

We will collect and process personal data that you or someone acting on your behalf provides to us by filling in forms or signing up for services on our website. We may also collect personal data about you when you make calls to us – those calls will be recorded in accordance with MiFID II (Markets in Financial Instruments Directive II) requirements.

For information about how we use cookies and the choices you may have, please refer to our Cookies Notice below.

Our Clients

If you are a client, or are connected with one of our client’s matters, we will collect and process personal data about you or others that is provided to us in connection with the provision of services to you or to that client.  Our client agreements explain how we process your personal data so please refer to that documentation for further details.

How we use your data

We will only use your personal data when applicable law allows us to. Most commonly, we will use your personal data where it is necessary for our legitimate interest or where we have obtained your consent.

We will process your personal data to:

  • Provide and improve our products and services – this includes your [Name], [Email address], [Phone number], [Any other information you choose to provide] and our legal basis for processing this data is legitimate interests to ensure that we are continually improving our website and services.
  • Identify and prevent fraudulent and illegal activities – this includes your [[Name], [Email address], [Phone number], [Any other information you choose to provide], [Technical data such as IP address, device identifiers, browser type and version, operating system, geolocation information, etc]] and our legal basis for processing this data is legitimate interests to enable us to protect our business.
  • Engage in marketing and business development activity – this includes your [Name], [Email address], [Phone number], [Any other information you choose to provide] and our legal basis for processing this data is legitimate interests to enable us to promote our business
  • Send marketing communications – this includes your [Name], [Email address], [Phone number], [Any other information you choose to provide] and our legal basis for processing this data is your consent.

 

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Third parties

We may share your personal data with third parties where it is necessary for the purposes outlined above. An example of a third party that we may share your data with is an organisation that helps us administer the website. Where personal data is disclosed to third parties, we will take steps to ensure your personal data is accessed only by people who need such access for the purposes described in this Privacy Policy.

We may disclose your personal data to third parties if we are required to do so to comply with any legal obligation.

Finally, in the event that we sell or buy any business or assets, we may disclose personal data to the prospective seller or buyer of such business or assets. Your personal data would only be transferred to the extent that such a transfer was required for the purposes of due diligence and was done so in accordance with applicable law and subject to appropriate security protections, such as confidentiality restrictions or anonymisation. If we are acquired by a third party, personal data may be one of the transferred assets.

International transfers

We may share your personal data within our group and potentially to service providers located outside of the UK and/or EU.

Whenever we transfer your personal data out of the UK and/or EU, we ensure a similar degree of protection is afforded to it by ensuring that we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data or, if applicable, we will ensure an alternative lawful transfer mechanism is in place, as required by applicable data protection laws.

To obtain more details on these transfers and, where appropriate, copies of the applicable safeguards implemented, please contact GDPR@ondra.com.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised or unlawful way.

We limit access to your personal data to employees and third parties who have a genuine need to access it. They will only process your personal data on our instructions, and they are subject to appropriate duties of confidentiality.

We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of any suspected breach where we are legally required to do so.

Data retention

How long we hold your personal data for will vary. The retention period will be determined by the purpose for which we are using it and our legal obligations.

We will only retain your personal data for as long as is reasonably necessary to fulfil the purposes we collected it for. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.

In some circumstances you can ask us to delete your data: please see Your Rights below for further information.

Following the end of the relevant retention period, we will delete or anonymise your personal data in accordance with applicable data protection laws.

Your Rights

You have legal rights in relation to the data we hold about you.

You can exercise your rights, make requests and raise questions by contacting us at GDPR@ondra.com.

Right to Access

You have the right to obtain information about how we process your personal data and access the personal data which we hold about you.

Right to Rectification

You have the right to request that we rectify your personal data if it is inaccurate or incomplete. We may need to verify the new information you provide to us.

Right to Erasure

You have the right to ask us to erase your personal data where there is no good reason for us to continue processing it, you have objected to our processing it, or where we have unlawfully processed it. If we cannot comply with your request for erasure for specific legal reasons, we will notify you.

Object to Processing

You have the right to object to us processing your personal data. You must give specific legal reasons for your objection, and we are not obliged to comply with your request if we have a compelling reason to lawfully continue processing your personal data.

Right to Withdraw Consent

Where we are relying on your consent to process your personal data, you have the right to withdraw your consent.

Right to Complain

You have the right to lodge a complaint with the relevant supervisory authority if you think we have infringed your rights. However, we recommend that you contact us in the first instance to enable us to resolve your complaint as far as possible.