Legal

Privacy policy.

How we collect, use and protect personal data — in line with the UK GDPR and the Data Protection Act 2018.

1. Who we are

For the purposes of the UK GDPR, the data controller is Dmytro Taran, a self-employed sole trader trading as Taran Legal, based in Tunbridge Wells, Kent, United Kingdom. Contact: dmytro@taranlegal.co.uk · +44 7393 835 067.

2. What personal data we collect

  • When you contact us: your name, email address, telephone number, company (if provided), and the content of your message.
  • When we engage with you as a client: identification documents and information required for client due diligence; matter-related correspondence; billing information.
  • When you visit this website: standard server logs (IP address, browser type, pages visited) and any cookies you accept.

3. Why we use your data, and the legal basis

  • To respond to your enquiry — legal basis: consent (you submitted the enquiry) and our legitimate interest in answering people who contact us.
  • To deliver the engagement — legal basis: performance of a contract (your letter of engagement with us).
  • To comply with our legal and regulatory obligations — legal basis: legal obligation (e.g. record-keeping, anti-money-laundering checks where applicable).
  • To improve the website and our service — legal basis: our legitimate interest in running and improving our service. We do not use personal data for advertising and we do not sell data to third parties.

4. How long we keep your data

Enquiry data that does not lead to an engagement is deleted after 12 months. Client records are kept for the duration of the engagement and for up to seven years after the engagement ends, in line with standard professional and tax record-keeping practice. Server logs are kept for up to 30 days.

5. Who we share your data with

We do not sell or rent personal data. We share data only:

  • With our hosting and email-infrastructure providers, acting as processors under written terms;
  • With our accountant and other professional advisers, on a need-to-know basis;
  • With a regulated solicitor, IAA-regulated immigration adviser, or other professional to whom we refer or co-work — only with your prior consent;
  • With a public authority where we are legally required to do so.

6. International transfers

Where Ukrainian-law matters are referred to qualified Ukrainian counsel within our Ukrainian practice, this involves a transfer of personal data outside the United Kingdom. Such transfers are made under appropriate safeguards under Article 46 UK GDPR (standard contractual clauses or equivalent) and only with your prior knowledge.

7. Your rights

Under the UK GDPR you have the right to:

  • Request access to the personal data we hold about you;
  • Request rectification of inaccurate data;
  • Request erasure of your data, where applicable;
  • Object to or restrict processing in certain circumstances;
  • Withdraw consent at any time, where consent is the legal basis;
  • Request portability of data you have provided to us;
  • Complain to the Information Commissioner's Office (ico.org.uk, 0303 123 1113).

To exercise any right, email dmytro@taranlegal.co.uk. We will respond within one month.

8. Cookies

This website uses only the cookies strictly necessary for it to function. We do not use third-party analytics, advertising, or tracking cookies by default. If this changes, this policy will be updated and a cookie-consent banner will be added.

9. Security

We use industry-standard measures to protect personal data, including TLS in transit, access controls and a written information-security routine. No system is perfectly secure, and we will notify you and the ICO of any personal-data breach that meets the statutory notification threshold.

10. Changes to this policy

This policy was last updated on the date shown below. Material changes will be reflected here. Where you remain an active client, we will tell you about material changes by email.

Last updated: 17 May 2026.