Protecting Your Personal Information

What this privacy policy covers

Brooks Leney is committed to protecting your personal information. In this notice, references to ‘we’, ‘us’ or ‘our’ mean Brooks Leney. This notice explains how we collect and use the personal information about you, if you are a client, business associate, professional contact, former client, prospective client or other contact of Brooks Leney and whether you visit our website or interact with us in any way.

Who we are

Brooks Leney is a Corporate Partnership. Our main office is at Hyntle Barn, Silver Hill, Hintlesham, Ipswich, Suffolk, IP8 3NU.

Telephone: 01473 831531


Brooks Leney operates the website (the “website”).

Brooks Leney is a data controller under the data protection rules and all contact details are shown at the end of this document.


Our website uses cookies which allow a server to uniquely identify each browser on each page.

A cookie is a small file that will ask permission to be stored on your computer’s hard drive. It records how you have used a website. This means that when you go back to that website, it can give you tailored options based on the information it has stored about your last visit.

If you do not want us to use cookies in your browser, you can normally set your browser to reject cookies or to alert you should a website attempt to put a cookie on your computer.

Your data security

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Please do not divulge any sensitive information via our website. A member of our team will discuss your details with you in person.

Links to other websites

Our website may contain links to other websites. Such sites are not governed by this privacy statement and we cannot be responsible for the protection and privacy of any information that you provide to that site. Please review the privacy statement applicable to the website in question.

About IP addresses and cookies

We may collect information about your computer, including, where available, your IP address, operating system and browser type, for system administration. This information, also known as ‘cookies’ allow us to monitor how you use our site. Cookies help us to understand how our customers and potential customers use our website so we can develop and improve its design, layout and function. We may also use the information to compile reports and to help us improve the site.

Information we gather / collect

Depending on your relationship with us (for instance, whether you are a client, business associate or professional contact), we may collect, use, store and transfer some or all of the following data:

  • Identity and Contact Data: personal and identity data, including your names, date of birth, information about your family, copies of ID, and contact details;
  • Financial Data: including details of your bank accounts, payment card details, payments due to you, grant payments, your income, tax details and payments;
  • Business Data: including details of your business, management information, your property and your affairs, including grant applications, maps and surveys, tenancies, contract farming agreements, licences and land registry title documents.
  • Transaction Data: details of services we provide to you.
  • Profile Data: including passwords and login details for online accounts and third-party applications or service providers, such as HMRC, the Rural Payments Agency and other specialist software providers.
  • Technical Data: information we collect automatically when you visit our website (‘cookies’) such as your IP address, browser details, and device details.
  • Marketing and Communications Data: includes your preferences in receiving marketing from us and your communication preferences.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

We may collect your data from different sources:

  • We may collect all of the types data listed above directly from you when you interact with us;
  • We may collect Identity and Contact Data, Financial Data, and Business Data from professionals and others providing you with services, such as your accountant, financial advisor, solicitor, architect, or bank, all of whom are based in the United Kingdom;
  • We collect Identity and Contact Data from your clients and customers who pass your details to us for the purpose of us communicating with you in connection with services we are providing;
  • We also collect Business Data and Financial Data from accessing your accounts with third party suppliers, or with third party applications or online accounts, such as HMRC, The Agricultural Mortgage Corporation, the Rural Payments Agency, and the Land Registry who are based in the United Kingdom;
  • We collect Technical Data automatically when you interact with our website, by using cookies and other similar technologies.

How we may use your information

We will only use your personal data when the law allows us to. We may use your information for a number of legitimate purposes including the following:

  1. Compliance with legal, regulatory and corporate governance obligations and good practice
  2. Perform services you have requested
  3. Notify you about changes to our service
  4. To provide you with information about our work or our activities;
  5. Ensure we know how you prefer to be contacted
  6. Keep a record of your relationship with us.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

In addition, we may process your personal data without your knowledge or consent, where this is required or permitted by law.


We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

You may receive marketing communications from us in respect of our business and our services if you have requested information from us or purchased services from us and, in each case, you have not opted out of receiving that marketing.

We do not share your contact details with any third party for the purpose of that third party sending marketing. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us using the details above at any time.

Information Sharing and Disclosure

We may have to share your personal data with the parties set out below for the purposes set out in above:

  • Your professional advisers including your lawyers, accountants, financial advisors, bankers, insurers, architects, transport consultants, ecologists, flood risk consultants or other relevant professional advisors based in the UK or EEA.
  • Third parties who we may interact with on your behalf including HMRC, DEFRA, the Rural Payments Agency and other government bodies, the AMC, Local Authorities, Planning Inspectorate, any parties who contract with, or engage with, you.
  • Service providers based within the UK or wider EEA who provide IT and system administration services.
  • Our professional advisers including lawyers, bankers, auditors and insurers based in the UK or EEA who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs regulators and other authorities based in the UK who require reporting of our processing activities in certain circumstances.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfers

We may transfer your personal data to third parties providing services to us who are based outside of the European Economic Area (EEA). This includes parties providing IT administration services and hosting services (including Dropbox, Sage Coretime, Sage Accounts), and parties providing assistance with managing our marketing databases (including Mailchimp, Brief Your Market etc).

Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Transferring data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
  • using specific contracts approved by the European Commission which give personal data the same protection it has in Europe; or
  • for providers based in the US, we may transfer data to them if they are part of the Privacy Shield.

Keeping your records

We will only keep your records for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 Where we may store your information

The data that we collect from you will be transferred to and stored at the Brooks Leney’s registered office or with a GDPR compliant third party supplier.

By submitting your personal data, you agree to this transfer, storing or processing. Brooks Leney will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice.

Your rights

 Under certain circumstances, you have rights under data protection laws in relation to your personal data. These rights are set out below. If you wish to exercise any of the rights set out above, please contact us as below. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

You have the right to:

  1. Request a copy of the personal information we hold about you. We require you to prove your identity with two pieces of approved identification. Please submit your request in writing to contact details shown at the end of this notice. We will respond within one month, of receipt of your written request and confirmed ID. Please provide as much information as possible about the nature of your contact with us to help us locate your records. This request is free of charge unless the request is manifestly unfounded or excessive.
  2. Have any inaccuracies in your data corrected. If you would like to update the details we hold about you, please contact us on the details set out at the end of this notice.
  3. Request that we delete your personal data so it is erased from our records.
  4. Have the data we hold about you transferred to another organisation.
  5. Object to certain types of processing such as direct marketing.
  6. Object to automated processing, including profiling.

Changes to this notice and the way we treat personal information

We may update the terms of this privacy notice at any time, so please do check it from time to time. You can find our latest policy on our website at or by asking us for a copy.

We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address you have provided to us or by placing a prominent notice on our website. By continuing to use our website you will be deemed to have accepted such changes.

Enquiries and Complaints

Please contact us if you have any enquiries arising from this privacy notice. Where possible, please raise all enquires in writing.

If you are unhappy with our work or something that we have done or failed to do, please inform us in writing. Brooks Leney will acknowledge receipt of all complaints and will endeavour to investigate the complaint as soon as reasonably practicable.

All complaints should be sent to:

Chris Leney
Data Privacy Manager
Brooks Leney
Hyntle Barn, Hill Farm
Ipswich, IP8 3NU

Tel: 01473 831531

You may also complain directly to the Information Commissioner’s Office if you are concerned with how we are handling your personal information. Their contact details are shown below:

Information Commissioner’s Office,
Wycliffe House,
Water Lane,

Tel: 0303 123 1113 or 01625 545745

This Privacy Notice was last updated in May 2018. A hard copy or electronic copy of this notice is available on request by contacting the Data Privacy Manager.

© Brooks Leney, Hyntle Barn, Silver Hill, Hintlesham, Ipswich, Suffolk IP8 3NJ