Heroes Legal HelpHeroes Legal HelpPart of Heroes Hub
Get free advice

Legal

Data Protection Policy

Last updated: 30 June 2026

This Data Protection Policy sets out how M3 Partners Limited, including its Heroes Legal Help service, complies with its obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Scope

This policy applies to all personal data processed by M3 Partners Limited and its subsidiary brands, including Heroes Legal Help, regardless of the format in which it is held, and to all employees, contractors, and third parties acting on our behalf.

2. Data protection principles

We process personal data in accordance with the following principles:

  • Lawfulness, fairness, and transparency.
  • Purpose limitation, collected for specified, explicit, and legitimate purposes.
  • Data minimisation, adequate, relevant, and limited to what is necessary.
  • Accuracy, kept accurate and, where necessary, up to date.
  • Storage limitation, kept no longer than necessary.
  • Integrity and confidentiality, processed securely.
  • Accountability, we can demonstrate compliance.

3. Roles and responsibilities

M3 Partners Limited acts as a data controller in respect of personal data collected directly through our websites and business activities, including Heroes Legal Help. The Directors are accountable for compliance with this policy. Day to day responsibility for data protection matters sits with our nominated data protection lead.

4. Lawful bases for processing

We will only process personal data where we have identified a valid lawful basis under Article 6 of the UK GDPR, and, where applicable, an additional condition under Article 9 for special category data.

5. Data subject rights

We respect the rights of data subjects, including the right of access, rectification, erasure, restriction, objection, and portability. Requests will be acknowledged without undue delay and responded to within one month, in line with the UK GDPR.

6. Security measures

We maintain appropriate technical and organisational measures, including access controls, encryption in transit, secure backups, vendor due diligence, and ongoing staff awareness, to protect the confidentiality, integrity, and availability of personal data.

7. Data breach management

Any actual or suspected personal data breach must be reported internally without delay. Where a breach is likely to result in a risk to the rights and freedoms of individuals, we will notify the UK Information Commissioner's Office (ICO) within 72 hours and, where required, notify affected data subjects.

8. Third parties and processors

Where we engage third parties to process personal data on our behalf, including panel solicitors who receive case referrals, we put in place written agreements containing the provisions required by Article 28 of the UK GDPR, and conduct due diligence on the processor's security and compliance posture.

9. International transfers

Transfers of personal data outside the UK are subject to appropriate safeguards, including adequacy regulations, the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses together with the UK Addendum.

10. Review

This policy is reviewed at least annually and updated as required to reflect changes in law, regulation, guidance, or our business practices.

Questions about this policy can be sent to help@heroeslegalhelp.co.uk or to our registered office: Hive 365, Astute House, Wilmslow Road, Handforth, Cheshire, England, SK9 3HP.