GDPR Policy


This document should be viewed alongside our Privacy Policy as they both form part of our GDPR Compliance document.


The sections below identify where we store data about you (our customers).

We have acquired this data either when you visit our website or when you have contacted us directly to inquire about or request one of the services we provide.

After a review of the types of data we hold and the purposes we hold this data for, we have concluded that we do not require a Data Protection Officer, instead we will ensure that our staff manage and audit your data to ensure it is kept safe.

In accordance with the GDPR, site visitors have the right to access their data or "be forgotten" (to be permanently deleted from your databases).

If after reviewing our Privacy and GDPR Policy you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at or send us mail to: Legg and Son, 25 Poundbury Crescent, Dorchester, Dorset, DT1 1PE.

We have implemented policies and procedures to ensure that all data is kept safe and relevant.

When we start any new projects or services that may require us to acquire new data or information about you, we will create a document to record the actions and decisions that we take around handling personal data. This includes new processes/procedures for obtaining consent, doing data protection risk/impact assessments (where relevant) and explaining how and when we will delete personal data.

Our privacy policy lays out precisely our purposes for processing and storing your personal information.

We carry out regular audits of our technical processes to ensure that data is backed up securely and regularly.


3rd Parties we use to enable us to carry out our contractual obligation to you



  • Google Cloud – Google Drive

We store some user Data used for quotation and contact purposes on our Google Drive for backup and business continuity purposes. The GDPR information relating to this service can be found here:


  • 1 and 1 Web Hosting and Email Services

We use 1 and 1 as our Domain Name and Email service Providers. The Domain name service has no impact on the Privacy or GDPR policy, however as we use them as our Email service provider, some email data may be stored on 1 and 1 servers, so please find a link to their Privacy Policy and Terms and Conditions.


  • Wix Website Design and Hosting Service

We use Wix as our Website design and hosting service. For information on how Wix handles your site visitors' data please review sections 8, 12, and 13 of Wix's Privacy Policy

Cookies are used as part of our website design. As such it is our responsibility to inform our visitors how our Wix site processes your data. Please click here to learn more about which cookies are placed on our site visitors' browsers.


  • Kashflow (Iris) Accounting Package

We use Kashflow (Iris) as our main accounts package. We use our accounts package to store and maintain a contact database to enable us to contact and send relevant information or invoice details for our general, day to day business practices. A copy of their privacy and GDPR policy can be found on the following links:

KashFlow GDPR Guide.pdf
Envestnet Yodlee GDPR FAQ - Jan 2018[2].pdf


  • Joy Lane & Co. Accountants

Our Business Accounts firm also have access to our Kashflow Account, and therefore have access to some user data relevant to their accounting purposes. Please find copies of their Privacy Policy and General Terms with specific GDPR statements.