Privacy Policy


This privacy policy governs the collection, processing and storage of data by Byfield Consultancy. It covers the type of data collected, how this information is processed and stored, and a subject’s legal rights with regard to their personal data. This policy covers Byfield’s clients, our interactions with journalists and other significant individuals and interactions where data is transferred and processed by our agency.

Byfield Consultancy complies with all relevant national and international legislation in regards to data protection and user privacy, which includes:

  • The Data Protection Act 1998;
  • The Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426);
  • The EC Data Protection Directive (Directive 95/46/EC);
  • The EC Privacy and Electronic Communications Directive (Directive 2002/58/EC);
  • The General Data Protection Regulation (EU) 2016/679

Byfield Consultancy’s Data Protection Officer is Asad Moghal (

About Byfield Consultancy

Byfield Consultancy (Byfield) is a market leading communications advisor to the legal profession. Our senior management team has over 40 years’ experience of working with law firms, barristers’ chambers and other legal sector based businesses, advising them on how to develop compelling communications strategies that help grow and protect their reputations, drive their business development and raise the profile of their brands.

Founded in 2007, we now employ 16 staff operating out of our London office where we serve domestic and international clients through our three core service offerings of legal PR, crisis PR and litigation PR.

Byfield as a Data Controller

The Type of Data Byfield Consultancy Collects

To deliver our services, Byfield Consultancy collects data about clients, journalists and other businesses and individuals. This data includes name, company, position and company contact information including telephone numbers, address and email address.

We do not process sensitive data on clients, journalists or other individuals, such as religious information, health history and criminal records.

Byfield Consultancy also collects and processes user data through its website, which includes traffic data, geographic data and other communication data.

Why We Collect Data

Byfield collects, processes and stores data for a legitimate interest in helping to raise our clients’ practices through the media.

We serve the interests of our clients who have tasked Byfield Consultancy with raising the profile of their firms and their services. This also serves the interests of journalists as it provides the necessary channels of communications they require to carry out their work. Byfield Consultancy collects, processes and stores data to facilitate these interests.

Byfield Consultancy also collects and processes data for marketing purposes. This data will include information used to analyse the effectiveness of Byfield’s website, such as traffic data, geographical data and other communications data. Byfield may also use data for direct mail marketing, email marketing and telephone marketing, the processes of which comply with relevant national and international legislation.

How We Collect Data

All data handled by Byfield Consultancy must be collected, processed and stored lawfully.

Data is collected through a number of means, including:

  • Directly from clients / journalists / other individuals themselves;
  • Referrals from individuals and institutions associated with Byfield Consultancy;
  • Public records, such as corporate websites and media publications;
  • Databases, such as journalist contacts databases; and
  • Verified social media platforms

Data is also collected through cookies, which provide user information gathered through Byfield Consultancy’s website. Cookies are downloaded onto a user’s computer and stored on the computer’s hard drive, providing statistical data. The cookies will never provide personal data.

Byfield as a Data Processor

How We Process and Store Data

Data processed and stored by Byfield Consultancy is handled by our staff in the UK and Canada, and for purposes of IT hosting and maintenance, our servers are located within the European Union. Our IT services and structures are provided by Virtual IT (company registered address: Virtual IT Ltd, 135 Salusbury Road, Greater London, NW6 6RJ). Our processes comply with all relevant national and international legislation.

In conjunction with our IT service providers, we have taken the appropriate steps to ensure all data is held securely and can only be accessed by authorised individuals. Data can only be accessed through a secure remote desktop that is password protected and this connection can only be accessed by Byfield Consultancy employees or by the agency’s IT services provider on Byfield Consultancy employees’ instruction and under their supervision.

Data is stored, processed and accessed on platforms including, but not limited to, Byfield Consultancy’s CRM system, email client, media relationship client and content management systems.

Data is only processed when explicit consent has been received by the data subject. This information is then stored and catalogued. All Byfield Consultancy staff have been trained in line with our data protection policies.

Byfield maintains complete and accurate written records of all processing activities carried out by it and its data processors, which includes data of clients, journalists and other significant individuals.

How Long Do We Keep Your Data?

We regularly ensure that all data kept by Byfield Consultancy is relevant and accurate; all data is kept up to date and all inaccurate information is corrected. Byfield Consultancy only keeps data it deems necessary to fulfil its functions.

Data is only kept for the period it is required and is destroyed when Byfield Consultancy deems it no longer necessary. Data is also removed if consent is not explicitly given by the data subject.

 Byfield Consultancy Website

To maintain and run Byfield’s website, we collect and process data about users, including:

  • Information about usage of our site, including pages viewed and resources accessed, and traffic data, geographical data and other communication data;
  • Information volunteered by the user; and
  • Information provided by users when communicating with Byfield Consultancy.

This information is gathered by cookies – please see the How We Collect Data section for further detail on how Byfield Consultancy uses cookies.

Byfield Consultancy also uses Google Analytics to track and analyse user data. Google Analytics records data including, but not limited to, geographical location, browser and operating system information and other communications data.

Google’s privacy policy can be found here.

Byfield also uses Passle as an external blogging platform.

Passle’s privacy policy can be found here.

Your Rights

According to the Data Protection Act 1998 and the General Data Protection Regulation 2016/679, you have the following rights in regards to your data:

  • To ask Byfield Consultancy to provide you with a copy of the data it holds on you;
  • To ask Byfield Consultancy to correct any out of date or incorrect data we hold on you; and
  • To opt-out of any marketing communications that Byfield Consultancy may send you.

If you want to exercise any of these rights, please contact Asad Moghal (

Subject Access Request Policy

Under the General Data Protection Regulation, data subjects may request that an organisation share all information that they hold on them. As a data controller, Byfield Consultancy is legally obliged to comply with these Subject Access Requests (SARs).

For each request Byfield has 30 days to respond, however if the volume of data is excessive we can request an extension of up to two months from the data subject. Byfield must provide records of all the data that we hold on the subject, including data held on our various systems including CRM, servers and any data held on paper or any other physical formats.

These requests will be managed by Byfield’s Data Protection Officer.

 Data Breaches

In respect of any personal data breaches, Byfield Consultancy will notify the affected data subjects without undue delay (within 30 days) and will provide any details regarding the nature of the breach, as well as information on the data that has been compromised.

Byfield Consultancy will investigate the nature of the breach, and will implement any necessary measures, including notifying the relevant regulatory bodies if required.

Company Registered Address

Byfield Consultancy

9 Staple Inn