Privacy Notice

Last updated: 20 September 2025

Who we are
Controller: Richard Hanstock, practising barrister, trading as DomainDisputes.net
Address: 2-3 Gray's Inn Square, London WC1R 5JH
Email: privacy@domaindisputes.net
Regulator: Bar Standards Board (BSB)

This notice explains how I process personal data when providing legal services (e.g., UDRP/URS representation), operating this website, and handling enquiries. I am a data controller under the UK GDPR and Data Protection Act 2018.

Data I process

  • Identity & contact (name, email, phone, address, organisation)
  • Case materials (domain names, screenshots, WHOIS/RDAP, correspondence, evidence bundles)
  • Technical/usage (IP, user-agent, device/browser, consent status; see Cookie Policy)
  • Billing (invoice details, payment confirmations — card data handled by the payment processor)
  • Special category/criminal data only if necessary (e.g., fraud/impersonation)

How I obtain data

  • Directly from you (form, email, phone, WhatsApp Business)
  • From an instructing intermediary/partner (with your permission for hand-offs)
  • Open sources (RDAP/WHOIS, site captures), opposing parties, and dispute providers (e.g., WIPO/Forum/Nominet)

Purposes & legal bases

  • Legal services (advice, drafting, representation; conflict checks): legitimate interests (UK GDPR Art. 6(1)(f)) and/or contract (Art. 6(1)(b))
  • Compliance & governance (BSB/ICO duties, complaints): legal obligation (Art. 6(1)(c)) and/or legitimate interests
  • Invoicing & payments: contract and legitimate interests
  • Website operations & security: legitimate interests
  • Analytics (aggregated): consent (no non-essential cookies before consent)
  • Special category/criminal data (only if needed): Art. 9(2)(f) (legal claims) and relevant DPA 2018 conditions

Sharing

I share data only when necessary and proportionate: dispute providers/courts; opponents/representatives; trusted processors (hosting, email, storage, analytics (consent-based), payments); professional advisers/insurers/regulators. If a monitoring vendor introduces you, hand-offs use client-authorised structured data.

International transfers

Where processors are outside the UK, I use the UK addendum to SCCs, an adequacy decision, or other permitted safeguards.

Retention

  • Case files: normally 7 years from closure (longer if needed)
  • Accounting: 6 years
  • Enquiries (no engagement): typically 12 months
  • Cookies/analytics: per your consent and vendor retention

Your rights

Rights of access, rectification, erasure, restriction, objection, portability (where applicable). Where I rely on consent, you can withdraw it at any time. These rights may be limited where processing is for the establishment, exercise or defence of legal claims.

Cookies & analytics

I use a consent banner. Non-essential cookies (e.g., Google Analytics) only load after consent. Manage preferences via “Cookie settings.” See the Cookie Policy for details.

Security

I apply appropriate technical and organisational measures (encryption where feasible, access control, least-privilege).

Contact / complaints

privacy@domaindisputes.net •
Information Commissioner’s Office (ICO): ico.org.uk, 0303 123 1113 •
Bar Standards Board: barstandardsboard.org.uk