Privacy Policy


This is the privacy policy of Trevor Gilbert & Associates, which describes how we deal with your personal data.

This privacy statement is in compliance with the General Data Protection Regulation (EU) 2016/679)) and sets out your rights as a client of Trevor Gilbert & Associates Ltd, part of the TRG group (“TRG”, “TGA”, “Employment Experts,” “Witness Box,” “Pathfinder”, “Casetracker”, “Pocket Witness”, “firm” “we”, “us”, “our”, and “ours”) or as a visitor to any of our company websites.

Glossary of terms

‘Client personal data’ – means any personal data provided to us by you, or on your behalf, for the purpose of providing our services to you, pursuant (in accordance with a legal document) to our Terms & Conditions. This can include:

  • Client names and contact information
  • Legal documents detailing the particulars of a claim
  • Medical reports
  • Training & Employment history
  • Payroll and accounting data

‘Sensitive personal data’ – refers to the above but includes genetic data and biometric data. For example:

  • Medical conditions
  • Religious or philosophical beliefs and political opinions
  • Racial or ethnic origin
  • Convictions
  • Biometric data (eg photo in an electronic passport)

‘Data protection legislation’ – means all applicable privacy and data protection legislation and regulations including GDPR and any applicable national laws, regulations and secondary legislation in the UK relating to the processing of personal data and the privacy of electronic communications, as amended, replaced or updated from time to time; ‘controller’, ‘data subject’, ‘personal data’, and ‘process’ shall have the meanings given to them in the data protection legislation;

‘Data controller’ – For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed. TGA, our employment experts and case management team are classed as data controllers.

‘Data processor’ – means anyone in the organisation who processes data for a data controller.

‘Data processing’ – means any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not or actions including collecting, recording, organising, structuring, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction of storage of personal data.

‘GDPR’ – means the General Data Protection Regulation ((EU) 2016/679);

How we use your data

TGA will only use your personal data to provide the services you have requested from us, detailed in our Terms of Business and cost assessment Form H. We will only use this information subject to your instructions, the General Data Protection Regulation and our duty of confidentiality.

Where you provide us with client or sensitive personal data, each person that handles it will be considered as an independent data controller in relation to this data. Each of us will comply with all requirements and obligations applicable to us under the data protection legislation. TGA will not sell, trade or pass on your information on to any third party. You shall only disclose client personal data to us where:

  • You have provided the necessary information to the relevant data subjects regarding its use.
  • You have a lawful basis to do so, which, in the absence of any other lawful basis, shall be with the relevant data subject’s consent;
  • You have complied with the necessary requirements yourself under the data protection legislation that allow you to do so.


Data may only be processed with the consent of the person whose data is held. Therefore if they have not consented to their personal details being passed to a third party this may constitute a breach of the GDPR. By instructing TGA to prepare employment reports for use in Personal Injury or Employment Tribunal litigation or any other matter involving a loss of earnings and providing us with personal data of claimants or defendants such as information contained in a CV, payslip, employer’s reference, medical report, schedule of loss or particulars of a claim, clients will be giving their consent to the processing of these details for:

  • General case management
  • Research for the purposes of writing employment reports
  • Vocational rehabilitation
  • Legal and regulatory compliance

Data Security

All personal data that we obtain from you is held on our secure database. Client personal data is likely to include information such as your name, address, email address and position within your organisation. Medical data is processed only for the preparation of loss of earnings reports in personal injury claims. Both categories of data are stored for the purposes of case management, digital case management via our Casetracker portal and the management of business enquiries. We do not collect personal data on race, ethnicity, religious or political beliefs, sexual orientation, genetic or biometric information that can be used to identify a person.


We would like to send you news and information about our services which may be of interest to you.  If you have consented to receive marketing, you may opt out at any point as set out below.

You have a right at any time to stop us from contacting you for marketing purposes.  To opt out please email:

Transferring your information outside of the European Union

The information which you give to us may be transferred to countries outside the European Union (“EU”). For example, we may need to provide a  report where litigation is conducted abroad.  Where this is the case we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy.  By submitting your personal data, you’re agreeing to this transfer, storing or processing.  When transferring data to the U.S., we will ensure third-parties are operating under the “Privacy Shield” whereby participating companies are deemed to have adequate protection and therefore facilitate the transfer of information from the EU to the U.S.

If you use our services while you are outside the EU, your information may be transferred outside the EU to give you those services.

How long do we hold your data?

Marketing: We will hold your data for a period of 6 years with a review every 3 years.  You will have the opportunity to opt out or update or delete data at any point should you need to do so and details are set out in this policy as to how to do that.

Contracted Services:

We will hold your data for 7 years in line with our regulatory requirements.

Access to your information

It is your right to request a copy of the information that we hold about you.  If you would like a copy of some or all your personal information, please email or write to us at the following address: Trevor Gilbert & Associates, Westerfield Business Centre, Ipswich IP6 9AB. We will respond to your request within one month of receipt of the request.

We want to make sure your personal information is accurate and up to date.  You may ask us to correct or remove information you think is inaccurate by emailing writing to the above address.

Objections to the processing of your data

It is your right to lodge an objection to the processing of your personal data.  The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claims.

Your right to be forgotten

You have a right to request the erasure of your personal data. This request can be made verbally or in writing, to which we are obliged to respond within one month. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claims.

Data Portability

You have the right to request any personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:

  • The processing is based on consent or on a contract, and
  • The processing is carried out by automated means.

Other Websites

Our company website(s) may contain links to other websites. Trevor Gilbert & Associates is not responsible for the privacy practices or the content of any web sites to which links are provided.

How to make a complaint

You have the right to lodge a complaint with the Information Commissioners’ Office if you are in the UK, or with the supervisory authority of the Member State where you work, normally live or where the alleged infringement of information protection laws occurred. The Information Commissioner’s Office can be contacted at

Changes to our Privacy Policy

This privacy policy was published on 25th May 2018 and last updated on 25th May 2018.

TGA continually reviews its privacy practices and may change this policy from time to time. When it does, an amended privacy notice will be placed on our company website.


If you’d like any further details about how we use your personal data, please contact our Compliance Officer, Chris Gilbert:

The Compliance Officer,
Trevor Gilbert & Associates,
Westerfield Business Centre,
Ipswich IP6 9AB