Casey

UK GDPR

Data protection support for legal witness workflows.

Casey is designed for UK legal practices that process personal data in dispute handling, witness statements, and legal case management. This notice explains how the platform fits into a firm's own UK GDPR governance.

Privacy policyTerms of service
Controller responsibility stays with the firm
The firm determines the legal basis, privacy wording, matter retention, disclosure decisions, and responses to data subject rights.
Processor support from Casey
Casey provides the hosted workflow, access controls, operational safeguards, and product records needed to process data on the firm's instructions.
Evidence of notice
Witness intake presents a privacy notice before the flow continues, and acknowledgement can be stored against the witness statement record.

Compliance model

Built to support, not replace, firm governance

Casey helps firms control access to data, keep records of activity, limit use to legitimate legal purposes, and reduce the chance of unauthorised disclosure.

UK GDPR principles
Lawfulness, fairness, and transparency
Purpose limitation and data minimisation
Accuracy and storage limitation
Integrity, confidentiality, and accountability
How Casey helps
Firm-scoped access for legal teams
Time-bound, statement-specific witness links
Audit-friendly statement, upload, submission, and follow-up records
Configurable witness intake flows for different matters
Data subject rights
Requests should be handled by the firm that controls the relevant matter.
Depending on the legal basis and the firm's obligations, data subjects may have rights to access, rectify, erase, restrict, object to processing, or request portability.
Firm responsibilities

Casey is a tool used by legal professionals to support data protection processes. It is not a substitute for the firm's own privacy notices, record of processing activities, retention rules, data-processing terms, or legal advice.

Firms should confirm their own lawful basis, client-care wording, witness privacy notice, processor terms, transfer position, retention policy, and incident response process before using the service for live matters.