DeNovo Law
  • Home
  • People
  • Services
    • Costs Negotiations
    • Costs Monitoring
    • Costs Seminars
    • Bill of Costs
    • Schedules of Costs
    • Submissions
    • Advocacy
    • Cost Budgets
  • News
  • Careers
  • Seminars
  • Contact us
DeNovo Law
  • Home
  • People
  • Services
    • Costs Negotiations
    • Costs Monitoring
    • Costs Seminars
    • Bill of Costs
    • Schedules of Costs
    • Submissions
    • Advocacy
    • Cost Budgets
  • News
  • Careers
  • Seminars
  • Contact us

linkedin

Privacy Policy

Privacy notice – Clients, Suppliers, Other Third Parties

Introduction

  • DeNovo Legal Services (“DeNovo”) is a data controller in respect of personal data of individuals mentioned in its clients’ files and individuals working for suppliers.
  • This means that DeNovo is responsible for deciding how it processes personal data about you. In some circumstances, DeNovo may control your data jointly, with other data controllers, in which case, it shall have in place a joint data controller agreement. In some cases, DeNovo will process your data on behalf of its clients, and will have in place an appropriate data controller agreement. This notice applied where DeNovo controls your personal data.
  • This privacy notice describes how DeNovo is, or will be, processing personal data about you during your relationship with us. “Processing” in this context includes actions as collecting, using, storing, disclosing, erasing or destroying your personal data.
  • References to your “personal data” will, as the context requires, include “special categories of personal data”, which involves more sensitive information about you.
  • Our main office address and contact number are: Denovo Legal Services Ltd, 6 Bevis Marks, London, EC3A 7BA
  • We have appointed a data protection manager responsible for data protection within the business (“DPM”) whose contact details are as follows: Afqar Dean, 020 3633 6827
  • The DPM is responsible for overseeing compliance with this privacy notice and for handling any data protection queries or issues involving DeNovo.  You should contact the DPM in the first instance about any issue involving data protection, whether it involves your data or anyone else’s.

What Information We Collect

  • We collect and use different types of Personal Data about you, which will vary in type and detail depending on the circumstances and purpose of processing. Please consider the following illustrative and non-exhaustive examples:
    • Personal Data about you: name, address, date of birth, marital status, nationality, race, gender, preferred language, job title, work life and restrictions and/or required accommodations, possibly about your family life;
    • Personal Data to contact you at work or home: name, address, telephone, and e-mail addresses;
    • Personal Data which may identify you: photographs and video, passport and/or driving licence details, electronic signatures.
  • We may collect names, contact numbers and email addresses from individuals who work for our suppliers. We refer to these individuals as “Third Parties” in this Privacy Notice.

How and Why Do We Collect Your Personal Data?

  • In some circumstances, we may obtain Personal Data from you as the data subject directly but will frequently obtain Personal Data from a third-party source, for example, we may collect information from our clients/our clients’ personnel, agents and advisors, other law firms/advisors which represent you, the company for whom you work, other organisations/persons with whom you have dealings, government agencies, credit reporting agencies, information or service providers and publicly available records. We use this Personal Data to conduct Costs Drafting services for our clients.
  • We collect Third Party data direct from Third Parties and/or the businesses for whom they work who are clients or suppliers of DeNovo.

What are the Legal Bases and the Purposes for Which We Process Your Personal Data?

  • We will only use your personal data as permitted by law.  We will usually only use your personal data in one of the following circumstances:
    • Where we have your consent to do so.
    • Where we need to perform a contract with you
    • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We are required to specify what the legitimate interests are (see below for further details).

Necessary for Our Legitimate Interests or Those of a Third Party

  • DeNovo processes some Personal Data on the basis that it is necessary for its legitimate interests and/or the legitimate interests of a third-party to do so. This will primarily concern the processing of Personal Data that is necessary to provide legal advice and services to our clients. DeNovo’s legitimate business interest in such instances is the proper performance of its function as a provider of costs drafting services. DeNovo’s clients also have a legitimate interest (and more general right in law) in obtaining legal advice and services.
  • DeNovo’s broad interest in the provision of costs drafting services as a basis for processing Personal Data, and our clients’ corollary interest in the receipt of such services, can be broken down into more discreet categories which may include, but are not limited, to:
    • the interest in contacting individuals relevant to DeNovo’s work and our clients’ matters, which may involve the use of your Personal Data;
    • the interest in reviewing documents and correspondence that have been disclosed to DeNovo, DeNovo’s clients and third-parties which may contain your Personal Data;
    • the interest in reviewing and analysing all evidence available to DeNovo and its clients, which may contain your Personal Data;
    • the interest in adducing legal arguments, creating documents and correspondence, which may contain your Personal Data;
    • the interest in disclosing documents and correspondence, which may contain your Personal Data, to various parties in the furtherance of DeNovo’s clients’ objectives;
    • the interest in instructing third parties on behalf of DeNovo’s clients such as Counsel; and
    • in order to allow for all of the above, the secure management and storage of your Personal Data, within our IT environment and hard-copy filing systems.

"Special Categories" of Personal Data

  • ”Special categories” of personal data require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal data.
  • If DeNovo processes your criminal records Personal Data or special category Personal Data relating to your racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, health data, biometric data or sexual orientation, we will obtain your explicit consent to those activities unless this is not required by law (because, for example, it is processed for the purpose of exercising or defending legal claims or because it may be a Home Office requirement for such information to be disclosed to the appropriate authorities when applying for a visa in relation to which we have been instructed) or the information is required to protect your health in an emergency. Where we are processing Personal Data based on your consent, you have the right to withdraw that consent at any time.

Change of Purpose

  • We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so, before we start using it for that unrelated purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is permitted by law.

Sharing Data

  • We may share your data with third parties, including third-party service providers and any sub-contractors of those service providers where required by law, or where we have a legitimate interest in doing so.
  • We require third parties to respect the security of your data and to treat it in accordance with the law.

How Secure is Your Information with Third Party Service Providers?

  • All our third party service providers are required to take appropriate security measures to protect your personal data in line with applicable legislation. We do not allow our third party service providers to use your personal data for their own purposes unless they are data controllers in their own right in relation to your personal data. Where they operate as our “data processors” (i.e. they process your personal data on our behalf and acting only on our instructions), we only permit them to process your personal data for specified purposes and in accordance with our instructions.

What About Disclosure to Other Parties?

  • We may share your personal data with other third parties, for example to external legal or other professional advisers, or to otherwise comply with the law. 

What Safeguards are in Place in Relation to the Transfer of your Personal Data Outside of the EU?

  • In accordance with this Notice and the provisions of the GDPR, we may transfer your Personal Data to organisations located in “third countries” (those outside of the EEA). In addition to the security arrangements mentioned above in relation to our engagement of third-party organisations, where such transfers are required we will ensure that your Personal Data is adequately protected, for example, by using a contract for the transfer which contains specific data protection provisions that have been adopted by the European Commission or a relevant data protection authority. If you want to request evidence of the lawful basis for any overseas transfer of Personal Data, please contact the DPM.

How Long Will We Retain Your Personal Data?

  • We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  Details of retention periods for different aspects of your personal data details of which are available from our DPM.  To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

What Are Your Rights and Obligations as a Data Subject?

  • Your duty to inform us of changes - it is important that the personal data we hold about you is accurate and current. Please let us know of any changes.  We will update your records promptly upon being notified of such changes.
  • Your rights in connection with personal data - under certain circumstances, by law you may have the right to:
    • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
    • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
    • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
    • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
    • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
    • Request the transfer of your personal data to another party
  • If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact the DPM in writing.
  • No fee usually required  - you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.  Alternatively, we may refuse to comply with the request in such circumstances, as permitted by the relevant legislation.
  • What we may need from you - we may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
  • What are your rights to withdraw consent to processing? Where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent contact the DPM. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

What Measures are in Place to Protect the Security of my Information?

  • We have put in place measures to protect the security of your information. Details of these measures are available upon request but in brief, we secure the storage of your data on iCloud, and restrict access to only those employees, agents, contractors and other third parties who have a business need to know. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
  • Third party data processors will only process your personal data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
  • We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
  • We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Changes to this Privacy Notice

  • We reserve the right, from time to time, and at our sole discretion, to change or update this Privacy Notice.
  • All changes to this Privacy Notice will be published on this page. Upon publication, each change will become effective and you will be deemed to be aware of and bound by it. You should therefore review this Privacy Notice regularly to ensure that you are up-to-date with the current terms of the Privacy Notice.
  • If you have any questions about this privacy notice, please contact the DPM.

What are your Rights to Lodge a Complaint about the Way in Which your Personal Data are Being Processed?

  • Firstly we would urge you to contact the DPM in writing so that we can try to resolve your complaint to your satisfaction.  If you are not satisfied with the DPM’s response, and your concern relates to personal information being processed in the UK,  you may contact the Information Commissioner’s Office (“ICO”) on 0303 123 1113.
  • You are free to contact the ICO at any time.  However, the DPM may be able to answer your concerns or questions more quickly. 
costs lawyers
  • Cookies Policy
  • Privacy Policy
  • Complaints Procedure
  • Equality and Diversity
  • Sitemap
  • Costs Lawyers
  • Precedent S
  • Litigation costs
  • Costs Budget
  • Costs Budget
  • Bill of Costs
Copyright © 2025 DeNovo Law. All Rights Reserved.
Website design by Identity - Ipswich Web Design
Submit you CV

Please let us know your name.
Please let us know your email address.
Please write a subject for your message.
Please let us know your message.
Invalid Input

Afqar (Aff) Dean, Director

Afqar Dean is a leading legal costs specialist with over 30 years’ experience advising on high-value and complex disputes across multiple jurisdictions, including England and Wales, the Dubai International Financial Centre, Jersey, and British Overseas Territories.

He has acted on some of the UK’s most significant commercial litigation cases, representing and advising an extraordinary range of clients — from multinational corporations and major law firms to high-profile individuals, including political figures, members of royal families, sports stars, and entertainers.

Afqar’s expertise covers all aspects of contentious costs, including costs budgeting, assessments, solicitor–client disputes, professional negligence claims, and costs issues in international arbitration. He is also highly experienced in auditing legal costs, ensuring compliance, accuracy, and financial transparency for clients.

Among the first practitioners to qualify as a regulated Costs Lawyer, Afqar holds full rights of audience in costs proceedings. He is also a training provider, delivering bespoke seminars and education programmes for law firms and legal teams. A strong advocate for diversity and social mobility within the profession, Afqar is committed to widening access and opportunity in legal practice.

Education/admissions

Afqar is involved in the firm's diversity initiatives and a keen advocate for social mobility and opportunities for all.

Afqar was amongst the first in our profession become a regulated Costs Lawyer.  He enjoys rights of audience in relation all costs proceedings.

Afqar is also an accredited training provider.

Dr Michael Heslin, Director

Michael Heslin is a Costs Draftsman with over 25 years’ experience acting in some of the most substantial and complex costs disputes in the UK. He co-founded DeNovo in 2004 and has since built it into one of the country’s leading independent costs consultancies, trusted by top UK and international law firms, insurers, and private clients.

Michael has personally prepared or defended more than 100 multi-million-pound costs claims, including several of the largest to come before the Senior Courts Costs Office. His experience spans high-value commercial litigation, intellectual property disputes, clinical negligence claims, and solicitor-client assessments. Notable projects include preparing Kuwait Airways’ £40M+ costs claim following the longest-running case in the history of the Commercial Courts, major pharma and telecoms patent litigation costs cases involving household-name multinationals, and acting in the Excalibur Ventures case — which included a landmark decision on costs and litigation funding.

Alongside his fee-earning practice, Michael has extensive management and mentoring experience. At DeNovo he has trained and led teams of costs lawyers and consultants, overseeing projects of prodigious scale. He has also provided seminars and training to leading law firms, blogged extensively on developments in costs law, and acted as an expert witness in costs litigation

Michael’s academic credentials are exceptional within the profession. He holds an LL.B (Hons), an LL.M (Distinction) focused on commercial litigation, and a PhD in Law from the University of East Anglia, awarded in 2024 for a thesis on responsibility theory and enterprise liability. He is also currently undertaking further postgraduate study in Competition and Regulatory Policy at the internationally renowned Centre for Competition Policy, reflecting his ongoing commitment to advanced legal and policy research.

Clients value Michael for his combination of technical precision, strategic insight, and clear communication. Whether working on behalf of paying or receiving parties, he brings authority, creativity, and a results-driven approach to the resolution of costs disputes.

Experience and notable cases

Kuwait Airways Corporation (KAC) –v- Iraqi Airways Company (IAC) – Following the longest running commercial case in the history of the English courts I prepared KAC’s massive costs claim, one the largest ever to reach the doors of the Senior Courts Costs Office. Legal costs claim of >£40M.

Pharma patent litigation – I was instructed by a leading global law firm on behalf of the successful parties in patent infringement and revocation proceedings involving some of the world’s largest pharmaceutical companies. Legal costs claim of >£5M.

Telecoms patent litigation – I was instructed by a top tier specialist firm of patent litigators to prepare various complex costs statements following trials and appeals involving some of the world’s largest technology corporations. Legal costs claim of >£10M.

High-profile costs claim following failed £100M civil recovery proceedings – instructed by a market leading international litigation team acting for a foreign citizen whose worldwide assets were subject of a civil recovery claim brought by the National Crime Agency (NCA). My team and I prepared a number of high value interrelated claims for costs on behalf of the successful party . Legal costs claim of >£5M.

Excalibur Ventures v Texas Keystone – The case generated several decisions of wider importance in the legal costs field (relating to security for costs, indemnity costs, and the availability of a non-party costs order against professional funders – a point on which the Association of Litigation Funders also intervened). I prepared the successful party's costs breakdowns and provided witness statements in support of its security for costs applications. Following the conclusion of the substantive litigation I prepared the defendant’s £20M> costs breakdown.

Challenge to remuneration and expenses of joint administrators – instructed by a market leading international litigation team: I was instructed to prepare a detailed challenge to the charges of a global financial consultancy and their advisers (including two high-profile international law firms), in connection with the administration of a UK energy supplier. The application for assessment of fees and expenses of >£5M under the Insolvency Act 1986 was the first significant challenge of its kind in 20 years.

Education

LLB (Hons) – University of London (1994)

LLM (Distinction) – University of East Anglia (2018)

PhD (law) - University of East Anglia (2024)

Professional and research interests: Costs law and practice, litigation funding, responsibility theory, vicarious liability, products liability, litigation practice, philosophical foundations of tort law. My doctoral thesis examined relationships between (pre-moral, pre-legal) outcome responsibility and strict tortious obligations of repair. Time permitting, future research output will address aspects of costs law and practice, third party litigation funding, as well as approaches to responsibility for harm caused by intelligent products (for ‘algorithmic accidents’).