Sale of Lorient North America


OTB Eveling has advised the majority shareholder of Lorient Overseas Limited, the associated US business leading designer/manufacturer of high performance door sealing systems Lorient Group, on its cross-border sale to Assa Abbloy, a global supplier of lock and security solutions. The firm acted for shareholder Kentucky Door Edge Products, who became the majority shareholder of the Lorient North America business – based in Lexington, Kentucky – back in 2009 following a management buy-out, in a deal also handled by the firm.

The OTB Eveling team was led by Managing Partner James Eveling, with support from Emma Thomas. James Eveling commented: “We are delighted to have assisted the client on the sale, which for them represents the culmination of a hugely successful period of building the US business of Lorient over a long period of time. Personally, it was really pleasing to have been able to stay with these clients as advisers during their journey since the MBO of the US-arm of the business nearly 10 years ago, a deal I remember well. We wish them the very best for the next chapter of the business under the ownership of global leader Assa Abbloy”.

President of Lorient North America and director of Kentucky Door Edge Products comments:
“James and Emma at OTB Eveling were a pleasure to work with, they delivered value at every stage and their advice and support in delivering the transaction was invaluable. Having them involved since our MBO 10 years ago was a huge help, as they understood our business and the team involved.”

Posted in Firm News | Tagged , | Leave a comment

OTB Eveling Recognised in Latest Legal 500 and Chambers Rankings

We are delighted to report that OTB Eveling is again listed amongst the top law firms and solicitor rankings in the latest editions of the Legal 500 2018 and Chambers and Partners UK 2019 guides.

Legal 500 Highlights

For the first time, we are now ranked as a Tier 1 firm in Corporate and Commercial within the region.

With regards the corporate team, they say ‘In addition to acting for a large number of local and regional SMEs, OTB Eveling is regularly instructed by multinational corporates and London-based investment syndicates on complex cross-border corporate transactions and commercial agreements. Clients rate the team for ‘successfully closing deals in the face of demanding timescales and unfamiliar foreign business practices’.

David Gebbie is recommended as a Leading Individual particularly for his work with international clients. James Eveling is also mentioned for ‘leveraging a wealth of international and general corporate experience and assisting target companies and investors with strategic equity investment transactions.’

Our Property Team, led by Keith Biggs, is recognised ‘in commercial leasing, and investment and development transactions in the leisure, retail and residential sectors.’ Working in conjunction with the corporate group, the property team has also been involved in a number of hotel sales.

Our Employment Team, led by Matthew Huddleson, is recognised as it advises corporate and commercial clients on TUPE, restructuring, redundancies, reorganisations, changes to terms and conditions, staff transfers and corporate transactional support.

Chambers and Partners Highlights

Once again, the OTB Eveling Corporate and Real Estate teams have been individually recognised. Chambers have also recognised James Eveling, Keith Biggs and Matt Huddleson as “notable practitioners”.

Clients praise James Eveling for being “approachable and patient” and having “broad commercial awareness and, importantly, a good sense of humour.” On Keith Biggs they say: “He knows how to find a balance between commerciality and legal requirements and provides great-quality work.” On Matthew Huddleson, clients say: “We think of him as an in-house lawyer, an extension of the team.”

Managing Partner James Eveling comments: “We are delighted to be recognised in the latest Legal 500 and Chambers rankings. In particular, as a niche firm, we are particularly proud of the efforts of the corporate team in achieving Tier 1 status with Legal 500 this year. The team has been working very hard to build its reputation for regional, national and international corporate work for a few years now and it is very pleasing to be recognised for those efforts.”

Posted in Firm News | Leave a comment

Sale of Torquay Leisure Hotels Limited

OTB Eveling LLP has recently acted as lead legal advisors to the Murrell Family on the sale of Torquay Leisure Hotels Limited. The Torquay Leisure Hotels business was founded in 1947 by the Murrell family and incorporates the Derwent, Victoria, Toorak and Carlton hotels as well as the Aztec Spa. Partners James Eveling and Keith Biggs led the transaction supported by Rebecca Roberts.


Laurence Murrell said: “I could not have wanted better support – professional, insightful, timely and caring”.

James Eveling Partner at OTB Eveling commented: “We are pleased to have been able to work with the Murrell family and the wider seller team on this deal under a tight timetable”.

Posted in Firm News | Leave a comment

What a post-GDPR world means for business – Four things that businesses need to be ready for.

Now we all live in a post-GDPR world of data protection law, what does that really mean for businesses, and what do businesses really need to be looking out for and responding to?

Let’s assume that everyone has completed all of their GDPR compliance work, with suitable policies and systems already implemented and working with appropriate and regular review and governance. Data protection by design, and data protection by default, working as intended.

Is that the end of the story? No, obviously not.

The new data protection regime has shone a spotlight and turned up the dial on data protection rights and risk management. The day may come when data protection risk management becomes as instinctive as health and safety risk management, but that day is not today.

Even when that day does come, we are still dealing with a form of risk management. It doesn’t matter what you do to manage a risk, there is always a possibility that something will go wrong, or that someone will not agree with your approach. People can make mistakes, and others act maliciously, both putting your business at risk.

Getting your response right, in the face of data protection complaints, breaches or requests, is crucial for ensuring that your business doesn’t suffer any more damage or disruption than necessary.

Even if you are fully prepared with a set of policies and procedures to help you manage most normal data protection issues, there are still things that can (and probably will) happen to you, which may catch you off guard and heavily disrupt your business.

I have picked out what I consider to be the four most obvious examples below. Together with a few very high-level thoughts on what you need to be thinking about.

Data Subject Access Request (DSAR)

These have been around since 1998, but the rules around them have changed a bit since GDPR, including a new one-month response period. Probably more importantly, publicity around GDPR and data protection means that it is likely that the number of DSARs is likely to increase.

Responding to a DSAR is often a detailed and time-consuming task, but it is worth noting that you don’t necessarily need to disclose everything that is being asked for. There are categories of information that benefit from exceptions, and in some cases you may need the consent of someone else before you can disclose their information. In some cases you can request for an extension of time to respond, or charge administration costs.

There is, however, a narrow line to tread, because any intentional alteration (etc.) of the personal data is a criminal offence, for which both company and individual directors can be liable.

Data Security Breaches

A personal data breach that risks the rights and freedoms of individuals is reportable. The Information Commissioners Office (ICO) must be informed of that breach within 72 hours of your becoming aware of it. You risk large fines if you don’t comply with this obligation.

But there are still a couple questions that need to be answered:

Firstly, does the breach relate to “personal data”? and does the breach actually present a risk to the rights and freedoms of individuals?

Secondly, is there a HIGH risk to individual rights or freedoms? Because that is the situation in which you also need to notify those individuals.

The level of penalties that can be levied for breaching the reporting/notification requirements are such that any decision not to report or notify (all or part of) the data breach should be a Board level decision. If a decision is made not to report a breach, or not to notify individuals, then you will be expected to justify that decision – so it is important to document the decision and your reasons for it.

Complaint or Claim for a personal data breach

It is possible that the level of individual claims may increase. This is a particular risk following a breach report / notification, if claims-farming firms start to gather aggrieved individuals together for a group action.

The reason for this is that individuals can now claim compensation for “distress” alone, rather than having to show quantifiable financial loss (which was the case under the old law).

Tactically, individual claimants may make an isolated claim before reporting a matter to the ICO; and, tactically, it may be worth businesses addressing such claims early rather than incurring a greater risk of an ICO investigation, which could be very disruptive.

The starting point should be to look at such matters commercially, rather than from a principled position (even if you move to a principled position later). In the end, it is a legal claim with a threat of formal Court proceedings, so it needs to be handled as such.

ICO Investigation

Investigations by any regulators can be disruptive, and the ICO is no different. Businesses normally just need to respond to the requests of the ICO while they undertake their investigation.

Often (or at least pre-GDPR), the outcome will be that the ICO considers the business to have been compliant with data protection laws, but significant management time and disruption will have been taken up getting to that point.

What should businesses do?

These are complex areas, so it is impossible to be fully prepared for dealing with such matters; but very simply, businesses should do one of two things, with the same outcome.

Either a) ensure that the person in your business who is responsible for data protection compliance, is suitably equipped to identify and address these issues when they arise; or b) ensure that you have legal support on call to help you when an issue arises.

If you have any questions about the points raised in this article, please contact Matt Huddleson at

Posted in Legal News | Leave a comment

Employee? Worker? Self-employed? Who knows.

The Supreme Court rules in the case of Pimlico Plumbers Ltd and another v Smith [2018] UKSC 29

There have been numerous cases over recent months regarding the gig economy and worker status, with a string of decisions confirming that, among others, Uber, Addison Lee and CitySprint all employ ‘workers’ as opposed to self-employed contractors. Yesterday, the Supreme Court handed down its much-awaited decision in the case of Pimlico Plumbers, confirming that a plumber was a worker for the purposes of employment law, despite his being VAT-registered and paying self-employed tax.

Gary Smith worked for Pimlico Plumbers under an agreement which clearly stated him to be an independent contractor, operating in business on his own account. Mr Smith was, however, required to wear a company uniform, drive a branded van with a tracker, work a 40-hour week, follow instructions from the central control room and was subject to non-compete restrictions following the termination of his engagement. The Employment Tribunal, Employment Appeal Tribunal and Court of Appeal all considered Mr Smith to satisfy the definition of a worker, such that he was entitled to bring claims for discrimination, holiday pay and an unlawful deduction of wages.

Pimlico Plumbers again sought to appeal the decision, however the Supreme Court has unanimously upheld the previous decisions. In making this decision, the Supreme Court considered the 2 key factors to be that (i) Mr Smith was required to perform the services personally (the right of substitution included in the contact was limited only to other Pimlico workers and was not therefore unfettered); and (ii) the level of control operated by Pimlico over Mr Smith was not considered to be consistent with the contention that Mr Smith was self-employed.

The Supreme Court’s decision has unfortunately not introduced any new principles or law, nor clarified the existing law on employment status – something which is now desperately needed. In early 2018, the Government published its response to the Taylor Review of Modern Working Practices which, among other things, had recommended codifying the test for employment status and proposing an online tool to determine employment status. Whilst the Government clams to be in agreement with the Taylor recommendations, it has yet to make any firm commitments in relation to the same.

It is clear that current employment legislation is struggling to keep pace with the evolving nature of the workplace and employment status; without any further guidance from the Supreme Court – and in the absence of Government intervention – we cannot help but agree with the founder of Pimlico Plumbers, Charlie Mullins, when he states that this will lead to a ‘tsunami of claims’.

Should you have any questions in relation to this article please contact Nathalie Ingles.

Posted in Legal News | Leave a comment

Gender Pay Reporting Revealed

The first deadline for companies with 250 or more employees to publish their gender pay gap figures has now passed. The data collected, whilst imperfect (not accounting for full time versus part time/long serving employees or comparing like for like jobs), does appear to suggest an inherent inequality of opportunity, with almost 78% of companies paying men more than women and an average median pay gap of 9.7%.

Somewhat surprisingly, retail companies reported some of the largest gender pay gaps notwithstanding that their workforces are largely made up of women: Karen Millen having a median hourly pay gap rate of 49% and women’s median bonus pay being 96% lower than men’s. Coast also reported a median pay gap of 40.26%, Phase Eight, 54.5% and ASOS 40.9%. Benefit Cosmetics, whose workforce is 95% female, also published a median gap of 30.7%.

A number of companies have sought to justify their pay gaps by stating that they have more men in senior positions which, whilst might explain the gender pay gap results, is not in itself a winning argument when discussing gender inequality.

Whether or not the figures are truly representative of the gender pay gap however, it cannot be denied that the reporting requirements have brought a fresh focus on this issue and are forcing transparency as to internal pay and promotion structures and the need to increase women on boards. This, together with the online #PayMeToo campaign, launched by Stella Creasy and a cross-party group of female MPs, will hopefully ensure that all employers (whether they are required to report their gender pay gap or not) will be alive to the issues of gender inequality within the workplace and will strive to eradicate it.

All reports are available to search:

Posted in Legal News | Leave a comment

GDPR for Employers

Okay, so you’re getting your data protection house in order, and now it’s time to think about your own workers, and what you need to do with them in relation to GDPR.

The good news is that, provided you aren’t doing anything devious with your workers’ personal data, you probably already have sufficient legal justification for processing the personal data of your employees and workers, without the need for additional consents.

The bad news is that your current contracts, policies and procedures will still be out of date from May 2018 (probably).

So, what do you need to do? Here are a few points to get you started:

• You need to put in place a transparent and understandable data protection policy and privacy notice for your employees and workers. This is easier said than done. Data protection is dry, technical and complex, while some of your workers may have only had a limited education. Part of your responsibility is to help ensure that all workers are enabled to understand your legal justification for processing their data, and what their rights are in respect of that data. The old long-winded legalistic data protection policies, which lawyers pored over for hours on end, may, sadly, need to be scrapped.

• Consents, where needed, cannot be buried in contracts or policies. They will need to be separate and distinct. They will also need to be focussed and clear in respect of what they relate to. You will, therefore, probably need to change the wording of your standard contracts of employment or engagement.

• You need to maintain a record of consents (if there are any) and provide an easy mechanism for workers to withdraw such consent whenever they wish.

• You should not seek consent for the processing of personal data where you have another legal justification for processing it – otherwise it might create a misleading impression for a worker in relation to their own rights (i.e. they might think they can withdraw consent, when they can’t).

• You must make sure that you only retain the personal data you need, for as long as you need it. You will need to have in place a transparent data retention policy and share that with your workers.

• While most of this will be handled by your HR team and covered in your staff handbook, you’ll need to think differently about how you deal with job applicants (who might not otherwise have access to your full policies). You might therefore decide to develop and implement a separate, recruitment specific, privacy notice and data protection policy for sharing with all job applicants (even speculative candidates).

• If you operate a candidate bank, you may need to obtain consent from some of those candidates if they have not freely given consent to your retaining their details for future opportunities.

• On a practical level, you will need to map and cleanse the personal data you hold relating to your workers and employees (and ex-workers and ex-employees) so you know what information you hold, and where you hold it.

• You will also need to look at how you secure that data, and make sure that appropriate procedures are implemented and followed so that personal data is only stored in the places and by the persons approved to do so, and that it is only processed for the permitted reasons.

• If you use an outsourced payroll provider, or you engage with any other external service providers with whom you share workers’ data, then you’ll need to ensure that you have appropriate data processing agreements in place.

Finally, it is worth bearing in mind that one size does not fit all when it comes down to data protection compliance under the GDPR. That means that you might need to do more than is outlined above to be compliant yourselves.

If you have any questions about the points raised in this article, please contact Matt Huddleson at

Posted in Legal News | Leave a comment

Introduction to the GDPR

The GDPR will come into force on 25 May 2018 – regardless of Brexit – and the new regime will:

• Give individuals more rights over their data and the way it is used
• Impose more onerous obligations on businesses
• Introduce fines of up to €20 million (or 4% of global annual group turnover if this is larger) for failure to comply

Who does it apply to?

The GDPR will apply to any organisation that processes and holds the data of individuals who are inside the EU, even if the organisation itself is based outside the EU.

The UK is implementing a new Data Protection Act, which will ensure that the GDPR continues to apply to the UK, even after its departure from the EU.

Individuals rights

Data subjects (the individual that the personal data relates to) will have the right to:

1. Be informed
2. Access their data (free of charge)
3. Have their data rectified
4. Have their data erased (the “Right to be forgotten”)
5. Have the processing of their data restricted
6. Data portability (copying or transferring data from one IT environment to another).
7. Object to their data being processed

They also have rights related to automatic decision-making and profiling.

Data processors (the businesses who collect or use the data) will have to comply with all the above rights or risk being fined.

Obligations on Data Processors

Businesses who are Data Processors must:

1. Have a lawful basis for processing data

There are 6 grounds which processors can rely on in order to lawfully process data, including obtaining the data subjects consent, or for the business’ “legitimate interests.”

2. Implement “privacy by design” and “privacy by default”

The GDPR requires processors to ensure that privacy and data protection is considered early on in a project and is embedded throughout the lifespan of the project rather than just an afterthought.

3. Check whether they need to appoint a “Data Protection Officer”

Businesses must appoint a Data Protection Officer if:
• they are a public authority;
• carry out large scale systematic monitoring of individuals, special categories of data or data relating to criminal convictions and offences.
A Data Protection Officer must ensure the organisation remains compliant with the GDPR; keeping the business informed and advising where required.

4. Consider whether to carry out a “Privacy Impact Assessment”
Privacy Impact Assessments should be used to identify and reduce the privacy risks the privacy risks of an organisation’s projects.
How to prepare for the GDPR

Businesses should review their systems and processes now so that they are compliant before the 25 May 2018.

Most businesses will need to update their privacy policy, data retention and data protection policies, terms of business and their websites terms and conditions.

The GDPR’s requirements are too numerous to summarise here, but businesses should ensure they can comply with the above obligations and consider whether they should appoint a Data Protection Officer.

Our experience so far:

At OTB Eveling, we have been working with clients to help them prepare for the changes under the GDPR. We have produced our own GDPR audit questionnaire to enable our clients to assess what their organisations need to do to comply with the GDPR. We have then helped them identify the practical steps they need to take as a consequence of that audit process.

We have provided in-house training to clients and their staff to prepare them for the new requirements; and we have also been helping our clients update their policies, contracts and governance documentation to ensure that they are ready.

Typically, in our experience, clients have needed to review and update (or implement) the following documents and policies:

• Board Memorandum on GDPR
• Data Protection Policy
• Data/IT Security Policy
• Data Retention Policy
• Data Processing clauses for third party contracts
• Data Processing Agreements for third parties
• Standard form Staff handbook/policies – GDPR solution
• Employment contract – recommended GDPR/Data protection wording
• Suggested Employee consent to processing mechanism
• General consent for processing
• GDPR compliant privacy policy
• GDPR compliant website terms of use

We continue to support existing and new clients with this process. If you need support or have any questions about how the GDPR will affect your own business, please contact Annelie Carver ( or Matt Huddleson(

Posted in Legal News | Leave a comment

Now is the time to restructure your management team!

Only if you need to, of course…

We are advising clients that if they are considering making changes to their senior team that may lead to expensive severance deals, then they should make those changes now if they hope to make use of the current tax regime.

Upcoming changes to tax rules will make it more expensive to agree severance deals with departing executives and employees, particularly those with higher salaries and large severance packages, from 6 April 2018.

The most significant change will take away the ability of businesses to make tax free payments in lieu of notice (“PILONs”). Up to now, it has been possible to pay tax-free PILONs if there is no contractual PILON clause in an individual’s service agreement or contract of employment (up to a limit of £30,000), and this is often used to reach a “win win” deal on a severance package with a high paid departing employee.

Because of this change, all PILON sums (including those paid under a settlement agreement) will be subject to income tax and NICs on the basic pay element, in the same way as they would have if the full notice period had been worked. This will impact upon severance deals for executives and employees with a termination date on or after 6 April 2018. In short, severance deals will become more expensive for employers.

Another notable change (although this is only due to take effect from April 2019) is that employers will also be required to pay employer’s NICs on any part of a “Termination Payment” (i.e. the severance payment above the PILON) that exceeds a £30,000 threshold. Previously, although income tax was due (and to be deducted) on these sums, employers NICs were not payable. This also includes termination payments to officers such as non-executive directors.

Although we have focussed on the issue of high value severance packages, the principle also applies to organisation-wide restructures.

There are also other changes coming into force at the same time, for instance “non-statutory contractual redundancy payments” will no longer automatically fall within the £30,000 exemption, although “Statutory Redundancy Payments” still do. We recommend that businesses take tax advice (from an appropriately qualified accountant) in relation to all proposed severance payment arrangements taking effect after the start of April 2018, at least until they get used to the new regime.

Businesses have a window of opportunity, between now and the start of April 2018, to make the changes that they have been thinking about. After that time, negotiations with departing senior executives, in particular, will need to be approached in a different way.

Finally, as there is now no tax benefit to businesses excluding PILONs from their standard service agreements and employment contracts; they should (at some point) reconsider the pros and cons of whether contractual PILON clauses would in fact be useful to them.

More information can be found at the website here:

Matt Huddleson regularly advises clients on team restructures and organisational changes. If you are affected by any of the issues raised above you can contact him at

Posted in Legal News | Leave a comment

Getting Construction Contracts Right

Construction contracts, usually in the form of a JCT or RIBA, are used so often and contain so much information that a lot of contractors will not pay proper attention to their contents.
The temptation is to simply get on with the new work that has been won and use an old template contract, without really making sure that all if its contents are fit for the job.
Here are the top 5 things to check:

1. Parties Names
Make sure that you know who your contract is with and put it in the contract. Is your customer an individual, partnership or limited company? Are you contracting with a subsidiary or the parent company? Speak to your customer early on about who they think you are contracting with.
If you get this right then it avoids any problems in the future about, believe it or not whether there was ever a formal written contract and importantly who should be paying you.

2. Get it Signed
This happens more often than you would think. If both parties don’t sign it, there is scope to argue that its terms don’t apply – although there is case law that can impose the terms of an unsigned contract on parties, if the circumstances are right. But don’t run that risk.
If a contact isn’t expressly accepted by both sides, then you might miss out on vital protections such as the right to adjudicate or liquidated damages for delays.

3. Make sure you use the right contract
Use the right form contract for the right job. If you are carrying out a multi-million pound contract, you don’t want to use the JCT Minor Works Contract. It may seem like more work, but using the proper contract for the job will pay off by avoiding certain issues or, if things fall apart, dealing with issues in a way that is reflective of the contract price.

4. Get Your Notices right
Make sure you know, before you start work, what your rights are when it comes to notices. The time and manner when you should serve these is set out in the contract.
If you get them wrong, even serving one day late/early, you could give the other party the right to end the whole contract and claim damages. If in doubt, take legal advice.

5. Deal with problems quickly
If you think that you are falling out over the project, make sure you first check your contract about any notices you think you may have to serve, see 3 above, and then talk to the other party. The contract should also have provisions that tell you how to deal with a dispute. If the worst comes to the worst, you can take the problem to an adjudicator. It’s a quick and easy way of resolving the issue and often doesn’t cause the contract to fall apart.

Nine out of ten problems can be resolved without Court or adjudication proceedings. You may want to take legal advice before you do anything to make sure you aren’t compromising yourself.

This information is not intended to legal advice. If you have any questions regarding any construction issue, please contact Michael 01392 829245.

Posted in Legal News | Leave a comment