privacy policy

Privacy
policy

We are committed to handling personal data responsibly and in line with the principles of UK GDPR. This means being transparent about what we collect and why, only using data for clear and legitimate purposes, collecting the minimum we need, keeping information accurate and up to date, and not holding it longer than necessary. We also take appropriate technical and organisational measures to protect the confidentiality and security of your data, and we hold ourselves accountable for ensuring our practices remain fair, lawful and proportionate.

At Lawyerlink, we take your privacy seriously. We are committed to protecting your personal data and being transparent about how we collect, use, and safeguard it.

This policy explains:

  • what information we collect about you;

  • how and why we use your personal data;

  • who we share it with;

  • how long we keep it; and

  • the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies whether you interact with us as a client, prospective client, supplier, business partner, or website visitor. It should be read together with our Cookies Policy, which explains how we use cookies and similar technologies on our website.

We may update this Privacy Policy from time to time to reflect changes in our services, our business, or legal requirements. The latest version will always be available on our website and in the Client Hub.

1. Who we are

We are Lawyerly Ltd (company number 15697410), registered in England and Wales. Our registered office is at 49 Greek Street, London, W1D 4EG.

Lawyerlink® is a registered trademark and product of Lawyerly Ltd. References to “Lawyerlink,” “we,” “us” or “our” in this policy mean Lawyerly Ltd.

We are registered with the UK Information Commissioner’s Office (ICO), the regulator for data protection, under number CSN3427257.

2. Scope of this policy

This policy applies to:

  • Prospective clients: Individuals or organisations who enquire about our legal services.

  • Website visitors: Anyone who visits www.lawyerlink.co or interacts with us online.

  • Suppliers and business partners: Contacts we work with in the course of running our business.

  • Clients: When you subscribe, you enter into a Subscription Agreement (our Terms of Service). We process your personal data as necessary to perform that agreement, including to provide services, manage your account, verify your identity (AML/KYC), and process payments.

  • Other contacts: Individuals who communicate with us in connection with our services.

This policy does not apply to personal data we process strictly on your behalf as a data processor (for example, where we host client case files on the Client Hub). In those cases, you are the data controller and your own privacy policy will apply. Our processing in that role is governed by our Data Processing Addendum (DPA), which forms part of the Subscription Agreement.

3. Our role: Controller vs processor

When we decide what personal data to collect and how to use it (for example, to manage client subscriptions, process payments, or send service updates), we act as a data controller.

When we process personal data strictly on behalf of a client, following their instructions (for example, storing or processing documents in the Client Hub), we act as a data processor.

This distinction is important because your rights and our responsibilities may differ depending on the role we are performing.

4. What personal data we collect

We may collect the following categories of personal data:

  1. Identity data: Name, title, date of birth.

  2. Contact data: Email address, postal address, phone number.

  3. Financial data: Bank details or card details processed via our payment partner, Stripe.

  4. Technical data: IP address, browser type, operating system, device identifiers, login data, cookies and analytics.

  5. Usage data: How you use our website, Client Hub, and services.

  6. Profile data: Usernames, passwords, preferences, records of communication, matter history.

  7. Marketing data: Your preferences for receiving communications from us.

  8. Photo and image data: Only if you choose to share images, audio or video with us as part of a matter.

  9. Special category data: In limited cases (e.g. employment matters), we may process information such as racial or ethnic origin, trade union membership, or health data.

  10. Criminal offence data: In rare cases (e.g. regulatory or employment matters), we may process data relating to criminal convictions.

In certain cases we may need to process special category data (such as information about health, racial or ethnic origin, or trade union membership) or criminal offence data (such as criminal convictions). We only process this data where permitted under Articles 9 and 10 UK GDPR – for example, where necessary to provide legal advice, to comply with employment or social security law, or to establish, exercise or defend legal claims.

5. How we use your data and lawful bases

5.1 Personal data

We only use your personal data when we have a lawful basis to do so under UK GDPR. These include:

  • Contract: When you subscribe, you enter into a Subscription Agreement (our Terms of Service). We process your personal data as necessary to perform that agreement, including to provide services, manage your account, verify your identity (AML/KYC), and process payments.

  • Legal obligation: To comply with AML/KYC checks, maintain tax and accounting records, or respond to lawful requests from regulators or authorities.

  • Legitimate interests: To improve our website and services, monitor system security, prevent fraud, communicate with business contacts, and defend our legal rights.
  • Consent: For marketing communications or where you explicitly agree to us processing certain types of data.

5.2 Special category and criminal data

Where we process special category data or criminal offence data, we only do so where permitted by law, for example:

  • where necessary for the establishment, exercise or defence of legal claims;

  • where required by employment or social security law;

  • where you have given your explicit consent; or

  • where necessary to protect your vital interests or those of another person.

5.3 Data processing

Where we process personal data as a processor under the Subscription Agreement, we do so strictly on your instructions and in accordance with the Data Processing Addendum (DPA).

6. Marketing and cookies

We may send you marketing communications about our services if you are an existing client (relying on the soft opt-in rule for similar services) or where you have given consent. You can opt out at any time by clicking “unsubscribe” in our emails or by contacting support@lawyerlink.co.

We will never share your information with third parties for their own marketing without your consent.

For details about how we use cookies and similar technologies, please see our Cookies Policy.

7. Who we share your data with

We may share your personal data with:

  • Our staff and contractors:Who are bound by confidentiality agreements.

  • Our suppliers and processors: Including IT service providers, cloud storage (Microsoft Azure), email providers, and payment processors (Stripe).

  • Professional advisers: Such as accountants, auditors, or external lawyers.

  • Regulators and authorities: Such as HMRC or the ICO, if required by law.

  • Marketing partners: We sometimes work with carefully selected third-party marketing partners to help us promote our services in a compliant manner. These partners act as data processors on our behalf under written contracts.

We require all third parties who process your data to respect security and confidentiality obligations. We will never sell your personal data.

8. International transfers

Most personal data is stored in the UK. If we transfer your personal data outside the UK or EEA, we will ensure that appropriate safeguards are in place to protect it, such as:

  • a UK adequacy regulation confirming the destination country provides adequate protection;

  • the UK International Data Transfer Agreement (IDTA); or

  • EU Standard Contractual Clauses (SCCs) approved for UK use.

You may request details of these safeguards by contacting dpo@lawyerlink.co.

9. How we protect your data

We use technical and organisational measures to keep your data safe, including:

  • encryption in transit and at rest (AES-256, SSL/TLS);

  • multi-factor authentication and access controls;

  • continuous monitoring and logging of systems;

  • regular penetration testing and vulnerability scanning;

  • staff training on confidentiality and data protection;

  • incident response and disaster recovery planning.

Although we take all reasonable steps to secure your information, no system is completely secure. Data security is a shared responsibility: clients must also keep login details safe and manage user access appropriately.

10. How long we keep your data

We only keep your data for as long as necessary for the purposes we collected it. Typical retention periods are:

  • Client matter files: 7 years after the end of our relationship.

  • AML/KYC records: 5 years from the end of the relationship, as required by law.

  • Marketing data: Until you opt out or withdraw consent.

  • Website analytics: Up to 2 years.

  • Supplier and contract data: 7 years after the contract ends.

After retention periods expire, we securely delete or anonymise your data.

11. Your rights under UK GDPR

You have the following rights:

  • Access: To know if we hold your data and request a copy.

  • Correction: To update or correct inaccurate data.

  • Deletion: To request we delete data where there is no lawful reason to keep it.

  • Restriction: To limit how we use your data.

  • Objection: To object to our use of your data, including for marketing.

  • Portability: To receive a copy of your data in a machine-readable format.

  • Not to be subject to automated decision-making – we do not use your data for profiling or automated decisions.

We may refuse to act on a request, or charge a reasonable fee, if a request is manifestly unfounded, repetitive, or excessive. In such cases, we will explain our reasons and inform you of your right to complain to the ICO.

We may ask for proof of identity before actioning requests. We aim to respond within one month but may extend by two months for complex or multiple requests.

12. Automated decision-making

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects. If this ever changes, we will update this policy and notify you where required.

13. Complaints

If you are unhappy with how we handle your data, please contact us first at dpo@lawyerlink.co.
You also have the right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection:

Website: www.ico.org.uk

Phone: 0303 123 1113

14. Contact details

For any questions about this policy or your data rights, contact:

Data Protection Officer: Willie van der Merwe

Email: dpo@lawyerlink.co

15. Updates to this policy

This policy was last updated on 8 May 2025 and replaces all previous versions. The latest version will always be available at www.lawyerlink.co/privacy-policy or on request.

Your privacy matters

We believe your privacy is important and we’re here to help. If you have any questions about how your data is used, or if you’d like this policy in another format, please get in touch with our Data Protection Officer at dpo@lawyerlink.co. And remember, if you’re not happy with our response, you always have the right to contact the Information Commissioner’s Office (ICO).