Privacy Policy

This privacy notice explains how we manage and protect your personal data when you interact with us by visiting our website, www.lawyerlink.co ("Website"), using our legal subscription services, or interacting with us as a customer, supplier, or other business contact.

1. Background

1.1 This privacy notice explains how we look after your personal data when you visit our website, purchase our legal subscription services, or interact with us as a prospective customer, supplier, or service provider.

1.2 This notice explains what information we collect, how we use it, with whom we share it, and your rights under data protection laws. It also tells you what to do if you have concerns about your personal data.

1.3 We may occasionally need to update this privacy notice to reflect changes in our services or to comply with new business practices or legal requirements. You should check this privacy notice regularly to see if any changes have been made.

2. Who we are and other important information

2.1 We are Lawyerly Ltd, registered in England and Wales (company number 15697410), with our registered address at 49 Greek Street, London, W1D 4EG (referred to as “we,” “us,” or “our”).

2.2 Lawyerlink® is a registered trademark and product of Lawyerly Ltd (company number 15697410). All references to Lawyerlink means Lawyerly Ltd.

2.3 For all visitors to our website and for users who purchase our services through an organisation, we act as the data controller for your information, meaning we decide what information we collect and how it is used.

2.4 We are registered with the Information Commissioner’s Office (ICO), the UK regulator for data protection, under number CSN3427257.

3. Contact details

3.1 If you have any questions about this privacy notice or how we use your information, please contact us:

• Data protection officer: Willie van der Merwe
• Email: dpo@lawyerlink.co

4. The information we collect about you

4.1 Personal data means any information that identifies (or could identify) a living person. The types of personal data we collect and their sources include:

• Identity data: your first and last name or title
• Contact data: your email address, telephone numbers, and home address
• Technical data: internet protocol (IP) address, browser type and version, time zone setting, generic location, browser plug-in types and versions, operating system, and platform on the devices you use to access our systems
• Usage data: information about how you use our systems
• Financial data: where you provide this through our website to purchase our services
• Location data: your device location if you log into our systems remotely
• Photo and image data: profile picture, images, videos, and audio
• Profile data: email address, password, username, chat logs, audit trail of systems used, and documents accessed and downloaded
• Marketing and communication data: includes your preferences for receiving marketing from us or third parties and your communication preferences

5. How we use your information

We are required to identify a lawful basis for collecting and using your personal data. The main lawful bases we rely on are:

5.1. Contract

• To manage or perform our contract with you.
• To process payment information in connection with our contract.
• To send updates about services you’ve purchased (e.g., order confirmation, delivery time).

5.2. Legal obligation

• To record your preferences (e.g., marketing) in compliance with data protection laws.
• To send you information required by law (e.g., about your legal rights).
• To retain information for the purpose of defending or bringing legal claims.

5.3. Legitimate interests

• To improve and optimise our website.
• To monitor and enhance website security and prevent fraud.
• To provide services and ensure our website functions properly.
• To protect our business and defend against legal claims.

5.4. Consent

• Where you have consented to provide us with information or to allow us to use or share your information.
• Where you have opted to receive marketing material from us.

5.5. When personal data is necessary to provide services (e.g., to fulfil a contract), failure to provide it may mean we cannot provide you with those services. If we lack information to fulfil an order, we may have to cancel the service.

6. Who we share your information with

6.1 We may share your personal data with:

• Our personnel: employees or contractors bound by confidentiality and data protection agreements
• Our supply chain: organisations that support our services. They only access the information needed to provide support and are under confidentiality and data protection obligations
• Regulatory authorities: such as HM Revenue & Customs
• Professional advisers: such as accountants or legal consultants for specialist advice in running our business

6.2 If asked to provide personal data under a court order or legal request (e.g., from law enforcement), we would seek legal advice and consider your rights before responding.

6.3 Our carefully selected partners and service providers may process personal information about you on our behalf as described below.

6.4 We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:

• Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here. Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.

7. Where your information is located or transferred to

7.1 We store personal data on servers in the UK.

7.2 We will only transfer information outside the UK or EEA if we have a valid legal mechanism to ensure adequate protection.

7.3 If you access our website or services from abroad, your personal data may be stored on servers in the same country as you or your organisation.

8. How we keep your information safe

8.1 We maintain technical and organisational measures to protect your personal data against accidental or unlawful loss, misuse or unauthorised access. Measures include:

• Access controls and multi-factor authentication
• Internal IT and network security monitoring
• Regular penetration tests and security-control reviews
• Staff training and confidentiality obligations
• Incident-response, business-continuity and disaster-recovery plans

8.2 Security Disclaimer – Hosting Environment

Lawyerly hosts client data on Microsoft Azure’s West Europe region, an environment certified to SOC 2 Type II and ISO 27001. All data in transit is protected using SSL/TLS encryption; data at rest in Azure SQL databases is encrypted using AES-256. We apply industry-standard security practices, including least-privilege access controls and timely security updates.

No system can guarantee absolute security. Data protection is a shared responsibility: clients must keep passwords secure, manage user access appropriately and follow reasonable good-practice guidelines when handling sensitive information.

8.3 If an incident affects your personal data and we are the controller, we will inform you and the ICO where required. If we act as processor, we will notify the controller and co-operate fully.

8.4 If you notice unusual activity on the Website or within any Lawyerlink service, please contact dpo@lawyerlink.co immediately.

9. How long we keep your information

9.1 Where we act as the controller, we will only retain your personal data as long as necessary to fulfil the purposes for which it was collected.

9.2 To determine how long to retain personal data (also called the retention period), we consider the volume, nature, and sensitivity of the data, the potential risk to you in case of an incident, whether we need the data for our purposes, and any legal requirements (e.g., HM Revenue & Customs accounting records).

9.3 We may retain identity data, contact data, and other relevant data (such as emails or other exchanges) for up to seven years after the end of our contractual relationship.

9.4 If you browse our website, we keep personal data collected through analytics tools only as long as needed for the intended purpose.

9.5 If you have requested information or subscribed to our mailing list, we retain your details until you ask us to stop contacting you.

10. Your legal rights

10.1 You have certain legal rights regarding your personal data.

10.2 We may choose not to act on a request if we cannot verify your identity (as a security measure) or if the request is unfounded or excessive. In such cases, we will inform you in writing, and there is usually no charge for exercising your rights. However, we may charge a fee if we proceed with an unfounded or excessive request.

10.3 We will respond to your request within one month from the date we receive it or confirm your identity, whichever is later. We may extend this timeframe by two months if the request is complex or if we receive multiple requests. If so, we will inform you of the reason for the extension.

10.4 We do not respond directly to requests relating to personal data for which we act as the processor. In such cases, we forward the request to the relevant controller and await their instructions.

10.5 To exercise any of the rights listed below, contact us at dpo@lawyerlink.co.

10.6 Your rights include:

• Access: You can ask us if we are using your personal data and request a copy of it along with details of how it is used. 
• Correction: You can ask us to correct inaccuracies in your data.
• Deletion: You can ask us to delete your data if there’s no valid reason to keep it. If we believe there’s a reason to retain it (e.g., regulatory compliance), we will explain our decision.
• Restriction: You can request we limit how we use your personal data temporarily.
• Objection: You can ask us to stop using your data. If we have a reason to continue, we will inform you.
• Portability: You can request an electronic copy of your data for yourself or another organisation.
• Complaints: If you’re unsatisfied with how we handle your data, you can contact the ICO, though we encourage you to contact us first at dpo@lawyerlink.co.

About Lawyerlink

Lawyerlink® is a registered trademark and legal service subscription product of Lawyerly Ltd (company number 15697410). Any reference to Lawyerlink refers to Lawyerly Ltd.