Privacy Policy
E-Solicitors
─────────────────────────────────────
For All Users
─────────────────────────────────────
Version 1.0 - January 2026
Effective Date: January 2026
Important Information
- PLEASE READ THIS PRIVACY POLICY CAREFULLY. IT EXPLAINS HOW WE COLLECT, USE, AND PROTECT YOUR PERSONAL DATA.
About This Privacy Policy
This Privacy Policy explains how E-Solicitors (operated by [Company Name]) collects, uses, shares, and protects personal data when you use our website, platform, and services.
We are committed to protecting your privacy and handling your personal data in accordance with applicable data protection laws, including:
UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
EU General Data Protection Regulation (EU GDPR) - where applicable
Privacy and Electronic Communications Regulations 2003 (PECR)
California Consumer Privacy Act (CCPA) - for California residents
Other applicable international data protection laws
Our Regulatory Registration
ℹ We are registered with the Information Commissioner's Office (ICO), the UK's independent authority for data protection. Our ICO registration number is [X].
Quick Links to Key Sections
Section 3: What Personal Data We Collect
Section 4: How We Use Your Data
Section 5: Legal Basis for Processing
Section 11: Your Rights
Section 10: International Transfers
Section 24: Contact Us
- YOUR RIGHTS: You have extensive rights under data protection law including the right to access, rectify, erase, restrict, object to processing, and data portability. See Part 5 for full details.
Part 1: Introduction
1. Who We Are
1.1 For the purposes of data protection law, [Company Name] trading as E-Solicitors is the 'data controller' of personal data collected through our website and platform.
1.2 Our Details:
1.2.1 Company Name: [Company Name]
1.2.2 Trading Name: E-Solicitors
1.2.3 Company Number: [X]
1.2.4 Registered Address: [Address]
1.2.5 ICO Registration Number: [X]
1.2.6 VAT Number: [X]
1.3 Data Protection Contact:
1.3.1 Data Protection Officer/Contact: [Name/Title]
1.3.2 Email: privacy@[platform].com
1.3.3 Postal Address: [Address]
1.3.4 Phone: [Number]
1.4 About Our Platform:
We operate a technology marketplace that connects individuals and businesses seeking legal services ('Buyers') with solicitors who provide those services ('Solicitors'). We are NOT a law firm and do NOT provide legal advice.
2. Scope of This Policy
2.1 This Privacy Policy applies to:
2.1.1 Visitors to our website at [www.platformname.com
];
2.1.2 Buyers who use our platform to find
solicitors;
2.1.3 Solicitors who register on our
platform;
2.1.4 Anyone who contacts us or interacts with our services.
2.2 This Privacy Policy does NOT cover:
2.2.1 Personal data processed by Solicitors when providing legal services - Solicitors are separate data controllers for that
data;
2.2.2 Third-party websites linked from our platform - please review their privacy
policies;
2.2.3 Services provided by third parties through our platform.
- When you instruct a Solicitor through our platform, the Solicitor becomes a separate data controller for the personal data they collect from you. Their processing of your data is governed by their own privacy notice, not this one.
Part 2: Data We Collect
3. Categories of Personal Data
3.1 We collect and process the following categories of personal data:
3.1.1 Identity Data
First name and last name
Title
Date of birth (where relevant)
Username or similar identifier
Photographs (profile pictures)
3.1.2 Contact Data
Email address
Telephone numbers
Postal address
Social media handles (if provided)
3.1.3 Professional Data (for Solicitors)
SRA ID number
Firm name and SRA firm reference
Professional qualifications
Practice areas and specialisms
Professional experience
Professional indemnity insurance details
COLP/COFA/MLRO details
Regulatory history
AML compliance information (per MLR 2017 and LSAG 2025)
3.1.4 Account Data
Account registration information
Account preferences and settings
Password (stored securely - we never have access to your actual password)
3.1.5 Transaction Data
Details of services you have used
Enquiries made through the platform
Solicitor introductions
Payment and billing information
Transaction history
3.1.6 Technical Data
IP address
Browser type and version
Operating system
Device information
Time zone setting and location
Platform and technology used to access our website
3.1.7 Usage Data
Information about how you use our website and platform
Pages visited and time spent
Click patterns and navigation
Search queries on the platform
Features used
3.1.8 Marketing and Communications Data
Your preferences for receiving marketing from us
Your communication preferences
Records of communications with us
3.1.9 Legal Matter Information (Buyers)
General description of legal needs (to facilitate matching)
Type of legal service required
Urgency and timeline
Budget information (if provided)
3.1.10 Vulnerability Information
Information you provide about additional support needs
Accessibility requirements
Communication preferences related to vulnerability
- We do NOT ask for or store detailed information about your legal matter. That information should only be shared directly with your chosen Solicitor. If you inadvertently share sensitive legal details through our platform, we recommend you delete that message and share such information directly with your Solicitor.
4. How We Collect Your Data
4.1 Direct Interactions - You provide data when you:
Register for an account
Complete your profile
Submit an enquiry
Use our messaging features
Subscribe to our newsletter
Contact us with queries or complaints
Provide feedback or reviews
Request additional support or accessibility adjustments
4.2 Automated Technologies - We automatically collect:
Technical data when you browse our website
Usage data through cookies and similar technologies
Analytics data
4.3 Third-Party Sources - We may receive data from:
SRA Register (to verify Solicitor registration)
Analytics providers (anonymised/aggregated data)
Payment service providers
Social media platforms (if you link your account)
Publicly available sources
Part 3: Use of Your Data
5. Purposes and Legal Basis for Processing
5.1 Under data protection law, we can only use your personal data if we have a proper legal reason ('lawful
basis'
) for doing so. The lawful bases we rely on are:
Contract Performance (Article 6(1)(b) UK GDPR)
Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
Legitimate Interests (Article 6(1)(f) UK GDPR)
Processing is necessary for our legitimate interests or a third party's interests, provided your rights don't override those interests.
Legal Obligation (Article 6(1)(c) UK GDPR)
Processing is necessary to comply with a legal obligation.
Consent (Article 6(1)(a) UK GDPR)
You have given clear consent for us to process your personal data for a specific purpose.
5.2 Our Processing Activities:
Account registration and management: Identity, Contact, Account data - Lawful basis: Contract
Providing our marketplace services: Identity, Contact, Transaction, Legal Matter Info - Lawful basis: Contract
Matching Buyers with Solicitors: Identity, Contact, Legal Matter Info - Lawful basis: Contract
Processing payments: Identity, Contact, Transaction - Lawful basis: Contract
Verifying Solicitor SRA registration: Professional Data - Lawful basis: Contract, Legitimate Interests
Communicating with you about services: Identity, Contact, Transaction - Lawful basis: Contract
Fraud prevention and security: Identity, Technical, Usage - Lawful basis: Legitimate Interests
Website analytics and improvement: Technical, Usage - Lawful basis: Legitimate Interests
Marketing our services: Identity, Contact, Marketing - Lawful basis: Consent or Legitimate Interests
Legal compliance: Various as required - Lawful basis: Legal Obligation
Handling complaints: Identity, Contact, Transaction - Lawful basis: Contract, Legal Obligation
Supporting vulnerable users: Identity, Contact, Vulnerability - Lawful basis: Consent, Legitimate Interests
5.3 Legitimate Interests Assessment:
Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your fundamental rights. Our legitimate interests include:
Operating and improving our platform
Preventing fraud and ensuring security
Understanding how users interact with our services
Marketing our services to existing customers
Protecting our business and reputation
Complying with regulatory expectations
ℹ You have the right to object to processing based on legitimate interests. See Section 11 for details.
- AUTOMATED DECISION-MAKING
6.1 We do NOT use automated decision-making (including profiling) that produces legal or similarly significant effects on you without human involvement.
6.2 Our Solicitor matching algorithm uses your preferences to suggest suitable Solicitors, but:
6.2.1 This is a recommendation only, not a binding
decision;
6.2.2 You are free to choose any Solicitor on the
platform;
6.2.3 No automated decision affects your access to services.
7. Marketing and Communications
7.1 We may send you marketing communications if:
7.1.1 You have requested information from us or used our services; AND
7.1.2 You have not opted out of receiving marketing; OR
7.1.3 You have given us explicit consent to send marketing.
7.2 You can opt out of marketing at any time by:
Clicking the 'unsubscribe' link in any marketing email
Updating your preferences in your account settings
Contacting us at privacy@[platform].com
7.3 Opting out of marketing does not affect service-related communications (e.g., account notifications, transaction confirmations).
Part 4: Sharing and Transfers
8. Who We Share Your Data With
8.1 We may share your personal data with the following categories of recipients:
8.1.1 Solicitors on Our Platform
When you make an enquiry or request to connect with a Solicitor, we share your contact details and enquiry information with that Solicitor to facilitate the introduction.
8.1.2 Service Providers
Hosting and cloud service providers
Payment processors
Email service providers
Analytics providers
Customer support tools
Security and fraud prevention services
8.1.3 Professional Advisers
Lawyers, accountants, and auditors
Insurance providers
Consultants
8.1.4 Regulators and Authorities
Information Commissioner's Office (ICO)
Tax authorities (HMRC)
Law enforcement agencies
Courts and tribunals
Solicitors Regulation Authority (SRA) - where relevant
National Crime Agency (in cases of suspected money laundering)
Other regulators where required by law
8.1.5 Business Transfers
If we sell, transfer, or merge parts of our business, your data may be transferred to the new owner. We will notify you if this happens.
8.2 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow service providers to use your data for their own purposes.
9. Data Sharing With Solicitors
- This section explains the data relationship between you, us, and Solicitors on our platform.
9.1 When you use our platform to find a Solicitor:
9.1.1 We share your contact details and enquiry information with Solicitors you choose to
contact;
9.1.2 Once shared, the Solicitor becomes a separate data controller for that
data;
9.1.3 The Solicitor's use of your data is governed by their own privacy notice.
9.2 We and Solicitors are independent controllers, NOT joint controllers. This means:
9.2.1 We are responsible for how we collect and use your
data;
9.2.2 The Solicitor is responsible for how they use your data once
received;
9.2.3 You may need to exercise your data rights with us AND the Solicitor separately.
9.3 Solicitors on our platform are regulated by the SRA and must comply with:
9.3.1 UK GDPR and the Data Protection Act
2018;
9.3.2 SRA Standards and Regulations 2019 (as amended 2025
);
9.3.3 SRA Code of Conduct for Solicitors (confidentiality obligations
);
9.3.4 Professional duties regarding client
confidentiality;
9.3.5 Money Laundering Regulations 2017 (as amended
);
9.3.6 LSAG Anti-Money Laundering Guidance
2025;
9.3.7 Economic Crime and Corporate Transparency Act 2023.
10. International Data Transfers
10.1 We are based in the United Kingdom. Your data is primarily processed and stored in the UK.
10.2 Some of our service providers may process data outside the UK and European Economic Area (EEA). Where we transfer data internationally, we ensure appropriate safeguards are in place:
UK Adequacy Regulations
Where the UK Government has determined that a country provides adequate data protection, transfers may proceed without additional safeguards.
Standard Contractual Clauses (SCCs)
For transfers to countries without adequacy decisions, we use the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs, as appropriate.
Binding Corporate Rules
Some of our service providers have approved Binding Corporate Rules that allow international transfers within their corporate group.
10.3 You can obtain a copy of the relevant safeguards by contacting us at privacy@[platform].com.
10.4 International Transfer Impact Assessments:
Where required, we conduct Transfer Impact Assessments to evaluate the level of protection in the destination country and implement supplementary measures where necessary.
Part 5: Your Rights
11. Your Data Protection Rights
- Under data protection law, you have extensive rights regarding your personal data:
11.1 Right to Be Informed
You have the right to be told how your personal data is being used. This Privacy Policy fulfils that obligation.
11.2 Right of Access (Subject Access Request)
You have the right to request a copy of the personal data we hold about you.
We will respond within ONE MONTH
This is FREE (unless the request is manifestly unfounded or excessive)
We may request proof of identity before processing your request
11.3 Right to Rectification
You have the right to have inaccurate personal data corrected or incomplete data completed.
We will respond within ONE MONTH
You can also update many details directly in your account settings
11.4 Right to Erasure ('Right to Be Forgotten')
You can request deletion of your personal data in certain circumstances, including:
The data is no longer necessary for the purpose we collected it
You withdraw consent (where consent was the lawful basis)
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
The data must be erased to comply with a legal obligation
- We may not always be able to delete your data. For example, we may need to retain data to comply with legal obligations, resolve disputes, or enforce our agreements.
11.5 Right to Restrict Processing
You can request that we restrict (i.e., keep but not use) your data in certain circumstances:
While we verify accuracy if you contest it
If processing is unlawful but you don't want deletion
If we no longer need it but you need it for legal claims
While we consider an objection you have made
11.6 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format. This applies where:
The lawful basis is consent or contract; AND
Processing is carried out by automated means
11.7 Right to Object
You have the right to object to processing based on:
Legitimate interests - we will stop unless we have compelling grounds
Direct marketing - we will stop immediately
Research or statistics - we will stop unless it's in the public interest
11.8 Rights Related to Automated Decision-Making
You have rights in relation to automated decision-making and profiling that produces legal or similarly significant effects. As noted in Section 6, we do not engage in such processing.
12. How to Exercise Your Rights
12.1 To exercise any of your rights, contact us:
Email: privacy@[platform].com
Post: Data Protection Officer, [Address]
Online: Use the Data Subject Request Form in Schedule 4
12.2 We will respond to your request within ONE MONTH. This may be extended by up to two further months if the request is complex. We will inform you of any extension within one month.
12.3 We may need to verify your identity before processing your request. Please provide:
Your full name
Email address associated with your account
Any relevant account or reference numbers
Copy of ID (for certain requests)
12.4 Requests are FREE unless they are manifestly unfounded or excessive. In such cases, we may charge a reasonable fee or refuse to act.
13. Right to Complain
13.1 If you are unhappy with how we handle your personal data, please contact us first at privacy@[platform].com so we can try to resolve your concerns.
13.2 You have the right to complain to the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: www.ico.org.uk
Phone: 0303 123 1113
13.3 If you are in the EEA, you may also complain to your local supervisory authority.
Part 6: Data Security and Retention
14. How We Protect Your Data
14.1 We have implemented appropriate technical and organisational measures to protect your personal data against:
Unauthorised access
Accidental loss
Destruction
Damage
Alteration
Disclosure
14.2 Our security measures include:
Technical Measures
Encryption of data in transit (TLS/SSL)
Encryption of sensitive data at rest
Secure hosting with reputable providers
Regular security testing and vulnerability assessments
Firewalls and intrusion detection systems
Access controls and authentication
Regular software updates and security patches
Organisational Measures
Staff training on data protection
Confidentiality agreements with staff
Access limited to those who need it
Regular review of security measures
Incident response procedures
Vendor due diligence
14.3 While we take all reasonable precautions, no data transmission over the internet or storage system is 100% secure. We cannot guarantee absolute security.
14.4 You are responsible for keeping your account login credentials confidential. Do not share your password with anyone.
15. How Long We Keep Your Data
15.1 We retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including legal, accounting, or reporting requirements.
15.2 Retention Periods:
Account data (active accounts): Duration of account + 6 years - Reason: Contract, legal claims
Account data (closed accounts): 6 years from closure - Reason: Legal claims limitation
Transaction records: 7 years - Reason: Tax and accounting requirements
Communication records: 6 years - Reason: Legal claims, dispute resolution
Marketing preferences: Until withdrawn or account closure - Reason: Consent management
Website analytics (identified): 26 months - Reason: Service improvement
Solicitor regulatory data: 6 years after relationship ends - Reason: Regulatory compliance
Complaint records: 6 years from resolution - Reason: Legal obligations, improvement
Vulnerability support records: Duration of support + 6 years - Reason: Safeguarding, legal claims
15.3 We may retain data longer if:
Required by law
Needed for ongoing legal proceedings
Necessary to resolve disputes
Required to enforce our agreements
15.4 After the retention period, we will securely delete or anonymise your data.
16. Data Breach Procedures
16.1 We have procedures to detect, investigate, and report personal data breaches.
16.2 If a breach is likely to result in a risk to your rights and freedoms, we will:
16.2.1 Notify the ICO within 72 hours of becoming aware of the
breach;
16.2.2 Notify you without undue delay if there is a high risk to your rights and
freedoms;
16.2.3 Document the breach and our response.
16.3 Breach notifications to you will include:
Description of what happened
Name and contact details of our data protection contact
Likely consequences of the breach
Measures taken or proposed to address the breach
Recommendations for how you can protect yourself
Part 7: Cookies and Tracking
17. Cookies and Similar Technologies
17.1 Our website uses cookies and similar technologies to:
Make the website work properly (essential cookies)
Remember your preferences
Understand how you use our website
Improve our services
17.2 Types of Cookies We Use:
Strictly Necessary Cookies
These are essential for the website to function. They cannot be switched off. Examples include cookies that remember your login status and security settings.
Performance/Analytics Cookies
These help us understand how visitors interact with our website by collecting anonymous information. We use this to improve our website.
Functionality Cookies
These remember choices you make (like language or region) to provide a more personalised experience.
17.3 Managing Cookies:
17.3.1 When you first visit our website, we will ask for your consent to non-essential
cookies;
17.3.2 You can change your cookie preferences at any time via our Cookie Settings [link
];
17.3.3 You can also manage cookies through your browser
settings;
17.3.4 Blocking some cookies may affect website functionality.
17.4 For detailed information about specific cookies we use, see Schedule 3 or our full Cookie Policy at [link].
Part 8: Special Provisions
- CHILDREN'S PRIVACY
18.1 Our platform is not intended for children under 18 years of age.
18.2 We do not knowingly collect personal data from children under 18. If you are under 18, please do not use our platform or provide any personal data.
18.3 If we become aware that we have collected personal data from a child under 18, we will delete it immediately. If you believe we have such data, please contact us at privacy@[platform].com.
19. Special Categories of Data
19.1 'Special category' data under UK GDPR includes:
Racial or ethnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic data
Biometric data
Health data
Sex life or sexual orientation
19.2 We do NOT intentionally collect special category data. However:
19.2.1 You may inadvertently include such data when describing your legal
needs;
19.2.2 If you do, we will process it only to provide our services and on the basis of your explicit consent given by providing the information.
19.3 Criminal Offence Data:
19.3.1 We do not require you to provide information about criminal
convictions;
19.3.2 If you provide such information when describing legal needs, we will process it only as necessary to provide our services.
- Do not include sensitive personal details when making an enquiry through our platform. Share such information directly with your chosen Solicitor who is bound by professional confidentiality obligations.
20. Vulnerable Users
20.1 We recognise that some users may be vulnerable and require additional consideration in how we handle their data.
20.2 Vulnerability factors may include:
Age (older or younger users)
Disability (physical, sensory, learning, or mental health)
Mental capacity issues
Language barriers
Financial difficulties
Bereavement or emotional distress
20.3 If you are a vulnerable user:
20.3.1 Please let us know if you need additional support with data protection
matters;
20.3.2 We can provide information in alternative
formats;
20.3.3 You can have someone assist you with data subject
requests;
20.3.4 We will take extra care when handling your data.
20.4 We will handle vulnerability information with particular care and only use it to provide appropriate support.
21. Sra Requirements for Solicitors
ℹ This section addresses data protection in the context of solicitors' professional obligations under SRA regulations.
21.1 Solicitors on our platform are regulated by the SRA and must comply with:
21.1.1 SRA Code of Conduct for Solicitors (duties of confidentiality
);
21.1.2 SRA Code of Conduct for Firms (data protection requirements
);
21.1.3 UK GDPR and Data Protection Act
2018;
21.1.4 Legal professional privilege
protections;
21.1.5 Money Laundering Regulations 2017 (as amended
);
21.1.6 LSAG Anti-Money Laundering Guidance
2025;
21.1.7 Economic Crime and Corporate Transparency Act 2023.
21.2 Data Controller Relationships:
21.2.1 The Platform is a controller for registration, account, and platform usage
data;
21.2.2 Solicitors are controllers for client data they collect when providing legal
services;
21.2.3 We and Solicitors are independent controllers, not joint controllers.
21.3 Solicitors' Duties:
When a Solicitor receives your data through our platform, they have professional obligations including:
Duty of confidentiality (SRA Principles 4 and 5)
Proper handling of client information (SRA Code Rule 6.3)
Compliance with data protection law
Maintenance of appropriate security measures
Proper record keeping (6+ years)
AML record keeping requirements (5 years - MLR 2017 Reg 40)
21.4 If you have concerns about a Solicitor's handling of your data, you can:
Contact the Solicitor directly
Contact the ICO
Report concerns to the SRA
22. Aml and Financial Crime Considerations
22.1 Solicitors on our platform are subject to anti-money laundering obligations under:
Money Laundering Regulations 2017 (as amended)
Proceeds of Crime Act 2002
Terrorism Act 2000
Sanctions and Anti-Money Laundering Act 2018
Economic Crime and Corporate Transparency Act 2023
LSAG Anti-Money Laundering Guidance 2025
22.2 This means Solicitors may:
22.2.1 Request identity documents and proof of address from
you;
22.2.2 Request information about your source of funds and
wealth;
22.2.3 Request information about beneficial owners (MORE THAN 25% threshold per LSAG 2025
);
22.2.4 Screen you against sanctions
lists;
22.2.5 File Suspicious Activity Reports with the National Crime Agency (without telling you).
22.3 This data processing by Solicitors is required by law. The legal basis is compliance with a legal obligation.
- Solicitors cannot tell you if they have filed a Suspicious Activity Report. 'Tipping off' is a criminal offence.
- CALIFORNIA RESIDENTS (CCPA)
23.1 If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know
You have the right to know what personal information we collect, use, disclose, and sell.
Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out of Sale
We do NOT sell your personal information. If this changes, we will provide an opt-out mechanism.
Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA rights.
Right to Correct
You have the right to request correction of inaccurate personal information.
23.2 Categories of Information Collected:
In the preceding 12 months, we have collected the following categories:
Identifiers (name, email, address, IP address)
Professional information
Commercial information (transaction history)
Internet activity (browsing, search history)
Geolocation data
Inferences (preferences derived from your activity)
23.3 To exercise your CCPA rights, contact us at privacy@[platform].com.
24. European Economic Area Users
24.1 If you are in the European Economic Area (EEA), you have rights under the EU GDPR in addition to the UK GDPR rights described in this policy.
24.2 Our EU Representative:
If required under EU GDPR Article 27, our EU representative is:
[Representative Name]
[Address]
Email: [email]
24.3 You may lodge a complaint with your local EEA supervisory authority.
24.4 International Transfers:
Transfers from the EEA to the UK are permitted under the EU adequacy decision for the UK. For transfers to other countries, the safeguards described in Section 10 apply.
Part 9: Complaints and Regulatory Information
25. Complaints About Data Handling
25.1 If you have a complaint about how we handle your personal data:
25.1.1 Contact us first at privacy@[platform].
com;
25.1.2 We will investigate and respond within 20 working
days;
25.1.3 If you remain dissatisfied, you can complain to the ICO.
25.2 If you have a complaint about how a Solicitor handles your data:
25.2.1 Contact the Solicitor first using their complaints
procedure;
25.2.2 The Solicitor has 8 weeks to resolve your
complaint;
25.2.3 If unresolved, you can escalate to the Legal Ombudsman (for service issues) or SRA (for conduct issues
);
25.2.4 You can also complain to the ICO about data protection issues.
26. Legal Ombudsman
26.1 For complaints about legal services (including data handling as part of legal services), you may contact the Legal Ombudsman:
Website: www.legalombudsman.org.uk
Email: enquiries@legalombudsman.org.uk
Phone: 0300 555 0333
26.2 Time Limits:
26.2.1 Within 1 YEAR of the act or omission complained
about;
26.2.2 Within 6 YEARS of the act or
omission;
26.2.3 Within 6 MONTHS of the solicitor's final response.
27. Ico Contact Information
27.1 The Information Commissioner's Office (ICO) is the UK's independent authority for data protection:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: www.ico.org.uk
Phone: 0303 123 1113
Live Chat: www.ico.org.uk/global/contact-us/live-chat/
27.2 You can report a concern or make a complaint to the ICO if you think we have not handled your data properly.
27.3 Our ICO Registration Number: [X]
Part 10: General
28. Changes to This Policy
28.1 We may update this Privacy Policy from time to time to reflect changes in:
Our services and practices
Legal requirements
Industry standards
Technology
28.2 When we make changes:
28.2.1 We will update the 'Last Updated' date at the top of this
policy;
28.2.2 For significant changes, we will notify you by email or prominent notice on our
website;
28.2.3 Where required by law, we will obtain your consent to material changes.
28.3 We encourage you to review this policy periodically.
29. Contact Us
29.1 For any questions about this Privacy Policy or our data practices, please contact:
Data Protection Officer/Contact
[Company Name]
[Address]
Email: privacy@[platform].com
Phone: [Number]
29.2 General enquiries: info@[platform].com
29.3 We aim to respond to all enquiries within 5 working days.
SCHEDULE 1: DATA PROCESSING ACTIVITIES
ℹ This schedule provides a detailed breakdown of our data processing activities as required under UK GDPR Article 30.
Processing Activity 1: Buyer Account Management
Purpose: Registering and managing Buyer accounts
Categories of data subjects: Individual Buyers
Categories of personal data: Identity, Contact, Account, Transaction
Lawful basis: Contract performance
Recipients: Platform staff, hosting providers
International transfers: UK/EEA only (unless specified)
Retention period: Account duration + 6 years
Processing Activity 2: Solicitor Registration and Verification
Purpose: Registering Solicitors and verifying their SRA status
Categories of data subjects: Solicitors/Legal professionals
Categories of personal data: Identity, Contact, Professional, Account, AML compliance
Lawful basis: Contract performance, Legitimate interests
Recipients: Platform staff, SRA (verification), hosting providers
International transfers: UK/EEA only
Retention period: Account duration + 6 years
Processing Activity 3: Matching and Introductions
Purpose: Matching Buyers with appropriate Solicitors
Categories of data subjects: Buyers and Solicitors
Categories of personal data: Contact, Legal matter info, Professional
Lawful basis: Contract performance
Recipients: Solicitors (as selected by Buyer)
International transfers: UK/EEA only
Retention period: 6 years from introduction
Processing Activity 4: Vulnerable User Support
Purpose: Providing additional support to vulnerable users
Categories of data subjects: Vulnerable users
Categories of personal data: Identity, Contact, Vulnerability information
Lawful basis: Consent, Legitimate interests
Recipients: Trained support staff only
International transfers: UK only
Retention period: Support duration + 6 years
SCHEDULE 4: DATA SUBJECT REQUEST FORM
ℹ Use this form to make a data subject request. You can also email this information to privacy@[platform].com.
Section A: Your Details
Full Name: _____________________________________________
Email Address: _____________________________________________
Phone Number: _____________________________________________
Account Username (if applicable): _____________________________________________
Postal Address: _____________________________________________
Section B: Type of Request
Please indicate which right(s) you wish to exercise:
☐ Right of Access (copy of my personal data)
☐ Right to Rectification (correct inaccurate data)
☐ Right to Erasure (delete my data)
☐ Right to Restrict Processing
☐ Right to Data Portability
☐ Right to Object to Processing
☐ Withdraw Consent
☐ Other (please specify): _____________________________________________
Section C: Details of Your Request
Please provide details of your request:
(Continue on separate sheet if necessary)
Section D: Additional Support
Do you need any additional support with this request?
☐ No additional support needed
☐ Yes - please specify: _____________________________________________
Section E: Verification
To verify your identity, please provide:
☐ I am making this request about my own data
☐ I am making this request on behalf of someone else (please provide authority)
Please attach a copy of photo ID (e.g., passport, driving licence) - required for access and erasure requests.
Section F: Declaration
I confirm that the information provided is accurate and I am entitled to make this request.
Signature: _____________________________________________
Date: _____________________________________________
ℹ Submit this form to: privacy@[platform].com or by post to: Data Protection Officer, [Address]. We will respond within ONE MONTH.
Document Information
This Privacy Policy is issued by E-Solicitors.
Document Version: 1.0
Effective Date: January 2026
Last Updated: January 2026
Next Review: January 2026
─────────────────────────────────────
Regulatory Framework
UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
Privacy and Electronic Communications Regulations 2003 (PECR)
EU General Data Protection Regulation (where applicable)
California Consumer Privacy Act (CCPA)
SRA Standards and Regulations 2019 (as amended 2025)
SRA Code of Conduct for Solicitors
Money Laundering Regulations 2017 (as amended)
LSAG Anti-Money Laundering Guidance 2025
Economic Crime and Corporate Transparency Act 2023
Proceeds of Crime Act 2002
Sanctions and Anti-Money Laundering Act 2018
Equality Act 2010
Related Documents
Cookie Policy
Website Terms and Conditions V1.0
Solicitor Terms and Conditions V1.0
Buyer Terms and Conditions V1.0
Solicitor Complaints About Buyers Process V1.0
Buyer Complaints About Solicitors Process V1.0
─────────────────────────────────────
E-Solicitors
Operated by: [Company Name]
Company registration number: [X]
Registered address: [Address]
ICO registration number: [X]
VAT number: [X]
Email: privacy@[platform].com
Phone: [Number]