Privacy Policy

Introduction

LawStreet is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use the LawStreet website. It also outlines your rights under UK data protection laws – including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 – and how we comply with these laws in our data practices. We aim to be transparent about our data practices and ensure that we only process personal data in ways that are fair and lawful.

By using the LawStreet website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described here, please do not use our site. We may update this policy from time to time (see Changes to This Privacy Policy below), and we encourage you to review it periodically.

Who We Are

For the purposes of data protection law, LawStreet (referred to in this policy as “LawStreet”, “we”, “us”, or “our”) is the “data controller” of your personal data collected via the LawStreet website (lawstreet.co.uk). LawStreet is a UK-based service operating in England and Wales that helps users find and compare solicitors. In practical terms, this means LawStreet determines the purposes and means of processing personal data obtained through our site.

If you need to contact us about any data protection matters, please refer to the Contact Us section at the end of this Privacy Policy. We do not currently have a designated Data Protection Officer (DPO) (as we are not required by law to appoint one for our operations), but our team is happy to address any questions or concerns you have.

What Information We Collect

LawStreet is designed to provide information to users without requiring them to create accounts or log in. As such, the personal data we collect is limited. However, we do collect certain information in the following categories:

• Information You Provide Directly: Information You Provide Directly: If you choose to contact LawStreet (for example, by sending us an email or filling out a contact form on the site), we will collect whatever personal information you provide. This typically includes your name, email address, and the content of your communication. For instance, if you email us asking about how LawStreet works or providing feedback, we will collect your email address and any other details you include in your message. Similarly, if in the future we offer a feature for solicitors or users to submit information to us, any data you submit will be collected and processed for the intended purpose. (Currently, we do not offer user registration or public user submissions on the site).
• Usage Data and Technical Information: When you use LawStreet, our systems automatically collect certain technical data about your visit. This includes data like your IP address, browser type and version, device type, operating system, and timestamps of your visits. We also collect information about your activity on the site, such as the pages or solicitor profiles you view, the search queries you enter, and how you navigate through the site. This information helps us run the site efficiently and understand how visitors use our service. While we do not tie this usage data to your identity, some of it (like IP addresses) could be considered personal data because it can sometimes be used to identify an individual device or user. We treat all such data with care and in accordance with this policy.
• Cookies and Similar Technologies: As described in our Cookies Policy, we use a very limited number of cookies on LawStreet. These are primarily essential cookies needed for things like maintaining your session or preferences. We do not use any cookies for analytics or advertising at this time, so we are not actively tracking personal behavior across sessions beyond basic server logs. The essential cookies we use may store a random session identifier or preferences (but not personal details like your name). Because they are necessary for providing the service (e.g., keeping you connected to the website), these cookies may not require prior consent​, but we still inform you about them. If we ever decide to use non-essential cookies (such as for analytics), we will update our policies and obtain your consent as required​. For more details, please see our LawStreet Cookies Policy.

Sensitive Personal Data: LawStreet does not intend to collect any special categories of personal data (such as information about your health, ethnicity, political opinions, or sexual orientation) or criminal offence data. We kindly ask that you refrain from providing such information through our site or communications. Our service is about connecting users with solicitors and does not require any sensitive information from users.

Children’s Privacy: LawStreet is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13 years old. If you are under 13, please do not use our site or send us any personal information. If we discover that we have inadvertently collected personal information from a child under 13, we will delete that information. If you are a parent or guardian and believe we might have information from or about a child, please contact us and we will take appropriate steps.

How We Use Your Information

We use the personal data we collect for the following purposes, in each case in accordance with applicable data protection laws:

1. Providing and Operating the Website: First and foremost, we process data to deliver the LawStreet service to you. This includes using technical information (like your IP address and browser type) to load our webpages on your device and ensure they display correctly. We might also use a session cookie or similar identifier to maintain your session as you use the site (for example, remembering the search criteria you’ve input as you navigate through solicitor profiles). Using your data in this way is necessary for the performance of the service you are requesting (i.e., showing you the website content). It is also in our legitimate interest to ensure our site functions properly and securely.
2. Communicating with You: If you reach out to us (via email or any contact form), we will use your contact information and message to respond to you. For example, if you email us with a question about how to use LawStreet or to report an issue, we will use your email address to communicate with you and resolve your query. We consider responding to user-initiated communications as processing based on your implied consent (you provided your details expecting a reply) or our legitimate interests in providing good customer service. We will not use your contact information to send you marketing emails or newsletters unless you have explicitly agreed to that.
3. Improving Our Services: We want to make LawStreet as helpful and user-friendly as possible. We may analyze usage data and feedback to understand how our site is used and how we can improve it. For instance, we might look at aggregate data to see which types of legal searches are most common or which parts of the site are most visited. This could inform decisions like adding more solicitors in a high-demand area or improving navigation on popular pages. We use aggregate or anonymized data for these analytics whenever feasible, so we’re looking at trends and statistics, not tracking individual user behavior. Processing data for these purposes is usually based on our legitimate interest in improving our service and the user experience. We ensure that our legitimate interests do not override your rights by using mostly anonymized data (e.g., total number of searches in a category) and by not using invasive tracking. (Example: We may note that “500 users searched for family law solicitors in London this month,” to guide our efforts. We do not know who those users are – just the overall count.)
4. Sharing Insights with Partners (Aggregated Data Only): In the future, LawStreet may produce aggregated, non-personal insights that could be shared with solicitor firms or partners. For example, we might compile a report for participating law firms indicating that “X number of users searched for [specific legal service] in [region] over the last quarter.” These insights will not contain personal data – they will not reveal any individual’s identity or specific activity. They are statistical summaries intended to help solicitors understand user needs. We will never share your name, contact details, or individual search history with any third-party law firm without your explicit consent. In generating aggregated statistics, we will ensure that the data is sufficiently anonymized. (We note that even creating anonymous statistics involves processing underlying data, but we take steps to comply with data protection principles during that process​, such as stripping out identifiers and only using data in bulk form.)
5. Maintaining Security and Preventing Fraud: We use data to protect the security of the LawStreet website, our users, and our business. This includes monitoring patterns on our site to detect and mitigate malicious activities. For instance, we may use IP address information and logs to identify a potential cyber-attack (like a Denial-of-Service attack) or to prevent unauthorized scraping of our solicitor directory. We also may detect if multiple failed searches or inputs suggest someone trying to misuse any contact forms. These activities are important for keeping the website safe and are based on our legitimate interest in maintaining a secure service, as well as fulfilling potential legal obligations to safeguard data (security is a principle of the UK GDPR).
6. Compliance with Legal Obligations: We will process and disclose personal data where necessary to comply with our legal obligations. For example, we might be required to retain certain records for a period of time under law, or to provide information to law enforcement or regulatory authorities if they present a lawful request (such as an official court order or an ICO directive). Another example is complying with the ICO’s requirements or a user’s data protection rights (processing data to fulfill a deletion or access request is itself a processing under legal obligation). We will only disclose what is required by law and will object to or refuse requests for data that we believe are improper.
7. Future Features or Services: If LawStreet expands its offerings, we may collect and use data in new ways. For instance, if we start allowing users to create accounts, post reviews of solicitors, or subscribe to a newsletter, we will collect the necessary data for those services (like an email address for a newsletter) and use it for the intended purpose. Whenever we introduce a new feature involving personal data, we will update this Privacy Policy and ensure we have an appropriate lawful basis (such as obtaining your consent for marketing emails, or fulfilling a contract if we offer a paid service in the future). We will always notify you of new data uses and get consent where required.

Legal Bases for Processing: Under the UK GDPR, we must have a valid “lawful basis” for each use of your personal data. Here are the bases we rely on for the various processing activities described:

• Consent: We will ask for your consent when it’s required. For instance, if you were to sign up for an optional email newsletter in the future, we would rely on your consent to send it. Likewise, if we implement analytics or non-essential cookies, we will seek your consent before activating them. If you contact us and provide information voluntarily, we take that as consent to use the information to respond to you. Where we process data based on your consent, you have the right to withdraw that consent at any time​ (which you can do by contacting us; for cookies, you can adjust settings or clear them).
• Legitimate Interests: We often process your data because it’s in our legitimate interests to do so, and we believe it does not unduly impact your rights. Our legitimate interests include: running a functional and secure website, responding to user inquiries, understanding how our site is used, and improving our services. When using this basis, we balance our interests against your privacy rights and expectations. For example, collecting an IP address for site security is a minimal intrusion to privacy and is offset by the benefit of preventing attacks that could affect service availability for all users.
• Performance of a Contract: Currently, this basis is less directly applicable because using LawStreet (searching for solicitors) is not done under a user contract – it’s a free service provided at your initiative. If you were to engage a solicitor through our site, that contract is between you and the solicitor, not with LawStreet. However, if in the future LawStreet offers account-based services or paid features, processing your data for those would likely be based on fulfilling our contract with you (e.g., using your email and password to maintain an account you created).
• Legal Obligation: As noted, sometimes we must process data to comply with the law. For example, data needed to fulfill a valid data subject request, to keep proper business records, or to comply with law enforcement investigations falls under this basis.

If you have any questions about the specific lawful basis for any processing of your personal data, you can contact us for clarification.

How We Share Your Information

Protecting your privacy is important to us. We do not sell or rent your personal information to third parties. We will only share your information with others in the following circumstances:

• Service Providers (Processors): We may share data with trusted third-party service providers who perform functions on our behalf. These include, for example: website hosting companies (that host our site and databases), IT infrastructure providers, or email service providers (if you email us, your message goes through an email hosting service). If in the future we use analytics tools or other cloud-based services, those providers will also receive certain data. We ensure any such service providers are bound by appropriate confidentiality and data protection obligations. They are not allowed to use your data for their own purposes – only to provide services to us and in line with our instructions. For instance, if we use a web analytics service, it will collect usage data for our analysis and not use it to profile you for their own marketing, unless you separately consent to such use with them (e.g., Google may use analytics data in aggregate for improving their services, but they won’t identify you to us).
• Solicitor Firms or Business Partners: As mentioned, we may share aggregate, anonymous data with solicitor firms or partners. For example, we might inform participating law firms about general trends (“This month, 200 people searched for immigration lawyers in Manchester”). This data will not include personal identifiers or individual-level details. Its purpose is to provide useful insights without compromising individual privacy. We do not share your personal inquiries or contact details with any law firm via our platform. If, in the future, LawStreet offers a feature where you ask us to forward your contact info to a specific solicitor (for instance, to request a quote), we will only do so with your explicit request and consent at that time.
• Legal Requirements and Protection: We may disclose your personal information if required to do so by law or in the good-faith belief that such action is necessary to: (a) comply with a legal obligation (for example, a court order or a legally enforceable request by a law enforcement agency); (b) protect and defend the rights or property of LawStreet (including enforcing our Terms and Conditions or investigating potential violations thereof); (c) act in urgent circumstances to protect the personal safety of users of LawStreet or the public; or (d) protect against legal liability. For example, if required by the Solicitors Regulation Authority (SRA) or the Information Commissioner’s Office (ICO) as part of an investigation, we would provide relevant data as needed by law.
• Business Transfers: If LawStreet (or the company that owns/operates LawStreet) undergoes a business transaction such as a merger, acquisition by another company, or sale of all or a portion of its assets, user information (which may include personal data) might be among the assets transferred. If such a transfer happens, your personal information would remain subject to this Privacy Policy (or a policy with protections at least as strong as this one), and we would notify you via a prominent notice on our website or by other means if your data becomes subject to a new privacy policy. For instance, if LawStreet is acquired by another company, that company might run the site and use your data in accordance with this policy, unless you’re notified of changes.

Aside from the scenarios above, LawStreet will not share your personal data with third parties. In particular, we do not give or sell your information to advertisers or unrelated companies for marketing purposes.

Data Retention: How Long We Keep Your Data

We retain personal data only as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements​. Because our data collection is relatively minimal and purpose-driven, our retention periods are likewise limited:

• Contact Communications: If you contact us via email or a contact form, we will retain your communication and our response for as long as needed to address your inquiry or resolve the issue you contacted us about. After that, we generally archive or delete such correspondence within a reasonable period (for example, after 6-12 months). In some cases, we might keep correspondence longer if we believe it’s necessary – for instance, if you make a complaint or there’s a potential legal dispute, we might retain relevant communications until it is fully resolved. We will also retain information if we are legally required to do so (e.g., evidence of consent or transactions, if applicable).
• Usage Logs: Our web server logs and any system logs that include IP addresses or device information are typically kept for a short period for troubleshooting and security monitoring, and then automatically deleted. We might keep basic logs for slightly longer durations (e.g., a few months) if needed for aggregate analytics or to investigate abuse. If we use analytics services, the data may be retained by those services for a certain period (e.g., Google Analytics commonly retains non-identifiable data for 14 months by default, but since we currently do not use any analytics, this is not applicable yet).
• Cookies: Cookies have their own retention (some expire when you close the browser, others persist for days or weeks – see our Cookies Policy for lifespans). We respect those lifespans and you can also delete cookies at any time. If we set a cookie that expires, it will automatically cease to function after its expiration.
• Aggregate Data: Non-personal, aggregate data (which does not identify you) may be retained indefinitely, as it poses no risk to your privacy. This might include general statistics like total site visits per month, etc.

When we no longer need personal data, we will securely delete or anonymize it. We also periodically review the data we hold, and if we find we have information that we no longer need, we will erase it or anonymize it. If deletion is not immediately possible (for example, because the data is stored in a secure backup archive), we will isolate it from further use until deletion is possible.

Your Rights Under Data Protection Law

Under UK data protection laws, including the UK GDPR, you have several rights regarding your personal data. We are committed to upholding these rights and have summarized them below. Keep in mind that these rights are not absolute – in some cases, legal exemptions may apply. However, we will always endeavor to honor your request and will explain any reason we cannot do so (such as a legal requirement to keep certain data) if that situation arises.

• Right to Be Informed: You have the right to be informed about the collection and use of your personal data​. This Privacy Policy is one of the ways we provide you with that information. We aim to be transparent about how we use your data (hence this detailed notice).
• Right of Access: You have the right to request access to the personal data we hold about you, and to obtain information about how we process it. This is commonly known as a Subject Access Request. Upon request, we will provide a copy of your personal data along with details on what data we have, why we have it, who it may have been shared with, how long we intend to keep it, and the source of the data (if you didn’t provide it directly). We will do this within one month of verifying your identity, as required by law (this period can be extended by two further months for complex requests, but we would inform you if that is the case).
• Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected. For example, if you contact us and your name is misspelled in our records, you can ask us to fix it. We’ll rectify any confirmed inaccuracies promptly.
• Right to Erasure: You have the right to request the deletion of your personal data in certain circumstances – this is often referred to as the “right to be forgotten.” You can request that we erase your data if it’s no longer necessary for us to have it, if you withdraw consent (in cases where consent is the legal basis and there’s no other basis to keep it), or if you object to processing and we have no overriding legitimate grounds, among other reasons. We will review such requests and, if there’s no lawful reason for us to retain the data, we will delete it. Please note that the right to erasure is not absolute; sometimes we may have to retain certain information (for example, to comply with a legal obligation or in case of legal claims).
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain circumstances. This means we would store your data but temporarily pause any other processing. You might exercise this right if, for instance, you contest the accuracy of the data (we would restrict processing until we verify accuracy), or you object to processing based on legitimate interests (we would restrict processing while considering the objection), or if processing is unlawful but you prefer restriction over deletion. If processing is restricted, we will inform you before lifting the restriction.
• Right to Data Portability: For personal data that you have provided to us and that we process by automated means under the legal basis of consent or contract, you have the right to obtain that data from us in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another controller (or have us transfer it, where technically feasible) if you so choose. In plain terms, this right is relevant if we were holding data like a user profile or account information you gave us. Since LawStreet currently does not have user accounts or collect data like profile details or preferences beyond basic queries, this right may not apply in practice to our current data holdings. However, if you request it, we will provide whatever personal data we can in a CSV or similar format. This right does not apply to data that we generate (like internal analytics) nor to data processed on legal grounds other than consent or contract.
• Right to Object: You have the right to object to our processing of your personal data in certain situations. You can object to processing that we justify on legitimate interests grounds, if you believe it impacts your rights or freedoms. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless we need to continue processing for the establishment, exercise, or defense of legal claims. You also have an absolute right to object to any processing for direct marketing purposes – if LawStreet were ever to send you marketing (which we currently do not), you could opt out at any time and we would cease. In the context of LawStreet, an example might be if you objected to our use of your usage data for improvement analytics; we would consider if we can accommodate your objection (possibly by simply excluding your data) while still running our service. We will honor objections to the fullest extent required by law.
• Right to Withdraw Consent: In cases where we rely on your consent to process personal data, you have the right to withdraw that consent at any time​. For example, if you had subscribed to an email update and you change your mind, you can unsubscribe (withdraw consent) and we will stop that processing. Withdrawing consent does not affect the lawfulness of processing that happened before the withdrawal. If you withdraw consent for something essential (like if in the future we had a feature that required consent), we will inform you of any consequences (like inability to provide a service). However, as of now, we aren’t processing any data based solely on consent except when you proactively contact us.
• Right to Complain: If you are unhappy with how we have handled your personal data, you have the right to make a complaint to the UK’s supervisory authority for data protection, which is the Information Commissioner’s Office (ICO)​. You can find details on how to report concerns to the ICO on their official website (ico.org.uk). The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Their helpline is 0303 123 1113. We would appreciate the chance to address your concerns before you approach the ICO, so we invite you to contact us first if you have any issues. We take privacy seriously and will do our best to resolve any complaint or concern you raise.

To exercise any of your rights, please contact us using the details provided in the Contact Us section. For your security, we may need to verify your identity before acting on certain requests (for example, we might ask you to confirm some information we already have, or to provide ID in rare cases) – this is to ensure we don’t disclose data to the wrong person or delete data at the request of someone impersonating you. We will respond to all legitimate requests as quickly as possible, and at least within the one-month time frame required by law (starting from when we have received any information needed to confirm your identity and understand the scope of the request). If your request is particularly complex or if you have made a number of requests, we may extend this timeframe by up to two further months, but we will inform you if an extension is needed and explain why.

Data Security

LawStreet takes appropriate security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. We employ a combination of technical and organizational security measures. These include, for example, encryption of our website traffic (our site is accessible only via HTTPS, which encrypts data between our servers and your browser), firewalls and monitoring to protect our IT infrastructure, regular software updates and security patches to address vulnerabilities, and restricted access to personal data (only authorized personnel or contractors who need the information for the purposes described above are granted access, and even then, only to the data necessary for their role).

We also have procedures in place to handle any suspected data security breach. Despite all our efforts, it’s important to note that no website or internet transmission is completely secure. We cannot guarantee that our security measures will never be bypassed (for example, by extremely sophisticated cyber-attacks). However, we continually review and enhance our security practices in line with industry standards and regulatory guidance to mitigate such risks.

If you have reason to believe that your interaction with us (or any information we have about you) is no longer secure – for example, if you suspect that the LawStreet website might be compromised or if you receive suspicious communications purporting to be from us – please notify us immediately using the contact information below. We will work with you and any relevant authorities to investigate the issue and mitigate any potential breach.

International Data Transfers

LawStreet is based in the United Kingdom, and our website is intended for users in the UK (specifically England and Wales). We strive to store and process personal data within the UK or the broader European Economic Area (EEA) whenever possible. This means that information we collect from you is generally kept on servers located in the UK or EU, which are covered by robust data protection laws.

However, some of our third-party service providers might be located outside of the UK/EEA or might use servers located in other jurisdictions. For example, if we use an email service or cloud provider based in the United States or another country, or if our website hosting backup servers are in a different region, your data could be transferred or accessed outside the UK/EEA. In such cases, we will ensure that any international transfers of personal data are protected by appropriate safeguards as required by the UK GDPR.

These safeguards may include:

• Adequacy Decisions: Transferring data only to countries that have been officially recognized by the UK Government (or EU, as applicable) as providing an adequate level of data protection. For instance, countries in the EEA are currently recognized under UK law as adequate post-Brexit, and there are certain other countries with adequacy decisions.
• Standard Contractual Clauses (SCCs): Using the UK-approved Standard Contractual Clauses (and any required supplemental measures) in contracts with the receiving party. SCCs are legal contracts that oblige the recipient of the data to protect it according to standards essentially equivalent to UK/EU data protection law​.
• International Data Transfer Agreement/Addendum: For transfers from the UK, we may use the International Data Transfer Agreement or the Addendum to EU SCCs, where appropriate, to ensure compliance with UK-specific transfer requirements.
• Other Measures: In some cases, we might rely on specific exceptions under the law (for example, if you have explicitly consented to the transfer after being informed of any risks).

If we do transfer your personal data outside of the UK/EEA, we will take steps to ensure it remains protected in line with this Privacy Policy and applicable laws. You can contact us for more information about the safeguards we have in place for international data transfers or to obtain a copy of them (where available).

Third-Party Links and Services

The LawStreet website may contain links to third-party websites or services, such as the websites of solicitor firms, law-related resources, or government/legal aid sites. If you follow a link to any external site, please be aware that those websites have their own privacy policies and that we do not accept any responsibility or liability for their policies or the handling of your data on those sites​. This Privacy Policy applies solely to data collected by LawStreet on our own website.

For example, if you click a link that takes you to a solicitor’s website to learn more about them, any information you provide on that site (like contacting that solicitor or using their online services) is governed by the privacy policy of that solicitor’s website, not LawStreet’s. We recommend that when you leave our site, you read the privacy notices of the other websites you visit, especially before submitting any personal data to those sites.

Additionally, if in the future LawStreet integrates with any third-party services (for example, a mapping service to show solicitor locations, or a chat feature powered by a third-party), we will clearly indicate such integration and let you know if any data is being shared with those services as you use the feature.

Your California Privacy Rights (if applicable): LawStreet is focused on the UK and does not target users in other jurisdictions, but if for some reason a California resident is using our site, the California Consumer Privacy Act (CCPA) may provide certain rights. This might include the right to know, delete, and opt-out of the “sale” of personal information. However, LawStreet does not sell personal data, and the information we collect is quite limited (as described above). We nonetheless provide the same transparency and control to all users, regardless of location. California residents who have questions or requests can contact us as well.

Changes to This Privacy Policy

We may revise or update this Privacy Policy from time to time. Legal requirements and our services may evolve, and we want our policy to accurately reflect our practices. When we make changes, we will update the “last updated” date at the top of this policy. If the changes are significant, we will provide a more prominent notice (for example, we might display a banner on our site or send an email notification if appropriate).

Any changes will become effective when the updated Privacy Policy is posted (unless otherwise indicated). Your continued use of LawStreet after any such updates take effect will constitute acknowledgment and (as applicable) acceptance of those changes. If we were to make changes that materially affect how your personal data is used, we would, if required by law, obtain your consent or give you the opportunity to opt-out of those changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting the personal data we collect. This policy is easily accessible on our site (usually via a link in the footer or menu).

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please do not hesitate to contact us:

• Email: info@lawstreet.co.uk

You may also reach out to us through any contact form on the LawStreet website. We will respond as promptly as possible. Your trust is important to us, and we welcome any feedback or inquiries you may have about your privacy and our data protection practices.