LegalLens

Last updated: 3 June 2026

1. Introduction

This Privacy Policy (together with our Terms of Use and any other documents referred to in it) applies to our website at www.legallens.co.uk (the "Website", also referred to as the "Platform"). It describes the type of personal data we collect from you through the use of our services ("Services") or our Platform, how that personal data is used and disclosed, and the safeguards we use to protect it.

This Privacy Policy has been updated on 3 June 2026 to reflect the requirements of the Data (Use and Access) Act 2025 (DUAA), which introduced the most significant reforms to UK data protection law since Brexit. Core provisions of the DUAA entered into force on 5 February 2026, amending the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (as amended) (PECR). This Policy reflects those changes as they apply to LegalLens.

Please read this Privacy Policy carefully. By using or accessing our Platform or Services, you agree to the collection, use, and disclosure of personal data in accordance with this Privacy Policy. Please check back regularly to keep informed of updates.

If you have any comments on this Privacy Policy, please email us at contact@legallens.co.uk.

2. Who We Are

LegalLens is the data controller responsible for your personal data. Our details are:

Website: www.legallens.co.uk

Trading name: LegalLens

Contact email: contact@legallens.co.uk

We process your personal data in accordance with the following legislation:

The UK General Data Protection Regulation (UK GDPR), as amended by the Data (Use and Access) Act 2025

The Data Protection Act 2018

The Privacy and Electronic Communications Regulations 2003 (as amended by the DUAA 2025)

Any other applicable UK data protection legislation

3. What We Collect

3.1 Personal data you provide to us

We collect personal data that you actively provide to us, including when you:

Complete forms on our Platform, including when registering, subscribing, or requesting services

Request that marketing material be sent to you

Report a problem with our Platform or provide feedback

Interact with us via our social media platforms

3.2 Personal data we collect automatically

We also collect the following data automatically when you use our Platform:

Records of any correspondence between us

Details of transactions you carry out through our Platform

Details of your visits to our Platform and the resources you access

Technical information about your device, including IP address, browser type, and operating system, used for system administration and aggregate reporting purposes only

3.3 Categories of personal data

Depending on the services you use, the personal data we hold about you may include: your name; address; email address; phone number; financial information; and any further personal data you share through our Platform or in the course of receiving our services.

We do not store credit card details and we do not share customer payment details with any third parties without your consent.

4. Cookies and Storage Technologies

We use cookies and similar storage and access technologies (including pixels and local storage) to distinguish users and improve the experience of our Website.

Following the ICO's updated guidance on storage and access technologies published on 29 April 2026 (reflecting the DUAA 2025 amendments to PECR), we note the following:

Strictly necessary cookies: do not require your consent and are always active.

Analytics and functionality cookies: under the updated PECR framework, certain low-risk analytics and functionality cookies may not require explicit consent, provided you are given a clear opportunity to opt out. Where we rely on this basis, we will make this clear in our cookie banner.

Marketing and preference cookies: continue to require your explicit consent before being placed.

Please see our Cookie Policy for full details of the cookies we use, the lawful basis for each, and how to manage your preferences.

5. How We Use Your Data

5.1 Purposes of processing

We use your personal and non-personal data to:

Present our Platform content effectively to you

Provide information about and allow you to use the services you request

Respond to your customer service requests and enquiries

Take steps prior to entering into a contract with you and to perform our contractual obligations

Provide or facilitate the provision of legal consultancy services to you, including keeping records of documents or calls containing personal data

Tell you about changes to our services

Contact you about similar products and services to those previously provided to you, where you have not opted out (see Section 5.3)

With your prior consent, tell you about other goods and services that might interest you

5.2 Lawful bases for processing

Under the UK GDPR (as amended by the DUAA 2025), we rely on the following lawful bases:

Contract: where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.

Legitimate interests: where processing is necessary for our legitimate interests (or those of a third party), provided your interests and fundamental rights do not override those interests. We carry out a balancing test before relying on this basis.

Recognised legitimate interests (new under DUAA 2025): where applicable, we may rely on the new recognised legitimate interests basis introduced by the DUAA 2025 for specific purposes such as safeguarding and security, without requiring a full balancing test.

Consent: for marketing communications and, where required, for certain cookie and tracking technologies.

Legal obligation: where processing is necessary to comply with a legal or regulatory obligation.

5.3 Marketing

If you wish to receive marketing communications from us, you can provide your consent by ticking the relevant consent box when we collect your personal data. We will send you insights, legal updates, and information relevant to your business.

We will not send you unsolicited marketing. You can withdraw your consent or update your marketing preferences at any time by clicking the unsubscribe link in any of our emails or by contacting us at contact@legallens.co.uk. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

6. Automated Decision-Making and Profiling

The DUAA 2025 introduced updated rules on automated decision-making, now governed by Article 22A of the UK GDPR (in force from 5 February 2026).

Where we use automated processing that produces a decision with a legal or similarly significant effect on you, we will:

Inform you that automated decision-making is taking place

Provide meaningful information about the logic involved

Explain the significance and likely consequences of such processing

Give you the right to request human review of the decision, express your own point of view, and obtain an explanation

These rights do not apply where the automated decision is:

Necessary for the entry into or performance of a contract between us

Authorised by law

Based on your explicit consent

Where we use profiling, we will apply appropriate mathematical and statistical procedures, implement technical and organisational safeguards to minimise the risk of errors, and ensure all profiling data is held securely to prevent discriminatory effects.

7. Where We Store Your Data

Your data may be transferred to and stored in countries outside the United Kingdom. Where such transfers occur, we ensure appropriate safeguards are in place.

Following the DUAA 2025, the standard for assessing the adequacy of data protection in third countries has been updated to a 'not materially lower' test, replacing the previous 'essentially equivalent' standard. We apply this updated standard when assessing the adequacy of protections in any country to which we transfer your data, and we use appropriate transfer mechanisms (such as International Data Transfer Agreements or UK adequacy decisions) where required.

We maintain appropriate technical and organisational security measures to protect your personal data against accidental loss, unauthorised access, use, alteration, or disclosure. We limit access to your personal data to those employees, agents, contractors, and third parties who have a genuine business need to access it.

We have procedures in place to deal with any suspected personal data breach and will notify you and the ICO where we are legally required to do so.

Please note that the transmission of data via the internet is not completely secure. While we take all reasonable steps to protect your data, you transmit data to us at your own risk.

8. Retention of Your Data

We will not retain your personal data for longer than is necessary for the purposes for which it was collected. Our standard retention periods are set out below:

Marketing data (name, email, phone, postal address where provided)

Lawful basis: Consent | Retention period: 3 years from date of sign-up to marketing, or until consent is withdrawn

Prospective client data (name, email, phone, job role, postal address)

Lawful basis: Pre-contractual steps | Retention period: 5 years from date of last contact or last login to the Platform, whichever is later

Active and former client data (name, email, phone, job role, postal address, call and video recordings)

Lawful basis: Contract — provision of legal consultancy services | Retention period: Minimum 7 years from last date of contact or last login to the Platform, whichever is later, or longer where required by regulatory or legal obligations

We do not store credit card details.

9. Sharing Your Data

We do not sell your personal data. We may share your personal data in the following circumstances:

If we want to sell our business or assets, we may disclose your data to the potential buyer or seller

With other companies in our group (subsidiaries and holding companies as defined in Section 1159 of the UK Companies Act 2006)

Where we have a legal obligation to disclose, or to protect the property, safety, or rights of others

In connection with legal proceedings (including prospective proceedings) or to establish or defend our legal rights

To protect against fraud or credit risks

We engage third-party service providers to assist us in operating our business. We only share the minimum personal data necessary for each supplier to provide their service. All third parties are required to handle your data securely and in accordance with applicable data protection legislation.

Our current third-party processors and sub-processors include:

Web hosting: Amazon Web Services, Squarespace

CRM, email, and data analysis: HubSpot Inc

e-Signing: DocuSign

Video conferencing and telephony: Microsoft Teams

Call booking: Calendly LLC

Push notifications: OneSignal Inc

Online reviews: Feefo

This list is not exhaustive and may change. Other providers include, where applicable: SMS alerts, IT and software providers, online advertising management, accountants, insurers, and regulatory bodies including the ICO. Please check this page periodically for updates.

10. Your Rights

Under the UK GDPR (as amended by the DUAA 2025), you have the following rights in relation to your personal data:

Right of access: to request a copy of the personal data we hold about you (Subject Access Request). This is generally free of charge, though an administrative fee may apply in limited circumstances such as repeated requests.

Right to portability: to request that your personal data be transferred securely to another service provider in electronic form.

Right to rectification: to have inaccurate personal data corrected and incomplete data completed.

Right to erasure: to request deletion of personal data where there is no longer a legal or business basis for us to hold it.

Right to restriction: to request that processing of your personal data be restricted in certain circumstances.

Right to object: to object to processing of your personal data, including for direct marketing purposes.

Rights in relation to automated decision-making: to challenge decisions made solely by automated means that have a legal or similarly significant effect on you, including the right to request human review and to obtain an explanation (see Section 6 above).

To exercise any of these rights, please contact us at contact@legallens.co.uk.

11. Data Protection Complaints Procedure

In accordance with the requirements introduced by the Data (Use and Access) Act 2025 (effective June 2026), we have implemented a formal complaints procedure for data protection matters.

If you believe we have not processed your personal data in accordance with applicable data protection legislation, you may make a complaint by:

Emailing us at contact@legallens.co.uk with the subject line 'Data Protection Complaint'

Setting out clearly the nature of your complaint and the personal data to which it relates

We will acknowledge your complaint within 5 working days and aim to provide a substantive response within 28 days. Where the matter is complex, we will notify you if additional time is required.

If you are not satisfied with our response, or if you wish to raise a complaint directly, you have the right to contact the UK's Information Commissioner's Office (ICO), the supervisory authority responsible for enforcing UK data protection law:

Website: www.ico.org.uk

Helpline: 0303 123 1113

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

12. Security

We are committed to ensuring that your personal data is protected and held securely. We have implemented appropriate physical, electronic, and managerial procedures — including firewalls and other cyber security measures — to safeguard data collected through our Platform.

However, the internet is not a completely secure medium, and we cannot accept responsibility for the security of data during transmission or for non-delivery of emails. You transmit data to us at your own risk.

13. Links to Other Websites

Our Platform may contain links to third-party websites. Our Privacy Policy does not apply to those websites. We have no control over how third parties collect, store, or use your data, and we advise you to check their privacy policies before providing any personal data to them.

14. International Data Transfers

Some of our third-party service providers are based outside the United Kingdom. As noted in Section 7, any transfer of your personal data outside the UK is subject to appropriate safeguards under the updated DUAA 2025 framework. We use UK-approved transfer mechanisms, including International Data Transfer Agreements (IDTAs) and UK adequacy decisions, where applicable.

15. Changes to This Privacy Policy

If we make changes to this Privacy Policy, we will post the updated version on this page and update the 'Last updated' date at the top. Where changes are material, we will notify you by email where we hold your contact details.

16. Your Consent

By ticking the applicable consent box when signing up to our Platform or submitting a form, you confirm that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein.

17. Dispute Resolution

The parties will use their best efforts to negotiate in good faith and settle any dispute arising out of or in connection with this Privacy Policy.

If any dispute cannot be settled amicably, either party may propose that structured negotiations be entered into with the assistance of an accredited mediator before resorting to litigation.

This Privacy Policy (and any non-contractual disputes arising from it) is governed by English law. Any disputes shall be subject to the exclusive jurisdiction of the English courts.

18. Terms and Conditions

Please also review our Platform Terms of Use, which set out the terms governing your use of our Platform, including disclaimers and limitations of liability.

The materials on this website do not constitute legal advice and are provided for general information purposes only. LegalLens is a specialised legal consultancy, not a traditional law firm. For legal advice tailored to your specific situation, please contact us directly.

LegalLens | contact@legallens.co.uk | www.legallens.co.uk | Last updated: 3 June 2026