Legal
Privacy Policy
Last updated: March 2025
Introduction
PDA Law Solicitors Limited ("we", "us", "our", or "PDA Law") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.
Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our website or services.
1. Information We Collect
We may collect information about you in a variety of ways. The information we may collect on the site includes:
Personal Data You Provide Directly
- Contact Information: Name, email address, telephone number, postal address
- Professional Information: Job title, company name, industry
- Enquiry Information: Details about your legal matter or enquiry
- Payment Information: Credit card or bank details (processed securely by third-party payment providers)
- Communication Preferences: How you wish to be contacted
Information Collected Automatically
- Device Information: Device type, operating system, browser type
- Usage Information: Pages visited, time spent on pages, links clicked, referral source
- Location Information: General geographic location (country/city level) based on IP address
- Cookies and Similar Technologies: See our Cookies Policy for details
2. How We Use Your Information
We use the information we collect for various purposes, including:
- Providing, maintaining, and improving our legal services
- Processing your enquiries and responding to your requests
- Sending you service-related announcements and updates
- Sending you marketing communications (with your consent)
- Conducting research and analytics to improve our website and services
- Complying with legal obligations and regulatory requirements
- Protecting against fraud, security threats, and other harmful activities
- Enforcing our Terms of Business and other agreements
3. Legal Basis for Processing
Under UK GDPR and Data Protection Act 2018, we process your personal data on the following legal bases:
- Contractual Necessity: To perform our services and fulfil your requests
- Legal Obligation: To comply with law, regulation, and professional obligations
- Legitimate Interests: To improve our services, prevent fraud, and protect our rights
- Consent: For marketing communications and optional services (you can withdraw consent at any time)
4. Sharing Your Information
We do not sell, trade, or rent your personal information to third parties. However, we may share your information in the following circumstances:
- Service Providers: Third parties who assist us in operating our website and providing services (e.g., hosting providers, payment processors)
- Legal Requirements: When required by law, court order, or regulatory authority
- Professional Advisors: Accountants, auditors, and legal advisors as necessary
- Business Transfers: In the event of a merger, acquisition, or sale of assets
4A. Data Processors
We use the following third-party data processors to operate our website and deliver our services. Each processor has been assessed for GDPR compliance and is subject to a Data Processing Agreement (DPA) or equivalent contractual safeguards.
| Processor | Purpose | Data Location | Retention | DPA / Safeguard |
|---|---|---|---|---|
| Supabase | Database storage for form submissions and enquiry data | EU (Ireland) — AWS eu-west-1 | Until deleted or 3 years from last contact | Supabase DPA |
| Resend | Transactional email delivery (enquiry confirmations, notifications) | USA — Standard Contractual Clauses apply | Email logs retained for 30 days | Resend Privacy Policy |
| Tally | Online form collection for enquiries and intake forms | EU (Belgium) — AWS eu-west-1 | Until deleted or 12 months from submission | Tally Privacy Policy |
| Google Analytics | Website traffic analysis (analytics consent required) | USA — Standard Contractual Clauses apply; IP anonymisation enabled | 26 months | Google Privacy Policy |
| Microsoft Clarity | Session recording and heatmaps (analytics consent required) | USA — Standard Contractual Clauses apply | 13 months | Microsoft Privacy Statement |
| Google reCAPTCHA | Bot and spam prevention on contact forms (analytics consent required) | USA — Standard Contractual Clauses apply | Session-based; no persistent storage | Google Privacy Policy |
| Ruler Analytics | Call tracking and marketing attribution (marketing consent required) | UK | As per Ruler Analytics terms | Ruler Analytics Privacy Policy |
You can request details of the Data Processing Agreements we hold with any of the above processors by contacting us at enquiries@pdalaw.co.uk.
5. Data Retention
We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Retention periods vary depending on the type of data and the purpose for which we process it:
- Client Data: Retained for the duration of the engagement plus 6 years (as required by professional standards)
- Enquiry Data: Retained for 3 years unless you opt out of communications
- Marketing Data: Retained until you unsubscribe or withdraw consent
- Website Analytics: Retained for up to 26 months
6. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of Access: You can request a copy of the personal data we hold about you
- Right to Rectification: You can request that we correct inaccurate or incomplete data
- Right to Erasure: You can request deletion of your data (subject to legal obligations)
- Right to Restrict Processing: You can request that we limit how we use your data
- Right to Data Portability: You can request your data in a portable format
- Right to Object: You can object to certain types of processing, including marketing
- Right to Withdraw Consent: You can withdraw consent for optional processing at any time
To exercise any of these rights, please contact us using the details below.
7. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (SSL/TLS)
- Secure password policies and access controls
- Regular security audits and vulnerability assessments
- Employee training on data protection and confidentiality
- Incident response procedures
However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
8. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our website. For detailed information about cookies, including how to manage your preferences, please see our Cookies Policy.
You may refuse the use of cookies used by Google Analytics via the settings in your browser (see cookies section below). To opt out of being tracked by Google Analytics across all websites visit Google Analytics Opt-out Browser Add-on.
9. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party websites before providing your personal information.
10. Children's Privacy
Our website and services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will promptly delete such information and terminate the child's account.
11. International Data Transfers
Your personal data is primarily stored and processed in the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated Privacy Policy on our website and updating the "Last Updated" date.
13. Contact Us
If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your data protection rights, please contact us:
- Telephone: Call PDA Law on 01244 757323
- Email: Email enquiries@pdalaw.co.uk
- Post: 121 Saughall Road, Chester, Cheshire, CH1 5ET
Our Data Protection Manager is Paul D'Ambrogio. You can contact him at Email enquiries@pdalaw.co.uk or call 01244 757323.
14. Your Right to Complain
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you are not happy with the way that we handle your personal data. You can contact the ICO at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or by calling the ICO's helpline on 0303 123 1113.
Related Policies
Please also review our Cookies Policy and Complaints Policy for additional information.