Do you need help with a lease?

Contact us
  • Working: 9.00am - 5.00pm
Get a quote

Privacy policy

LEASE LAWYERS > Privacy policy

Last updated: 9 March 2026

At Lease Lawyer (“we”, “us”, “our”), we are committed to protecting your privacy and handling your personal data transparently and securely.

This Privacy Policy explains how we collect, use, store and share your personal data when you:

  • visit https://www.leaselawyer.co.uk/

  • contact us by phone, email or website form

  • ask us about our legal services

  • instruct us to act for you

  • subscribe to updates or marketing communications, where offered

1. Who we are

Data controller: Lease Lawyer
Trading name: Lease Lawyer
Website: https://www.leaselawyer.co.uk/
Email: info@leaselawyer.co.uk
Phone: 0161 249 5087

If you have any questions about this Privacy Policy or how we use your personal data, please contact us using the details above.

2. The personal data we collect

We may collect and process the following categories of personal data:

Information you provide directly

  • your name

  • email address

  • telephone number

  • company or organisation name

  • property or matter-related information you send to us

  • details contained in enquiry forms, emails, phone calls or documents you provide

  • billing and payment information where relevant

Information we collect automatically

When you use our website, we may automatically collect certain technical information, such as:

  • browser type and version

  • device type

  • operating system

  • referral source

  • pages visited and time spent on the site

  • cookie and analytics data

Special category data

In limited cases, you may provide sensitive personal data as part of a legal enquiry or instruction. We only process this where necessary and where a valid legal basis applies.

3. How we use your personal data

We use your personal data to:

  • respond to your enquiries

  • assess whether we can assist with your legal matter

  • provide legal services and manage client relationships

  • carry out identity, file opening, compliance and conflict checks where required

  • communicate with you about your matter

  • send service-related communications

  • issue invoices and process payments

  • improve our website, services and user experience

  • maintain website security and prevent misuse

  • send marketing communications where legally permitted or where you have consented

4. Our lawful bases for processing

Under UK data protection law, organisations must identify a lawful basis before processing personal data. The appropriate basis depends on the purpose and relationship involved.

We rely on one or more of the following lawful bases:

Contract

Where processing is necessary to take steps at your request before entering into a contract, or to perform our contract with you.

Legitimate interests

Where processing is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This may include:

  • responding to enquiries

  • operating and improving our website

  • administering our business

  • maintaining records

  • protecting our legal position

  • preventing fraud or misuse

Legal obligation

Where we need to process your data to comply with the law, regulation, professional obligations, anti-money laundering requirements, taxation obligations, or requests from regulators and authorities.

Consent

Where we rely on consent, for example for certain cookies or certain direct marketing communications. Where consent is used, you can withdraw it at any time. ICO guidance specifically notes that privacy notices should explain the right to withdraw consent where consent is the lawful basis.

Special category data

If we process special category data, we will do so only where a valid condition under UK data protection law also applies, such as where processing is necessary for the establishment, exercise or defence of legal claims, or where you have explicitly consented.

5. How long we keep your data

We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, regulatory, tax, accounting, professional and record-keeping requirements. ICO guidance says your privacy notice should explain retention clearly.

Typical retention periods may include:

  • general enquiries: up to [12–24 months] after last contact

  • client matter files: for as long as required by law, regulation, insurer requirements, limitation periods, or professional practice needs, typically [6 years] or longer where appropriate

  • marketing records: until you unsubscribe or withdraw consent, plus a limited suppression record where needed

  • website analytics/cookie data: in line with cookie settings and provider retention periods

You should adjust these periods to match your actual compliance and file retention policy.

6. Who we share your data with

We may share your personal data with trusted third parties where necessary, including:

  • IT, hosting and website service providers

  • email and communications providers

  • CRM, case management or document management providers

  • payment processors, accountants, auditors and professional advisers

  • identity verification and compliance providers

  • courts, tribunals, regulators, government bodies, law enforcement or fraud prevention agencies

  • barristers, experts, agents, counterparties and other professionals involved in your matter

  • insurers and legal advisers where necessary to protect legal rights

We require third parties processing data on our behalf to respect the security of personal data and act only on proper instructions.

7. International transfers

We aim to keep your personal data within the UK or countries with appropriate protections. If any of our suppliers transfer personal data outside the UK, we will take reasonable steps to ensure appropriate safeguards are in place.

8. Cookies and similar technologies

Our website may use cookies and similar technologies to operate properly, remember preferences, measure traffic and improve performance.

These may include:

  • strictly necessary cookies required for core site functionality

  • analytics cookies to understand site usage

  • functionality cookies to remember preferences

  • marketing cookies where applicable

Under ICO guidance, users must be clearly told about cookies and consent is generally required for non-essential cookies. Only strictly necessary cookies are exempt from consent.

You can manage cookies through:

  • our cookie banner or consent tool

  • your browser settings

If you use tools such as Google Analytics, Meta Pixel, Hotjar, Clarity, reCAPTCHA, embedded maps or videos, these should be specifically named in this section before publishing.

9. Marketing communications

We may send you legal updates, service information or marketing communications where permitted by law or where you have given your consent.

You can unsubscribe at any time by:

  • clicking the unsubscribe link in emails

  • contacting us directly

We may still send non-marketing communications where necessary in relation to an enquiry or matter.

10. Your data protection rights

Under the UK GDPR, individuals have rights including the right to be informed, access their data, rectify inaccurate data, erase data in some circumstances, restrict processing, object, and in some cases data portability.

Depending on the circumstances, you may have the right to:

  • request access to your personal data

  • request correction of inaccurate or incomplete data

  • request deletion of your personal data

  • request restriction of processing

  • object to processing based on legitimate interests

  • withdraw consent where processing is based on consent

  • request transfer of your data where applicable

  • complain to the Information Commissioner’s Office (ICO)

These rights are not absolute and may be limited in some situations, especially where legal professional obligations or legal claims apply.

To exercise any of your rights, please contact us using the contact details in this Privacy Policy.

11. Complaints

If you have concerns about how we use your personal data, please contact us first and we will try to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection matters. ICO guidance says privacy notices should tell people how they can complain.

12. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, loss or destruction. However, no system or transmission over the internet can be guaranteed to be completely secure.

13. Third-party links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before submitting personal data.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page and the “Last updated” date will be revised.