How we collect, use, and protect your personal information in accordance with UK data protection laws
Last updated: March 2026
Woolfe and Co Solicitors Ltd ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, safeguard, and otherwise process your personal information in connection with our legal services.
We are a data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our registered address is 16 Titan Court, Laporte Way, Maidenhall, Luton LU4 8EF, and we are regulated by the Solicitors Regulation Authority (SRA number 625326).
Please read this privacy policy carefully to understand our views and practices regarding your personal data and how we will treat it.
We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together follows:
We use different methods to collect data from and about you including through:
You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or in person. This includes personal data you provide when you:
We may receive personal data about you from various third parties including:
As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
| Purpose / Activity | Type of Data | Legal Basis |
|---|---|---|
| To provide legal services and manage our relationship with you | Identity, Contact, Case Data | Contract performance; Legal obligation |
| To comply with our legal and regulatory obligations | Identity, Contact, Case Data | Legal obligation |
| To process payments and recover funds owed | Identity, Contact, Financial | Contract performance; Legitimate interests |
| To communicate with you about your case | Identity, Contact | Contract performance |
| To improve our website and services | Technical, Usage | Legitimate interests |
| To comply with money laundering regulations | Identity, Contact, Financial | Legal obligation |
We may share your personal data with the parties set out below for the purposes set out in the table above:
We do not sell, trade, or otherwise transfer your personal data to outside parties. We may share data with third-party service providers who assist us in operating our website, conducting our business, or servicing you, but only when those parties agree to keep this information confidential.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.
All data is encrypted in transit and at rest using industry-standard protocols
Data is stored on secure servers with restricted access controls
Staff are trained in data protection and have role-based access
We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.
As a UK-based law firm, we primarily store and process personal data within the United Kingdom and the European Economic Area (EEA).
If we do need to transfer data outside the UK or EEA, we will ensure that appropriate safeguards are in place in accordance with UK GDPR requirements, including:
Under the UK General Data Protection Regulation (UK GDPR), you have the following rights:
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and where that is the case, access to the personal data.
You have the right to have inaccurate personal data about you rectified and incomplete personal data completed.
You have the right to have personal data about you erased ("right to be forgotten") in certain circumstances.
You have the right to restrict the processing of your personal data in certain circumstances.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
You have the right to object to processing of your personal data based on legitimate interests.
To exercise any of these rights, please contact us using the details provided below. We will respond to your request within one month. Please note that we may need to verify your identity before responding to your request.
If you are not satisfied with how we have handled your personal data, you have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk
Online Portal: ico.org.uk/make-a-complaint
Our services may involve representing individuals under the age of 18 in criminal matters. Where we process personal data of children, we ensure that we have appropriate safeguards in place and, where required, we obtain parental or guardian consent.
For children under 13, we require verifiable parental consent before collecting personal information, except where permitted by law.
We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.
However, we may use automated tools for credit reference checks and anti-money laundering screening, which are required by law for legal service providers.
Our website uses cookies to distinguish you from other users of our website. For detailed information about the cookies we use, the purposes for which we use them, and how you can manage them, please see our Cookie Policy.
This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.
We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the "Last updated" date at the top.
Where material changes to this privacy policy are made, we will provide a prominent notice on our website or, where appropriate, contact you directly.
We encourage you to review this privacy policy periodically to stay informed about how we protect your data.
If you have any questions about this privacy policy or our privacy practices, please contact our Data Protection Officer:
Data Protection Officer
16 Titan Court, Laporte Way
Maidenhall, Luton LU4 8EF
Bedfordshire, England
Email: [email protected]
Phone: 01582 380938
Hours: 24/7 for emergency legal assistance
If you are an existing client, please contact the solicitor handling your matter directly for data protection queries related to your case.
This privacy policy is governed by and construed in accordance with the laws of England and Wales.
Company Name
Woolfe and Co Solicitors Ltd
Company Number
10878165
SRA Number
625326
Registered Office
16 Titan Court, Laporte Way, Luton LU4 8EF
Our team is committed to protecting your personal data. Contact us if you have any questions about how we handle your information.