GDPR & Data Protection Policy

Last updated: 26th September, 2025

LawLeaf is committed to protecting your personal data and ensuring transparency about how we process it. This policy explains how we comply with the EU General Data Protection Regulation (GDPR) when you interact with our website, create an account, make purchases, or subscribe to our newsletter.

Personal Data We Collect

When you use our services, we may collect:

  • Account Information: Name, email address, username, and password when you register for an account
  • Purchase Information: Billing address, shipping address, order history, and payment details (processed securely via our payment provider)
  • Newsletter Preferences: Email address and consent preferences
  • Website Usage Data: Cookies, analytics, and interactions to improve your experience

How We Use Your Data

We process personal data for purposes including:

  • Fulfilling orders and managing accounts
  • Sending order confirmations, updates, and invoices
  • Sending newsletters, marketing communications, or special offers (with consent)
  • Analysing usage patterns to improve our services
  • Complying with legal and tax obligations

Legal Basis for Processing

We process your data under GDPR based on:

  • Consent – for newsletters or marketing communications
  • Contractual necessity – to fulfil purchases and account management
  • Legal obligation – to comply with tax or accounting requirements
  • Legitimate interests – to operate and improve our website and services

Sharing Your Data

We do not sell your data. We may share it with:

  • Payment processors – to securely handle transactions
  • Shipping providers – to deliver physical goods (if applicable)
  • Third-party service providers – who support our website, analytics, or email communication, all under strict confidentiality agreements

Your Rights under GDPR

You have the right to:

  • Access, correct, or update your personal data
  • Request deletion of your account or personal information
  • Withdraw consent for marketing communications
  • Object to certain processing activities
  • Request a copy of your data in a portable format

To exercise these rights, contact us at contact@lawleaf.co.uk

Data Retention

We retain personal data only as long as necessary to provide our services, comply with legal obligations, or resolve disputes.

Data Security

We use industry-standard security measures to protect your data from unauthorized access, alteration, or disclosure.

Changes to This Policy

We may update this GDPR & Data Protection Policy occasionally. The “Last updated” date reflects the most recent version. Please review it periodically.

Contact

Questions or concerns about GDPR compliance? Contact us at: contact@lawleaf.co.uk