[email protected]

Privacy Policy

Last updated: 23 August 2025

This privacy policy explains how I collect, use, share and protect your personal data, and sets out your rights under UK data protection law.

Who I am (data controller)

I am the data controller for the personal data described in this notice.

Name: Jennifer Wiss-Carline
Professional status/regulator: Solicitor regulated by the SRA Chartered Legal Executive regulated by CILEx Regulation
Email: [email protected]

If you have any questions about this notice or how I use your data, please contact me using the details above.

The data I collect

Depending on how you interact with me, I may collect:

  • Identity and contact data: name, address, email, phone, organisation and role.
  • Matter information: information you provide about your circumstances, family, finances, property and objectives; documents and correspondence; instructions and attendance notes.
  • Special category data (where relevant): for example health data in deputyship/LPA work, or other sensitive data you choose to share.
  • Criminal offence data (rare): only where necessary for your matter or required by law.
  • Technical and usage data: IP address, device/browser type, cookies and analytics (see “cookies”).
  • Marketing preferences: your choices about receiving updates or newsletters.
  • Booking and communication data: information submitted via my booking tool and website comment/enquiry forms.

Note about comments: please avoid posting confidential or sensitive information in any public comment fields.

How I collect your data

  • Directly from you: when you submit a comment or enquiry, book an appointment, speak with me by phone/video, email me, or send documents.
  • From third parties (where lawful): referrers, other professional advisers, experts, counsel, courts, regulators, public sources (e.g., HM Land Registry, Companies House).
  • Automatically: via cookies and similar technologies when you use my website (see “cookies”).

Why I use your data and the lawful bases

I use your personal data only when the law allows. The main purposes and lawful bases are:

  • Responding to enquiries and providing quotations: my legitimate interests in running my practice and steps taken at your request before entering a contract.
  • Providing legal services and managing your matter: contract; legitimate interests (conflict checks, practice management); and legal obligations (e.g., anti‑money laundering, accounting).
  • Processing special category data and criminal offence data (where relevant): where necessary for the establishment, exercise or defence of legal claims (UK GDPR Article 9(2)(f)); and, for criminal offence data, where a Data Protection Act 2018 Schedule 1 condition applies. Where required, I maintain an Appropriate Policy Document.
  • Regulatory compliance: legal obligations owed to bodies such as the SRA/CILEx Regulation, HMRC or the court.
  • Practice administration and security: legitimate interests in running and protecting my website, IT systems and business.
  • Marketing and updates:
    • Mailing list/newsletter: consent (you can withdraw consent at any time).
    • Enquirers and existing clients (soft opt‑in): if you give me your email during an enquiry or negotiations for a service, I may email you about similar services. I will always offer a clear opt‑out when I collect your details and in every message.

Services providers and analytics

I use a small number of trusted service providers to run my website and deliver services. Google Analytics (optional, consent‑based cookies) collects device and usage data to help me understand how the site is used; you can change these choices at any time via the cookie banner. EuroVPS hosts my website, takes backups (held for 1 month) and may process IP addresses in server/security logs for availability and abuse prevention. Dropbox holds secure off‑site backups so I can restore data if there is loss or damage. Brevo manages my mailing list and processes your name, email address, preferences and engagement (for example opens/clicks) to send newsletters and handle unsubscribes. Each provider only has access to the personal data needed for their role and acts under written data‑processing terms; they do not all see everything.

The legal bases for these uses are consent (analytics and newsletters) and my legitimate interests in operating a secure, reliable practice and website (hosting, logs and backups). Where a provider transfers personal data outside the UK, I rely on an adequacy decision or appropriate safeguards (such as the ICO’s International Data Transfer Agreement or the UK Addendum to the Standard Contractual Clauses). You can unsubscribe from the mailing list at any time using the link in any email.

Marketing choices (including the soft opt‑in)

You can unsubscribe from marketing emails at any time by using the link in the message or by contacting me. I do not send electronic marketing unless I have your consent or the soft opt‑in conditions are met.

Cookies

I use essential cookies to make the site work and, with your permission, optional analytics cookies to improve it. You can control cookies via my cookie banner or your browser settings.

Sharing your data

I do not sell your personal data and I do not share it with third parties for their own marketing. I may share data with:

  • Service providers (processors): for example secure cloud storage, email and website hosting, appointment‑booking and practice‑management tools, and IT support. They act on my instructions and must protect your data.
  • Professional advisers and third parties involved in your matter: for example counsel, experts, other parties’ lawyers, courts, HM Land Registry, the Office of the Public Guardian, the Court of Protection, and regulators—only where necessary and lawful.
  • Legal or regulatory authorities: where required by law or to protect legal rights.

I ensure appropriate confidentiality and data‑processing terms are in place with anyone who handles your data for me.

International transfers

Some service providers may be located outside the UK. Where I transfer personal data internationally, I use lawful safeguards such as adequacy regulations, the ICO’s International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses.

How long I keep your data

I keep personal data only for as long as necessary to fulfil the purposes above and to satisfy legal, accounting and regulatory requirements. Typical retention periods are:

  • Enquiries (no instruction): up to 12 months.
  • Client/matter files: generally at least 6 years from closure (longer for certain matters such as wills, trusts or where limitation periods are extended).
  • Original wills/deeds or copies of LPAs/deputyship orders: retained as agreed or as reasonably necessary.
  • Financial records: 7 years.
  • Marketing records: until you unsubscribe; I keep a suppression list to ensure I do not contact you again.

A more detailed retention schedule is available on request.

Your rights

You have the following rights, subject to conditions and legal exemptions: access, rectification, erasure, restriction, objection (including to direct marketing), and data portability. Where I rely on consent, you can withdraw it at any time. I will usually respond within one month.

Please note that some rights may be limited where disclosure would reveal legally privileged material or prejudice legal proceedings.

How to exercise your rights or make a complaint

Please contact me first using the details under who I am. You also have the right to complain to the UK Information Commissioner’s Office (ICO): Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Telephone: 0303 123 1113. Website: ico.org.uk.

Security

I use appropriate technical and organisational measures to protect personal data, including access controls, encryption where appropriate, secure storage, staff confidentiality duties and regular monitoring of my systems.

Children

My services are directed at adults. Where a matter involves a child, I will handle their data lawfully, fairly and with appropriate safeguards.

Do you have to provide personal data?

Where I need personal data by law or to take steps at your request (or to perform a contract) and you choose not to provide it, I may be unable to act or may have to cancel a service.

Automated decision‑making

I do not make decisions about you based solely on automated processing that have legal or similarly significant effects.

Changes to this notice

I may update this policy from time to time. I will post any changes here.

Join my list for no‑nonsense guidance that keeps your tax tidy, your assets structured and your loved ones protected.

Friendly service, professional advice, local to you.

Contact ME

Jennifer Wiss-Carline
Solicitor
Chartered Legal Executive

Latest:

Info:

Terms of ServicePrivacy PolicyFree Will templatesFAQs

© 2025 Jennifer Wiss-Carline, 78 Homefield Avenue, Arnold, Nottingham NG5 8GA. The content of this website is provided for general information purposes only. This website is not a substitute for professional advice.