Book a Conversation

Privacy Policy

Privacy Policy
Last updated: February 2026

  1. Who We Are

 

Legal Linchpin is a UK-based legal marketing and AI consultancy.

 

For the purposes of UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Legal Linchpin acts as a data controller in relation to personal data collected through our website and in the course of our business activities.

 

When we provide services to clients and process personal data on their behalf, we may act as a data processor in accordance with their instructions and applicable law.

 

If you have any questions about this policy, you can contact:
vikki@legallinchpin.co.uk

 

  1. The Personal Data We Collect

 

We may collect and process the following categories of personal data:

 

Identity data
Name, title and professional role.

 

Contact data
Email address, telephone number, business address, and social media identifiers (for example LinkedIn profile details).

 

Professional data
Firm name, sector, areas of responsibility and other information relevant to legal marketing or consultancy services.

 

Communications data
Information you provide through enquiries, emails, calls, meetings, online forms or events.

 

Technical data
IP address, browser type and version, operating system, device type, time zone setting and website usage information.

 

Marketing preferences
Your preferences in receiving communications from us.

 

We do not intentionally collect special category data unless this is provided to us by a client as part of a consultancy engagement. Where this occurs, we process such data strictly in accordance with client instructions and applicable law.

 

  1. How We Collect Data

 

We collect personal data when you:

  • Make an enquiry via our website
    • Contact us by email, phone, post or social media
    • Engage us to provide consultancy or training services
    • Attend events or workshops
    • Subscribe to marketing communications

We also collect limited technical data automatically through website analytics and cookies.

 

  1. How We Use Personal Data


We use personal data to:

  • Respond to enquiries
    • Deliver consultancy, training and advisory services
    • Manage client relationships
    • Improve our services and website
    • Send relevant marketing communications (where permitted)
    • Comply with legal and regulatory obligations
    • Maintain the security of our systems

 

We do not sell or lease personal data to third parties. We do not share personal data for third-party direct marketing.

 

  1. Lawful Bases for Processing

 

We rely on the following lawful bases under UK GDPR:

 

Contract
Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.

 

Legitimate interests
For business development, professional networking, marketing to corporate contacts, and improving our services, provided such interests are not overridden by your rights.

 

Legal obligation
Where we are required to process data to comply with legal, tax or regulatory requirements.

 

Consent
Where you have explicitly opted in to receive specific communications. You may withdraw consent at any time.

 

  1. AI Tools and Automated Processing

 

We may use carefully selected third-party AI-enabled tools to support research, drafting, analysis and internal workflow efficiency.

 

Where such tools process personal data, they do so under appropriate contractual safeguards and in accordance with applicable data protection law. We assess such tools with regard to confidentiality, security standards and data protection compliance.

 

We implement human oversight and review of AI-generated outputs before they are relied upon in client work or decision-making.


We do not use solely automated decision-making that produces legal or similarly significant effects without appropriate safeguards.

 

When providing services to clients, we may process personal data on their behalf in our capacity as a data processor and only in accordance with their instructions and applicable law.

 

  1. Data Sharing

 

We may share personal data with:

  • IT and website service providers
    • Cloud storage and software providers
    • Professional advisers (legal, accounting, insurance)
    • Event platforms or training providers
    • Regulators or authorities where required by law

 

All service providers are selected on the basis that they implement appropriate security measures and comply with applicable data protection standards.

 

  1. International Transfers


Where personal data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place. These may include:

  • Transfers to countries subject to UK adequacy regulations
    • The UK International Data Transfer Agreement (IDTA)
    • The UK Addendum to the EU Standard Contractual Clauses
    • Participation in recognised international data protection frameworks where applicable

 

  1. Data Security

 

We implement appropriate technical and organisational measures designed to protect personal data from unauthorised access, loss, misuse or alteration. These measures may include secure cloud storage, access controls, password protection and encrypted communications where appropriate.

 

While we take reasonable steps to protect personal data, transmission over the internet cannot be guaranteed to be completely secure.

 

  1. Data Retention

 

We retain personal data only for as long as necessary for the purposes for which it was collected, including:

  • Client engagement records: retained for contractual and tax purposes (typically up to 6 years after completion)
    • Marketing data: retained until you unsubscribe or after a reasonable period of inactivity
    • Website analytics data: retained in accordance with provider policies

 

We may retain data for longer where required by law or to establish, exercise or defend legal claims.

 

  1. Your Rights

 

Under UK GDPR, you have the right to:

  • Request access to your personal data
    • Request correction of inaccurate data
    • Request erasure in certain circumstances
    • Request restriction of processing
    • Object to processing based on legitimate interests
    • Request data portability
    • Withdraw consent where processing is based on consent

 

To exercise your rights, contact vikki@legallinchpin.co.uk. We may request information to verify your identity.

 

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

 

  1. Cookies

 

We use cookies and similar technologies to analyse website usage and improve functionality. You can control cookie preferences through your browser settings. Some website features may not function properly if cookies are disabled.

 

  1. Links to Other Websites

 

Our website may contain links to external sites. We are not responsible for the privacy practices of other websites. Please review their privacy policies separately.

 

  1. Changes to This Policy

 

We may update this Privacy Policy from time to time. The latest version will always be available on our website, and the “last updated” date will be amended accordingly.