Website Privacy Policy

[gwwoodroffe.com]

Last Updated: 28 October 2025

1. Introduction

Welcome to the Privacy Policy for the website gwwoodroffe.com ("my Site").

I am committed to protecting your personal data and respecting your privacy. This policy explains how I collect, use, store, and share your personal data when you use my Site and what your rights are under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

Please read this Privacy Policy carefully.

2. Who I Am (The Data Controller)

The data controller responsible for your personal data is:

• Name: G.W. Woodroffe ("I" or "me")

• Capacity: Self-employed professional providing private law tuition.

• Email: please use the general contact form and select "Data Protection/GDPR Query" as the main reason why you are contacting me.

As I am a sole trader and do not process special categories of data on a large scale, I am not required to have a Data Protection Officer (DPO). If you have any questions about this policy or my use of your data, please contact me directly using the email above.

You have the right to make a complaint at any time to the supervisory authority for data protection. In the UK, this is the Information Commissioner's Office (ICO) (www.ico.org.uk). I would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact me in the first instance.

3. The Data I Collect About You

Personal data means any information about an individual from which that person can be identified. I may collect, use, store, and transfer different kinds of personal data about you, which I have grouped together as follows:

Identity Data

First name, last name, and title.

Contact Data

Email address and telephone number (if provided).

Technical Data

Internet Protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access my Site.

Usage Data

Information about how you use my Site, including content viewed, time spent on pages, and referring sites.

Communication Data

Your preferences in receiving marketing from me and your communication preferences, as well as the content of any messages you send to me (e.g., via contact forms or email).

I do not collect any Special Categories of Personal Data about you (this includes details about your race, ethnicity, religious beliefs, health, etc.).

4. How I Collect Your Data

I use different methods to collect data from and about you, including:

• Direct Interactions: You may give me your Identity and Contact Data by filling in forms or corresponding with me by email. This includes data you provide when you:

  • Enquire about my services (e.g., law tuition).

  • Sign up for any mailing list or free resource.

  • Give me feedback.

• Automated Technologies or Interactions: As you interact with my Site, I may automatically collect Technical Data and Usage Data using cookies and other similar technologies. 

• Third Parties: I may receive Technical Data from analytics providers such as Google, who may be based outside the UK and EEA. 

  • This site uses cookies from Google to deliver its services and to analyse traffic. Information about your use of the site is shared with Google. You may wish to familiarise yourself with how Google uses cookies (this link will take you to an external website: https://policies.google.com/technologies/cookies).

5. How I Use Your Data and The Legal Basis

I will only use your personal data when the law allows me to. Most commonly, I will use your personal data in the following circumstances:

Lawful Basis for Processing

To respond to your enquiries about my services (e.g., law tuition).

Identity, Contact, Communication

Necessary to take steps at your request before entering into a contract (pre-contractual necessity).

To send you my educational updates or information about my services (marketing).

Identity, Contact

Consent (where you have explicitly signed up) or Legitimate Interests (to promote similar services to a client who has previously engaged with me).

To manage and improve my Site, including troubleshooting, data analysis, testing, and system maintenance.

Technical, Usage

Necessary for my Legitimate Interests (to ensure my Site is secure and functions correctly).

To administer and protect my business and my Site (including testing and security).

Identity, Technical

Necessary for my Legitimate Interests (for running my business, provision of administration, and security).

To comply with legal or regulatory obligations (e.g., tax or accounting).

Identity, Contact, Financial (if applicable)

Necessary to comply with a Legal Obligation.

6. Marketing and Withdrawing Consent

You may receive marketing communications from me if you have requested information from me or purchased services from me and have not opted out of receiving that marketing.

• Opting Out: You can ask me to stop sending you marketing messages at any time by following the unsubscribe link on any marketing message sent to you, or by contacting me by using the general contact form.

• Where you opt out of receiving these marketing messages, this will not apply to personal data provided to me as a result of a service purchase or other transaction.

7. Disclosures of Your Personal Data

I may have to share your personal data with the parties set out below for the purposes set out in Section 5:

• Service Providers: Acting as processors who provide IT, system administration, website hosting, and email services (e.g., Google Analytics, my web host).

• Professional Advisers: Including lawyers, bankers, auditors, and insurers, who provide legal, accounting, or consultancy services.

• UK and EU Regulators and other Authorities: Including the ICO, who require reporting of processing activities in certain circumstances.

• Third Parties to Whom I May Transfer My Business: If I sell, transfer, or merge parts of my business or assets.

I require all third parties to respect the security of your personal data and to treat it in accordance with the law. 

8. International Transfers

I aim to keep your personal data within the UK/EEA. However, some of my external third-party service providers (such as Google or website hosts) may be based outside the UK and/or the European Economic Area (EEA), so their processing of your personal data will involve a transfer of data outside of these regions.

Whenever I transfer your personal data out of the UK or EEA, I ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• I will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data (known as Adequacy Decisions).

• Where I use certain service providers, I may use specific contracts approved for use in the UK or EU (such as the UK Addendum to the EU Standard Contractual Clauses), which give personal data the same protection it has in the UK/EEA.

9. Data Security

I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. I limit access to your personal data to me and any necessary third parties on a "need-to-know" basis.

I have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where I am legally required to do so.

10. Data Retention (How Long I Keep Your Data)

I will only retain your personal data for as long as reasonably necessary to fulfil the purposes I collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, I consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which I process your personal data, and applicable legal requirements.

• For example: By law, I have to keep basic information about my customers (including Contact, Identity, and Financial Data) for six years after they cease being customers for tax purposes.

11. Your Legal Rights (Data Subject Rights)

Under data protection law, you have rights in relation to your personal data. These include the right to:

1. Request access to your personal data (commonly known as a "data subject access request").

2. Request correction of the personal data that I hold about you.

3. Request erasure of your personal data (known as the "right to be forgotten").

4. Object to processing of your personal data where I am relying on a legitimate interest.

5. Request restriction of processing of your personal data.

6. Request the transfer of your personal data to you or a third party (data portability).

7. Withdraw consent at any time where I am relying on consent to process your personal data.

If you wish to exercise any of the rights set out above, please contact me using the general contact form (please select "Data Protection/GDPR Query" as the main reason for your contact. I will aim to respond to all legitimate requests within one month.

12. Changes to This Privacy Policy

I may update this policy from time to time. When I do, I will revise the "Last Updated" date at the top of this policy. I encourage you to review this policy periodically to be informed of how I am protecting your data.