Privacy Policy (Data Protection Policy)
As legal and compliance specialists, we ensure that our data protection practices not only meet but exceed the requirements of UK GDPR.”
Introduction
LEGISTRA LTD (“we”, “us”, “our”) is a UK-based legal, tax, and compliance advisory firm registered in England and Wales. We are committed to protecting the privacy and security of the personal data we process in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other applicable data protection laws.
This Privacy Policy explains:
What personal data we collect,
How and why we process it,
Your rights under data protection law,
How you can contact us regarding your data.
Data Controller
LEGISTRA LTD
Ground Floor Office, Polish Club, Coventry, CV1 4GR, United Kingdom
Company number: 14760681
ICO Registration number: ZB903961
Email: info@legistra.co.uk
Legal Basis for Processing
We process personal data on the following legal grounds:
Contractual necessity – to perform our contract with you or take steps at your request before entering into a contract.
Legal obligation – to comply with UK law (e.g. HMRC, AML regulations, ICO requirements).
Legitimate interests – to manage our business, maintain security, improve services.
How We Use Your Data
To provide legal, tax, and compliance services.
To manage your account and process payments.
To fulfil statutory obligations (accounting, tax, AML).
To improve our website and services.
To send legal updates and marketing communications (only with your consent).
International Data Transfers
If we transfer data outside the UK, we ensure appropriate safeguards such as UK adequacy regulations or standard contractual clauses.
Profiling and automated decisions
We do not use profiling or automated decision-making in relation to the personal data of our clients or website users.
Sharing of Data
We may share your data with:
Regulatory authorities (HMRC, ICO, law enforcement) where required by law.
Professional advisers (accountants, solicitors) bound by confidentiality.
IT service providers, secure hosting platforms.
We never sell your personal data.
Security Measures
We use technical and organisational measures such as encryption, access controls, secure backups, and staff GDPR training to protect your personal data.
Changes to This Policy
We may update this Privacy Policy to reflect changes in law or our business operations. The latest version will always be available on our website.
Personal Data We Process
We may collect and process the following categories of personal data:
Clients: Name, contact details, company information, identification documents (where required by AML/KYC regulations), correspondence, financial records for accounting purposes, case-related data.
Suppliers and partners: Contact details, contracts, invoices, payment records.
Website visitors: IP address, device details, browsing activity, form submissions, and any data you voluntarily provide.
Staff and job applicants: CVs, employment history, references, payroll information, performance data.
Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected and to comply with legal and regulatory requirements:
Service-related data – retained for 6 years after the completion of the service (e.g. legal or accounting matter).
Subscription / recurring services – retained for 6 years after the last month of the subscription service.
Contact details of potential clients (e.g. enquiries, contact forms) – retained for a maximum of 12 months, unless you withdraw consent or request earlier deletion.
Where applicable law requires longer retention (e.g. tax records required by HMRC), we will comply with the statutory period.
After these periods, data is securely deleted or anonymised.
Your Rights
Under UK GDPR, you have the right to:
Access your personal data.
Rectify inaccurate data.
Request erasure (“right to be forgotten”).
Restrict processing.
Data portability.
Object to processing.
Withdraw consent at any time.
Lodge a complaint with the ICO – You have the right to complain to the UK’s supervisory authority, the Information Commissioner’s Office (ICO), if you believe your data protection rights have been breached.
ICO Contact Details:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Helpline: 0303 123 1113
Website: www.ico.org.uk
To exercise your rights or make a complaint, contact us first at info@legistra.co.uk so we can try to resolve your concerns directly.