Amart Legalo

Amart Legalo Limited Privacy Policy

Amart Legalo Limited
4 Brunswick Place, Southampton, Hampshire, SO15 2AQ
England, United Kingdom

1) Who we are (Controller)

This Privacy Policy explains how Amart Legalo Limited (“we”, “us”, “our”) collects and processes personal data. We are the data controller for the purposes of the UK GDPR and the Data Protection Act 2018. If we serve individuals in the EEA, we also comply with the EU GDPR where applicable.

Registered address: 4 Brunswick Place, Southampton, Hampshire, SO15 2AQ, England, United Kingdom
DPO: dpo@amartlegalo.com

2) What data we collect

Depending on your interaction with us, we may process:

  • Identification and contact data: name, job title, company, email, phone number, address.
  • Business and engagement data: service inquiries, meeting notes, contracts, billing and payment information, correspondence.
  • Compliance data: information needed to meet legal obligations (e.g., KYC/AML where applicable).
  • Website/data capture data: form submissions, preferences, technical identifiers (IP address, device, browser), cookies or similar technologies (see Cookies section).

We do not seek to collect special categories of personal data unless strictly necessary and lawful (e.g., for specific legal services). Please avoid including sensitive data unless we explicitly request it and provide a suitable lawful basis.

3) How we obtain data

We collect personal data:

  • Directly from you (e.g., contact forms, emails, phone calls, meetings, contract negotiation).
  • From your organization if you are an employee/representative.
  • From third parties (e.g., referrals, publicly available registers/directories, professional networking platforms) where lawful.

4) Purposes and lawful bases for processing

We process personal data for the following purposes and on these lawful bases:

  • Providing and managing our services (advice on labor law, HR compliance audits, policy creation, training):
    Lawful bases: performance of a contract or steps at your request prior to entering into a contract; legitimate interests (to operate and improve our services).
  • Client onboarding, billing, and account administration:
    Lawful bases: contract; legal obligation (tax, accounting); legitimate interests (efficient administration).
  • Compliance and risk management (e.g., conflict checks, regulatory requirements):
    Lawful bases: legal obligation; legitimate interests (ensuring ethical and compliant practice).
  • Communications and support (responding to inquiries, scheduling consultations, sending service updates):
    Lawful bases: contract; legitimate interests (client relations). Consent where required for specific marketing.
  • Marketing (newsletters, event invitations, insights):
    Lawful basis: consent (where required) or legitimate interests (B2B communications), with an opt‑out at any time.
  • Website operation and security (analytics, troubleshooting, fraud prevention):
    Lawful bases: legitimate interests (secure and effective operation), consent for non‑essential cookies.

Where we rely on consent, you can withdraw it at any time without affecting prior processing.

5) Sharing your data

We may share personal data with:

  • Trusted service providers (e.g., secure hosting, IT/communications, CRM, billing and accounting, email delivery, videoconferencing), bound by confidentiality and data protection terms.
  • Professional advisors (e.g., legal counsel, auditors) under confidentiality.
  • Authorities/regulators where required by law or to protect our rights.
  • Business transfers (e.g., merger, reorganization) subject to appropriate safeguards.

We do not sell your personal data.

6) International transfers

Your data may be processed outside the UK/EEA. Where we transfer personal data internationally, we implement appropriate safeguards (e.g., UK International Data Transfer Agreement (IDTA), EU Standard Contractual Clauses, or adequacy regulations/decisions). Details are available on request.

7) Data retention

We retain personal data only for as long as necessary for the purposes described above, including to meet legal, accounting, or reporting requirements. Typical retention periods:

  • Client/matter files: generally 6–10 years after matter closure (subject to legal and professional rules).
  • Prospective client inquiries: up to 24 months from last interaction unless consent to longer retention is provided.
  • Marketing data: until you opt out or withdraw consent, or for a defined period consistent with applicable laws. We may retain data longer where required by law or to establish, exercise, or defend legal claims.

8) Your rights

Depending on where you are located (UK, EEA), you may have the following rights:

  • Access to your personal data.
  • Rectification of inaccurate or incomplete data.
  • Erasure (right to be forgotten) in certain circumstances.
  • Restriction of processing in certain circumstances.
  • Data portability in certain circumstances.
  • Objection to processing based on legitimate interests or to direct marketing.
  • Withdraw consent where processing is based on consent.

To exercise your rights, contact dpo@amartlegalo.com. We may need to verify your identity. You also have the right to lodge a complaint with a supervisory authority (see below).

9) Children’s data

Our services are intended for business and professional users. We do not knowingly collect personal data from children.

10) Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. While no system is completely secure, we continually review and improve our safeguards.

11) Cookies and similar technologies

We use cookies and similar technologies to operate our website, enhance functionality, and understand usage. Non‑essential cookies are used only with your consent. You can manage cookie preferences via your browser settings or our cookie banner. For details, see our Cookie Policy (link to be added).

12) Marketing preferences

You can opt out of marketing communications at any time by using the unsubscribe link in our emails or contacting us at dpo@amartlegalo.com. We may still send non‑marketing messages related to services or legal notices.

13) Third‑party links

Our website may contain links to third‑party sites. We are not responsible for their privacy practices. Please review their privacy notices.

14) Contact us

  • Data Controller: Amart Legalo Limited, 4 Brunswick Place, Southampton, Hampshire, SO15 2AQ, England, United Kingdom
  • Data Protection Officer: dpo@amartlegalo.com
  • General privacy inquiries: privacy@amartlegalo.com

15) Complaints to a supervisory authority

If you are in the UK, you can contact the Information Commissioner’s Office (ICO): www.ico.org.uk, Tel. +44 303 123 1113.
If you are in the EEA, you can contact your local Data Protection Authority.

16) Updates to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and, where appropriate, notify you of material changes.

update: 02/01/2026