Last updated: 17 February 2026
1) Who we are (Data Controller) Data Controller: Evans Legacy Planning Email: www@evanslegacyplanning.co.uk Website: evanslegacyplanning.co.uk If you contact us about your data, we may ask for enough information to confirm your identity.
2) The personal data we collect We may collect and process the following categories of personal data: A) Identity and contact data Full name, address, email address, phone number Date of birth (where relevant to your instructions) B) Estate planning and instruction data Depending on what you ask us to help with, you may provide: Family details (e.g., spouse/partner, children, dependants) Beneficiaries, executors, attorneys, trustees (names/contact details) Asset and liability details you choose to share (e.g., property, savings, pensions, business interests) Your wishes and instructions relating to estate planning C) Special category data (sensitive information) You may choose to provide sensitive information (for example health-related information) if it’s relevant to your situation or instructions. We treat this data with extra care and only use it when we have a valid legal basis to do so. D) Website and device data When you use our website, we may collect: IP address, device type, browser, pages visited, interactions Cookie/analytics information (see Cookies section) E) Marketing preferences Your opt-in/opt-out preferences and marketing communication history
3) How we collect your data We collect personal data: When you submit forms on our website When you contact us by phone, email, social media, or messaging When you book an appointment or request a consultation From cookies/analytics tools (where permitted—see Cookies)
4) Why we use your data and our lawful bases We only use personal data where UK GDPR allows us to. Common lawful bases include contract, legal obligation, legitimate interests, and consent. A) To respond to enquiries and provide services What we do: respond to you, take instructions, prepare documents/work, arrange appointments and follow-ups. Lawful basis: contract (or steps before entering a contract), and/or legitimate interests. B) To run and improve our business What we do: manage our admin, record keeping, training/quality, internal reporting. Lawful basis: legitimate interests. C) To comply with legal or regulatory obligations What we do: keep records where required, handle complaints/disputes, prevent fraud. Lawful basis: legal obligation and/or legitimate interests. D) Special category data (if you provide it) What we do: only use it where necessary for your instructions and we have the right condition under UK GDPR. Lawful basis: an Article 6 lawful basis (often contract/legitimate interests) plus an Article 9 condition (e.g., explicit consent where appropriate, or other applicable conditions depending on context). E) Marketing communications (email/text) What we do: send helpful updates, reminders, and information about our services. Lawful basis: usually consent, or (where allowed) the “soft opt-in” for existing customers receiving marketing about similar services, with a clear opt-out every time.
5) Who we share your data with We may share your personal data with trusted suppliers who help us operate our business, for example: CRM and communications platform: GoHighLevel (for enquiries, client records, automations, email/SMS communications) Website platform: WordPress (site content/forms depending on configuration) Analytics provider: Google Analytics (site usage measurement—subject to cookie choices) IT, hosting, security, and email service providers Professional advisers (e.g., accountants/solicitors) where necessary and appropriate Authorities/regulators/courts where we’re legally required to do so We only share what’s necessary, and we use appropriate contracts and safeguards.
6) International transfers Some suppliers may process data outside the UK. Where a transfer is “restricted” under UK GDPR, we ensure appropriate safeguards are in place (for example, the UK IDTA or EU SCCs plus the UK Addendum, as applicable).
7) How long we keep your data (retention) We keep personal data only as long as needed for the purpose it was collected, including legal, accounting, or dispute-resolution reasons. Typical retention (you can adjust this): Enquiries (non-clients): up to 24 months after last contact Client records: typically up to 7 years after the matter ends (or longer if needed due to legal/regulatory reasons) Marketing preferences: until you opt out or we refresh/confirm consent When no longer needed, we securely delete or anonymise data.
8) Your rights You have rights under UK GDPR, including: Access (get a copy) Rectification (correct inaccuracies) Erasure (delete in certain cases) Restriction (limit processing in certain cases) Objection (especially to direct marketing) Data portability (in certain cases) Withdraw consent (where consent is the basis) To exercise your rights, email us at www@evanslegacyplanning.co.uk.
9) Marketing preferences You can opt out of marketing at any time by: Using the unsubscribe link (where included), or Emailing www@evanslegacyplanning.co.uk with “Unsubscribe” in the subject line We do not sell your personal data for marketing.
10) Cookies and Google Analytics Our website uses cookies and similar technologies. Some cookies are essential for the site to work; others (like analytics) help us understand how visitors use the site. Under UK rules, non-essential cookies (including analytics cookies) require consent before they are set. Google Analytics We use Google Analytics to measure website performance and visitor behaviour (e.g., pages visited, time on site). This relies on cookies/identifiers unless configured otherwise. You can manage cookie choices via our cookie banner and your browser settings. (Recommended: publish a separate Cookie Policy listing cookie categories and durations.)
11) Security We use appropriate technical and organisational measures to protect personal data, including access controls and secure systems. No online system is 100% secure, but we work to reduce risk and respond promptly to issues.
12) Complaints If you’re concerned about how we handle your data, contact us first and we’ll try to resolve it. You also have the right to complain to the UK regulator, the Information Commissioner’s Office.
13) Changes to this policy We may update this privacy policy from time to time. The latest version will always be available on our website, with the updated “Last updated” date.
Enter your details below, and one of our expert advisors will contact you within 24 hours to arrange your free, no-obligation consultation. Together, we’ll ensure your family’s legacy is protected for generations to come.
Note: We respect your privacy. Your details will only be used to arrange your consultation and will never be shared.
