0118 321 4188
0118 321 4188
Email Us

Privacy & Cookie Policy

McKenzie Legal & HR is referred to in this policy as we, us, our.

The person who is accessing our website and whose data is processed is referred to in this policy as you and your.

1 Inroduction:

At McKenzie Legal & HR, we are committed to respecting and protecting your privacy. This Privacy & Cookie Policy explains how we collect, use, disclose, and protect personal data when you visit or interact with our website. We understand the importance of your privacy and value your trust in us to handle your data responsibly.

This policy applies to all visitors and users of our website and outlines our practices in relation to personal data, including data collection, usage, and storage. It also details your rights under the UK GDPR and Data Protection Act 2018, including how to exercise these rights.

Please read this Privacy & Cookie Policy carefully to understand how we process your data. By using our website, you consent to the practices described in this policy. If you do not agree with any part of this policy, we ask that you discontinue the use of our website.

2 Information

2.1 Our Site is owned and operated by McKenzie Legal & HR, a business structure that is a limited company as McKenzie Legal Limited (t/a McKenzie Legal & HR). Registered in England under company number 10633766. The registered address is 64 High Street, Broadstairs, Kent, CT10 1JT.

2.2 Data Protection Officer (DPO): Rachael Rogers. The DPO can be contacted regarding any questions or concerns about this policy or your data. Contact Email: info@mckenzielegalandhr.co.uk. Telephone contact: 0118 321 4188.

3. What does this policy cover?

This Privacy & Cookie Policy applies specifically to your use of our website. It explains how we collect, use, disclose, and protect your personal data while you interact with our website and use its features. This policy also provides details about our use of cookies and similar technologies.

Please be aware that our website may include links to third-party websites. These websites are not operated by us, and we have no control over their content or data-handling practices. We encourage you to review the privacy policies of any third-party websites you visit, as we are not responsible for the protection and privacy of any data you provide to these external sites.

This policy covers the personal data we collect directly through our website and any related services, ensuring it is processed in compliance with UK data protection laws.

4. Children’s Privacy

Our website and services are not intended for individuals under the age of 13, and we do not knowingly collect personal data from children without parental or guardian consent. If we discover that we have collected personal data from a child without such consent, we will promptly delete it.

If you believe that we might have any information from or about a child without appropriate consent, please contact us so that we can take appropriate action.

5. Your personal data?

The Data Protection Act 2018 and the UK General Data Protection Regulation (the “UK GDPR”), which is collectively known as “the Data Protection Legislation”, define personal data as any information relating to an identifiable individual. This includes any data that can directly or indirectly identify a person, referred to as the ‘data subject’.

Personal data can include, but is not limited to:

  • Identifiers such as your name, contact information (e.g., email address and phone number), and location.
  • Technical information, including IP addresses, browser types, device IDs, and operating system versions.
  • Usage information, such as browsing history, preferences, and interactions with our website.

Personal data can also include sensitive information, known as “special category data” under UK GDPR, which may relate to health, racial or ethnic origin, political opinions, religious beliefs, or other protected characteristics. We only process special category data with explicit consent or as permitted by law.

This policy explains how we handle personal data, ensuring compliance with UK data protection laws to protect your privacy.

6. Your rights in relation to data

Under the Data Protection Legislation, you have the following rights regarding your personal data, which you may exercise free of charge. These rights include:

  1. The Right to Access: You have the right to request confirmation of whether we process your personal data and, if so, to access a copy of that data along with information about how we use it.
  2. The Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to request its correction without undue delay.
  3. The Right to Erasure: Also known as “the right to be forgotten,” this right enables you to request the deletion or removal of your personal data when there is no longer a valid reason for us to continue processing it. This right is subject to certain legal limitations.
  4. The Right to Restrict Processing: You can request that we temporarily suspend the processing of your personal data if, for example, you contest its accuracy or object to its processing.
  5. The Right to Data Portability: If you have provided personal data to us, you have the right to receive it in a structured, commonly used, and machine-readable format for reuse with another service provider where the processing is based on consent or a contract.
  6. The Right to Object: You have the right to object to our processing of your personal data in certain circumstances, including for direct marketing purposes. We will stop processing your data for these purposes upon receiving your objection.
  7. The Right Not to Be Subjected to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. We do not use your personal data in this way.
  8. The Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

For more information about our use of your personal data or to exercise any of the above rights, please contact us using the details provided in Section 10.

It is important to us that the personal data we hold about you is accurate and up-to-date. If your personal data changes, please inform us as long as we retain that data. We are committed to addressing any concerns regarding our use of your personal data and encourage you to contact us if you have any questions.

7. What data is collected and how

We collect various types of personal data to improve our services, respond to inquiries, and enhance your experience on our website. The data we collect includes:

a) Data You Provide Directly: We may collect personal data you provide directly to us when:

  • You contact us via email or fill out forms on our website.
  • You register for a package/retainer, subscribe to marketing information, or sign up for services.
  • You participate in surveys or provide feedback.

This data may include:

  • Identity and Contact Information: Name, email address, phone number, and postal address.
  • Feedback and Correspondence: Information provided in your communications with us.

b) Data Collected Automatically: When you visit our website, we may automatically collect certain information about your device and browsing activities, including:

  • Technical Information: IP address, browser type and version, device identifiers, operating system, and platform.
  • Usage Information: Details about your visits to our website, such as the pages accessed, date and time of access, duration of visit, and navigation paths.

This data helps us understand how our website is used, enabling us to improve its functionality and performance. We collect this data using cookies and similar tracking technologies. Please refer to our Cookies section for more information.

c) Data from Third Parties: Occasionally, we may receive data about you from third parties, including:

  • Analytics Providers: Data from services like Google Analytics, which helps us understand website usage patterns.
  • Advertising Networks: Data to personalise the advertising we may show you on our website or other platforms.

d) Purpose and Legal Basis for Processing: We collect and process your personal data for the following purposes, under the lawful bases permitted by the UK GDPR:

  • To Provide and Improve Services: Processing is necessary for our legitimate interests in ensuring the effective operation of our website and services.
  • To Communicate with You: With your consent, we may use your contact information to respond to your inquiries, send updates, or provide information about our services.
  • For Marketing: Where permitted by law or with your consent, we may contact you for marketing purposes. You can opt out of these communications at any time, as we constantly work to completely uphold your rights and adhere to our commitments under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

e) Data Collection for Legal Obligations: In some cases, we may process your data to comply with legal requirements or to respond to lawful requests from authorities.

8. Legal Basis for Processing

We rely on one or more of the following legal bases to process your personal data:

  • Performance of a Contract: Processing is necessary for us to fulfil our contract with you or to take steps at your request before entering into a contract.
  • Legitimate Interests: We may process your personal data where it is necessary for our legitimate interests (or those of a third party), provided that your interests and fundamental rights do not override those interests.
  • Consent: In certain cases, we will obtain your consent to process your personal data, such as for marketing communications. You can withdraw your consent at any time.
  • Legal Obligation: We may process your data where necessary to comply with legal or regulatory obligations.

9. Data retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes of processing, and any applicable legal requirements.

Once the retention period expires, we will securely delete or anonymise your data in accordance with our data retention policy. If anonymisation is not possible (for example, because your data is stored in backup archives), we will store it securely and isolate it from further processing until deletion is possible.

10. Keeping your data secure

We are committed to ensuring the security of your personal data. We take appropriate technical and organisational measures to protect your data from unauthorised access, alteration, disclosure, or destruction. These measures include:

a) Access Control

  • Restricting access to personal data to authorised personnel, contractors, and third-party agents who have a legitimate need to access it and are bound by confidentiality obligations.
  • Using secure password protocols, role-based access, and permission settings to limit access to sensitive data.

b) Data Encryption

  • Encrypting personal data during transmission and storage to prevent unauthorised access.

c) Secure Storage

  • Storing data on secure servers and implementing regular security testing and monitoring to protect against potential vulnerabilities.

d) Data Anonymisation and Minimisation

  • Where possible, we anonymise or pseudonymise personal data to enhance security. We also follow data minimisation principles, ensuring that we only retain data necessary for specific purposes.

e) Regular Security Audits

  • Conduct regular audits and assessments of our security practices to maintain data protection standards and address emerging threats.

f) Data Breach Response

  • In the event of a data breach involving your personal data, we have a protocol in place to respond swiftly and mitigate potential harm. Where required by law, we will notify both affected individuals and the Information Commissioner’s Office (ICO) within the appropriate timeframe.

g) Training and Awareness

  • Providing regular data protection and security training to employees to ensure they understand the importance of safeguarding personal data and are aware of best practices for security.

11. Data Protection Impact Assessments (DPIA)

  • To ensure the privacy and protection of personal data, we conduct Data Protection Impact Assessments (DPIAs) for processing activities that pose a high risk to individuals’ privacy. These assessments help us identify and mitigate risks associated with data processing activities in line with GDPR requirements.

12. Transferring your data

We are committed to ensuring that your personal data is processed securely, regardless of where it is stored or transferred. The location of your data storage will depend on our operational requirements and legal obligations. We take the following steps to protect your data during international transfers:

a) Data Storage Within the UK and EEA

  • Wherever possible, we store your personal data within the United Kingdom or the European Economic Area (EEA), where it is fully protected under UK GDPR and EU GDPR standards.

b) Transfers Outside the UK and EEA

  • If it becomes necessary to transfer your personal data to countries outside the UK and EEA (known as “third countries”), we will ensure that appropriate safeguards are in place to protect your data to the same standard as within the UK and EEA. This includes:
  • Standard Contractual Clauses (SCCs): We may use legally approved SCCs, which provide binding commitments for data protection.
  • Adequacy Decisions: If the country to which your data is transferred has been deemed to provide an adequate level of data protection by the UK or European Commission, your data will be treated as adequately protected.

c) Data Transfers to the United States

  • For any data transferred to the United States, we may work with service providers who are certified under the UK and EU-US Privacy Frameworks, or we will apply similar safeguards, including SCCs, to ensure protection.

d) Security Measures for International Transfers

  • In addition to legal safeguards, we apply technical and organisational security measures to ensure that your data is secure during transfer. This includes encryption and restricted access protocols.

If you would like further information about how we protect your personal data in cases of international transfer, please contact us using the details provided in this policy.

13. Third-Party Data Sharing

We respect your privacy and will not share your personal data with any third parties except in specific circumstances. Any data sharing will always be done in accordance with applicable data protection laws, including the UK GDPR. We may share your data in the following situations:

a) Service Providers and Third-Party Processors

  • We may share your personal data with third-party service providers who perform functions on our behalf, such as website hosting, data storage, IT support, analytics, and marketing services. These providers process data under our instructions and are contractually obligated to protect your data and use it solely for the purposes specified by us

b) Business Transfers

  • If we undergo a merger, acquisition, reorganisation, or sale of some or all of our assets, your personal data may be transferred as part of the transaction. We will take appropriate steps to ensure the confidentiality and integrity of your personal data during any such transaction.

c) Legal Obligations

  • We may disclose your personal data to comply with applicable legal or regulatory requirements, or in response to requests from law enforcement authorities, courts, or other government agencies where we believe disclosure is necessary to comply with the law, protect our rights, or ensure the safety of our users.

d) Anonymised and Aggregated Data

  • We may share anonymised or aggregated data with third parties for statistical analysis or research purposes. This data cannot be used to identify you personally and is shared solely for analytical or business development purposes.

e) Consent-Based Sharing

  • In certain circumstances, we may share your data with third parties if you have given us explicit consent to do so. This may include sharing data for specific marketing or promotional purposes.

f) Security and Confidentiality

  • Any third parties with whom we share your data are required to keep it secure and confidential. We only work with reputable partners and ensure data processing agreements are in place to uphold strict data protection standards.

We take steps to ensure that any third-party recipients of your data protect it securely and use it only in compliance with this Privacy & Cookie Policy. If you would like more information on our data-sharing practices, please contact us using the details provided in this policy.

14. How can I access my personal data?

Under the UK GDPR, you have the right to request details of the personal data we hold about you. This is known as a “subject access request” (SAR). You can make a request to access your personal data at any time by following the steps below:

a) How to Submit a Subject Access Request

  • To request access to your data, please contact us in writing using the contact details provided at the top of this policy. Include any information that will help us identify your records (such as your full name, contact details, and any relevant account information).

b) Verification of Identity

  • For your security, we may require additional identification to verify your request. This helps ensure that we do not disclose personal data to anyone who does not have the right to access it.

c) Response Time

  • We will respond to your request as soon as possible, and at the latest within one month of receiving it. If your request is complex or you have made multiple requests, we may extend this period by up to two additional months. In such cases, we will inform you of the delay and the reasons for it.

d) Fees

  • There is generally no charge for making a subject access request. However, if your request is “manifestly unfounded or excessive” (for example, if you make repetitive requests), we may charge a reasonable fee to cover our administrative costs or, in some cases, refuse to comply with your request.

e) Information Provided

  • When responding to your request, we will provide you with a copy of your personal data, along with details of how we process it, why we hold it, and who it may be shared with.

If you would like further information on how to access your personal data or if you have any concerns about our data handling practices, please contact us. We aim to resolve any issues you may have directly, but you also have the right to file a complaint with the Information Commissioner’s Office (ICO) if you believe we are not handling your data in compliance with applicable laws.

15. Your Right to Lodge a Complaint

If you have any concerns or are not satisfied with our handling of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues:

Website: https://ico.org.uk/

Phone: 0303 123 1113

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would, however, appreciate the opportunity to address your concerns directly before you approach the ICO, so please feel free to contact us in the first instance.

16. About cookies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and improve our services. This section explains what cookies are, the types we use, and how you can manage your cookie preferences

a) What Are Cookies?

  • Cookies are small text files stored on your device (computer, tablet, or smartphone) when you visit a website. They help websites remember your actions and preferences, allowing for a smoother browsing experience. Cookies can either be “session cookies,” which are deleted once you close your browser, or “persistent cookies,” which remain on your device until they expire, or you delete them.

b) Types of Cookies We Use: Our website may use the following types of cookies:

  • Strictly Necessary Cookies: These cookies are essential for the operation of our website. They enable you to use features like secure areas, shopping carts, or account logins. Without these cookies, certain services cannot be provided.
  • Analytical/Performance Cookies: These cookies allow us to count visitors and see how users navigate our website. They help us understand which pages are most popular and how we can improve site performance. Data collected by these cookies is anonymous.
  • Functionality Cookies: These cookies allow our website to remember your choices (such as language preference or region) and provide enhanced, personalised features. They ensure that when you return to our website, your preferences are remembered.
  • Targeting/Advertising Cookies: These cookies record your visit to our website, the pages you visited, and the links you followed. We may use this information to make our website, and any advertising displayed more relevant to your interests. We may also share this information with third-party advertising networks, such as Google Ads.

c) Third-Party Cookies: In addition to our own cookies, we may use third-party cookies from trusted providers like Google Analytics to help us analyse how visitors use our website. These third-party cookies are subject to the respective privacy policies of the providers.

d) Managing Cookies: You have the right to control and manage cookies as you wish. When you first visit our website, you will be asked to consent to non-essential cookies. You can accept, reject, or customise your cookie preferences through our cookie banner in accordance with your consent preferences.

  • Browser Settings: Most web browsers allow you to control cookies through the browser settings. You can choose to block or delete cookies; however, please note that this may affect your experience on our website, and some features may not function as intended.
  • Opt-Out Options: If you wish to opt out of Google Analytics tracking, you can install the Google Analytics opt-out browser add-on, available at tools.google.com/dlpage/gaoptout.

e) Changes to Our Cookie Policy: We may update this Cookies section periodically to reflect changes in the types of cookies we use or for other operational, legal, or regulatory reasons. We recommend checking this page regularly to stay informed about our use of cookies.

For more information on how we use cookies and your privacy, please contact us using the details provided in this policy.

17. This privacy & cookie policy

We may update this Privacy & Cookie Policy from time to time to reflect changes in our practices, legal or regulatory requirements, or to enhance our transparency regarding how we manage your personal data. Any modifications will be posted on this page, and significant changes may be highlighted on our website or communicated directly to you if required by law.

We encourage you to review this page periodically to stay informed about how we protect your privacy and manage cookies. Your continued use of our website following any updates to this policy will be deemed acceptance of the changes unless specific consent is required.

Last Update

This Privacy & Cookie Policy was last updated on 22.04.2025.

If you have any questions about the changes or updates to this policy, please contact us using the details provided at the top of this document.

About us

At McKenzie Legal & HR, we provide expert Legal & HR support to businesses across the UK. Our practical, jargon-free approach ensures you stay protected, compliant, and successful – offering cost-effective solutions without compromising on quality.

Our services

Terms & Conditions

Contracts

Debt Recovery

Dispute Resolution

Employment & HR

Wills & Power of Attorney

Retainers & Packages

Contact us

Wokingham
14 Shute End, Wokingham, Berkshire RG40 1BJ
Telephone: 0118 321 4188

Broadstairs
64 High Street, Broadstairs, Kent CT10 1JT
Telephone: 01843 808021

info@mckenzielegalandhr.co.uk

Linkedin Facebook Instagram

Disclaimer: We are an independent legal services firm providing guidance and support across England & Wales. We are not solicitors, a firm of solicitors, nor do we purport to be. As such, we are not regulated by the Solicitors Regulation Authority (SRA) or the Law Society, nor are we required to be. Our services do not include litigation, and we cannot accept the service of legal documents.

Company Registration Number 10633766. Registered address: 64 High Street, Broadstairs, Kent, CT10 1JT

©2025 McKenzie Legal & HR

Website Terms & Conditions

Data Protection, Privacy & Cookie Policies

Website by MN!D

Linkedin Facebook Instagram