Home

This Privacy Policy explains how Daniel McAfee, trading as Daniel McAfee Solicitor (“we”, “us”, “our”), collects, uses, and protects your personal data when you book and use our online Independent Legal Advice (ILA) service.

Privacy Policy

Daniel McAfee Solicitor SRA-Regulated Freelance Solicitor (SRA No: 8015561) Email: daniel@dmcafeesolicitor.com Last updated: 13 May 2026

1. About this policy

1.1 This Privacy Policy explains how Daniel McAfee, trading as Daniel McAfee Solicitor (“we”, “us”, “our”), collects, uses, and protects your personal data when you book and use our online Independent Legal Advice (ILA) service. 1.2 We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who is the data controller

2.1 The data controller is Daniel McAfee, sole trader, trading as Daniel McAfee Solicitor. 2.2 Contact: daniel@dmcafeesolicitor.com. 2.3 We are registered with the Information Commissioner’s Office (ICO). Our registration number is available on request.

##3. What personal data we collect 3.1 In the course of providing the service we may collect: Identification data: your full name, date of birth, residential address, photograph or copy of your photographic ID (passport or driving licence), and proof of address (e.g. recent utility bill or bank statement); Contact data: email address, telephone number, and (where you opt to communicate via WhatsApp) your mobile number; Transaction-related data: company details (where you are signing as a director or officer), the document on which advice is sought, related correspondence, and any supporting documents you provide; Payment data: payment is processed by Stripe; we do not store full card details. We retain the transaction reference, amount, and date; Call data: a video and audio recording of the ILA consultation, together with any notes taken; Certificate and file data: the issued ILA certificate, any cover letter, and our internal file note. 3.2 We do not seek to collect special category data (such as health or biometric data). If such data is incidentally disclosed during the call (for example, in connection with capacity considerations), it will be handled with the same confidentiality as the rest of the file.

4. Why we collect and use your data

4.1 We use your personal data: To deliver the ILA service for which you have engaged us, including identity verification, document review, the call itself, and the issue of the certificate; To comply with our legal and regulatory obligations as a solicitor, including under the SRA Standards and Regulations and the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 where applicable; To maintain professional records and respond to any future complaint, regulatory enquiry, or insurance claim; To process payment and address any chargeback or payment dispute; To communicate with you about your booking, the documents needed, and the certificate produced.

5. Lawful bases for processing

5.1 We rely on the following lawful bases under Article 6 of the UK GDPR: Contract — processing is necessary to perform the contract for the supply of the ILA service; Legal obligation — processing is necessary to comply with our regulatory and statutory record-keeping obligations as a solicitor; Legitimate interests — for limited purposes such as defending against complaints or claims, and the secure operation of our practice. Where we rely on legitimate interests, we have balanced these against your rights. 5.2 We do not use your data for marketing purposes without your separate, freely given consent.

6. Who we share your data with

6.1 We share data only where necessary to deliver the service or to meet our legal obligations. The principal recipients are: The party who requested ILA — your lender, their solicitor, your conveyancer, or other nominated recipient — to whom we send the signed ILA certificate; Our service providers (data processors). These act on our instructions and are subject to written data processing terms. They include: Processor Purpose Stripe Payments Europe Ltd Payment processing DocuSign / SignNow Electronic signature Cal.com Appointment scheduling Google (Google Meet / Workspace) Video calls, email Twilio Ireland Ltd WhatsApp messaging Supabase Encrypted document and data storage

Our regulators and insurers — including the SRA, the Legal Ombudsman, and our professional indemnity insurers, where required; Law enforcement and other authorities — where we are legally required to disclose information (for example, under anti-money laundering legislation). 6.2 Some processors (including those above) may transfer data outside the UK. Where this occurs, we rely on UK adequacy regulations or the International Data Transfer Agreement / addendum to the EU Standard Contractual Clauses to ensure your data remains protected. 6.3 We do not sell your data and do not share it for marketing purposes.

7. How long we keep your data

7.1 We retain client files (including documents, identification evidence, correspondence, payment records, and the call recording) for 7 years from the date of issue of the ILA certificate. This period reflects SRA expectations, professional indemnity requirements, and the likely limitation period for any claim arising from the advice. 7.2 At the end of the retention period, data is securely destroyed unless we are required by law to keep it for longer. 7.3 Where you booked but did not proceed to a call, we retain booking and identification data for 12 months unless you ask us to delete it earlier.

8. Your rights

8.1 You have the following rights under the UK GDPR: Access — to be told whether we hold your data and to receive a copy; Rectification — to have inaccurate data corrected; Erasure — to have your data deleted, except where we are required to retain it under clause 7 or another legal obligation; Restriction — to ask us to restrict processing in certain circumstances; Portability — to receive your data in a structured, commonly used, machine-readable format; Objection — to object to processing carried out on the basis of legitimate interests; Withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting prior processing. 8.2 To exercise any of these rights, email daniel@dmcafeesolicitor.com. We will respond within one month. 8.3 We will need to verify your identity before responding to a request.

9. Right to complain to the ICO

9.1 If you believe we have not handled your data properly, you have the right to complain to the Information Commissioner’s Office: Website: ico.org.uk Telephone: 0303 123 1113 Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF 9.2 We would prefer the opportunity to address your concern first; please contact us before going to the ICO if possible.

10. Security

10.1 We take appropriate technical and organisational measures to protect your data, including encrypted storage, access controls, secure file transfer, and password-protected accounts. 10.2 No system is completely secure. If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify you directly without undue delay.

11. Marketing

11.1 We do not use your data for marketing purposes without your specific, freely given consent. You can withdraw that consent at any time.

12. Cookies

12.1 Our website uses only essential, functional cookies necessary for the site and booking flow to operate (for example, session management and security). We do not use third-party advertising or tracking cookies.

13. Children

13.1 Our service is provided only to individuals aged 18 or over. We do not knowingly collect data from children.

14. Changes to this policy

14.1 We may update this Privacy Policy from time to time. The current version, with the date last updated, will always be available on our website.

Last updated 24 May 2026.