Protecting Your Privacy


This privacy policy describes the categories of personal data held by Amy Webb T/A WritsWell, how we collect, process, handle, and store that data, and keep it safe. We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR), the regulations set by the European Union, and Data Protection Act 2018 (DPA 2018), the UK law that encompasses GDPR along with any subsequent law or regulation that comes into force in England.

This privacy notice applies to:

  • members of the public who visit and interact with our website and social media handles,
  • prospective, existing, and former clients,
  • sub-contractors, suppliers, agents, brokers, and supporters.


Data Protection Principles


We respect the eight principles as follows:

  1. Personal data shall be processed fairly and lawfully.
  2. Personal data shall be obtained only for one or more specified and lawful purposes. It shall not be further processed in any manner incompatible with that purpose or those purposes.
  3. Personal data shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed.
  4. Personal data shall be accurate and, where necessary, kept up to date.
  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  6. Personal data shall be processed in accordance with the rights of data subjects under data protection rules in the UK.
  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.


Legal Basis for Processing Personal Data


The law on data protection sets out distinct reasons why a company or business may collect and process personal data, including:


A: Consent

In specific situations, we can collect and process your data with your consent. For example, when you become a client and ask us to manage your marketing activities or when you ask us to draft profiles for individual lawyers.


B: Contractual obligations

We may need your personal data to comply with our contractual obligations – for example in your capacity as the owner or director of an organisation that is a client or supplier.


C: Legitimate interest

As a small business focused on marketing within the niche sector of the legal profession, we have a legitimate interest in demonstrating to law firms, their owners and marketing teams how to market a professional service using best practice direct marketing techniques.

In choosing to rely on a legitimate interest, we accept that we have an extra responsibility to consider and protect people’s rights and interests which include:

  1. only processing such data as is necessary to achieve the legitimate interest; and
  2. balancing this against an individual’s rights and freedoms.


D: Legal compliance

If the law requires us to, we may need to collect and pass on your data to law enforcement agencies.

In most cases, the lawful basis for processing will be through the performance of a contract of service.

Where We Collect Personal Data


When you visit our website ( and request services, resources or make an enquiry via a contact form on the website.

When you contact us by phone, letter, or email.

When you engage with us on social media, such as via LinkedIn, Facebook, Pinterest.

When you give us your business card.

When you book any kind of appointment with us or book to attend any event organised by us.

When you choose to complete any polls or surveys by us.

When data is made public as a matter of law – such as on a regulator’s website.

When you comment on or review our products and services – an individual may access personal data related to them, including opinions. So, if your comment or review includes information about a member of staff, we may pass your comment or review on to them.

When a client organisation provides personal information, to enable us to prepare publicity material.


What Personal Data Do We Hold?


We may collect the following personal information:

Personal contact details such as name, title, address, telephone number, email address and/or social media profile – so that we can contact you.

Gender – so that we can address individuals correctly and accommodate for any specific needs to address you correctly.

When preparing lawyer profiles, we may need to request a wide range of personal data in relation to your qualifications, experience, and credentials. Where firms also ask us to request information on personal interests, we will only publish approved information and any background information is deleted once approval has been confirmed.

We may retain professional portrait photographs on behalf of our law firm clients.

When managing law firm marketing, we may receive personal information via third party software – where possible this will be endeavoured by us to hold this data under password protection.

We may also hold the following information:

  • Name, job title, law firm, legal practice areas, contact details.
  • Details or which services you have enquired about or purchased.
  • Details of your interactions with us via our website; and
  • Social media usernames if you share this information with us.


How Do We Store Personal Data?


We store personal information in the following ways:

  • Spreadsheets or databases on digital computers and USB sticks belonging to us,
  • Documents and Files on cloud-based storage such as OneDrive,
  • Printed material such as event registration forms or coordination documents with event organisers.
  • We may use paper records rather than relying on secure digital systems in case internet in the location of the event is not available or affecting performance and efficiency. We will minimise the use of paper and where we do require paper recording, we will limit the information required by you. We will endeavour to ensure your personal information written on paper is not seen by anyone other than us.


How Do We Use Personal Data?


We use personal data as follows:

  • To respond to enquiries and requests for information about our services.
  • To set up new client accounts and to process payments.
  • To fulfil our obligations regarding marketing the experts in the law firm clients that we work for.
  • To inform about services relevant to practising lawyers and marketing managers in law firms.
  • To inform about developments and research in the legal marketplace.
  • To provide options regarding information received.
  • To send surveys, testimonial and feedback requests to help improve our services.
  • To send you relevant, personalised communications by post and email in relation to our services and relevant developments in legal marketing that we believe may be of interest. We do this because of our legitimate interest in growing our business within the legal profession. Recipients always have an opportunity to tailor their preferences to receive some, all, or none of these. We will respond to all such requests and act upon them promptly.

We do not and will not share your personal data with third parties without permission.


How Long Will We Keep Your Personal Data?


We comply with our obligations under the GDPR and DPA 2018 (and any subsequent law or regulation in England) by keeping personal data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access or disclosure, and by ensuring as best as possible that appropriate technical and secure measures are in place to protect personal data.

When we collect or process personal data, we only keep it for as long as is necessary for the purpose for which we originally collected it. At the end of that retention period, we will either completely delete your data, or it will be anonymised by us. If we anonymise your data, this will typically be to aggrege with other data used in a non-identifiable way for statistical analysis and business planning.

Four examples include:

  1. Personal profile information from lawyers and law firms who instruct us.
    1. We delete background information as soon as an approved profile has been uploaded and published online.
  2. Other information from lawyers and law firms who instruct us, e.g.: photographs, client and contact data, logins.
    1. We keep such data for as long as we are under contract to the law firm client, and for a period after the contract has concluded as agreed by contract.
  3. Information from lawyers who we have met or connected with via social media.
    1. We keep this data for as long as we are in contact or remain connected unless you request otherwise.
  4. Information on prospective clients within law firms.
    1. We keep this information for as long as we are in contact or remain connected unless you request otherwise.


When Do We Share Your Personal Data?


We will only share your data with third parties outside of our business where there is a legitimate reason to do so. Occasionally, we may need to be pass personal details to a third party to supply or deliver the service that you require – for example a website developer, graphic designer, mailing house or a photographer/videographer. We only provide the information required to perform specific services requested by or with the express permission of our clients on their behalf. Where we share personal data with third parties, we will seek assurances that your personal data will be kept confidential and that the third party fully complies with the GDPR and DPA 2018 along with any subsequent law or regulation in England.

Software that we use while providing marketing services to our clients include:

  • Website content management systems: e.g., WordPress,
  • Email marketing services: e.g., Mailerlite,
  • Social Media providers: e.g., Facebook, LinkedIn, Pinterest, Twitter, YouTube.

We would disclose personal data requested by the police or other enforcement, regulatory or government body. We will only share your personal information with them to the extent needed for their purposes. Please note that the sharing of information may occur without notification to you.

We never sell your personal information to any third party.

In the event, the owners sell this business, then this may involve the transfer of personal data.


Your Rights Over Your Personal Data


As a Data Subject, you have the following rights:

The right to be informed of the data we hold and how we use it.

The right of access to this data. You can ask us to share with you the data we have about you. This is often known as a Data Subject Access Request. We kindly ask that you put such a request in writing to us either by letter or email (see contact details below).

The right to request the rectification of any errors. You can update your data if it is inaccurate or if something is missing.

The right to request erasure. You can ask us to delete any personal data we have about you.

The right to request us to restrict processing. If you think we are not processing your data in line with this privacy policy, then you have the right to restrict any continued use of that data until we resolve the issue with you.

The right to data portability. If you ask us to provide or disclose your personal data in a portable way e.g., a Word or PDF document to make it more easily accessible or to share with others.

The right to object to how we process your personal information. You can object to the ways we use your data. We request you put your objections in writing either by letter or email (see contact details below).

Rights in relation to automated decision making and profiling. These rights protect you in cases where automated processes make decisions about you rather than human input. It is highly unlikely that we will use this.

The right to stop receiving direct marketing (see below for more information).

The right to complain to use and complain further to the Information Commissioner’s Office (see below).


Stopping Direct Marketing


There are five ways you can stop or reduce direct marketing communications from us:

  1. Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop all further emails.
  2. Click the ‘tailor my preferences’ link to specify the emailers you do or do not wish to receive.
  3. You can also visit our website and tailor your preferences.
  4. Email with any request.
  5. Write to Amy Webb T/A WritsWell, 23 Wenlock Crescent, Chesterfield, Derbyshire, S40 4NU.


Further Notices


If we wish to use your personal data for a new purpose, not covered by this Privacy Policy then we will endeavour to provide you with a new notice explaining this new use prior to commencing the processing as well as setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the processing.

We hope this policy has been helpful in setting out the way we manage your personal data and your rights to control it.

If there is anything you consider that we have not adequately addressed in this privacy policy, then please email us at


Contacting The Information Commissioner’s Office


If you feel that we have not managed your data correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by:

Telephone: 0303 123 1113.



Updated May 2023