Privacy Policy

This site is owned by solicitor Jennifer Wiss-Carline. Contact info: [email protected]

1. Introduction

Welcome to National Case Law Archive (lawcases.net). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what personal data we collect, how we use it, who we share it with (including third-party providers), and how we keep it secure – all in compliance with the General Data Protection Regulation (GDPR) (and equivalent UK data protection law). We aim to present this information in clear, plain English for your ease of understanding. By using our website, you agree to the practices described in this Privacy Policy.

2. Data Controller

The Data Controller for your personal data is LawCases.net (National Case Law Archive). In other words, LawCases.net is responsible for deciding how and why your personal data is processed. If you have any questions or requests regarding your personal data or this Privacy Policy, please contact us.

3. Types of Personal Data We Collect

We may collect, process, and store the following categories of personal data:

  • Identity Data – Information that identifies you, such as your name or username.
  • Contact Data – How we can reach you, for example, your email address and phone number.
  • Technical Data – Details about your visit and device, including IP address, browser type, and usage data collected via cookies and similar technologies (e.g. through Google Analytics).
  • Communications Data – Content and metadata of communications you send us, such as information you provide by filling out enquiry forms or comment forms on our site.

4. How We Collect Your Data

We collect personal data directly from you when you interact with our site, and also automatically as you use our services:

  • Direct Collection: When you fill out an enquiry form, comment form, or otherwise submit information on our website, we collect the personal data you provide (for example, your name, email, and the content of your enquiry).
  • Automated Collection: When you visit our website, certain technical information is collected automatically via cookies and analytics tools. In particular, we use Google Analytics to gather data about how visitors use our site. This means that when you browse lawcases.net, Google Analytics may collect data such as your IP address, device and browser type, and on-site activities using first-party cookies (support.google.com). These cookies help us understand website traffic and usage patterns without identifying you personally. (For more about cookies, see the Cookies section below.)

5. How and Why We Use Your Data (Purposes and Lawful Bases)

We only use your personal data when we have a valid legal reason (lawful basis) to do so under data protection law. The main purposes for which we process personal data, and the corresponding lawful bases, are:

  • Responding to Enquiries: If you contact us with a question, comment, or request, we will use your provided information (such as your name, email, and the content of your enquiry) to respond and assist you. Lawful basis: Legitimate Interests – it is in our legitimate interest to reply to communications from users and provide you with the support or information you’ve requested. We consider this usage to not override your rights or interests, as you initiated contact with us.
  • Website Analytics: We analyse how our website is used in order to improve its content, functionality, and user experience. For this, we rely on Google Analytics, which collects usage data (e.g. pages viewed, time spent, interactions) via cookies. Lawful basis: Legitimate Interests – understanding and improving our services. This helps us ensure our site is user-friendly and relevant. (Note: Google Analytics operates as our data processor for these analytics insights, and does not identify you personally in the reports we see.)
  • Data Backups and Storage: We create secure backups of our website data (which may include personal data, e.g. information from enquiry forms) to prevent data loss and ensure business continuity. These backups are stored with Dropbox, a reputable cloud storage provider. Lawful basis: Legitimate Interests – maintaining data security and reliable service continuity. Keeping backups helps protect your data from accidental loss or technical issues.
  • Third-Party Assistance (With Consent): If you submit an enquiry that we cannot fully address in-house and which requires input from an external expert or partner, we may, with your explicit consent, share relevant details from your enquiry with that third party in order to get you the help or advice you need. Lawful basis: Consent – we will only share your data in this way if you clearly agree to it. (For example, if your enquiry relates to a specialised legal matter, we would first ask your permission before consulting another law firm or expert and sharing your contact details or query.)

We do not use your personal data for any purposes other than those described above. We do not sell your data to third parties or use it for unsolicited marketing. If we intend to process your data for a new purpose, we will update this policy and, if required, seek your consent.

6. Adverts

We use Google AdSense to display adverts on this website.

Cookies and similar technologies

Google and, where applicable, its partners may use cookies or similar identifiers (for example, device identifiers) to:

  • serve adverts on this site, including personalised adverts where you have consented (or where permitted by law),
  • limit how often you see an advert,
  • measure ad performance, and
  • help detect and prevent fraud.

As required by Google’s policies:

  • Third-party vendors, including Google, use cookies to serve ads based on a user’s previous visits to this website or other websites.
  • Google’s use of advertising cookies enables it and its partners to serve ads to users based on their visit to this site and/or other sites on the internet.

Opting out / managing choices

You can opt out of Google personalised advertising by visiting Google’s Ad Settings: https://adssettings.google.com

You can also manage cookies via your browser settings and by using the ‘Cookie Settings’ link in our website footer.

Even if you turn off personalised ads, you will still see adverts, but they may be less relevant.

You can also opt out of some companies’ interest-based advertising by visiting: https://www.aboutads.info/choices/

7. Data Sharing and Third-Party Providers

We treat your personal data with care and confidentiality. We do, however, rely on certain trusted third-party service providers to run our website and services. When it’s necessary, we share or allow access to personal data with the following third parties – each of which has their own privacy policies and commitments to data protection:

  • Google (Analytics and Email Services): Our website uses Google Analytics to collect site visitation statistics, and our email communications (such as messages sent via our contact form) are handled through Google’s Gmail service. Google acts as our data processor for these services, meaning they process data on our behalf and under our instructions. Information like your IP address and browsing actions may be collected by Google Analytics cookies for analytics purposes, and any inquiry you submit through the site will be transmitted via Google’s email servers. We encourage you to review Google’s Privacy Policy to understand how Google handles personal information across its services (support.google.com). Google is a U.S.-based company, but it adheres to international data protection frameworks and safeguards (see Section 7: International Data Transfers below).
  • Dropbox (Cloud Storage for Backups): We use Dropbox to securely store backups of our website data, which may include any personal information you have provided (for example, inquiry form submissions are included in our backed-up database). Dropbox is a well-known cloud storage provider, and it has its own comprehensive privacy policy explaining how your data is handled and protected (dropbox.com). We only use Dropbox to prevent data loss (e.g., in case of a technical failure on our site) and to ensure we can restore information if needed. Dropbox may process these backups on servers located outside the UK/EEA, but it employs strong safeguards for data protection (see Section 7 below on international transfers).
  • EuroVPS (Website Hosting Provider): Our website is hosted on servers provided by EuroVPS, a European hosting company. This means that any data transmitted through our site (such as when you fill out forms or browse pages) is stored and processed on EuroVPS’s servers. EuroVPS prides itself on being a GDPR-compliant hosting service (eurovps.com). They handle server data in accordance with strict security standards and European data protection criteria. In practical terms, EuroVPS provides the infrastructure that keeps lawcases.net running, and they may process technical data (like server logs of site visits) for maintenance and troubleshooting. EuroVPS will not access or use your personal data for any purpose other than providing hosting and related technical support to us, pursuant to our contract with them.
  • Other Third Parties (with Your Consent): Aside from the providers above, we will not share your personal data with any external third parties unless you have given us clear permission to do so. As noted in Section 5, if your enquiry might be better addressed by an external expert, we would explain the situation to you and obtain your consent before forwarding any of your details. In such cases, we would also ensure that the third party agrees to keep your information confidential and to use it only for the purposes of assisting with your enquiry.

Important: Each of these third-party providers has their own privacy policy and data protection measures. We recommend reviewing their privacy notices (available on their respective websites) for more information on how they handle personal data. Rest assured, we have agreements in place with these providers to ensure they only process your data for specified purposes and in line with applicable data protection law.

We do not provide advertisers with your name, email address, or the content of any enquiries you submit. Advertising identifiers (such as cookies or similar technologies) may still be used by Google to deliver and measure ads.

8. International Data Transfers

We are based in the UK, but some of the third-party services we use may process your personal data on servers located outside the UK and the European Economic Area (EEA). In particular:

  • Google and Dropbox: These providers are headquartered in the United States, so data collected by Google Analytics or stored in Dropbox could be transferred to or accessed from the U.S. (and potentially other countries).
  • EuroVPS: Our EuroVPS servers are located in the Netherlands (within the EEA). Transfers between the UK and the EEA are permitted as the EU has been deemed adequate by the UK (and vice versa), so your data moving between the UK and EuroVPS’s EU servers is protected under equivalent privacy laws.

Whenever we transfer or allow access to your personal data outside the UK/EEA, we ensure appropriate safeguards are in place to protect it. Our service providers undertake to protect European data to GDPR standards. For example, Google and Dropbox participate in and comply with the EU-U.S. Data Privacy Framework and/or utilise European Commission-approved Standard Contractual Clauses (SCCs) for data transfers (dropbox.com). These mechanisms are legal tools that bind the providers to protect your data with a level of security and privacy essentially equivalent to that in Europe.

What this means for you is that, even if your data is processed in a country with different privacy laws, it remains safeguarded under strict agreements. We also rely on any other applicable measures required by law (such as UK International Data Transfer Agreements, where relevant) to ensure lawful and secure transfer of data across borders.

If you’d like more information about international data transfers or specific safeguards (like copies of the contractual clauses), please contact us.

9. Data Security

We take data security very seriously. We have implemented suitable technical and organisational measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. These measures include, for example, using secure (encrypted) connections on our website, restricting access to personal data to only those who need it, and employing firewalls and up-to-date security software on our hosting servers. We also ensure that our third-party service providers (such as our hosting company, cloud storage, and analytics provider) are reputable and maintain high standards of security. For instance, EuroVPS maintains GDPR-compliant data handling practices (eurovps.com) and Dropbox uses encryption and strict access controls to protect stored data (as described in their security and privacy documentation).

While we strive to protect your information, no method of transmission over the internet or method of electronic storage is 100% secure. However, we continuously review and update our security practices to mitigate risks and protect your personal data. In the event of any suspected personal data breach, we have a procedure to address it and will notify you and any applicable regulators when we are legally required to do so.

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements. In general:

  • For enquiry or contact form data: We typically keep the information you submit (and our correspondence with you) for up to two years. This allows us to refer back to previous communications if you contact us again, and to improve our services by understanding common enquiries. After this period, we securely delete or anonymise the data, unless we are required by law to keep it longer (for example, if your enquiry led to a legal case or transaction that we must keep records of).
  • For analytics data: Google Analytics retains aggregated website usage data for our account according to our configured retention settings (often 14 months by default, or as adjusted to meet our needs). This data is statistical and does not directly identify individuals. We may retain high-level analytics (e.g. total website traffic per month) indefinitely for historical comparison, but this information has no personal identifiers.
  • For backups: Our backups on Dropbox are rotated and retained for disaster-recovery purposes. Backup files are typically retained for a limited time (e.g., backups might be kept for a few weeks or months before being overwritten with newer backups). We ensure that older backups are deleted or overwritten in line with our data retention policy, so personal data does not reside indefinitely in storage.
  • For website server logs: EuroVPS may keep server logs (which can include IP addresses and visit timestamps) for a short period (usually a few weeks) for security monitoring and troubleshooting, after which they are routinely purged.

Once the applicable retention period has elapsed, or if you request us to delete your data (and we have no legal reason to keep it), we will securely erase or anonymise your personal data. If for technical reasons (e.g., in secure backups) we cannot immediately delete certain data, we will ensure it is isolated and protected until deletion is possible.

11. Your Rights

Under the GDPR (and UK data protection laws), you have several important rights regarding your personal data. At National Case Law Archive, we uphold these rights and will facilitate your exercise of them. Your rights include the following:

  • Right of Access – You have the right to ask us whether we are processing your personal data and to request a copy of the personal data we hold about you. This helps you understand how and why we are using your data and to ensure we’re doing so lawfully.
  • Right to Rectification – If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it. We will make the corrections as soon as possible.
  • Right to Erasure – Commonly known as the “right to be forgotten,” this gives you the right to request that we delete your personal data. You can do this, for example, if the data is no longer necessary for the purposes we collected it, or if you have withdrawn your consent (in cases where consent was the basis for processing). We will honor valid erasure requests provided we have no other legal obligation to retain the data.
  • Right to Object – You have the right to object to our processing of your personal data in certain situations. For instance, if we are processing your data based on legitimate interests, you can object if you feel it impacts your rights and freedoms. If you object, we will consider your request and stop or adjust the processing unless we have a compelling legitimate ground to continue (or if it’s needed for legal claims). You also have an absolute right to object to us using your data for direct marketing (though note, we currently do not use your data for marketing without your consent).
  • Right to Restriction of Processing – You can ask us to suspend or limit the processing of your personal data in certain circumstances. This might apply if you contest the accuracy of the data or if you want us to preserve data while you pursue a legal claim, for example. During the restriction period, we will store your data securely and not use it (except to the extent allowed by you or required by law).
  • Right to Data Portability – You have the right to request that we provide your personal data to you (or to a third party you choose) in a structured, commonly used, machine-readable format. This right only applies to information you have given us and that we process by automated means based on your consent or on a contract with you. For example, if you provided us with certain data and you want to reuse it across different services, we will help facilitate that transfer.

These rights are subject to certain legal exceptions. For example, we might not erase data we are required by law to keep, or we might refuse a request if it is manifestly unfounded or excessive. However, we will explain to you any decision to refuse a request.

Exercising Your Rights: You can exercise any of these rights by contacting us (see Contact Details at the end of this policy). We may need to verify your identity to ensure we don’t disclose data to the wrong person. We will respond to your requests as soon as possible, and always within the timeframe required by law (generally within one month). There is no fee for making such requests in most cases.

12. Cookies

Cookies are small text files that are placed on your device when you visit a website. Our website uses cookies primarily to make the site function well and to help us understand how visitors interact with it. In particular, we use Google Analytics cookies for analytics purposes. These cookies collect information in an anonymous form, such as how many visitors come to the site, which pages they view, and how long they stay. This data is then aggregated to produce reports that help us improve the website. For example, Google Analytics uses a cookie (_ga) to distinguish unique users and generate statistics about site usage. Importantly, these analytics cookies do not reveal your identity to us – we cannot see your name, email, or any directly identifying detail about you through analytics, only generalised patterns of usage.

By using our site, you consent to the use of these analytics cookies (unless you disable them). You have choices when it comes to cookies:

  • Browser Controls: Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when cookies are being sent. Please note that disabling all cookies may affect the functionality of our website (for instance, some interactive features may not work as intended if cookies are turned off). However, blocking analytics cookies should not significantly affect your ability to view our site.
  • Google Analytics Opt-Out: Google provides an opt-out browser add-on to prevent data from being used by Google Analytics on any website. If you want to opt out of Google Analytics tracking across all sites, you can install the Google Analytics opt-out extension for your browser.
  • Cookie Notice: If we use a cookie consent banner or tool on our site (for example, to comply with applicable laws), you can use that tool to customise your cookie preferences. (At present, we only use non-intrusive analytics cookies under Legitimate Interests, so you may not see a cookie pop-up when visiting our site. We are continuously monitoring legal requirements and will implement a consent mechanism if needed.)

For more detailed information about the cookies and similar technologies Google uses and how they work, you can visit Google’s page on How Google uses cookies and the Google Privacy Policy.

Our website may display advertising served by Google AdSense. Google may use cookies or similar technologies to collect information about your visits to this and other websites in order to provide relevant advertisements, measure ad performance, and improve advertising services.

Where required by law, we will obtain your consent before placing advertising cookies on your device, and you may manage your preferences through our cookie settings or browser controls.

You can learn more about how Google uses data from sites that use its services at: https://policies.google.com/technologies/partner-sites

13. Complaints

We hope to resolve any privacy concerns you may have directly and promptly. If you have a complaint about how we handle your personal data, please contact us first so we can address your issue. We will acknowledge your complaint and work with you to find a satisfactory resolution.

If you are not satisfied with our response, or if you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with a supervisory authority. In the United Kingdom, that is the Information Commissioner’s Office (ICO). You can contact the ICO or find more information on their website. The ICO can provide guidance and may be able to assist in resolving your concerns.

For individuals in other jurisdictions, you can contact your local data protection authority. For example, if you are in an EU country, you can reach out to your country’s supervisory authority for data protection. You also have the right to seek a judicial remedy if you think your data protection rights have been breached.

We value your trust, and we will fully cooperate with the ICO or any other relevant authority in investigating and resolving any complaint.

14. Changes to this Policy

We may update or modify this Privacy Policy from time to time, for example to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will notify you by appropriate means – for instance, by posting a notice on our website or contacting you directly (e.g., via email) if we have your contact details and if the changes are material. However, we encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

The “Effective Date” at the bottom of this policy indicates when the current version came into force. Any changes will become effective when we post the revised Privacy Policy on this page. Your continued use of the website after a revised policy has been posted signifies that you have read and understood the updated terms.

15. Contact Details

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us. We are here to help and will respond as promptly as possible.

Updated: 14th February 2025