Privacy Policy

Rohleder & Co is a wills and estate planning practice led by Katie Rohleder, a Chartered Legal Executive. We are committed to protecting your privacy and handling your personal data responsibly.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is:

We may collect and process the following categories of personal data:

Personal Details

Name, date of birth, address, email address, telephone number, marital status, and details of family members relevant to your will or estate plan.

Identity Verification Documents

Photographic identification (such as a passport or driving licence) and a selfie photograph, used to verify your identity in accordance with anti-money laundering regulations and professional obligations.

Will & Estate Planning Information

Information provided through our will questionnaire and during consultations, including details of your assets, liabilities, beneficiaries, guardians, executors, and your wishes for the distribution of your estate.

Payment Information

Records of payments made and payment status. We do not store full payment card details on our systems; payment processing is handled by our secure third-party payment provider.

Usage Data

Information about how you use our website and client portal, including your IP address, browser type, pages visited, and time spent on the site. This data is collected through essential cookies and server logs.

Communications

Messages exchanged through our client portal messaging system, emails, and records of telephone conversations relevant to your matter.

We use your personal data to:

• Provide our will writing and estate planning services to you
• Verify your identity in compliance with anti-money laundering regulations
• Communicate with you about your matter through the client portal and other channels
• Process payments and maintain financial records
• Manage your account on the client portal and provide access to your documents
• Comply with our legal and regulatory obligations
• Improve our website and services based on how clients use them
• Respond to enquiries submitted through our website or by email

We process your personal data on the following legal bases under the UK GDPR:

• Contract: Processing is necessary for the performance of our contract with you to provide will writing and estate planning services.
• Legal obligation: Processing is necessary to comply with our legal obligations, including anti-money laundering regulations and professional standards.
• Legitimate interests: Processing is necessary for our legitimate interests, such as improving our services and maintaining the security of our systems, provided these interests are not overridden by your rights and freedoms.
• Consent: Where we rely on your consent, you have the right to withdraw it at any time by contacting us.

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

• Client files and will-related documents: Retained for a minimum of 6 years after the conclusion of your matter, or longer where required by professional obligations.
• Identity verification documents: Retained for 5 years after the end of the business relationship, in accordance with anti-money laundering regulations.
• Financial records: Retained for 6 years as required by HMRC.
• Website usage data: Retained for up to 12 months.

When personal data is no longer required, it will be securely deleted or anonymised.

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right of access: You have the right to request a copy of the personal data we hold about you.
• Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
• Right to erasure: You have the right to request that we delete your personal data, subject to certain legal exceptions.
• Right to restrict processing: You have the right to request that we limit the processing of your personal data in certain circumstances.
• Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object: You have the right to object to the processing of your personal data where we rely on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time.

To exercise any of these rights, please contact us at info@rohlederandco.co.uk. We will respond to your request within one month.

As part of our regulatory obligations, we are required to verify the identity of our clients. To facilitate this, our client portal allows you to upload:

• A photograph of a valid government-issued photo ID (such as a passport or driving licence)
• A selfie photograph for comparison and verification purposes

These images are transmitted securely using encryption and stored in our secure systems. They are used solely for the purpose of verifying your identity and complying with anti-money laundering regulations.

Identity verification documents are retained for 5 years after the end of our business relationship, after which they are securely deleted. Access to these documents is strictly limited to authorised personnel.

You may request the deletion of your identity verification documents at any time, though please note that we may be legally required to retain them for the period specified above.

Our website uses essential cookies that are necessary for the proper functioning of the site and the client portal. These cookies are used to:

• Keep you signed in to the client portal
• Ensure the website functions correctly
• Maintain session security

We do not use advertising or tracking cookies. For more information, please refer to our cookie consent notice displayed when you first visit our website.

We may share your personal data with trusted third-party service providers who assist us in delivering our services. These may include:

• Secure hosting and cloud storage providers for our website and client portal
• Payment processing services
• Email and communication services
• Professional advisors and regulatory bodies where required

We ensure that all third-party service providers are bound by appropriate data processing agreements and maintain adequate security measures. We do not sell your personal data to any third party.

Where data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place in accordance with the UK GDPR.

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Secure authentication for the client portal
• Regular security reviews and updates
• Access controls to ensure only authorised personnel can access personal data

While we take all reasonable precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee the absolute security of your data.

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

If you are not satisfied with our response or believe we are processing your personal data in a way that is not compliant with the law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.