Legal

Privacy
Policy

Last updated: February 2026

1. Who we are

RankMyFirm Ltd ("RankMyFirm", "we", "us", or "our") is a company registered in England & Wales. We provide search engine optimisation (SEO) services to UK solicitors and professional firms.

We are the data controller for the personal data described in this policy. If you have any questions about how we handle your data, please contact us at hello@rankmyfirm.co.uk.

2. What data we collect

We may collect and process the following categories of personal data:

2.1 Information you provide directly

  • Contact details — name, email address, telephone number, and job title, collected when you fill in a contact form, book a call, or email us.
  • Business information — firm name, website URL, practice areas, and location, provided during enquiries or onboarding.
  • Communications — the content of emails, messages, and call notes exchanged with us.

2.2 Information collected automatically

  • Usage data — pages visited, time on page, referral source, and interactions with our website and tools.
  • Device and browser data — IP address, browser type and version, operating system, screen resolution, and device type.
  • Cookie data — information collected through cookies and similar tracking technologies (see our Cookie Policy for full details).

2.3 Information from third parties

  • Analytics providers — aggregated and pseudonymised usage data from services such as Google Analytics.
  • Referral partners — name and contact details where you have been referred to us by a third party with your consent.

3. How we use your data

We process your personal data for the following purposes:

  • To provide our services — delivering SEO audits, reports, and ongoing optimisation work as agreed in your service contract.
  • To respond to enquiries — replying to contact form submissions, call bookings, and email correspondence.
  • To improve our website and tools — analysing usage patterns to enhance performance, usability, and content relevance.
  • To send marketing communications — newsletters, case studies, and industry insights, only where you have given explicit consent or where we have a legitimate interest (with an easy opt-out mechanism).
  • To comply with legal obligations — record-keeping, tax reporting, and responding to lawful requests from authorities.

4. Lawful basis for processing

We rely on the following lawful bases under UK GDPR:

  • Contract — processing necessary to perform a contract with you or to take steps at your request before entering into a contract (Article 6(1)(b)).
  • Legitimate interests — processing necessary for our legitimate business interests, such as improving our services, marketing to existing clients, and website analytics, provided these interests do not override your fundamental rights (Article 6(1)(f)).
  • Consent — where you have given clear, affirmative consent to processing, such as subscribing to our newsletter or accepting non-essential cookies (Article 6(1)(a)).
  • Legal obligation — processing necessary to comply with a legal obligation to which we are subject (Article 6(1)(c)).

5. Cookies

We use cookies and similar technologies on our website. Cookies are small text files placed on your device that help us understand how visitors use our site, remember your preferences, and improve your experience.

For full details on the types of cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

6. Third parties and data sharing

We do not sell your personal data. We may share your data with the following categories of third parties:

  • Service providers — hosting providers, email platforms, analytics services, and CRM tools that process data on our behalf under written data processing agreements.
  • Professional advisers — accountants, lawyers, and auditors who require access to data to provide professional services to us.
  • Law enforcement and regulators — where we are legally required to disclose data or where it is necessary to protect our rights.

Where any third-party processor is located outside the United Kingdom, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the Information Commissioner's Office (ICO), to protect your data.

7. Data retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Client data — retained for the duration of the client relationship and for up to 6 years afterwards, in line with our contractual and legal obligations.
  • Enquiry data — retained for up to 2 years from the date of your last interaction with us, unless you ask us to delete it sooner.
  • Marketing data — retained until you withdraw consent or opt out of communications.
  • Website analytics data — retained in pseudonymised or aggregated form for up to 26 months.

8. Your rights under UK GDPR

Under the UK General Data Protection Regulation and the Data Protection Act 2018, you have the following rights:

  • Right of access — you can request a copy of the personal data we hold about you.
  • Right to rectification — you can ask us to correct inaccurate or incomplete data.
  • Right to erasure — you can request deletion of your personal data in certain circumstances.
  • Right to restrict processing — you can ask us to limit how we use your data.
  • Right to data portability — you can request your data in a structured, commonly used, machine-readable format.
  • Right to object — you can object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent — where processing is based on consent, you can withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please email us at hello@rankmyfirm.co.uk. We will respond within one calendar month, as required by law.

9. Data security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS/SSL), secure hosting environments, access controls, and regular security reviews.

While we take all reasonable precautions, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

10. Children's data

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

12. How to contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

We would, however, appreciate the opportunity to address your concerns before you approach the ICO. Please contact us first at hello@rankmyfirm.co.uk.