Privacy Policy
This privacy notice is for Koala's online assets. Further details about Data Protection and Retention Policy are provided when you instruct us.
1. Introduction
1.1 Important information and who we are
Welcome to Koala Legal Ltd's Privacy and Data Protection Policy ("Privacy Policy").
At Koala Legal Ltd ("we", "us", or "our") we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation ("GDPR"), the Data Protection Act 2018 and all other mandatory laws and regulations of the United Kingdom. We are also accredited to the UK Government's Cyber Essentials security standards.
We are a conveyancing firm regulated by the Council for Licensed Conveyancers (CLC) (Licence Number: [Insert Number]).
This Privacy Policy explains how we collect, process and keep your data safe. The Privacy Policy will tell you about your privacy rights, how the law protects you, and inform our employees and staff members of all their obligations and protocols when processing data.
The individuals from which we may gather and use data can include:
- Customers
- Business contacts
- Third parties connected to your customers
- Any other people that the organisation has a relationship with or may need to contact.
This Privacy Policy applies to all our employees and staff members and all Personal Data processed at any time by us.
1.2 Your Data Controller
Koala Legal Ltd is your Data Controller and responsible for your Personal Data. We are not obliged by the GDPR to appoint a data protection officer and have not voluntarily appointed one at this time.
Contact Details:
- Email: hello@koala.legal
- Post: Unit F6/7 Leah's Yard, 22 Cambridge Street, Sheffield, S1 4HP, United Kingdom.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
1.3 Processing data on behalf of a Controller and processors' responsibility to you
In discharging our responsibilities as a Data Controller we have employees who will deal with your data on our behalf (known as "Processors"). The responsibilities below may be assigned to an individual or may be taken to apply to the organisation as a whole. The Data Controller and our Processors have the following responsibilities:
- Ensure that all processing of Personal Data is governed by one of the legal bases laid out in the GDPR (see 2.2 below for more information);
- Ensure that Processors authorised to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk associated with the processing of Personal Data;
- Obtain the prior specific or general authorisation of the Controller before engaging another Processor;
- Assist the Controller in the fulfilment of the Controller's obligation to respond to requests for exercising the data subject's rights;
- Make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller;
- Maintain a record of all categories of processing activities carried out on behalf of a Controller;
- Cooperate, on request, with the supervisory authority in the performance of its tasks;
- Ensure that any person acting under the authority of the Processor who has access to Personal Data does not process Personal Data except on instructions from the Controller; and
- Notify the Controller without undue delay after becoming aware of a Personal Data Breach.
2. Legal Basis for Data Collection
2.1 Types of data / Privacy policy scope
"Personal Data" means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together below:
- Profile/Identity Data
- First name, last name, gender, date of birth, passports, driving licenses
- Contact Data
- Phone number, addresses, email addresses.
- Marketing & Comms
- Your preferences in receiving marketing and other information from us.
- Billing Data
- Debit/credit card information, name on payment details, billing address.
- Financial Data
- Banking details e.g. account number and sort code, mortgage offers and "Source of Funds & Wealth such as bank statements.
- Transactional Data
- Records of all payments you have made for our services or products.
- Technical Data
- IP address, browser type/version, time zone/location, operating system/platform.
- Property Ownership
- Legal ownership and title, Land Registry registers, deeds, charges, restrictions.
- Property Transaction
- Transaction status, agreed price, completion dates, chain details, correspondence.
- Property Docs
- Contracts, Searches, transfer deeds (TR1), lease agreements, planning permissions, certificates.
- Special category data
- We may occasionally process data regarding health (e.g., for vulnerable client adjustments) or ethnic origin (derived from ID documents)
Aggregated Data: We also collect, use and share Aggregated Data such as information about trends in conveyancing transactions and property types, overall transaction outcomes and timescales, pricing and quote patterns, how our services and digital tools are used, and high-level compliance and fraud-prevention trends. This Aggregated Data is combined from multiple records and does not identify any individual.
Special Categories: We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
2.2 The Legal Basis for Collecting That Data
The main avenues we rely on are:
- "Consent": Certain situations allow us to collect your Personal Data, such as when you tick a box that confirms you are happy to receive email newsletters from us, or 'opt in' to a service.
- "Contractual Obligations": We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.
- "Legal Compliance": We're required by law to collect and process certain types of data, such as fraudulent activity, money laundering, terrorist financing, Transfer of Funds Regulations 2017 and CLC regulatory requirements
- "Legitimate Interest": We might need to collect certain information from you to be able to meet our legitimate interests - this covers aspects that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom or interests.
- "Quality control" We might need to collect certain information from you to satisfy internal quality audits and to defend against potential legal claims.
3. How We Use Your Personal Data
3.1 Our data uses
We will only use your Personal Data when the law allows us to.
3.2 Marketing and content updates
You will receive marketing and new content communications from us if you have created an account and chosen to opt into receiving those communications. From time to time we may make suggestions and recommendations to you about goods or services that may be of interest to you.
3.3 Change of purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4. Your Rights and How You Are Protected
4.1 Your legal rights
Under certain circumstances, you have the following rights:
- Right to be informed.
- Right of access. (Data Subject Access Request)
- Right to rectification.
- Right to erasure.
- Right to object. (Direct marketing, legitimate interest, etc.)
- Right to restrict processing.
- Right to data portability.
If you wish to make a request under any of these rights, please contact us at hello@koala.legal.
4.2 Control over Personal Data
Your account information will be protected by a password for your privacy and security. You need to prevent unauthorized access to your account and personal information by selecting and protecting your password appropriately and limiting access to your computer or device and by signing off after you have finished accessing your account.
You will need to contact us if you would like to delete your account.
4.3 How Koala Legal Ltd protects customers' Personal Data
We implement a variety of security measures, including:
- Appropriate technical and organisational measures.
- Use of reputable, security-focused third-party service providers.
- Access controls, encryption of data in transit and at rest.
- Secure cloud infrastructure and internal handle policies.
While we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us. Any such transmission is done at your own risk.
4.4 Opting out and Data Requests
- Opting out: Email hello@koala.legal at any time.
- Fees: You will not have to pay a fee to access your Personal Data, however, if your request is clearly unfounded, we could refuse to comply.
- Identity Verification: We may need to request specific information from you to help us confirm your identity before exercising your rights.
5. Your Data and Third Parties
5.1 Sharing your data
We may share non-Personal Data with third parties. We may share your Personal Data with subcontractors or affiliates, subject to confidentiality obligations.
Conveyancing requires us to share your personal information with specific third parties:
- HM Land Registry: To register your ownership or charges.
- HMRC: For the submission of Stamp Duty Land Tax (SDLT) returns.
- Lenders: To report on the title and manage mortgage funds.
- Other Side's Legal Representative: To facilitate the exchange and completion.
- Trusted suppliers (e.g. ID company, search provider and our IT service provider)
- The CLC & Legal Ombudsman: For regulatory audits or complaint handling.
Your personal information stored on our case management system may be seen by external providers of technical services if they need to access the system, to fix a technical problem or to support our business.
We may also share data in the event of a change in control, acquisition, or sale of the business.
5.2 Third-Party Links
This Site may include links to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites.
6. How Long We Retain Your Data
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain it longer in the event of a complaint or prospect of litigation.
7. International Transfer of Data
Your information may be stored and processed in the US or other countries or jurisdictions outside the US where Koala Legal Ltd has facilities. By using Koala Legal Ltd, you are permitting and consenting to the transfer of information, including Personal Data, outside of the US.
8. Notification of Changes and Acceptance
We keep our Privacy Policy under review. This version is dated 13 January 2026.
Continued access or use of Koala Legal Ltd will constitute your express acceptance of any modifications.
9. Interpretation
All uses of the word "including" mean "including but not limited to". Staff are not authorised to contract on behalf of Koala Legal Ltd or make representations; email content will be read down to grant precedence to this policy, our terms, or official website announcements.
10. Terms of Use
Please also see our Terms of Engagement.