Privacy Policy

Last updated: 19th November 2025

1. Introduction

Vantage 360 Estate Planning is an appointed representative of New Leaf (WWF) Ltd.  and (“we”, “our”, or “us”) is committed to protecting and respecting your privacy. This privacy policy explains how we collect, use, store, and share your personal information when you visit our website https://www.vantage360estateplanning.co.uk/ (the “Website”) or use our services.

We are a company registered in England and Wales under company number 7891401 with our registered office at 165-167 High Street, Rayleigh, SS6 7QA.

For the purposes of UK data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller.

2. Contact Information

If you have any questions about this privacy policy or our data practices, please contact us:

Data Protection Officer/Privacy Contact:

  • Email: info@vantage360estateplanning.co.uk

  • Post: 165-167 High Street, Rayleigh, SS6 7QA

  • Telephone: 07736 446658

3. Information We Collect

3.1 Information You Provide Directly

We collect information you voluntarily provide to us, including:

  • Contact forms and enquiries: Name, email address, telephone number, company name, job title, and any message or enquiry details you provide

  • Newsletter subscriptions: Email address and any preferences you specify

  • Account registration: Username, password, email address, and profile information

  • Comments and reviews: Name, email address, and content you post

  • Event registrations: Contact details, dietary requirements, accessibility needs, and payment information

  • Customer service interactions: Records of correspondence and support requests

  • Marketing preferences: Communication preferences and consent records

3.2 Information Collected Automatically

When you visit our Website, we automatically collect:

  • Technical information: IP address, browser type and version, operating system, device type, screen resolution, and time zone settings

  • Usage data: Pages visited, time spent on pages, click-through rates, download errors, exit pages, and referral sources

  • Location data: General location information derived from your IP address

  • WordPress data: User agent strings, login attempts, and administrative actions (for registered users)

3.3 Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to collect information about your browsing behaviour. For detailed information, please see our Cookie Policy [LINK TO COOKIE POLICY].

3.4 Third-Party Sources

We may receive information about you from:

  • Google Analytics: Website usage statistics and demographic information

  • Social media platforms: If you interact with our social media accounts or use social login features

  • Business partners: Contact information shared for legitimate business purposes

  • Public sources: Publicly available business information for B2B communications

4. How We Use Your Information

We process your personal information for the following purposes:

4.1 Legitimate Business Purposes

  • Providing and maintaining our Website and services

  • Responding to your enquiries and providing customer support

  • Processing transactions and managing customer relationships

  • Improving our Website functionality and user experience

  • Conducting business analysis and market research

  • Protecting against fraud, abuse, and security threats

  • Complying with legal obligations and regulatory requirements

4.2 Marketing Communications (with your consent)

  • Sending newsletters, promotional materials, and service updates

  • Providing information about products, services, and events

  • Conducting customer satisfaction surveys

  • Personalising marketing content based on your interests

4.3 Website Analytics and Optimisation

  • Analysing Website traffic and user behaviour patterns

  • Testing new features and improving Website performance

  • Measuring the effectiveness of our marketing campaigns

  • Creating aggregated, anonymised reports for business intelligence

5. Legal Basis for Processing

We process your personal information under the following legal bases:

  • Consent: For marketing communications and non-essential cookies (you may withdraw consent at any time)

  • Contract performance: To provide services you have requested or to take steps prior to entering into a contract

  • Legitimate interests: For business operations, fraud prevention, direct marketing to existing customers, and Website improvement (where not overridden by your interests or rights)

  • Legal obligation: To comply with applicable laws and regulations

  • Vital interests: To protect life or physical safety in emergency situations

6. How We Share Your Information

We may share your personal information with:

6.1 Service Providers and Third Parties

  • Web hosting providers: For Website hosting and maintenance

  • Plugin & 3rd Party Providers: If needed for troubleshooting

  • Email service providers: For newsletter delivery and email communications

  • Analytics providers: Including Google Analytics for Website performance analysis

  • Payment processors: For secure transaction processing

  • Customer relationship management (CRM) systems: For managing customer interactions

  • Marketing platforms: For advertising and promotional activities

  • IT support providers: For technical maintenance and security services

  • Professional advisers: Including lawyers, accountants, and consultants

6.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring party.

6.3 Legal Requirements

We may disclose your information where required by law, court order, or regulatory authority, or to protect our rights, property, or safety, or that of others.

6.4 International Transfers

Some of our service providers may be located outside the UK. Where we transfer your data internationally, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the UK government

  • Standard contractual clauses approved by the UK authorities

  • Binding corporate rules or certification schemes

7. Data Retention

We retain your personal information for the following periods:

  • Contact form submissions and enquiries: Indefinitely, unless you request deletion

  • Newsletter subscriptions: Until you unsubscribe or we cease operations

  • Customer account data: For the duration of your account plus 7 years for legal/tax purposes

  • Website analytics data: 26 months (Google Analytics default retention period)

  • Marketing data: Until consent is withdrawn plus 3 years for compliance purposes

  • Financial records: 7 years from the end of the relevant financial year

  • Legal dispute records: Until the dispute is resolved plus applicable limitation periods

These retention periods may be extended where necessary for legal claims, investigations, or regulatory requirements.

8. Your Rights

Under UK data protection law, you have the following rights:

8.1 Right of Access

You can request a copy of the personal information we hold about you.

8.2 Right to Rectification

You can request that we correct any inaccurate or incomplete information.

8.3 Right to Erasure (‘Right to be Forgotten’)

You can request deletion of your personal information in certain circumstances.

8.4 Right to Restrict Processing

You can request that we limit how we use your information in certain situations.

8.5 Right to Data Portability

You can request to receive your personal information in a portable format or have it transferred to another organisation.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Rights Related to Automated Decision-Making

You have rights regarding automated decision-making and profiling, including the right to human intervention.

8.8 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us using the details provided in Section 2. We will respond to your request within one month, though this may be extended in complex cases.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • Encryption: Data transmission and storage encryption

  • Access controls: Role-based access limitations and authentication requirements

  • Regular security assessments: Vulnerability testing and security audits

  • Staff training: Regular data protection and security awareness training

  • Incident response procedures: Protocols for managing data breaches

  • Secure hosting: Professional hosting services with robust security measures

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Data Breaches

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner’s Office (ICO) within 72 hours where required

  • Inform affected individuals without undue delay where high risk is identified

  • Take immediate steps to contain and mitigate the breach

  • Conduct a thorough investigation and implement preventive measures

11. Third-Party Websites

Our Website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies before providing any personal information.

12. Children’s Privacy

Our Website is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

13. Squarespace-Specific Information

As our Website is built on Squarespace, please be aware:

  • Squarespace: May collect technical information for security and performance purposes

  • Plugins and themes: May have their own data collection practices

  • Comments: Are stored in our Squarespace database and may be publicly visible

  • User accounts: Include login credentials and activity logs

  • Automatic updates: Squarespace may check for updates and send anonymous usage data

14. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by:

  • Posting the updated policy on our Website

  • Sending email notifications to registered users

  • Displaying a prominent notice on our Website

The “Last updated” date at the top of this policy indicates when it was last revised. Your continued use of our Website after any changes constitutes acceptance of the updated policy.

15. Complaints

If you are not satisfied with how we handle your personal information, you have the right to complain to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office

  • Website: https://ico.org.uk/

  • Telephone: 0303 123 1113

  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

16. Governing Law

This privacy policy is governed by English law and subject to the jurisdiction of the English courts.

Document Version: 1.0