A-LEVEL LAW · PRIVACY

Privacy. In Plain English.

No tracking pixels. No data selling. No marketing partners getting your details. This page explains exactly what we collect, why, and how to remove it.

Last updated

26 May 2026

This Privacy Policy explains how LawByLak ("we", "us", "our") collects and uses personal data when you visit lawbylak.co.uk or buy a revision module. It is written to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

LawByLak is operated by Lakshan Satheeskumar, a sole trader based in the United Kingdom. The trading name "LawByLak" produces premium A-Level Law revision content for OCR H418, OCR H018, and AQA 7162 specifications.

Data controller contact: hello@lawbylak.co.uk

2. What data we collect, and when

We collect the absolute minimum data needed to run this business. Specifically:

  • Email address — if you sign up to the email list via the form on our site. Used solely to send free guides, topic launch announcements, and the occasional study tip.
  • Payment details — when you buy a module, payment is processed by Payhip. We never see or store your card details. Payhip provides us with your email address and the product purchased so we can send the module file.
  • Cookies and similar — see our Cookie Policy. We use essential cookies only (no analytics, no advertising trackers).
  • Server logs — when you visit the site, our hosting provider Cloudflare records standard server log information (IP address, browser type, pages visited) for security and abuse prevention. This data is held by Cloudflare under their own privacy policy.

3. What we do NOT collect

  • We do not use Google Analytics, Facebook Pixel, or any third-party tracking.
  • We do not collect your name, address, phone number, age, or school unless you voluntarily tell us in an email.
  • We do not buy lists, scrape contact details, or use lead-generation databases.
  • We do not share, sell, or rent your data to anyone.

4. Lawful basis for processing

Under UK GDPR, we process your data on the following bases:

  • Consent — for the email list (you actively sign up; you can unsubscribe anytime).
  • Contract — for module purchases (we need your email to fulfil the order).
  • Legitimate interests — for security logs (preventing fraud and abuse).

5. How long we keep it

  • Email list subscribers — until you unsubscribe. Inactive subscribers (no opens for 24 months) are pruned automatically.
  • Purchase records — six years, as required by HMRC for tax records.
  • Server logs — typically 30 days, per Cloudflare's default retention.

6. Third parties who process data on our behalf

We use carefully chosen sub-processors. They are bound by their own UK GDPR-compliant privacy policies:

  • MailerLite (email list provider) — Privacy policy
  • Payhip (payment processor) — Privacy policy
  • Cloudflare (hosting, security, DNS) — Privacy policy
  • Stripe / PayPal (via Payhip checkout) — handled entirely by Payhip; we never see card data.

7. International transfers

Some of our sub-processors (notably Cloudflare and MailerLite) may process data outside the UK. They do so under appropriate safeguards including UK International Data Transfer Agreements and EU Standard Contractual Clauses where required.

8. Your rights under UK GDPR

You have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data ("right to be forgotten")
  • Portability — receive your data in a portable format
  • Restrict processing — ask us to pause processing while a dispute is resolved
  • Object — to any processing based on legitimate interests
  • Withdraw consent — at any time, for any consent-based processing

To exercise any right, email hello@lawbylak.co.uk. We respond within 30 days (usually faster). There is no charge.

9. Children's data

LawByLak content is aimed at A-Level Law students, who are typically 16–18 years old. The UK age of digital consent is 13. Students under 13 should not use this site directly. Parents and teachers wishing to purchase on a child's behalf are welcome to do so under their own accounts.

10. Security

We use industry-standard security: HTTPS everywhere (Cloudflare-managed TLS), reputable payment processors (we never store card data), and minimal data collection. No system is 100% secure, but we limit our exposure by not holding sensitive data we don't need.

11. Complaints

If you are unhappy with how we have handled your data, you can complain to the UK Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Post: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

We would always prefer to resolve concerns directly first — please email hello@lawbylak.co.uk before escalating.

12. Changes to this policy

We update this policy when our practices change (e.g. adding a new tool). The "Last updated" date at the top reflects the most recent change. Material changes will be communicated to email subscribers.