SRA Fair processing policy

Last updated 24 March 2017

Your privacy: information we collect about you and how we use it

This policy tells you what to expect when we collect personal information. The Law Society is the data controller of the personal information we collect. We are the independent, regulatory arm of the Law Society, and operate separately from it. Information about how the Law Society collects and uses your information can be found in the Law Society privacy statement.

The Data Protection Act 1998 regulates the use of personal information held by us. This means we must comply with eight data protection principles which say that personal data needs to be:

  • processed fairly and lawfully
  • processed only for specified and lawful purposes
  • adequate, relevant and not excessive
  • accurate and, where necessary, kept up to date
  • not kept longer than necessary
  • processed in accordance with an individual's rights under the Act
  • kept secure
  • not transferred to non-European Economic Area countries without adequate protection.

This notice contains information about:

Information we may collect

The type of information we may collect and process about you is varied and may include:

  • your name
  • who you are such as a solicitor, trainee solicitor, law student, member of the public
  • your e-mail address
  • your user ID and password, if you have one
  • telephone, email, correspondence, case related information and exchanges

In addition, because of the wide ranging nature of our regulatory work, we may collect other information and data about you and your business. This could include for example, information from an individual client making an application to us for a grant from our Compensation Fund, a finance manager in a law firm applying to us for authorisation as a compliance officer or as a result of a disciplinary investigation.

Some information is defined in the Data Protection Act 1998 as sensitive personal data. This is information about you which relates to:

  • (a) your racial or ethnic origin
  • (b) your political opinions
  • (c) your religious beliefs or other beliefs of a similar nature
  • (d) your membership of a trade union
  • (e) any physical or mental health condition
  • (f) your sexual life
  • (g) the commission or alleged commission by you of any offence
  • (h) any proceedings for any offence committed or alleged to have been committed by you, including the disposal of any proceedings or a court sentence.

Where we collect personal data we will not collect or use it unless it is lawful for us to do so. This may mean we need your informed consent to use or share it. However, in some cases it will be lawful for us to do so, for example where it necessary as part of our, or a third party's, statutory or public function or because the law permits or requires us to.

How we use personal information

This policy applies to information we collect set out below:

How long we keep information

We keep personal information for as long as necessary to ensure we can fulfil our regulatory role in the public interest and in line with our published retention and disposal policies.

We retain personal information if we need it to meet our legal and operational requirements.

How we keep information secure

We are under a general duty to keep personal data and information confidential. Where we share information we take all reasonable steps to keep it secure, use it fairly and ensure that data protection safeguards are in place.

For the purposes of the Data Protection Act 1998 the Law Society is the data controller, however, the Law Society agrees not to access certain data and information to protect the rights of those whose information we hold and so as not to cause prejudice to our regulatory work.

We operate shared policies with the Law Society that set out and advise staff about how we collect, handle and keep information secure to ensure we meet the our data protection obligations as well as how we maintain the confidentiality, accessibility and integrity of information we hold.

How you find out about information we hold about you

The Data Protection Act 1998 gives you a right of access to personal data we hold about you. These are called subject access requests. In some cases we are not required to provide you with information we hold about you. Where this is the case we will let you know.

You can request information by printing, completing our:

and posting it to us. If you need any help making a subject access request our Information Compliance Team will help you.

We need to satisfy ourselves as to your identity. Please therefore send us proof of who you are so that know we are sending the information to the right person. We accept the following as proof:

  • a copy of your birth certificate
  • a copy of your passport
  • a copy of your driving licence

Please do not send original documents.

You will also need to let us have a postal or email address so that we can send you the information.

We ask that you mark the covering envelope or email as 'Confidential'.

Administration charge

There is a charge of £10 payable by cheque. This covers costs we are entitled to charge under the Data Protection Act 1998. We cannot deal with your request until the fee is paid.

How we provide the information

We usually send a hard copy by special delivery post to your residential address or by email. We can make other arrangements in some cases. Please ask our Information Compliance Team if you would like to agree alternative arrangements.

Can I see all the information held about me?

You may not be entitled to see all the information held about you if an exemption under the Data Protection Act 1998 applies. Examples of exemptions include information that:

  • is about another person.
  • may prejudice our regulatory work.

If an exemption applies we will explain which exemption applies and we tell you if we have removed any information from the copy we send you.

Changes to this fair processing policy

We keep this Policy under regular review.

How to contact us

If you would like to ask for information about our policy you can email us or write to us. If you would like a copy of this policy in an alternative format please ask our Information Compliance Team.

Visitors to our website

Cookies are small text files stored on your computer while you are visiting a website. Cookies help make websites work. They also provide us with aggregated information about how users interact with our site. We use this information to try to improve your experience on our website and the quality of service we provide.. Cookies help us do this by allowing us to remember personal settings you have chosen at our website. We do not use cookies in any other way to collect information that identifies you personally. Most of the cookies we set are automatically deleted from your computer when you leave our website or shortly afterwards.

Complete information about the cookies we may set on your browser appears below. A hyperlink to this information about cookies appears prominently on most pages of our website.

Cookies set by www.sra.org.uk

Below is a list of cookies set by the SRA website, along with a brief description of what each is used for.

Cookie name Purpose Expiry
ASP.NET_SessionId Unique identifier for sessions, identifies a user’s session When you close your browser
BIGipServerEktron_Web_CMS Used by load balancer to map browser sessions to specific web application servers When you close your browser
Ecm Used by web platform to determine whether user is a logged-in content management system user When you close your browser
firstCookie Used to collect aggregate data on user selections in customer-contact form When you close your browser
CookieDropDowns Used to collect aggregate data on user selections in customer-contact form When you close your browser
ekContentRatingID Intended to prevent single user from biasing content ratings by rating the same content repeatedly 8,000 years (expires 31 Dec 9999)
EktGUID Contains no data other than its file name, which is a unique number referencing user data stored on the web application serve 1 year
webvers Contains no data other than the word "desktop"; stores a user's preference for desktop-optimised display features regardless of device type 14 days
cookie-acceptance Used to note that you have read our pop-up message on cookies to stop the message appearing multiple times      1 month
sraTranslate Works with our Bing translator tool to detect if website translation is turned on or off 1 month

Cookies set by mySRA (https://my.sra.org.uk)

Our online account management solution— mySRA—sets several cookies over and above the cookies listed directly above. By logging in to mySRA, you consent to the following cookies being set on your browser.

Cookie name Purpose Expiry
ASP.NET_SessionId Unique identifier for sessions, identifies a user’s session When you close your browser
ASPXAUTH Used by web platform to determine whether a user is an authenticated user When you close your browser
BIGipServerMYSRA_POOL_443 Used by load balancer to map browser sessions to specific web application servers When you close your browser
TLSUserName Contains username in encrypted format so that user is automatically logged in to website if cookie is present 100 minutes
TLSPassword Contains password in encrypted format so that user is automatically logged in to website if cookie is present 100 minutes

Cookies set by https://forms.sra.org.uk

A small number of our online forms and surveys are served securely by a cloud-based platform using the sub-domain forms.sra.org.uk. This platform sets the following cookie.

Cookie name Purpose Expiry
sg-response-939471 Used selectively to identify user and re-direct to appropriate unique instance of form 90 days

Cookies set by https://events.sra.org.uk

When you register for an SRA event you are served securely by a dedicated platform called Eventsforce which uses the sub-domain events.sra.org.uk. The platform sets the following cookies, in addition to those listed under www.sra.org.uk above.

Cookie name Purpose Expiry
_zendesk_shared_session, _zendesk_session Used by our Eventsforce software to store information temporarily while you are using the site When you close your browser

Cookies set by https://lawsociety.tal.net

When you apply for a job at the SRA you are served securely by a dedicated recruitment platform called WCN which uses the domain lawsociety.tal.net. The platform sets the following cookies, in addition to those listed under www.sra.org.uk above.

Cookie name Purpose Expiry
wcn_agent_session agent session on a system When you close your browser
wcn_ats_session recruiter session on a system When you close your browser
wcn_session candidate session on a system When you close your browser
Crsf-token cross site request token for api When you close your browser

Third-party cookies

Some services we use to add value and convenience to those who use our website. The browsers may set cookies on our behalf. These services fall into two broad groups: social media and web analytics.

Social media

We publish all of our video content on YouTube.com, and embed it on our website. When a visitor triggers a video to play, YouTube sets cookies on their browser. Any concerns about those cookies should be checked with Google's privacy policy.

Some of our web content includes buttons that allow visitors to share content easily with their online networks—using Twitter, LinkedIn and Facebook. When visiting these areas Twitter, LinkedIn and Facebook may set cookies on a visitor's browser. We do not control the use of these third-party cookies, and any concerns should be checked with the policies of Twitter, LinkedIn and Facebook.

Service Cookie name Expiry
twitter.com Pid 2 years
linkedin.com X-LL-IDC When you close your browser
youtube.com use_hitbox When you close your browser
youtube.com VISITOR_INFO1_LIVE 240 days

Web analytics

To improve our web-based services we collect and use overall data about the use of our site from a third-party service, Google Analytics. When visitors use our website Google Analytics sets cookies on their browser. We do not control the use of these third-party cookies and any concerns should checked with Google's privacy policy.

Here is a list of cookies we set on our website and a brief description of what we use each for.

Service Cookie name Expiry
Google Analytics _utma 2 years
Google Analytics _utmb After 30 minutes of inactivity
Google Analytics _utmc When you close your browser
Google Analytics _utmz 6 months
Google Analytics _utmv 2 years

We also use a third-party service—LivePerson—to chat to users in real time who visit our guidance pages. This service works alongside our Professional Ethics Guidance helpline in answering solicitors' queries. LivePerson sets several cookies on your browser and you should check LivePerson Privacy Policy for more information.

Service Cookie name Expiry
liveperson.net LivePersonID 1 year
liveperson.net HumanClickKEY, HumanClickCHATKEY, HumanClickSiteContainerID_<SITEID>, lpCloseInvite, LPit When you close your browser
liveperson.net HumanClickACTIVE 1 day

More information about cookies

To learn more, including how to manage cookies, visit www.aboutcookies.org. If you have any questions or concerns about cookies set by us, please get in touch.

Regulated persons

The type of information we may collect and process about you is varied and may include:

  • your name
  • who you are to us such as a solicitor, role holder or trainee solicitor
  • your e-mail address
  • your current and old practising address if any
  • your home address
  • your user ID and password
  • your area of work
  • correspondence with us
  • case related information, such as applications you have made to us for approval, for example, authorisation as a new manager or explanations given to us as part of an ongoing disciplinary investigation
  • regulatory records such as any disciplinary decisions about you

Some information we collect is used by the Law Society such as information about those who hold or seek an accreditation with the Law Society or choose to be listed under 'Find a Solicitor'. Some data collected by us for our regulatory purposes is sent to the Law Society and used for membership and professional body purposes. Information about how the Law Society handles personal information can be found on the Law Society website.

mySRA is our online account management solution. We use it to allow regulated persons to keep us up to date and to make applications. More information about applications and our use of information is set out under the 'applications' section below.

mySRA sets several cookies over and above the cookies explained in our section about visitors to our website. By logging on to mySRA users consent to the cookies found being set on their browser.

We may use personal information provided by registered users of mySRA to carry out checks such as fraud and credit checks by independent credit reference and other agencies. We may also use information to improve our service.

Personal information we collect on an annual basis from individuals or firms may be used to inform our regulatory work. This may include investigations, enforcement and applications made to us. It may also inform our thematic work. For example, we may identify trends about risks that the legal market faces from data about our disciplinary cases that we share with other regulators or use to inform our work.

We may also prepare and publish or share statistics obtained from data we collect from those we regulate but not in a form that identifies anyone.

In appropriate cases, personal information may be disclosed to other regulators, the Legal Ombudsman, enforcement or government agencies, other regulators or others with a legitimate interest who may keep a record of that information. We only share information where it is lawful for us to do so, such where it is necessary to do so as part of our, or a third party's, statutory or public function or because the law permits or requires us to. In most cases, we will tell the person whose information we hold that we are sending their information somewhere else. You can get more information about how we share information with agencies with a public interest by reading our memoranda of understanding.

We may also share personal information with selected third parties which provide relevant services to us, such as outsourced IT services or legal support but only where this helps us to fulfil effectively our statutory and regulatory functions.

When we take enforcement action we will generally publish our decision in line with our guidance on publication. If a person has appeared before the Solicitors Disciplinary Tribunal (SDT) the Findings of the Tribunal are usually published on the SDT website.

We make some information publicly available such as the practising details of solicitors. Some personal information is contained in our Alternative Business Structure (ABS) register and may be held within our Law Firm Search pages of our website.

If a regulated person contacts us for guidance or advice we use the information we collect to handle the request for help. We may also use the information to check our level of service.

Information about online forms, the use of our website and the use of cookies is explained in our section about visitors to our website. A small number of our online forms and surveys are served securely by a cloud-based platform using the web address 'forms.sra.org.uk'. View cookies set by 'forms.sra.org.uk'.

People making complaints about regulated persons

When we receive complaints about those we regulate we create a complaint file. Usually the file will contain the identity of the complainant and other people involved in the complaint.

We usually have to disclose a complainant's identify to the person complained about or to the firm in which that person is involved. If a person making a complaint does not want to be identified we will try to respect that. However, if we are unable to progress a complaint where we think there is an overriding need to protect the public we may decide to disclose a person's identity. Information may be used to inform our regulatory work which may include using information in investigations, enforcement and applications made to us. It may also inform our thematic work. Where we take action as a result of a complaint, where possible, we try to keep those making the complaint informed of progress.

We may also prepare and publish or share statistics obtained from data we collect such as the number and types of complaints we receive but not in a form that identifies anyone.

In appropriate cases, personal information may be disclosed to other regulators, the Legal Ombudsman, enforcement or government agencies, other regulators or others with a legitimate interest who may keep a record of that information. We only share information where it is lawful for us to do so, such where it is necessary to do so as part of our, or a third party's, statutory or public function or because the law permits or requires us to. In most cases, we will tell the person whose information we hold that we are sending their information somewhere else. You can get more information about how we share information with agencies with a public interest by reading our memoranda of understanding.

We may also share personal information with selected third parties which provide relevant services to us, such as outsourced IT services or legal support but only where this helps us to fulfil effectively our statutory and regulatory functions.

We give information about the use of our website and cookies in our section about visitors to our website. A small number of our online forms and surveys are served securely by a cloud-based platform using the web address 'forms.sra.org.uk'. View cookies set by 'forms.sra.org.uk'.

Complaints about us

When we receive complaints about us we create a complaint file. Usually the file will contain the identity of the person complaining and other people involved in the complaint.

We use personal information to deal with the complaint. We may also use the information to check and improve our level of service.

We may also prepare and publish or share statistics obtained from data we collect such as the number and types of complaints we receive about our service but not in a form that identifies anyone.

In appropriate cases, personal information may be disclosed to other regulators, the Legal Ombudsman, enforcement or government agencies, other regulators or others with a legitimate interest who may keep a record of that information. We only share information where it is lawful for us to do so, such where it is necessary to do so as part of our, or a third party's, statutory or public function or because the law permits or requires us to. In most cases, we will tell the person whose information we hold that we are sending their information somewhere else. You can get more information about how we share information with agencies with a public interest by reading our memoranda of understanding.

We may also share personal information with selected third parties which provide relevant services to us, such as outsourced IT services or legal support but only where this helps us to fulfil effectively our statutory and regulatory functions.

We give information about the use of our website and cookies in our section about visitors to our website. A small number of our online forms and surveys are served securely by a cloud-based platform using the web address 'forms.sra.org.uk'. View cookies set by 'forms.sra.org.uk'.

Applications such as to become a trainee, a solicitor or be approved in a role

When we receive applications containing personal information we create or update the information we hold about that person on our data base and files. We use the personal information to process the application and to make a decision about the application itself. Information may be used to inform our regulatory work which may include using information in investigations, enforcement and applications made to us. It may also inform our thematic work and be used to check our level of service.

We may also prepare and publish or share statistics obtained from data we collect such as the number and types of applications we receive but not in a form that identifies anyone.

In appropriate cases, personal information may be disclosed to other regulators, the Legal Ombudsman, enforcement or Government agencies, other regulators or others with a legitimate interest who may keep a record of that information. We only share information where it is lawful for us to do so, such where it is necessary to do so as part of our, or a third party's, statutory or public function or because the law permits or requires us to. In most cases, we will tell the person whose information we hold that we are sending their information somewhere else. You can get more information about how we share information with agencies with a public interest by reading our memoranda of understanding.

We may also share personal information with selected third parties which provide relevant services to us, such as outsourced IT services or legal support but only where this helps us to fulfil effectively our statutory and regulatory functions.

Where a person is regulated by us the information we collect is handled in the way explained under our regulated persons section.

Information about online forms, the use of our website and the use of cookies is explained in our section about visitors to our website. A small number of our online forms and surveys are served securely by a cloud-based platform using the web address 'forms.sra.org.uk'. View cookies set by 'forms.sra.org.uk'.

Our event online booking forms are served securely by a dedicated platform using a web address 'events.sra.org.uk'. View cookies set by 'events.sra.org.uk'.

People who make enquiries or ask for general help

When enquiries are sent to us we usually only use the information to handle the request or to deal with any later issues.

We keep a record of our telephone calls. We record our telephone calls. Recordings are kept for two months although in some cases we keep recordings for longer to help with training our staff or where we receive a complaint about our service.

We may also use information to help inform the way we regulate and to check and improve our level of service.

Information about online forms, the use of our website and the use of cookies is explained in our section about visitors to our website. A small number of our online forms and surveys are served securely by a cloud-based platform using the web address 'forms.sra.org.uk'. View cookies set by 'forms.sra.org.uk'.

Others connected to our work

The nature of our work means that we handle personal information about third parties who are, in some way, connected to the work we do. This category is broad and examples include witnesses to an investigation, clients of those we regulate, applicants to our Compensation Fund.

We may use personal information to further our regulatory work which may include using information in investigations, enforcement and applications made to us. It may also inform our thematic work.

In appropriate cases, personal information may be disclosed to other regulators, the Legal Ombudsman, enforcement or Government agencies, other regulators or others with a legitimate interest who may keep a record of that information. We only share information where it is lawful for us to do so, such where it is necessary to do so as part of our, or a third party's, statutory or public function or because the law permits or requires us to. In most cases, we will tell the person whose information we hold that we are sending their information somewhere else. You can get more information about how we share information with agencies with a public interest by reading our memoranda of understanding.

We may also share personal information with selected third parties which provide relevant services to us, such as outsourced IT services or legal support but only where this helps us to fulfil effectively our statutory and regulatory functions.

Some data is collected when people sign up to newsletters, act as an organisation's contact, respond to our consultations or register with us for events or webinars. We use personal data collected in this way to deliver the service we provide or to improve the service we offer. Those responding to our consultations can opt to have their data kept confidential. We do not use your data for marketing purposes.

Information about online forms, the use of our website and the use of cookies is explained in our section about visitors to our website. A small number of our online forms and surveys are served securely by a cloud-based platform using the web address 'forms.sra.org.uk'. View cookies set by 'forms.sra.org.uk'.

Jobs

When people apply to work with us, we use the information sent us to process applications and to monitor our recruitment.

To ensure we are an equal opportunities employer we collect information about age, disability, ethnicity, sex, gender reassignment, sexual orientation, religion or belief, pregnancy and maternity. This information is not used in relation to the application itself and is treated with strict confidence. It does not form part of the job application and is used to monitor our recruitment. We may use the information to help us deliver equal opportunity measures.

Successful applicants who secure fixed term or permanent contracts are asked to agree to an appropriate criminal records check.

Once a person is employed by us, we compile a file relating to their employment. We keep this information secure and only use it for purposes directly related to their employment. When a person's employment ends with us we destroy the file in line with our published retention and disposal policies.

Information about online forms, the use of our website and the use of cookies is explained in our section about visitors to our website. When you apply for a job at the SRA you are served securely by a dedicated recruitment platform called WCN which uses the domain lawsociety.tal.net. View cookies set by 'lawsociety.tal.net'.


Please use www.sra.org.uk/dpa to link to this page.

Print page to PDF