Last updated January 2024
Introduction
Who are we?
We are Sheridans, a partnership in England with our office at 76 Wardour Street, London, W1F 0UR (“Sheridans”, “we” or “us”). Where we decide the means or purpose of processing your personal data, we are the “data controller.”
Sheridans works with its German office, operated by our related firm Sheridans Solicitors LLP (Partnership #: OC426948 with the same registered office address) (“Sheridans LLP”). Sheridans and Sheridans LLP act as joint controllers when processing your personal data in connection with a matter involving our German office, but Sheridans is the primary point of contact for data subjects under data protection law.
What’s this policy about?
This policy explains how we process personal data, as a data controller, relating to: (a) visitors to our websites sheridans.co.uk, familyatsheridans.co.uk and backpagesport.co.uk (collectively, the “Website”); (b) job applicants; (c) prospective clients and business contacts; (d) third party suppliers and contractors; and (e) clients and their personnel. We update this policy, so please check back. Where appropriate, we will actively notify you.
What are your rights?
Individuals have the following rights, which may be limited in some circumstances:
- Ask us to send a copy of your personal data to you or someone else
- Ask us to restrict, stop processing, or delete your personal data
- Object to our processing of your personal data
- Object to use of your personal data for direct marketing purposes
- Ask us to correct inaccuracies in your personal data
To exercise your rights, please let us know by sending an email to sar@sheridans.co.uk. If we rely on consent to process personal data, you can withdraw consent at any time either by writing to us at the same email address, by using unsubscribe links in our email, or by letting our staff know.
You also have the right to submit a complaint to a supervisory authority. For example, in the UK, you can get in contact with the Information Commissioner’s Office: https://ico.org.uk; in Berlin, you can get in contact with the Berliner Beauftragte für Datenschutz und Informationsfreiheit https://www.datenschutz-berlin.de/. If you live in another European country, you can alternatively submit a complaint to the supervisory authority in your country/state. If you live outside of those territories, you may have a supervisory authority in your country to turn to.
How do you contact us?
If you have any questions concerning this policy, including how you can exercise your rights, please contact us at: sar@sheridans.co.uk.
Your personal data
| Personal data | What it includes |
|---|---|
| Contact | Address (email and physical) and other contact details such as telephone, fax, social media handles |
| Matter | Personal data supplied to or obtained or generated by us which is associated with the advice and other support requested by or provided to our clients when we provide our services. The nature of this data depends on the work involved but will typically include contact details and other information relating to clients, their contacts and personnel, information in communications and documentation, and other data or materials used in a matter. |
| KYC/AML | Personal data in materials used to establish and verify identity, nationality, date of birth, address, status/role (such as role as director, shareholder, beneficial owner or similar) and source of wealth and funds, such as passport, driving licence, utility bills, bank statements, Companies House records, incorporation and associated materials, information on the electoral roll or sanctions lists, details of politically exposed persons, credit reference agency data, and in some cases biometric data such as video/images of you |
| Visits | Records (including date, time, location) of appointments or attendance at our offices or events or occasions where we entertain our client, dietary preferences, information about disabilities (for example where adjustments or special arrangements are necessary) |
| CRM | Records of our interactions with business contacts, such as telephone, meeting, and video call notes, records, transcripts and messages, enquiries, and other email correspondence (and correspondence received through forms on our websites, if any) and your marketing preferences (such as consent to marketing, unsubscribe requests, and details of the type of information or marketing you are or may be interested in) |
| Financial | Bank account details, invoices and other records relating to financial transactions |
| CCTV | CCTV audio and video recordings on our premises |
| Recruitment | Job title, employer, CV, photograph, covering letter and supporting information, employment & education history, desired role(s) and other information you or a recruiter may supply in connection with a prospective or actual job application |
How we use it
| Purpose and Data | Legal Basis & Further Information | Sources & Recipients |
|---|---|---|
| Business Development We process the following data to: (a) find and market to clients and prospective clients, including through email marketing, events, meetings, calls; (b) to manage our relationship with clients and prospective clients and their contacts; and (c) to keep a record of interactions with clients and prospective clients and their contacts to better understand how we can help them: – Contact – CRM – Visits If you provide contact details, where lawful to do so, our lawyers will usually retain them to contact you about events or with legal updates. You will usually remain on our contacts list until you let us know you no longer wish to receive our communications, which you may do by opting out of our emails or contacting us at marketing@sheridans.co.uk. | To pursue our legitimate interests in marketing our services, understanding what clients (and prospective clients) need, and improving our business development processes. Where we send direct marketing by email or SMS to non-corporates, we do so on the legal basis of consent. To the extent we are required to maintain a record of consents, we do so to meet our legal obligations. | We collect this data directly from you, from your employer, from others who have introduced you to us, or from publicly available sources such as social media networks. |
| Client Work We process the following data to provide (or with a view to providing) our services (such as to gather information, communicate with parties involved in a matter, provide advice, and carry out other tasks involved in delivering our services) and for billing and accounting purposes: – Contact – KYC/AML – Matter – Visits – Financial | (a) For the performance of contractual obligations or prior to entering a contract at your request (if you are an individual client). (b) In pursuit of our legitimate interests and those of our clients in us providing our legal services and keeping records of information relating to the matters we work on and the individuals involved. (c) We may record calls and meetings to maintain a higher-fidelity record of those calls and meetings, which may be used to automatically generate a summary of and action points arising from that call or meeting, in which case we will typically ask for your consent to do so at the beginning of the call or meeting unless we are otherwise lawfully entitled to keep such a record. | We collect this data directly from you, from our clients, and from third parties such as Companies House, the Land Registry, HMRC and other official sources, from research sources such as the internet, from other law firms, barristers or professionals involved in the matter, and from other sources which are relevant to the matter. |
| Security We process the following data to manage and monitor the security of our offices and systems: – Contact – Visit – CCTV – CRM and Matter data (e.g. scanning incoming email for malicious content) | To pursue our legitimate interests in keeping our offices and systems secure and to comply with our legal obligations to maintain confidentiality and security. | We normally collect this data directly from you. We use services provided by Mimecast and other technology providers to scan incoming materials for malicious content. |
| Regulatory We process the following data to comply with our legal obligations, including fraud, political exposure, and anti-money laundering and sanction checks, conflict checking and other regulatory obligations applicable to lawyers (such as those imposed by the SRA) and the work we undertake, for health and safety, accounting, and auditing purposes: – Contact – Visit – KYC/AML – Matter – Financial – CCTV – Recruitment | To comply with our legal obligations. In some cases, we may ask for your consent to use biometric means to verify identity. | We collect this data from you, from our clients and contacts, or from third party sources including public sources such as Companies House or the Land Registry and credit reference agencies, or sanction list vetting and similar service providers. |
| Recruitment We may process the following data when receiving job applications or similar materials to determine whether to shortlist or interview candidates: – Contact – Visit – Recruitment Should an application proceed we will provide further privacy information separately. | To pursue our legitimate interests in deciding whether to progress a job application and in communicating with you or a recruiter about the process. We may also process this information to comply with legal or regulatory requirements for example to understand and apply visa or right-to-work requirements. | We collect this data directly from you or from a recruiter. |
| Working with Suppliers We process the following data to identify and work with suppliers and their personnel, to manage those relationships, receive their services and provide services to our clients, to process payments and for accounting and audit purposes: – Contact – CRM – Visit – Financial | To pursue our legitimate interests in identifying and working with appropriate suppliers and delivering services to our clients. Where suppliers are individuals, for the performance of contractual obligations or prior to entering a contract at their request. To comply with our legal obligations (such as accounting and audit obligations). | We collect this data directly from suppliers and their personnel or from their websites and other similar public sources. |
Further information
Data retention
We hold personal data for as long as necessary bearing in mind the purpose for which it was collected.
Our general policy is to retain client records, including documentation produced for the purpose of providing our services, for at least 12 years following the closure of the client matter. However, circumstances may apply which require longer or shorter retention periods (such as in relation to advice relating to copyright or other intellectual property rights – or the duration of such rights – which we may need to retain for the full duration of such rights and a limited period thereafter).
At the end of the retention period, we assess whether it is necessary to continue to retain personal data to achieve the purposes for which it was collected. To determine appropriate retention periods, we consider the amount, nature, and sensitivity of the data, the potential risk of unauthorised access, and legal requirements. For more information write to sar@sheridans.co.uk.
Special category data and information about criminal offences
In some cases, we may process more sensitive special category information (for example which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or which concerns health, sex life or orientation, or criminal offences). We only process this personal data for purposes set out in this policy and where permitted by law.
Storage and transfers
We are based in the UK and Germany and may use subcontractors and service providers based in other countries. Where we transfer your information outside of the UK and/or EEA, we will have agreements in place with the recipient which include standard data protection clauses adopted by a data protection regulator and/or approved by the European Commission or otherwise ensure that appropriate safeguards are in place to protect your personal data. For more information, drop us a line using the contact details at the start of this policy.
Further disclosure & other processing
We may disclose and otherwise process personal data:
- Where required by law, government, competent authorities, or the courts or to establish, exercise or defend legal rights, and for the purposes of preventing crime and fraud (for example, we may share personal data with our professional advisors, authorities, insurers, or credit reference agencies).
- To or with suppliers, business partners and subcontractors (such as our IT software, support, or hosting providers) as necessary for the purposes set out in this policy, and to other professionals who may be involved in a matter.
- If involved in an investment, merger, acquisition, restructuring, or sale, personal data we hold may be shared where supported by legitimate interests unless those interests are outweighed by prejudicial impacts upon you.
Cookies, Analytics and similar technologies
Cookies, pixels and other technologies store and access data on your device to help websites and apps work. This table explains their purpose, how long they last, and who can access their data. We get your consent to use them unless they’re essential for our Website.
Most browsers allow control over cookies: Google Chrome | Microsoft Edge | Mozilla Firefox | Microsoft Internet Explorer | Opera | Apple Safari.
| Cookie/data | Duration | Purpose & Data | Access |
|---|---|---|---|
| Google Analytics | 90 days | To understand how visitors use our Website, by collecting information about how many people visit the Website, the pages they visit, and the websites they have come from. We process this data where we have your consent to do so. After 13 months this data is anonymised and aggregated, and the anonymous aggregate data is retained indefinitely. | We use Google Analytics. and you can access their privacy policy: https://support.google.com/analytics/answer/7318509?hl=en |
| Cookie Control | Until removed | To record whether visitors have consented to the use of cookies. We process this data to comply with our legal obligations. | Not shared with anyone other than us. |