We are committed to maintaining the confidentiality of our clients and others who may provide us with their personal information.
we, us and our (and other similar terms) to refer to Sheridans, Seventy Six Wardour Street, London W1F 0UR.
Engagement Letter refers to a written document which sets out the terms and conditions of the engagement of Sheridans which describes the services to be provided to our client. The Engagement Letter should be read in conjunction with our Terms of Business, which can be provided upon request to clients and prospective clients. All such terms should be relied upon in determining liability for the services provided.
Personal information (also referred to as personal data) is any information relating to an identified or identifiable natural person;
identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors; and
you and your (and other similar terms) refer to our clients, individuals associated with our clients, contacts, suppliers, job applicants, staff and visitors to the Sheridans’ website.
What personal information are we likely to collect about you?
We aim to be transparent about how and why we process personal information, including letting you know what personal information we obtain and hold about you.
Our Website Visitors
We collect minimal personal information by way of our website. If you visit our Contact Us webpage, you can find contact details for our office. You may also submit a message to us via this webpage. If you do so, you will be asked for the following information:
- Email address
- Nature of enquiry
- Your brief message (which may contain personal information, including special categories of personal data, depending on your message content)
Your personal information may also be obtained and processed if you sign up to attend any of our events or ask to receive our news and legal updates.
When you visit our website, we may receive the following data about you from Google, Inc. (based outside the EU) through their Google Analytics platform, which will almost always be anonymised and aggregated before reporting back to us:
- number of visitors to our website
- pages visited while at the website and time spent per page
- page interaction information, such as scrolling, clicks and browsing methods
- websites where visitors have come from and where they go afterwards
- page response times and any download errors
- other technical information relating to end user device, such as IP address or browser plug-in (IP address may also be used to approximate your location, for example we may be able to determine that most visitors to our website come from England).
Cookies and server log data are used to collect this information, and the following cookies are set and accessed by Google, Inc. via our website for this purpose: __utma; __utmb; __utmc; __utmt; __utmz; _ga; _gat; _gid.
To find out more about Google Analytics and to learn how to opt out, please visit:
- How Google uses data when you use our partners’ sites or apps, or
We process this information to understand how visitors use our website and to compile statistical reports regarding that activity. This processing is crucial to the running of our website and business and necessary for us to pursue our legitimate interests in improving our website and providing a better service and source of information to visitors. This information is not used to develop a personal profile of you.
We will only retain your personal information for as long as necessary depending on the purpose for which we have obtained that information. For example we may retain your data until we have fully addressed your enquiry or until you inform us that you no longer wish to receive our news and legal updates, which you may do by opting out of our emails or contacting us at firstname.lastname@example.org.
Our Clients (and those individuals associated with our clients).
You may supply us with personal information about yourself (and others) for us to provide our services.
Personal information that may be requested includes:
- Full name (and title)
- Email and postal addresses
- Telephone number(s)
- Passport or other ID
- Date of Birth
- Bank account details
- Details of relatives, including names and ages of any dependents (where appropriate)
We may also receive other personal information of a similar nature from you or from other public resources, as well as details of others involved with our advice.
We may process the personal information that we obtain from or on behalf of our clients for the following purposes:
- Provision of legal services (such as to provide background and relevant facts in a case)
- Client engagement (such as providing relevant legal updates or invitations to our events)
- Business administration (such as for billing and collection of fees)
- Regulatory compliance (such as evidence of identity and prevention of fraud)
When you ask us to collect and process personal data for the purposes of your matter, you promise that you have obtained all appropriate licences, clearances and consents.
Our general policy is to retain client records, including the documentation produced for the purpose of providing legal advice and services, for 12 years following the closure of the client matter. However, circumstances may arise which require longer or shorter retention periods (eg in relation to advice relating to copyright or other intellectual property rights – or the duration of such rights – which we may need to retain for the full duration of such rights and a limited period thereafter). If you require further information about our information retention, please contact our data protection officer at SAR@sheridans.co.uk.
Our client and business relationships are fundamental to the business. We value those relationships, and we endeavour to keep our contacts abreast of upcoming changes in the law and other legal and commercial news that may impact on their business and/or personal lives.
We may process the personal information that we obtain from or about our business contacts for the following purposes:
- Communications and marketing
- Market and trend analysis
When you provide us with your contact details, our lawyers will usually retain your details in order to contact you about our upcoming events or with legal updates. You will usually remain on our contacts list until you inform us that you no longer wish to receive our communications, which you may do by opting out of our emails or contacting us at email@example.com.
Our staff and job applicants
Personal information about members of our staff will be processed and held in our IT systems, which may include our emailing system. Our employee privacy notice sets out the purposes for which we, as an employer, process personal information of our staff.
Our website provides contact details, email link and a brief biography of our lawyers as well as further contact details via an electronic vCard function. Personal information that may be accessible via vCard includes:
- Full name (and title)
- Job title
- Business landline and mobile phone number(s)
- Email address (professional)
- Company name, website and postal address
- Phone number(s) of secretary/personal assistant
Where applicable, the website may also contain a link to the lawyer’s personal LinkedIn webpage, which is maintained independently of our business. Additionally, our website provides a link to our diversity statistics, which provides anonymised, aggregated demographic statistics about our workplace. We may also keep an anonymous record of ethnicity of employees, consultants and prospective applicants for the purpose of ethnic monitoring and for the purposes of encouraging diversity in the work place.
Personal information in relation to our staff and applicants may be retained on a number of our systems, in order to address various human resource and accounting purposes in addition to contract performance. Personal information about unsuccessful job applicants may be retained for a short period subsequent to any interview or assessment. Information pertaining to past employees shall be retained beyond their period of employment in accordance with employment law criteria, including occupational health requirements. For more specific information about retention periods, you may contact our data protection officer at SAR@sheridans.co.uk.
Our third party suppliers and contractors
Sheridans undertakes most of its business functions in-house, including the administration of our payroll and billing and most information technology support. We do engage a third party UK-based banking services and IT support services for our back-up provision and to provide cover during periods of annual leave.
Where we do engage third party suppliers, we may collect and use basic contact details of their representatives in order to enable the performance of the related services, manage the supplier relationship and ultimately to allow us to provide our services to our clients.
Retention of any personal information in relation to suppliers will likely be for a maximum period of 12 years to ensure compliance with any regulatory or legal requirements.
Unsubscribing from our communications
If you’d like to unsubscribe from our communications about our services and legal updates, or if you prefer to only receive certain kinds of information from us or only receive information via a particular type of communication (eg email), please use the unsubscribe function on our communications.
When will we share your personal information?
On occasion, we may need to share your personal information with third parties. We will only do so when we are legally permitted to share that information.
We will not disclose your personal information to third parties other than with your consent or where we are permitted by law or where it is in our legitimate interests to administer our database or improve our business or services.
If you are a client, when you instruct Sheridans to provide legal services, we will consider this to also be an instruction to process the personal information that you disclose to us or that we obtain on your behalf in order to provide those legal services, unless you instruct us otherwise. Third party disclosure may include disclosure required by law or regulation, such as the identification checks that we are required to do as a law firm regulated by the Solicitors Regulatory Authority. We will always seek to minimise such disclosure.
Should we collect personal information about others on your behalf, and we consider some personal information should not be processed by us, we will return or delete it as appropriate (wherever practicable).
You have the following rights over the way we process personal information relating to you. We aim to comply without undue delay, and within one month at the latest:
- to ask for a copy of data we are processing about you.
- to have inaccuracies corrected.
- to ask us to restrict, stop processing, or to delete your personal data.
- to request a machine readable copy of your personal data, which you can use with another service provider. Where it is technically feasible, you can ask us to send this information directly to another provider if you prefer.
If you are an individual and wish to make a subject access request at any time, please email us at SAR@sheridans.co.uk, and your request will be dealt with as efficiently as possible. For any other request in relation to these rights, please email us at SAR@sheridans.co.uk.
If you are unhappy with the way that we are processing your personal information, please let us know. The best way to bring this to our attention is by emailing us at SAR@sheridans.co.uk. Alternatively, you may make a complaint to the relevant data protection supervisory authority, which in the UK is the Information Commissioner’s Officer. You may contact them at: https://ico.org.uk/concerns/
Personal information relating to Children
On occasion, we may process personal information pertaining to children, such as in relation to a client matter. When we are required to process children’s information, we will only undertake that processing where we have a legal basis to do so. In most circumstances, this will involve seeking the consent of a parent or legal guardian.
Use of our website is intended for persons above the age of 16, and we do not knowingly solicit information or send communications to children unless instructed to do so as per the above example.
If a parent or guardian becomes aware that his or her child has provided us with information or may be receiving communications from us without consent of a parent or guardian, we ask that this be brought to our immediate attention. We will make it our priority to address this situation, working with you to resolve this and to delete information relating to the child as soon as practicable. In such an event, please contact us at SAR@sheridans.co.uk.
We take commercially reasonable, appropriate technical and organisational measures to ensure a level of security appropriate to the risk that could be encountered via the use of our website and services, taking into account the likelihood and severity those risks might pose to the rights and freedoms of our clients and their contacts, our employees, visitors to our website and in relation to any data subject for whom we process personal information.
In particular, we will take precautions to protect against the accidental or unlawful destruction, loss or alteration, and unauthorised disclosure of or access to the personal information transmitted, stored or otherwise processed by us.
Please note: whilst we design and maintain the security of our IT network, our website and your personal information to keep all information secure and prevent unauthorised access, no security system is 100% secure. Always consider therefore which is the most appropriate means of communication and media when transferring sensitive or confidential data or personal information and advise us of any particular sensitivities around any information you may provide and with whom it may be shared (and to which correspondence addresses which may write to you at).
You should always employ up to date, industry recognised, virus prevention software and cyber security measures to keep your system(s) secure. Please let us know if you would like further advice in this regard. We may regard any email address you provide to us as secure and you acknowledge the risks associated with the use of that email address.
In accordance with data protection laws and good commercial practice, we do not retain data in a form that permits identification of the person(s) to whom it relates for any longer than is necessary. Once the purpose for which information has been collected has been fulfilled or extinguished, we will either permanently delete your personal information or remove all identifiers within it so that it is no longer personal data unless otherwise required to retain that information as instructed by a legal authority or to comply with applicable law. We may use anonymised data for research and/or business analysis purposes.
For more detailed retention information, please see the above section “What personal information are we likely to collect about you?” If you would like us to stop using your personal information, please email us at SAR@sheridans.co.uk.
Transfers of personal data outside the EEA
Our servers are located in the European Union and the information that we collect directly from you will be stored in these servers.
Sheridans does not routinely transfer data outside the UK, but there are circumstances that may arise from time to time where international data transfer may be required. For example, when we are instruction in relation to international litigation matters (where a party or parties involved may reside outside the EEA), or when providing data room access to individuals located outside the EEA in relation to a client matter.
Prior to any transfer of personal data to an individual or organisation outside the EEA, agreements will be put in place to ensure that any international transfers of personal data are done according to appropriate safeguards, including any onward transfers, that meet the requirements of EU data protection laws.
In addition to those data transfer agreements, we also put in place strict confidentiality agreements before sharing any of your information.
If you would like to find out more about these safeguards or if you have any other queries or comments in relation to this policy, please let us know by emailing us at SAR@sheridans.co.uk.
Changes to this Policy