Personal data is information relating to an identifiable living individual. The use of personal data is governed by the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Transparency is a key element of data protection laws and this Privacy Notice is designed to inform you:
• How and why SHU Law uses your personal data,
• What your data protection rights are, and,
• How to contact us so that you can exercise those rights.
SHU Law Limited (herein referred to as SHU Law) is a wholly owned subsidiary of Sheffield Hallam University. It operates as a regulated law firm designed to provide undergraduate and post graduate students with the opportunity to have hands on experience of working on live client files. SHU Law’s services are offered on a not for profit basis and as such SHU Law provides a number of legal services to members of the public. In doing so it complies with the regulations as set down by the Solicitors Regulation Authority.
We will process your personal data in order to take steps at your request prior to entering into a contract to represent you or act on your behalf. This may include:
• Reviewing your enquiry and determining if SHU Law can act for you
• Performing identity, financial and credit searches, screening and checks against third party sources for anti-money laundering, identity verification, client conflicts and anti-trust purposes
Where we take on a case and act for you it is necessary for SHU Law to process your personal data in order to fulfil all aspects of our contract with you (i.e. to provide legal services to you). This may include:
• Setting up a case file on our case management system
• Liaising with you for instructions
• Advising on the merits and progress of a case
• Providing you/your organisation with legal advice, training and other services and/or products you may have requested from us
• Producing reports and narratives to cover how we have spent our time in relation to your matter(s)
• Hosting you at our offices and providing hospitality services* (may include access and dietary requirements)
• Instructing barristers and/or experts relevant to the case
• Reviewing evidence/data relating to a case, including medical data
• Obtaining evidence relevant to the case
• Obtaining witness and expert witness statements
• Conducting litigation
• Facilitating dispute resolution
It is necessary for SHU Law to process your personal data in order to comply with legal obligations:
• Complying with the terms of our registration with the Solicitors Registration Authority
• Complying with instructions, orders and requests from law enforcement agencies, any court or otherwise as required by law
• Complying with our general regulatory and statutory obligations (including our responsibilities under codes of conduct and anti-bribery laws)
• Monitoring our systems and processes to identify, record, and prevent fraudulent, criminal and/or otherwise illegal activity.
• For access and dietary requirements, if you visit our offices or attend our events, and to make reasonable adjustments if you declare a disability
• To ensure the health, safety and security of our clients, students, staff and others
• To monitor and promote equality and diversity
It is necessary for SHU Law to process your personal data in order to meet our public tasks as a wholly owned subsidiary company of Sheffield Hallam University formed to support the teaching and learning of the University’s students:
It is necessary for SHU Law to process your personal data in order to meet our public tasks as a wholly owned subsidiary company of Sheffield Hallam University formed to support the teaching and learning of the University’s students:
It is necessary for SHU Law to process your personal data in order to protect your vital interests or those of another individual:
There are also a number of legitimate business purposes for which SHU Law processes your data:
• Managing, planning and delivering our global business and marketing strategies (including recording and reporting on our business development activities)
• To claim fees from the Court or other parties where applicable
• To produce anonymised statistical reports
• To monitor Key Performance Indicators
• Analysing how our electronic marketing communications are used by you
• Obtaining client feedback in order to resolve any problems and to review and improve our services
• Continuously reviewing and improving our products and services
• Maintaining the security and integrity of our systems
With your consent we will also:
• Send you electronic direct marketing communications
• Take photographs of participants at our events for use on our website and hardcopy publicity materials
• Collect and share data for academic research and evaluation projects.
Which Personal Data do we Collect and Use?
In order to provide our services we need to collect and use your personal data. Below is a list of what this may include:
Contact Information | ||
Name | Address | Email address |
Telephone numbers | ||
Personal Details | ||
Date of birth | Gender | Ethnicity*^ |
Marital or civil partnership details | Criminal convictions* | Sexual Orientation*^ |
Disabilities*^ | Qualifications | Religious beliefs*^ |
Details of dependants, beneficiaries and/or next of kin | ||
Identity Check/Regulatory Information | ||
Driving licence number | Passport number | Bank statement or utility bill |
Financial Information | ||
Billing and payment information | Banking details | Company information |
Information relating to your case or matter | ||
Employment details | Details of your company/organisation | Health data/ Medical records* |
Your instructions and statements | Witness statements | Expert opinions and statements |
Any other personal data provided to us by or on behalf of our clients or generated by us in the course of providing legal services to you. This may include special categories of personal data/sensitive personal data. | ||
Marketing Preferences and Technical Information | ||
IP address | Details of visits to our website and online services | Online registration details |
Direct marketing consent | Marketing opt-out details | Communication preferences |
Analysis of how our electronic marketing communications are used (e.g. whether you open them and click through to access their contents) | ||
Information relating to our events | ||
Dietary requirements^ | Photographs^ | CCTV images |
Attendance/registration |
* Denotes information which may contain data classified as sensitive personal data/special categories of personal data under the GDPR and as such is subject to a greater level of control and protection.
^ Denotes information which you provide on a voluntary basis or where you are given the option of “prefer not to say” or “information refused”.
Please note:
Directly from you:
From third parties:
Information may be received from witnesses, expert witnesses and other third parties. These sources will depend on the particulars of your case.
Via web based services and other public sources:
We may collect data from publicly available sources, e.g. (electoral register, Motor Insurer’s Database, Companies House)
Who do we share your data with?
You should be aware that in order to provide our services we may need to share your personal or sensitive personal data within the company or outside SHU Law. The privacy of your personal data is paramount and will not be disclosed unless there is a justified purpose for doing so. SHU Law and Sheffield Hallam University The University NEVER sell personal data to third parties.
Please note that in sharing your data the following provisions are in place to ensure that the principles of confidentiality and the rules set out by the Solicitors Regulatory Authority (SRA)are adhered to:
Your data may be shared with:
SHU Law may also share your data with other organisations which are Data Controllers and will have their own privacy notices. These organisations are also under a duty to comply with data protection legislation:
It is necessary for SHU Law to process your personal data in order to fulfil all aspects of our contract with you:
It is necessary for SHU Law to process your personal data in order to meet our public tasks (learning and teaching, research, knowledge transfer):
It is necessary for SHU Law to process your personal data in order to comply with legal obligations:
It is necessary for SHU Law to process your personal data in order to protect your vital interests or those of another individual:
There are also a number of legitimate business purposes for which SHU Law processes your data
With your consent we may also
Which Personal Data do we Collect and Use?
In order to provide our services we need to collect and use your personal data. Below is a list of what this may include:
Contact Information | ||
Name | Address | Email address |
Telephone numbers | ||
Personal Details | ||
Date of birth | Gender | Ethnicity*^ |
Marital or civil partnership details | Criminal convictions* | Sexual Orientation*^ |
Disabilities*^ | Qualifications | Religious beliefs*^ |
Details of dependants, beneficiaries and/or next of kin | ||
Identity Check/Regulatory Information | ||
Driving licence number | Passport number | Bank statement or utility bill |
Financial Information | ||
Billing and payment information | Banking details | Company information |
Information relating to your case or matter | ||
Employment details | Details of your company/organisation | Health data/ Medical records* |
Your instructions and statements | Witness statements | Expert opinions and statements |
Any other personal data provided to us in the course of providing legal services to our clients. This may include special categories of personal data/sensitive personal data. | ||
Marketing Preferences and Technical Information | ||
IP address | Details of visits to our website and online services | Online registration details |
Direct marketing consent | Marketing opt-out details | Communication preferences |
Analysis of how our electronic marketing communications are used (e.g. whether you open them and click through to access their contents) | ||
Information relating to our events | ||
Dietary requirements^ | Photographs^ | CCTV images |
Attendance/registration |
We will also gather survey and questionnaire responses; feedback and comments about services and information on complaints.
* Denotes information which may contain data classified as sensitive personal data/special categories of personal data under the GDPR and as such is subject to a greater level of control and protection.
^ Denotes information which you provide on a voluntary basis or where you are given the option of “prefer not to say” or “information refused”.
Please note:
Directly from you
From third parties:
Via web based services and other public sources:
Who do we share your data with?
You should be aware that in order to provide our services we may need to share your personal or sensitive personal data within the company or outside SHU Law. The privacy of your personal data is paramount and will not be disclosed unless there is a justified purpose for doing so. SHU Law and Sheffield Hallam University NEVER sell personal data to third parties.
Please note that in sharing your data the following provisions are in place to ensure that the principles of confidentiality and the rules set out by the Solicitors Regulatory Authority (SRA) are adhered to:
Your data may be shared with:
SHU Law may also share your data with other organisations which are Data Controllers and will have their own privacy notices. These organisations are also under a duty to comply with data protection legislation:
It is necessary for SHU Law to process your personal data in order to fulfil all aspects of our contract with you:
It is necessary for SHU Law to process your personal data in order to meet our public tasks:
It is necessary for SHU Law to process your personal data in order to comply with legal obligations:
It is necessary for SHU Law to process your personal data in order to protect your vital interests or those of another individual:
There are also a number of legitimate business purposes for which SHU Law processes your data:
With your consent we may also:
Further to the above please see the Student Privacy Notice that applies to all Sheffield Hallam University students: https://www.shu.ac.uk/about-this-website/privacy-policy/privacy-notices/privacy-notice-for-students
In order to provide our services we need to collect and use your personal data. Below is a list of what this may include:
Contact Information | ||
Name | Address | Email address |
Telephone numbers | ||
Personal Details | ||
Date of birth | Gender | Ethnicity*^ |
Marital or civil partnership details | Criminal convictions*^ | Sexual Orientation*^ |
Disabilities*^ | Qualifications | Religious beliefs*^ |
Academic | ||
Module choices and allocation | Assessment records | Feedback and comments |
Information relating to our events | ||
Dietary requirements^ | Photographs^ | CCTV images |
Attendance/registration |
* Denotes information which may contain data classified as sensitive personal data/special categories of personal data under the GDPR and as such is subject to a greater level of control and protection.
^ Denotes information which you provide on a voluntary basis or where you are given the option of “prefer not to say” or “information refused”.
Data will be transferred from your Sheffield Hallam University student record to SHU Law or will be collected directly from you.
Feedback and comments may also be provided by SHU Law staff, clients, witnesses, and third party service providers.
You should be aware that in order to provide our services we may need to share your personal or sensitive personal data within the company or outside SHU Law. The privacy of your personal data is paramount and will not be disclosed unless there is a justified purpose for doing so. SHU Law and Sheffield Hallam University NEVER sell personal data to third parties.
Please note that in sharing your data the following provisions are in place to ensure that the principles of confidentiality and the rules set out by the Solicitors Regulatory Authority (SRA) are adhered to:
Your data may be shared with:
SHU Law may also share your data with other organisations which are Data Controllers and will have their own privacy notices. These organisations are also under a duty to comply with data protection legislation:
Please also see the Sheffield Hallam University Privacy Notice for Students:
https://www.shu.ac.uk/about-this-website/privacy-policy/privacy-notices/privacy-notice-for-students
IT Services are provided to SHU Law by Sheffield Hallam University. The University and SHU Law take a robust approach to protecting the information that they hold. This includes the installation and use of technical measures including firewalls and intrusion detection and prevention tools on the University network and segregation of different types of device; the use of tools on University computers to detect and remove malicious software and regular assessment of the technical security of University systems. University staff monitor systems and respond to suspicious activity.
Alongside these technical measures SHU Law and Sheffield Hallam University have comprehensive and effective policies and processes in place to ensure that users and administrators of University information are aware of their obligations and responsibilities for the data they have access to. By default, people are only granted access to the information they require to perform their duties. Training is provided to new staff joining SHU Law and the University and existing staff have training and expert advice available if needed.
We will only retain your personal data for a limited period of time, and for no longer than is necessary for the purposes for which we are processing it for. This will depend on a number of factors, including:
One of the aims of the General Data Protection Regulation (GDPR) is to empower individuals and give them control over their personal data.
The GDPR gives you the following rights:
For more information about these rights please see https://www.shu.ac.uk/about-this-website/privacy-policy/data-subject-rights
Please contact our Data Protection Officer (DPO) if you:
The Data Protection Officer for SHU Law is the same DPO for the Sheffield Hallam University:
More information about data protection at Sheffield Hallam University can be found on the University Website: https://www.shu.ac.uk/about-this-website/privacy-policy
The Information Commissioner is the regulator for GDPR. The Information Commissioner’s Office (ICO) has a website with information and guidance for members of the public:
https://ico.org.uk/for-the-public/
The Information Commissioner’s Office operates a telephone helpline, live chat facility and email enquiry service. You can also report concerns online. For more information please see the Contact Us page of their website: