This policy applies to information we collect about you:
- visitors to our website
- applicants to profession such as to become a trainee, a solicitor or be approved in a role
- regulated persons such as solicitors and people who work in law firms
- people making complaints about regulated persons
- people making complaints about us
- people who make enquiries or as for general help
- others connected to our work
- job applicants
As a professional regulator, most of the personal data we process is data relating to our regulatory functions, powers and duties.
We generally process data on the basis it is necessary for the performance of a task carried out in the public interest and/or in the exercise of our statutory functions. When we process special category data we do so either in the substantial public interest to achieve regulatory objectives or to comply with our equality duties or we do so because we are exercising our protective functions designed to protect the public from misconduct, unfitness or incompetence.
Data may also be processed because it is necessary for the pursuit of our legitimate interests and/or the legitimate interests of others such as the Law Society (which are explained more particularly below).
There may be occasions where we process data to comply with legal obligations, particularly in the context of legal proceedings and/or compliance with requests by law enforcement agencies, for example; although, even in these cases, our regulatory functions will also generally be engaged. We will also make pro-active disclosures to police and other authorities as part of our public interest role.
We will not generally rely on consent as a basis for processing personal data. In the limited circumstances where we may rely upon consent, we will specifically obtain this in the course of collecting the data.
We may also use data to improve our level of service. Where we do this, we do it to help inform us how to improve the way we work since both we and those we deal with have an interest in us doing so.
Applicants to profession
Applications such as to become a trainee, a solicitor or be approved in a role
When we receive applications containing personal information we create or update the information we hold about that person on our systems and files. We use the personal information to process the application and to make a decision about the application itself. It is also retained to capture a full regulatory history of an individual.
Failure to provide requested information may result in an application being refused.
Where required as part of the suitability assessment, applicants will be directed to provide information to Atlantic Data who will perform credit checks and criminal record checks on our behalf. We also use external assessors to process resource intensive applications for exemptions from certain training and qualification requirements).
Data received may also be used to check our level of service. Where we do this we do it to help inform us how to improve the way we work since both we and those we deal with have an interest in us doing so.
We may also prepare and publish or share statistics or research obtained from data we collect such as the number and types of applications we receive but not in a form that identifies anyone. As explained above, this may include certain special category data.
Regulated persons
MySRA lets you manage your information online. We use it to allow regulated persons to keep us up to date and to make applications.
mySRA sets several cookies over and above the cookies explained in our section about visitors to our website.
We use personal information provided by registered users of mySRA to carry out checks such as fraud and credit checks by independent Credit Reference and other agencies.
Personal information we collect on an annual basis from individuals or firms may be used to inform our regulatory work. This may include investigations, enforcement and applications made to us. It may also inform our ‘thematic work’, for example, the data used collectively identifies trends about risks that either exist or are emerging in the legal market and which lead us to engage with those we regulate on one to one basis.
From time to time, we may contact regulated professionals in relation to research projects we are undertaking (or you may be contacted by a research organisation acting on our behalf). We undertake research to gain more insight into the profession and emerging issues to inform policy development, achieve regulatory objectives, comply with equality duties and decision making (which, again, accords with our regulatory powers and duties). We also prepare and publish or share statistics obtained from data we collect from those we regulate but not in a form that identifies anyone.
When we take enforcement action we will generally publish our decision in line with our guidance on publication. If a person has appeared before the Solicitors Disciplinary Tribunal (SDT) the Findings of the Tribunal are usually published on the SDT website. In the course of investigations, we may need to disclose information to third parties such as employers or complainants in order to establish the facts of a case, explain our decisions and ensure transparency in our processes. Where there is an overriding public interest in doing so, we may make further details available, including public statements where there is a need to safeguard public confidence.
We make some information publicly available such as the practicing details of solicitors. Some personal information is contained in our Alternative Business Structure register and may be held within our Law Firm Search and Firm Data Web Service pages of our website.
If a regulated person contacts us for guidance or advice we use the information we collect to handle the request for help. We may also use the information to check our level of service.
Solicitors and businesses manage the provision of information to us through on-line accounts, activated by email and we use email to reset lost or forgotten passwords.
Email addresses of regulated persons are used:
- to remind those we regulate about notifications and reminders for key changes to the MySRA account, or relating to regulatory requirements such as practising certificate renewal
- to inform regulated individuals and organisations of regulatory news, time sensitive regulatory requirements, events, and other important information to ensure that members of the profession are informed of any changes which will affect them
- to send non-essential communications (such as events which may be relevant to your role) include an option to unsubscribe, although continued receipt is encouraged so as to assist our efforts in ensuring the regulated population are well-informed on matters affecting the profession.
People making complaints about regulated persons
When we receive complaints about those we regulate we create a complaint file. Usually the file will contain the identity of the complainant and other people involved in the complaint.
We usually have to disclose a complainant's identify to the person complained about or to the firm in which that person is involved. If a person making a complaint does not want to be identified we will try to respect that. However, if we are unable to progress a complaint where we think there is an overriding need to protect the public we may decide to disclose a person's identity.
Information obtained via this process may be used to inform our regulatory work which may include using information in investigations, enforcement and applications made to us. Your details may be shared with relevant third parties where this required to establish the facts of the case explain our decisions and ensure transparency in our processes. It may also inform our thematic work, for example, the data used collectively identifies trends about risks that either exist or are emerging in the legal market and which lead us to engage with those we regulate on one to one basis.
Where we take action as a result of a complaint, where possible, we try to keep those making the complaint informed of progress.
We may also prepare and publish or share statistics and research obtained from data we collect such as the number and types of complaints we receive but not in a form that identifies anyone.
We will also generally obtain diversity data and some special category data in the course of compiling complaint files. In some cases the data may be relevant to the complaint itself such as data concerning health that may be relevant to reasonable adjustments. We may also use the data to monitor outcomes to help us achieve regulatory objectives, as well as our equality duties.
We give information about the use of our website and cookies in our section about 'Visitors to our website'. A small number of our online forms and surveys are served securely by a cloud-based platform using the web address 'form.sra.org.uk'.
Data received may also be used to check our level of service. Where we do this we do it to help inform us how to improve the way we work since both we and those we deal with have an interest in us doing so.
Complaints about us
When we receive complaints about us we create a complaint file. Usually the file will contain the identity of the person complaining and other people involved in the complaint.
We use personal information to deal with the complaint. We may also use the information to check and improve our level of service. Where we do this we do it to help inform us how to improve the way we work since both we and those we deal with have an interest in us doing so.
We may also prepare and publish or share statistics and research obtained from data we collect such as the number and types of complaints we receive about our service but not in a form that identifies anyone.
We may also share personal information with selected third parties which provide relevant services to us, such as outsourced IT services or legal support but only where this helps us to fulfill effectively our statutory and regulatory functions.
On the request of the person making the complaint, data may be shared with an independent reviewer who is asked to review the way we have handled matters.
When aiming to achieve the regulatory objectives, in particular to protect and promote the public interest, it is necessary and in the substantial public interest that we ensure we handle complaints fairly and effectively. We therefore commission an annual review to help improve how we handle complaints. To do this it is necessary to share personal data with the Ombudsman Services (an independent reviewer of the regulated sector in the UK.
People who make enquiries or ask for general help
When enquiries are sent to us we usually only use the information to handle the request or to deal with any later issues.
We keep a record of our telephone calls. We record our telephone calls. Recordings are kept for two months although in some cases we keep recordings for longer to help with training our staff or where we receive a complaint about our service.
We may also use information to help inform the way we regulate and to check and improve our level of service. Where we do this we do it to help inform us how to improve the way we work since both we and those we deal with have an interest in us doing so.
Others connected to our work
The nature of our work means that we handle personal information about third parties who are, in some way, connected to the work we do. This category is broad and examples include witnesses to an investigation, clients of those we regulate, applicants to our Compensation Fund.
Some data is collected when people sign up to newsletters, act as an organisation's contact, respond to our consultations or register with us for events or webinars. We use personal data collected in this way to deliver the service we provide or to improve the service we offer. Respondents to consultations will generally be identified in the consultation responses documents, although the respondents can ask to have their details kept confidential.
Information about online forms, the use of our website and the use of cookies is explained in our section about 'Visitors to our website'. A small number of our online forms and surveys are served securely by a cloud-based platform using the web address 'form.sra.org.uk'.
Jobs and employees
When people apply to work with us, we use the information sent to us to process applications and to monitor our recruitment.
To ensure we are an equal opportunities employer we collect information about age, disability, ethnicity, sex, gender reassignment, sexual orientation and religion or belief. This information is not used in relation to the application itself and is treated with strict confidence. We will only use the information to help us monitor and deliver equal opportunity measures. With the exception of the disclosure of a disability which may be used to meet our legal obligations and our commitment to the disability confident scheme.
Successful applicants who secure fixed term or permanent contracts are asked to agree to – where applicable - an appropriate criminal records check. This will be in addition to reference checks and proof of eligibility to work in the UK.
Once a person is employed by us, we compile a file relating to their employment. We keep this information secure and only use it for purposes directly related to their employment. When a person's employment ends with us we destroy the file in line with our retention and disposal policies.
For unsuccessful applicants we keep the information secure and destroy the file in line with our retention and disposal policies.