1. What is this policy?
The Law Society takes privacy seriously and we are committed to protecting it.
This policy explains when and why we collect personal information about you, how this information is used, the conditions under which it may be disclosed to others and how it is kept secure.
This policy may change from time to time so please check this page occasionally to ensure that you’re happy with any changes.
This policy was last updated on 24/02/2020. Please see section 14 on changes to this policy below.
Our Head of Risk and Assurance is responsible for our data protection function. You can find contact details for our Risk and Assurance team at the end of this policy.
When you use our website, our products or services, interact with us online, or by phone, email or otherwise, the categories of information that we collect about you are as follows:
Personal information you give to us:
This is information about you that you give to us by entering information via:
- our website (i.e. www.lawsociety.org.uk, or any of our related websites e.g. Law Gazette; Law Gazette Jobs; Law Society Bookshop; the Professional Development Centre site; Law Society Insights; or Law Society Logos)
- our mobile applications, e.g. the Law Gazette app
- our social media accounts, e.g. via Facebook, LinkedIn or Twitter
- corresponding with us by phone, email or otherwise,
and is provided entirely voluntarily.
This includes information provided at the time of registering to use our website; subscribing to the services we provide through our site; posting material; participating in Law Society initiatives; purchasing or requesting products or services; creating, using and managing an online account with us (including updating your Interests and your Find A Solicitor profile in My Law Society or registering and using an account with any of our related websites) and engaging in correspondence with us by phone, email or otherwise. We may also ask you for information when you report a problem with our site. If you complete any surveys that we ask you to complete for research purposes, we will collect information in such circumstances as well.
The basic personal information we may ask for, or you may choose to give us, includes your name, user type (e.g. solicitor, trainee solicitor, law student, member of the public), your address, email address and phone number. We may retain details of any enquiry you make to us and records of any correspondence with us. We may also ask for, or you may choose to give us, other information for specific purposes, e.g. additional information to personalise your Find A Solicitor or My Law Society account; information on any particular professional interests you may have; sensitive personal information (now called ‘special category data’) in order to join one of our demographic divisions; and information including your opinions and experiences of practice, which we use to inform our work, e.g via the Law Society Insights community.
We will seek to minimise the information we ask for to that which is needed to perform the relevant function or service at the time.
Personal information we collect about you:
We automatically collect the following information when you interact with us: e.g. details of transactions you carry out through the site, and your visits to our site, including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources you access.
Personal information we may receive from other sources:
The Solicitors Regulation Authority
We obtain certain personal information about our members and other regulated individuals from the Solicitors Regulation Authority (SRA). The SRA is part of the Law Society but operates separately from it, as required by the Legal Services Act 2007.
This information is collected by the SRA in the exercise of its regulatory functions and is shared with us to allow us to fulfil our statutory role under the Legal Services Act 2007, as well as for professional body membership purposes in the pursuit of our legitimate interests, including:
- to validate and maintain our membership register and ensure eligibility for, for example, the right to stand and vote in Council election
- to provide membership services to solicitors
- to provide and maintain the 'Find a Solicitor' service
- to conduct research and compile management information.
A list of the data fields the SRA shares with us for these purposes is as follows: (title, name, SRA ID number, phone number, email address, work address, home address (as given upon initial registration), person type (e.g. admitted solicitor, registered European lawyer, registered foreign lawyer, retired solicitor), date of admission, whether the individual is on the roll of solicitors, whether they hold a practising certificate (or an exemption), regulated roles and posts, areas of law (practice and interest), higher rights of audience membership. They may also share with us information on gender and date of birth, although we limit access to this data to certain users only.
Other sources, for example your employer
At times we may receive information on individuals from other sources, e.g. from a representative of their employing firm or other authorised contact.
If you are submitting this information as such a representative or contact, you confirm that it is true and correct and that you will not provide us with any information which constitutes personal data unless you have ensured that you have obtained all necessary consents or other legal justification and/or provided any required notices to the data subject, or that you are otherwise permitted to provide such information to us, so that we can use it for the purposes and on the bases set out in this notice.
The purposes for which we use your information and the legal basis under data protection laws on which we rely to do this are explained below.
Where there is a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, or those of a third party, for the following purposes:
Our professional body functions
- to inform the work of the Law Society as a professional membership body and to provide services to our members and guests;
- to ensure proper governance of the Law Society, to validate and maintain our membership register and to ensure eligibility for, for example, the right to stand and vote in Council elections;
- to verify the accuracy of data that we hold about you;
- to create a better understanding of you as a member of the Law Society, a member of the public or as a customer of our products and services so we can customise the services we provide;
- to correspond or communicate with you as a member of the Law Society, to let you know about our activities and to enhance and personalise your membership (including to send you newsletters or other practice support content based on the interests you indicate to us, your stated practice areas and/or location, and to improve the services we offer you on our website, including your My Law Society homepage);
- to correspond or communicate with you if you are a member of the public about our activities;
- to raise public awareness of services offered by our members and to make that information easily accessible for the public (e.g. via the Find a Solicitor service);
- to conduct research and to compile management information;
- for the management of queries, complaints, or claims;
To carry out marketing
- for marketing and advertising activities (other than where we rely on your consent to contact you by email or text with information about our products and services or share your details with third parties to do the same, as explained below);
- for analysis to inform our marketing strategy, and to enhance and personalise your customer experience when you buy products and services from us (including to improve the recommendations we make to you on our website);
To fulfil online delivery and security
- to ensure that our online content is presented in the most effective manner for you and your computer;
- to allow you to participate in interactive features of our services, when you choose to do so;
- for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- for prevention of fraud and other criminal activities;
- to assess and improve our service through recordings of any calls with our contact centres;
- operating and managing contracts with our suppliers and service recipients; and
- for the establishment and defence of our legal rights.
- to assess and process applications from job applicants and to monitor our recruitment
Where we are exercising a STATUTORY FUNCTION
We may collect and use your personal information where this is necessary in order for us to deliver our statutory functions under the Legal Services Act 2007.
These functions include delivering accreditation, education and training services to regulated individuals and those wishing to become regulated individuals, including providing practical support and advice about practice management; participating in law reform and the legislative process; the provision of pro bono legal services; promoting the protection by law of human rights and fundamental freedoms and promoting relations between the Society and relevant national or international bodies, governments or the legal professions of other jurisdictions.
Where there is a LEGAL REQUIREMENT
We will use your personal information to comply with our legal obligations: (i) to assist any public authority or criminal investigation body as required; (ii) to identify you when you contact us; (iii) to verify the accuracy of data we hold about you; and/or (iv) to help us comply with equalities legislation in our recruitment practices; and/or (v) to comply with a request from you in connection with the exercise of your rights.
Where it is required to complete or perform a CONTRACT with you
We may use and process your personal information where we have supplied you (or continue to supply you) with any products or services, including our accreditations and Section memberships; where you (contracting as an individual) are supplying us with products and services; in connection with your employment, if you accept a role with us; where we have arranged for the supply of another company’s products or services to you; or where you are in discussions with us about any new product or service. We will use this information in connection with the contract for the supply of products or services when it is needed to carry out that contract with you or for you to enter into it.
Please see section 3 on types of personal information we process about you above for details of the types of personal information we process for these purposes.
Where you have provided CONSENT
We may use and process your personal information where you have consented for us to do so for the following purposes:
- to use your special category data (formerly known as sensitive personal data) for any purpose we state expressly, e.g. to facilitate your membership of one of our diversity and inclusion divisions (the Ethnic Minority Lawyers’ Division, the Lawyers with Disabilities Division and the LGBT Division) and to allow us to contact you about those Divisions’ activities; to collect information about eligible voters for our demographic Council seats; to collect data to help us monitor and deliver equal opportunity measures in our employment and recruitment practices or to process an application for an accreditation where we need to consider special category data to progress that application. We will always request your explicit consent before using any special category personal information about you;
- if you: (i) register for an account with us online (including a My Law Society account or one of our related sites); (ii) sign up to one of our newsletters via our website or other medium where available; or (iii) refresh your marketing preferences when responding to a request from us to do so;
- for marketing activities, in order to contact you by email or text with marketing information about our products and services, including member benefits provided by others (except where we may rely on Legitimate Interests as described above); or to share your details with our recommended third party partners for them to do the same. Please see the Marketing section (section 11) below in this policy.
You may withdraw your consent for us to use your information in any of these ways at any time. Please see section 13 on withdrawing your consent for further details.
Our suppliers and service providers
We may disclose your information to our third party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf.
Such third parties may include cloud service providers; hosting, email and content providers; marketing agencies and administrative services providers; assessors for our accreditations; payment processing companies (who will process your debit/credit card securely if you purchase goods or services from us) and research companies (who may contact you to gather information relating to your experience of us and our products and services or on topical, policy and strategic issues facing the profession).
When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
Third parties who provide products and services to members
We work closely with various third parties to bring you a range of products and services that are complementary to those that we provide. In particular, we may offer membership discounts and benefits offered by others in addition to our own products and services.
When you enquire about or purchase one or more of these products or services through us, we may pass your contact details to the relevant third party, who will use your details to provide you with information and carry out their obligations arising from any contracts you have entered into with them.
If you sign up to attend one of our events, we may share your name and employer or organisation with fellow attendees and sponsors of that event for their information only, but will not share your contact details for marketing purposes without your consent.
Other third parties
We may share limited personal information with third parties if we determine, following an assessment, that the sharing is necessary in order to meet their legitimate interests, promotes the interests of our members and does not breach data protection laws. Examples may include sharing of personal information in order to facilitate appointments which rely on our accreditations, e.g. we may share the contact details of accredited individuals with HMCTS in order to assist with allocating work to accredited legal representatives in the Court of Protection. We may also share your contact details with third parties for marketing purposes if you have given consent for this via your My Law Society account or another method; and we may share your details with third parties if this is necessary to fulfil a contract with you (e.g. to give effect to referrals to third parties under the Lawyers for Your Business Service).
Other ways we may share your personal information
We may transfer your personal information to a third party if we're under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or our legal rights or to protect the rights, property or safety of our visitors and customers. We will always take steps with the aim of ensuring that your privacy rights continue to be protected.
On occasion, the information you provide to us may be transferred to countries outside the European Economic Area (EEA). By way of example, this may happen where any of our servers or those of our third party service providers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the UK. Where possible, we will seek to work with service providers whose servers are located within the EEA.
If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place.
We keep personal information for as long as necessary to ensure we can deliver our services and in line with our published retention and disposal policy (PDF, 205 KB). This policy reflects legal requirements, our regulatory and compliance functions and other applicable considerations to determine the appropriate retention period.
We do not retain personal information in an identifiable format for longer than is necessary.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our website and any transmission is at your own risk. Once we have received your personal information, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.
Where we collect any sensitive personal information about your ethnic background, sexual orientation, political opinions, religion, trade union membership or criminal record, we will apply additional security controls to protect that data.
Where we have given (or where you have chosen) a password which enables you to access an account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Our website may contain links to other websites run by other organisations. This policy does not apply to those other websites so we encourage you to read their privacy statements. We cannot be responsible for the privacy policies and practices of other websites even if you access them using links that we provide. In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
We may collect and process your preferences to receive marketing information directly from us by email and text in the following ways:
- If you are a Law Society member we may contact you with marketing information about our member products and services, except where you indicate you would prefer otherwise;
- If you place an order with us for a product or service, we may contact you with marketing information in the ways mentioned in the notices presented to you as part of that transaction, except where you indicate you would prefer otherwise.
- If you register a My Law Society account with us online, we will ask you if you would like to provide your consent to receive marketing information directly from us, by asking you to confirm your preferences on the My Law Society 'Contact Preferences' page;
If you do not complete a purchase and have not indicated that you would prefer otherwise, we may remind you by phone or email about your incomplete purchase.
From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you want to continue receiving marketing information from us.
We may contact you with marketing information by post and telephone by using your personal information or with targeted advertising delivered online through social media and platforms operated by other companies using their profiling tools, or use your personal information to tailor marketing to improve its relevance to you, unless you object.
You can amend your marketing preferences at any time by logging into your My Law Society account and going to 'Contact Preferences' or by contacting our Support Centre using the contact details at the end of this policy.
We will only share your information with our third party partners for them to contact you directly with marketing information about their products and services where you have indicated via your My Law Society account that you would like us to do so. Please see the 'Contact Preferences' page in My Law Society for information about these third party partners.
You have the right to opt out of our use of your personal information to provide marketing to you in any of the ways mentioned in this privacy notice. Please also see section 13 on withdrawing your consent and on objecting to our use of your personal information and automated decisions made about you below for further details on how you can do this.
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information.
Except in rare cases where additional time may be required, we will respond to you within one month from either (i) the date that we have confirmed your identity, or (ii) where we do not need to do this because we already have this information, from the date we received your request.
Accessing your personal information
Under data protection laws you have a legal right to ask to see a copy of the personal information that we hold about you. Such requests are called subject access requests.
If you would like to make a subject access request, please complete the subject access request form (PDF, 320 KB).
You will also need to provide one form of identification and proof of your address, for example, staff pass, driving licence, utility bill, and if appropriate, any particulars about the source or location of the information you are requesting.
Please return completed forms to:
Information Compliance Manager
The Law Society
113 Chancery Lane
London WC2A 1PL
Or via email to email@example.com
Further information about subject access requests can be found on the Information Commissioner's website https://ico.org.uk
We may not provide you with a copy of your personal information if this concerns other individuals or if we have another lawful reason to withhold that information.
Correcting and updating your personal information
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.
In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the ways described at the end of this policy or by updating your details on My Law Society.
Withdrawing your consent
Where we rely on your consent as the legal basis for processing your personal information, as set out under section 4 on how we use your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy.
If you would like to withdraw your consent or object to receiving any direct marketing to which you previously opted-in, you can do so using the unsubscribe tool in that communication (if it is an email), or by writing to us or calling us using the contact details at the end of this policy. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
If you have provided consent for your details to be shared with a third party, and wish to withdraw this consent, please also contact the relevant third party in order to amend your preferences.
Objecting to our use of your personal information and automated decisions made about you
Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s), as outlined under section 4 on how we use your personal information, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please email or write to us at the address at the end of this policy.
Erasing your personal information or restricting its processing
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these situations we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
Transferring your personal information in a structured data file ('data portability')
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with a contract we've entered into with you, as set out under section 4 on how we use your personal information, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
Complaining to the UK data protection regulator
We'd like to be able to resolve all your concerns, and we hope that we can do so. Where we haven't been able to do this, you have the right to complain to the Information Commissioner's Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO's website for further details: https://ico.org.uk.
Please direct any queries about this policy or about the way we process your personal information to the Risk and Assurance team using the post and email details below.
If you wish to write to us, please write to us at:
Information Compliance Manager
Risk & Assurance
The Law Society
113 Chancery Lane
London WC2A 1PL
Our email address for data protection queries is firstname.lastname@example.org.
If you wish to update your preferences by email rather than via My Law Society, you can do so via our Support Centre at email@example.com.
If you would prefer to speak to us by phone, please call the Support Centre on 020 7242 1222.