Privacy Policy - SFR Solicitors Data Protection and Privacy Information

Privacy Policy

At SFR Solicitors, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you visit our website or engage with our legal services, including those related to the Criminal Injuries Compensation Authority (CICA).

This includes personal data collected through our secure online claimant portal, where clients submit information, documentation, and communicate with us electronically.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and reflects guidance from the Solicitors Regulation Authority (SRA).

1. Who We Are

SFR Solicitors is the data controller for the purposes of the UK GDPR.

We are authorised and regulated by the Solicitors Regulation Authority (SRA Number: 8012089).

If you have questions about this policy or our use of your data, you can contact us at:

  • Email: [email protected]
  • Phone: +44 20 4615 4242
  • Address: 124-128 City Road, London, England, EC1V 2NX
2. What Information We Collect

We may collect the following personal data:

a. Information You Provide
  • Name, address, contact details
  • Date of birth, gender, and other identification details
  • Information necessary for legal services (e.g. injuries, medical history, police reports)
  • Consent preferences and correspondence
b. Information We Receive from Third Parties
  • Data from police forces, the CICA, medical professionals, or legal representatives
  • Information from referrers or agencies supporting victims
c. Information We Collect Automatically
  • IP address, browser type, device data
  • Website usage through cookies and analytics (see our Cookie Policy)
3. Legal Basis for Processing

We only process your personal data when allowed by law. The main lawful bases we rely on include:

  • Contractual necessity: To provide legal services you've requested.
  • Legal obligations: To comply with our regulatory and legal responsibilities.
  • Legitimate interests: To operate and improve our services in a way that respects your rights.
  • Consent: Where we rely on your agreement (e.g. marketing).
  • Substantial public interest: For processing special category or criminal offence data (see below).
4. Special Category & Criminal Offence Data

We may process special category data (e.g. health records, ethnicity) and criminal offence data in the course of supporting your CICA claim. This is done lawfully under:

  • Article 9(2)(f) & 9(2)(g) UK GDPR (legal claims and substantial public interest), and
  • Schedule 1, Part 2 of the Data Protection Act 2018.

This data is handled with additional security and confidentiality safeguards.

5. How We Use Your Data

We use your data to:

  • Deliver legal services (e.g. CICA applications)
  • Communicate with you about your case
  • Comply with legal and regulatory duties
  • Prevent fraud and misuse
  • Improve our website and client service
6. Sharing Your Data

We will only share your personal data when necessary and lawful. Examples include:

  • CICA, police forces, or other authorities involved in your case
  • Medical experts, support workers, or court-appointed professionals
  • Our service providers (e.g. secure IT platforms, case management software)
  • TPMA provider: For managing client-related payments

All third parties are contractually bound to handle your data safely and in line with UK data protection law.

We will never sell or rent your data to third parties.

7. Third-Party Managed Account (TPMA)

We do not hold client money directly. Where financial transactions are required (e.g. compensation payments), we use a secure and regulated Third-Party Managed Account (TPMA) provider.

The TPMA provider operates independently and has its own data protection and financial safeguarding controls. This arrangement ensures your funds are protected and managed transparently.

8. Children's Data

If your claim involves a child or you are providing data about someone under 18, we apply additional safeguards to ensure appropriate handling and confidentiality.

9. Data Retention

We only keep your personal data for as long as necessary for the purpose it was collected, including:

  • During the lifecycle of your legal matter
  • Up to six years after case closure, for legal, audit, or regulatory purposes

After the retention period ends, we will securely delete or anonymise your data.

10. Your Rights Under UK GDPR

You have the following rights:

  • Access – request a copy of your personal data
  • Rectification – correct inaccurate or incomplete data
  • Erasure – request deletion of data (where legally permissible)
  • Restriction – limit how your data is used
  • Data Portability – request your data in a structured format
  • Withdraw Consent – where processing is based on your consent

To exercise your rights, contact: [email protected]

We aim to respond within one month.

11. Complaints

If you are concerned about how we process your data, please contact us first so we can address your concerns.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

12. Data Security

We apply technical and organisational security measures to protect your personal data, including:

  • Encryption
  • Secure servers and backups
  • Access control and audits
  • Staff training and confidentiality obligations
13. Cookies and Tracking

We use cookies to improve your browsing experience and monitor site performance. You can control cookie preferences via your browser settings. For full details, please see our Cookie Policy.

14. International Transfers

We do not transfer your data outside the UK. If future transfers become necessary, we will apply safeguards such as Standard Contractual Clauses (SCCs) or equivalent legal protections.

15. Automated Decision-Making

We do not use automated decision-making or profiling that has a legal or significant effect on you.

16. Links to Third-Party Websites

Our website may include links to external websites. We are not responsible for the content or privacy practices of these websites. We encourage you to review their privacy policies before providing any personal information.

17. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.

We encourage you to review this page regularly to stay informed about how we protect your data.