PRIVACY POLICY

Introduction


Shared Direction Conveyancing (“we”, “us”, “our”) is committed to safeguarding the privacy of visitors to our website and clients who interact with us. This Privacy Policy explains how we collect, use, store, and protect your personal data.

By using our website, you agree to the terms of this policy, including our use of cookies in accordance with the Cookie Policy below.


Who we are and how to contact us


Controller: Shared Direction Conveyancing Limited (SRA No. 8001389)
 Registered office: Suite 3, Orchard House, Orchard Street, Canterbury, CT2 8AJ
 Data Protection Officer: Andrew Theoff
 Contact email address: enquiries@sdc-legal.co.uk


1. Our Use of Your Personal Data


In this section we explain:


  • the general categories of personal data we may process;
  • the purposes for which we process that data; and
  • the lawful bases on which we rely.


We will only process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other applicable data‑protection legislation.


1.1 Usage Data


We may process information about your use of our website (“usage data”). Usage data may include your IP address; geographical location; browser type and version; operating system; referral source; length of visit; page views and navigation paths; and timing, frequency and pattern of visits.

This information is collected via Google Analytics and is processed to analyse the use of our website and improve our services.


Lawful basis: Our legitimate interests – monitoring and improving our website and services


1.2 Account Data


We may process information you provide when creating or accessing an account (“account data”), such as your name and email address, together with all other information obtained in connection with any transaction we undertake for you. This data is sourced from you or your employer and is processed to provide our services and communicate with you.


Lawful basis: Our legitimate interests – performing a contract with you or taking steps at your request prior to entering into a contract.


1.3 Client Due Diligence Data


We may process information collected as part of our client due diligence (“CDD data”). This includes identification documents (such as passports, driving licences, utility bills), source‑of‑funds information (such as bank statements and financial evidence), and any information we are required to obtain to comply with anti‑money‑laundering and counter‑terrorist financing legislation.

As part of this process, we use a third‑party digital identity verification service, Thirdfort, who may process biometric data (such as facial recognition and liveness checks) to verify your identity. Thirdfort carries out this processing on our behalf for the purpose of fulfilling our statutory due‑diligence obligations.

CDD data is processed for verifying identity, assessing risk, establishing the source of funds, preventing fraud, complying with the Money Laundering Regulations, and meeting our professional and regulatory obligations.


Lawful basis (personal data) – under the UK GDPR Article 6(1)(c) processing is necessary for compliance with a legal obligation, including our obligations under the Money Laundering Regulations 2017.


Lawful basis (special category data processed by our provider) – where biometric data is processed by Thirdfort as part of identity verification, our lawful basis is Article 9(2)(g) UK GDPR (substantial public interest), together with Schedule 1, Part 2 of the Data Protection Act 2018 (preventing fraud and meeting regulatory requirements).

CDD data is stored securely, with access restricted to authorised personnel and handled in accordance with our statutory obligations.


1.4 Enquiry Data


We may process information you provide when submitting an enquiry for our services (“enquiry data”). This may include your contact details and any information contained in your enquiry, and is processed for the purpose of offering relevant products and services to you.


Lawful basis: Consent.


1.5 Call Recording Data


We may process information contained in telephone calls between you and us (“call data”). Call data may include your name and contact details, your voice and information you provide during the call.

We may record both inbound and outbound calls.

  • For inbound calls:  (a) callers who ring our main reception number will hear an automated message advising that calls may be recorded; (b) callers who ring any other number (e.g. a staff members direct line) are informed via this Privacy Policy and, in the case of our clients, our Terms of Business.
  • For outbound calls: clients are informed through our Terms of Business and this Privacy Policy and all others are informed via this Privacy Policy.

Calls are recorded for the purposes of training and quality assurance, monitoring and improving our services, verifying instructions or information you provide and for compliance with legal and regulatory obligations.



Lawful basis: Our legitimate interests – ensuring the quality of our services, maintaining accurate records, and meeting regulatory requirements.

Call recordings are stored securely, with access restricted to authorised personnel and protected by appropriate technical and organisational measures.


1.6 Other Processing


We may process your personal data where necessary to comply with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another person.


2. Providing Your Personal Data to Others


We may disclose your personal data:


  • to our insurers and/or professional advisers, where reasonably necessary for obtaining insurance, managing risk, securing professional advice, or handling legal disputes;
  • to trusted service providers (e.g., IT hosting, telephony, case‑management, analytics) who act as processors under our instructions and are bound by contractual safeguards;
  • where required to comply with a legal obligation, or to protect your vital interests or the vital interests of another natural person.


Service Review Platforms

We may contact you via email to request feedback about our services. We use third‑party platforms, including Review Solicitors and SurveyMonkey, to collect such feedback.

To facilitate this, we may share your name, email address, and reference number with these providers, who process your data in accordance with their own privacy notices. You can find the Review Solicitors Privacy Policy here and the SurveyMonkey Privacy Notice here.

We may also use such reviews or comments in promotional material and media for our advertising and promotional purposes.


3. Retention and Deletion of Personal Data

We retain personal data only for as long as necessary for the purposes for which it was collected or to comply with legal or regulatory requirements. We periodically review the personal data we hold and erase or anonymise data when retention periods expire, unless a legal obligation requires longer retention.


3.1 Account Data


Retained for the duration of our professional relationship with you, and for 7 years thereafter, to comply with our regulators requirements and other current legislation.


3.2 CDD Data


To support our general file‑retention approach, CDD data is kept for 7 years (which exceeds the standard 5 year AML retention expiry) and is destroyed / deleted at the same time as the matter file to which it relates. We do this to establish, exercise or defend legal claims and to evidence that we satisfied our compliance obligations.

 

Where Thirdfort performs identity verification on our behalf, biometric processing undertaken by Thirdfort is retained by them in line with their own AML obligations and contractually required retention limits.


3.3 Enquiry Data


Retained for up to 18 months from the date of last contact where no contract is formed.


3.4 Call Data


Retained for the duration of our professional relationship with you and for 7 years thereafter, then securely destroyed or deleted.


3.5 Legal Exceptions


We may retain data beyond these periods where necessary to comply with a legal obligation or protect vital interests.


4. International Transfers


We generally process personal data within the UK. Where we use suppliers that transfer data outside the UK, we ensure appropriate safeguards are in place (such as UK adequacy regulations or the UK International Data Transfer Agreement/Standard Contractual Clauses). Details are available on request.


5. Your Rights


You may:

  • Request access to the personal data we hold about you;
  • Request rectification of inaccurate data;
  • Request erasure of your data (where applicable);
  • Request restriction of processing;
  • Object to processing where our lawful basis is legitimate interests;
  • Data portability (receive certain data in a machine‑readable format and/or request we transmit it to another controller, where applicable);
  • Rights related to automated decision‑making, including profiling. We do not carry out decisions producing legal or similarly significant effects solely by automated means.


To exercise any of these rights, please contact us using the details above.

We respond to valid requests within one month (we may extend by up to two months where requests are complex or numerous, and we will inform you if an extension applies).

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/

If you have a complaint, please also let us know so that we can seek to resolve your concerns.


6. Amendments


We may update this Privacy Policy from time to time by publishing a new version on our website.
Please check this page periodically to ensure you are happy with any changes.


7. Cookie Policy


We use cookies across our website to enhance performance and improve your user experience.


7.1 What Are Cookies?


Cookies are small text files stored on your device when you visit a website. They allow the website to recognise your device and remember your preferences. Cookies may collect information such as login or preference details, general usage patterns, and approximate location data. Most cookies do not personally identify you.


7.2 Cookies Used by Our Service Providers


Some of our service providers may store cookies on your device when you visit our website.

We use Google Analytics to analyse website usage and create reports to help improve our site. Google’s privacy policy is available at: https://www.google.com/policies/privacy/ Cookies used include: _ga, _gat, _gid.


7.3 Disabling Cookies


You can disable or manage cookies at any time by adjusting your browser settings. Most browsers allow you to block all cookies, block cookies from specific websites, delete cookies already stored on your device, and receive notifications before new cookies are set.

The exact steps vary depending on your browser or device and can usually be found in the Privacy, Security, or Site Settings menu.

Please note that disabling cookies may affect how our website functions and could limit your user experience.


7.4 Cookie Consent


Where required by law, we will request your consent before setting non‑essential cookies (such as analytics). You can withdraw consent at any time via our cookie banner preferences.


Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us: enquiries@sdc-legal.co.uk


Last Updated On 30/4/2026