Privacy notice

This policy tells you what to expect when we collect personal information.

Open all

The Solicitors Regulation Authority Limited (SRA) is the 'data controller' of the personal information we hold for the purposes of the UK General Data Protection Regulation (the UK GDPR) and the Data Protection Act 2018 (the Data Protection Act).

Solicitors Regulation Authority Limited is a wholly owned subsidiary of the Law Society of England and Wales (the Law Society). The Law Society is a body incorporated by Royal Charter. Solicitors Regulation Authority Limited is a company limited by guarantee registered in England and Wales. Our registered offices are: The Cube, 199 Wharfside Street, Birmingham, B1 1RN. Our company registration number is: 12608059.

We collect, use and share data primarily in the exercise of our regulatory functions. Those functions – and our duties and powers - are chiefly found in primary legislation - the Legal Services Act 2007, the Solicitors Act 1974, Administration of Justice Act 1985 and the Courts and Legal Services Act 1990 - and in the rules and regulations made by our Board which sit beneath it.

We also collect and use data to comply with our duties with equality legislation including the Equality Act 2010.

Our lawful basis for processing this information is under UK GDPR is Article 6 Section 1(e) and Article 9 Section 2(g) as it is necessary for the exercise of our official authority in the public interest.

We share certain information about those we regulate within the Law Society and we explain this below. Details about how the Law Society uses that data can be found in the Law Society’s privacy statement.

This notice contains information about:

  • What is personal data and special category data?
  • Why we collect your personal information
  • How long we keep information
  • How we keep information secure
  • Your rights
  • How we provide the information
  • Can you see all the information we hold about you?
  • Information sharing and third parties
  • Overseas transfer
  • Information collected from third parties

If you would like to ask for information about our policy, you can email us.

Personal data is defined in the UK GDPR as any information relating to an identified or identifiable natural person. It can include obvious data like your name but also identification numbers, online identifiers and/or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Special category data includes data revealing race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.

This policy applies to information we collect about you:

As a professional regulator, most of the personal data we process is data relating to our regulatory functions, powers and duties.

We generally process data on the basis it is necessary for the performance of a task carried out in the public interest and/or in the exercise of our statutory functions. When we process special category data we do so either in the substantial public interest to achieve regulatory objectives or to comply with our equality duties or we do so because we are exercising our protective functions designed to protect the public from misconduct, unfitness or incompetence.

Data may also be processed because it is necessary for the pursuit of our legitimate interests and/or the legitimate interests of others such as the Law Society (which are explained more particularly below).

There may be occasions where we process data to comply with legal obligations, particularly in the context of legal proceedings and/or compliance with requests by law enforcement agencies, for example; although, even in these cases, our regulatory functions will also generally be engaged. We will also make pro-active disclosures to police and other authorities as part of our public interest role.

We will not generally rely on consent as a basis for processing personal data. In the limited circumstances where we may rely upon consent, we will specifically obtain this.

We may also use data to improve our level of service. Where we do this, we do it to help inform us how to improve the way we work since both we and those we deal with have an interest in us doing so.

Applicants to profession

Applications such as to become a trainee, a solicitor or be approved in a role

When we receive applications containing personal information we create or update the information we hold about that person on our systems and files. We use the personal information to process the application and to make a decision about the application itself. It is also retained to capture a full regulatory history of an individual.

Failure to provide requested information may result in an application being refused.

Where required as part of the suitability assessment, applicants will be directed to provide information to Atlantic Data who will perform credit checks and criminal record checks on our behalf. We also use external assessors to process resource intensive applications for exemptions from certain training and qualification requirements.

Data received may also be used to check our level of service. Where we do this we do it to help inform us how to improve the way we work since both we and those we deal with have an interest in us doing so.

We may also prepare and publish or share statistics or research obtained from data we collect such as the number and types of applications we receive but not in a form that identifies anyone. As explained above, this may include certain special category data.

Regulated persons

mySRA lets you manage your information online. We use it to allow regulated persons to keep us up to date and to make applications.

mySRA sets several cookies over and above the cookies explained in our section about visitors to our website.

We use personal information provided by registered users of mySRA to carry out checks such as fraud and credit checks by independent Credit Reference and other agencies.

Personal information we collect on an annual basis from individuals or firms may be used to inform our regulatory work. This may include investigations, enforcement and applications made to us. It may also inform our ‘thematic work’, for example, the data used collectively identifies trends about risks that either exist or are emerging in the legal market and which lead us to engage with those we regulate on a one to one basis.

From time to time, we may contact regulated professionals in relation to research projects we are undertaking (or you may be contacted by a research organisation acting on our behalf). We undertake research to gain more insight into the profession and emerging issues to inform policy development, achieve regulatory objectives, comply with equality duties and decision making (which, again, accords with our regulatory powers and duties). We also prepare and publish or share statistics obtained from data we collect from those we regulate but not in a form that identifies anyone.

We make some information publicly available such as the practising details of solicitors and disciplinary sanctions These may appear on published registers including the Solicitors Register, on the Legal Choices website and are made available for re-use, for example for creation of products to help customers choose legal representation. In line with the Terms and Conditions we require re-users to include an attribution to the SRA where they are an SRA API subscriber, refer to firm data reuse page.

If a regulated person contacts us for guidance or advice we use the information we collect to handle the request for help. We may also use the information to check our level of service.

Solicitors and businesses manage the provision of information to us through on-line accounts, activated by email and we use email to reset lost or forgotten passwords.

Email addresses of regulated persons are used:

  • to remind those we regulate about notifications and reminders for key changes to the mySRA account, or relating to regulatory requirements such as practising certificate renewal
  • to inform regulated individuals and organisations of regulatory news, time sensitive regulatory requirements, events, and other important information to ensure that members of the profession are informed of any changes which will affect them
  • to send non-essential communications (such as events which may be relevant to your role) including an option to unsubscribe, although continued receipt is encouraged so as to assist our efforts in ensuring the regulated population are well-informed on matters affecting the profession.

Personal information obtained in the course of our email management and email campaigns may also be used to inform our regulatory work.

For conferences and events we process personal data for registration purpose. This is to assist us with understanding how many individuals attend events and the arrangements that we have to put in place to ensure that the events can operate appropriately and effectively.

People making complaints about regulated persons

When we receive complaints about those we regulate we create a complaint file. Usually the file will contain the identity of the complainant and other people involved in the complaint.

We usually have to disclose a complainant's identity to the person complained about or to the firm in which that person is involved. If a person making a complaint does not want to be identified we will try to respect that. However, if we are unable to progress a complaint where we think there is an overriding need to protect the public we may decide to disclose a person's identity.

Information obtained via this process may be used to inform our regulatory work which may include using information in investigations, enforcement and applications made to us. Your details may be shared with relevant third parties where this required to establish the facts of the case, explain our decisions and ensure transparency in our processes. It may also inform our thematic work, for example, the data used collectively identifies trends about risks that either exist or are emerging in the legal market and which lead us to engage with those we regulate on a one to one basis.

Where we take action as a result of a complaint, where possible, we try to keep those making the complaint informed of progress.

We keep records of complaints as this could along with any other complaints or concerns we received about the same individual or firm result in a follow up action in the future.

We may also prepare and publish or share statistics and research obtained from data we collect such as the number and types of complaints we receive but not in a form that identifies anyone.

We will also generally obtain diversity data and some special category data in the course of compiling complaint files. In some cases the data may be relevant to the complaint itself such as data concerning health that may be relevant to reasonable adjustments. We may also use the data to monitor outcomes to help us achieve regulatory objectives, as well as our equality duties.

We give information about the use of our website and cookies in our section about 'Visitors to our website'. A small number of our online forms and surveys are served securely by a cloud-based platform using the web address 'form.sra.org.uk'. This sets the following cookie.

Data received may also be used to check our level of service. Where we do this we do it to help inform us how to improve the way we work since both we and those we deal with have an interest in us doing so.

Complaints about us

When we receive complaints about us we create a complaint file. Usually the file will contain the identity of the person complaining and other people involved in the complaint.

We use personal information to deal with the complaint. We may also use the information to check and improve our level of service. Where we do this we do it to help inform us how to improve the way we work since both we and those we deal with have an interest in us doing so.

We may also prepare and publish or share statistics and research obtained from data we collect such as the number and types of complaints we receive about our service but not in a form that identifies anyone.

On the request of the person making the complaint, data may be shared with an independent reviewer who is asked to review the way we have handled matters.

When aiming to achieve the regulatory objectives, in particular to protect and promote the public interest, it is necessary and in the substantial public interest that we ensure we handle complaints fairly and effectively. We therefore commission an annual review to help improve how we handle complaints. To do this it is necessary to share personal data with the independent reviewer.

People who make enquiries or ask for general help

When enquiries are sent to us we usually only use the information to handle the request or to deal with any later issues.

We keep a record of our telephone calls. We record our telephone calls. Recordings are kept for two months although in some cases we keep recordings for longer to help with training our staff or where we receive a complaint about our service.

We may also use information to help inform the way we regulate and to check and improve our level of service. Where we do this we do it to help inform us how to improve the way we work since both we and those we deal with have an interest in us doing so.

Others connected to our work

The nature of our work means that we handle personal information about third parties who are, in some way, connected to the work we do. This category is broad and examples include witnesses to an investigation, clients of those we regulate, applicants to our Compensation Fund.

We may also obtain diversity data and some special category data about such third parties during our engagement with them. We will only do so where we have identified the requirement for such data to monitor outcomes to help us achieve regulatory objectives or our equality duties.

Some data is collected when people sign up to newsletters, act as an organisation's contact, respond to our consultations or register with us for events or webinars. We use personal data collected in this way to deliver the service we provide or to improve the service we offer. Respondents to consultations will generally be identified in the consultation responses documents, although the respondents can ask to have their details kept confidential.

Information about online forms, the use of our website and the use of cookies is explained in our section about 'Visitors to our website'. A small number of our online forms and surveys are served securely by a cloud-based platform using the web address 'forms.sra.org.uk'. This sets the following cookie.

Job applicants and employees

When people apply to work with us, we use the information sent to us to process applications and to monitor our recruitment.

To ensure we are an equal opportunities employer we collect information about age, disability, ethnicity, sex, gender reassignment, sexual orientation and religion or belief. This information is not used in relation to the application itself and is treated with strict confidence. We will only use the information to help us monitor and deliver equal opportunity measures. With the exception of the disclosure of a disability which may be used to meet our legal obligations and our commitment to the disability confident scheme.

Successful applicants who secure fixed term or permanent contracts are asked to agree to – where applicable - an appropriate background check. This will be in addition to reference checks and proof of eligibility to work in the UK. If you are aware of anything that could adversely affect your application, you are required to disclose this prior to an interview and/or formal offer being made by us.

Once a person is employed by us, we compile a file relating to their employment. We keep this information secure and only use it for purposes directly related to their employment. When a person's employment ends with us we destroy the file in line with our retention and disposal policies.

For unsuccessful applicants we keep the information secure and destroy the file in line with our retention and disposal policies.

We keep personal information for as long as necessary to ensure we can fulfill our regulatory role in the public interest and in line with our published retention and disposal policies.

We are under a general duty to keep personal data and information confidential. Where we share information, we take all reasonable steps to keep it secure, use it fairly and ensure that data protection safeguards are in place.  We use secure portals and encryption tools when necessary to ensure data in transit is protected.

We apply best practice in terms of information security, in line with the ISO:27001 standard and adopt a privacy by design approach in developing new systems and processes involving personal data, considering the rights of individuals and the risks involved at the start of projects to make sure we build in suitable controls.

We are certified to the ISO:27001 information security standard, which allows us to maintain and continually improve our information security management system. We also maintain certification to Cyber Essential Plus which provides independent assurance that we have the controls in place to mitigate the most common cyber security threats. 

Depending on the information we hold about you, and the reason for us holding it, you have certain rights which are set out below. In some cases, exemptions disapply your rights and the obligations we have towards you. If you have any concerns of this nature, you can email our Information Compliance Team.

The right of access

You have the right to request a copy of personal data we hold about you, including the reasons why we hold it, who the data will be shared with, as well as details of the period for which the data will be retained. 

To help us identify the relevant information when you are making such a request, please provide us with the following:

  • your name (including any aliases, if relevant)
  • any other information we use to identify or distinguish you from other individuals (e.g. your SRA ID if you are a solicitor)
  • a comprehensive list of what personal data you want to access, based on what you need
  • any other details, relevant dates, or search criteria that will help us identify what you want such as any relevant SRA reference numbers
  • up to date contact details

You will also need to let us have a postal or email address so that we can send you the information.

We usually send a hard copy by special delivery post to your residential address or an electronic copy by email. We can make other arrangements in some cases. Please email us if you would like to agree alternative arrangements.

To submit your request, you can Email or post it to us.

Please note, if you do make such a request to us, we may need to satisfy ourselves as to your identity before we are able to process it.

In many cases your identity will be obvious to us from our previous engagement, but there may be cases where we need to contact you to request documents to prove your identity to ensure that we are sending the information to the right person.

We may also need further information if you have appointed someone else to request your information on your behalf or if someone is acting on your behalf.

Where we do require proof of identification from you, or any other information to progress a request, we will contact you directly and explain what we need and why.

In most instances, we will provide the information to which you are entitled within one month of receipt of a valid request. Requests which are complex or numerous may however take up to three months.

In some cases, we won’t be able to provide all or some of the personal data being processed because an exemption applies. This is likely to be because:

  • the data is also the personal data of another person and it would not be reasonable to disclose it to you without their consent
  • disclosing the data would prejudice our regulatory functions, for example by making it difficult for us to conduct our investigations or other regulatory functions
  • the data is held as part of information that is subject to legal privilege

Where we conclude that an exemption applies to any personal data that has been requested, we will explain this in our response.

Requests which are considered manifestly unfounded or excessive will be refused.

The right to rectification

In most cases you are entitled to have your records amended if the personal data we hold is inaccurate or incomplete

If you have access to mySRA account, you can update your details there.

The right to rectification does not always apply. For example, it does not include amending data which was accurate about you at one time even though the current position is different. Nor does it include changing records of information sent to us by others which you say is inaccurate because the information is an accurate record of what was sent to us.

The right to erasure

You have a right to request your data is deleted in certain circumstances, i.e. where it is no longer needed for the purposes it was collected; the (rare) occasions where consent is relied upon as the lawful basis for processing, consent is withdrawn and there is no other lawful basis for our continuing to process it; you object to the processing (see below) and there are no overriding legitimate grounds to continue; where the data has been unlawfully processed; or where it has to be erased for compliance with a legal obligation.

This right does not apply where we need the information for the performance of our regulatory functions and for example there is a need to comply with a legal obligation or it is necessary to process the data in connection with legal proceedings or legal advice.

The right to object or to restrict processing

You have the right to object to us processing your information where we are processing data in connection with the exercise of our regulatory functions or other data in pursuit of our legitimate interests. In such case, we will stop processing unless we can demonstrate compelling legitimate grounds for continuing the processing which override your interests.

If you have concerns about how we are using your information and believe that this should stop, you can email our Information Compliance Team.

If you have any concerns about the matters in this statement or the way we process your data then you can email the Information Governance Team who can assist with queries and are the point of contact for engagement with the Data Protection Officer.

You also have the right to lodge a complaint with the Information Commissioner’s Office.

Sharing with The Law Society

We have an agreement in place with the Law Society to share data they require to undertake their role as the representative body of solicitors in England and Wales.

We collect and share data about regulated individuals with the Law Society which the Law Society uses for the following purposes:

  • to fulfil their statutory role under the Legal Services Act 2007, as well as:
  • to validate and maintain their membership register and ensure eligibility for, for example, the right to stand and vote in Council elections
  • to provide membership services to solicitors
  • to provide and maintain the "find a solicitor" service
  • to accredit individuals and firms
  • to conduct research and compile management information.

When we collect and share data with the Law Society for purposes outside the Law Society's statutory functions we do so because the Society has a legitimate interest in using that data in order to govern the work of the Society, maintaining its membership, providing services to its members and raising public awareness of services offered by its members, and the Society needs this data to perform these functions. Some research carried out will be done as part of the Law Society’s statutory functions while in other cases the Law Society or third parties will have a legitimate interest in the outcome of research. We provide the minimum amount of personal information required for them to perform these tasks. For further details, please see the Law Society’s privacy statement.

In some cases, the public has a legitimate interest in the personal data used by the Law Society such as information presented on the ‘Find a Solicitor’ service which holds personal data about a broad range of those we regulate such as non-lawyer managers and compliance officers. The Society provides this service to ensure the public can identify relevant individuals within a firm and how they can contact them.

Sharing with the Solicitors Disciplinary Tribunal

Where it is necessary for the exercise of our regulatory function, we will share information with the Solicitors Disciplinary Tribunal.

In the event that we take enforcement action we will generally publish our decision in line with our guidance on publication. If a person has appeared before the Solicitors Disciplinary Tribunal (SDT) the Findings of the Tribunal are usually published on the SDT website. In the course of investigations, we may need to disclose information to third parties such as employers or complainants in order to establish the facts of a case, explain our decisions and ensure transparency in our processes.  Where there is an overriding public interest in doing so, we may make further details available, including public statements where there is a need to safeguard public confidence.

Sharing with Kaplan SQE Limited (Kaplan SQE)

We share relevant Solicitors Qualifying Examination (SQE) information with Kaplan SQE, to enable them to provide assessment services for anyone who wants to qualify as a solicitor.

We have a contract for services in place with Kaplan SQE to operate the SQE, which includes suitable provisions to ensure Kaplan processes personal data in accordance with our requirements and those prescribed by the data protection laws. Kaplan is the sole assessment provider for the SQE.

Key suppliers and service providers

We use cloud-based providers who operate within the EU under suitable data protection arrangements and security controls in place in accordance with the requirements in data protection laws.

We also use the services of a testing company based outside the EEA who undertake systems testing. Where possible, testing is generally undertaken using synthetic data. No data is physically transferred outside of the SRA’s IT infrastructure but limited remote access is provided where necessary and on occasion this may involve testing of our live systems, including real data.

We also store hard copy material with Capita in the UK who provide archive services to the SRA. We have a data processing agreement in place with Capita to ensure Capita’s security arrangements and the understanding as to the basis and requirements for processing is aligned with ours.

We use Atlantic Data to conduct credit reference and criminal record checks where required for authorisation decisions.

We use WorldPay to process payments for mySRA and will share limited personal data, e.g. email address so that they can manage payments.

We also share data with organisations who perform audit and assurance roles for us and those who provide professional advisory services. This includes legal, medical and other professional advisers; again, with whom we have arrangements to ensure their compliance with our requirements.

Research bodies

We work with third parties to carry out research to help us achieve the regulatory objectives found in the Legal Services Act 2007 and to work in the public interest. We may also do so in connection with our equality duties. For example, we need to collect certain data including special category data in to monitor the diversity of the profession. The outcome of any research will not relate to or identify any individual.

Research may also inform our 'thematic work', for example, it may identify trends about risks that either exist or are emerging in the legal market which lead us to engage with those we regulate on a one to one basis.

Other regulators and enforcement agencies or Government agencies

In appropriate cases, personal information will be disclosed to other regulators, the Legal Ombudsman, law enforcement or Government agencies where it is reasonable to do so to support our, or the relevant agency's, statutory or public function.

In most cases, we will tell the person whose information we hold that we are sending their information somewhere else. You can get more information about how we share information with agencies with a public interest by reading our Memorandums of Understanding. There will be occasions where we will not tell the individual that their data is being shared, particularly in law enforcement connected regulatory matters, where to inform the relevant individual may defeat the purpose of making the disclosure (and/or, in certain cases, involve disproportionate effort).

Adjudicators

Many staff employed by the SRA have decision making powers. We also have a panel of adjudicators that provide adjudication services to us. Adjudicators make regulatory decisions on a wide range of powers contained in legislation such as the Solicitors Act 1974, Legal Services Act 2007 and the SRA Standards and Regulations.

We use the panel adjudicators in accordance with our Schedule of Delegation to make with first instance decisions or deal with reviews. They have access to information about regulated persons to enable them to make these decisions.

Independent reviewer

We believe it is necessary and in the substantial public interest that we ensure we handle complaints fairly and effectively. We therefore commission an annual review to help improve how we handle complaints and ensure our services are working effectively in the public interest. To do this it is necessary to share personal data with the independent reviewer who independently review complaints we are unable to resolve.

Other third parties

We may disclose data where a third party has a legitimate interest in it and where we are satisfied disclosure is necessary and lawful, such as where a person is making or seeking to establish legal claim.

International transfer of data occurs where we need to send information to our international regulatory counterparts or to officials overseas in connection with regulatory or criminal investigations or processes. In such circumstances, the relevant individuals will not generally be informed that their data has been transferred if doing so would undermine the purpose for which it was transferred.

As explained more particularly below, we also obtain data from third parties. Generally, when we do this, it is in the exercise of our regulatory functions, powers and duties, including:

  • Credit Reference Agencies as part of the Suitability Test for applicants
  • complainants, other regulatory bodies, law enforcement agencies and witnesses and experts in connection, for example, with a regulatory investigation or other enforcement matter.

Visitors to our website

Cookies are small text files stored on your computer while you are visiting a website. Cookies help make websites work. They also provide us with aggregated information about how users interact with our site. We use this information to try to improve your experience on our website and the quality of service we provide. Cookies help us do this by allowing us to remember personal settings you have chosen at our website. We do not use cookies in any other way to collect information that identifies you personally. Most of the cookies we set are automatically deleted from your computer when you leave our website or shortly afterwards.

Complete information about the cookies we may set on your browser appears below. A hyperlink to this information about cookies appears prominently on most pages of our website.

Cookies set by www.sra.org.uk

Below is a list of cookies set by the SRA website, along with a brief description of what each is used for.

Cookie name Purpose Expiry
ASP.NET_SessionId Unique identifier for sessions, identifies a user’s session When you close your browser
ARRAffinity Routes the request made through a web browser to the same machine in the DXC cloud environment. This cookie is deleted when you close your browser. When you close your browser
.EPiForm_BID Identifies the form submission made to the site when a visitor submits data to via an Episerver form. 90 days
.EPiForm_VisitorIdentifier Identifies the form submission mase to the site when a visitor submits data to via an Episerver form. 90 days
EPiForm_{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx}:{xxxxx} Stores partial form submissions so that a user can continue with a form submission upon return. (The xs are replaced by a unique identifier.) 90 days
ARRAffinitySameSite Set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session. Session
SRACookie This is used to store user preferences about cookie consent. One year
TiPMix Required for EpiServer release process. Session
x-ms-routing-name This ensures that the user is routed to the same server. One month

Cookies set by mySRA (https://my.sra.org.uk)

Our online account management solution— mySRA—sets several cookies over and above the cookies listed directly above. By logging in to mySRA, you consent to the following cookies being set on your browser.

Cookie name Purpose Expiry
ai_session This cookie is associated with the Microsoft Application Insights software, which collects statistical usage and telemetry information for apps built on the Azure cloud platform When you close your browser
ai_user This is a unique user identifier cookie enabling counting of the number of users accessing the application over time. 365 days
BNES_SameSite This enables the website to function properly When you close your browser
SameSite This ensures users use the same server for their session. When you close your browser
x-bni-fpc Web Application Firewalls to detect and block suspicious traffic that may cause a denial of service. 15 years
x-bni-rncf Web Application Firewalls to detect and block suspicious traffic that may cause a denial of service. 15 Years

Cookies set by https://form.sra.org.uk

A small number of our online forms and surveys are served securely by a cloud-based platform using the sub-domain form.sra.org.uk. This platform sets the following cookie.

Cookie name Purpose Expiry
from_app Used selectively to identify user and re-direct to appropriate unique instance of form 90 days

Cookies set by https://events.sra.org.uk

When you register for an SRA event you are served securely by a dedicated platform called Eventsforce which uses the sub-domain events.sra.org.uk. The platform sets the following cookies, in addition to those listed under www.sra.org.uk above.

Cookie name Purpose Expiry
_zendesk_shared_session, _zendesk_session Used by our Eventsforce software to store information temporarily while you are using the site When you close your browser

Cookies set by https://sra.tal.net

When you apply for a job at the SRA you are served securely by a dedicated recruitment platform called Oleeo which uses the domain sra.tal.net. The platform sets the following cookies, in addition to those listed under www.sra.org.uk above.

Cookie name Purpose Expiry
wcn_agent_session agent session on a system When you close your browser
wcn_ats_session recruiter session on a system When you close your browser
wcn_session candidate session on a system When you close your browser
Crsf-token cross site request token for api When you close your browser

Third-party cookies

Some services we use to add value and convenience to those who use our website. The browsers may set cookies on our behalf. These services fall into two broad groups: social media and web analytics.

Social media

We publish all of our video content on YouTube.com, and embed it on our website. When a visitor triggers a video to play, YouTube sets cookies on their browser. Any concerns about those cookies should be checked with Google's privacy policy.

Some of our web content includes buttons that allow visitors to share content easily with their online networks—using Twitter, LinkedIn and Facebook. When visiting these areas Twitter, LinkedIn and Facebook may set cookies on a visitor's browser. We do not control the use of these third-party cookies, and any concerns should be checked with the privacy policies of Twitter, LinkedIn and Facebook.

Service Cookie name Expiry
twitter.com Pid 2 years
linkedin.com X-LL-IDC When you close your browser
youtube.com use_hitbox When you close your browser
youtube.com VISITOR_INFO1_LIVE 240 days

Web analytics

Cookies set by Idio analytics

Idio analytics provides analysis and content recommendations based on user interactions.

Cookie name Purpose Expiry
iv Tracks the anonymous visitor's actions across the the site. Persistent
is Identifies a visitor's session. This cookie is used in conjunction with the iv cookie Session

To improve our web-based services we collect and use overall data about the use of our site from a third-party service, Google Analytics. When visitors use our website Google Analytics sets cookies on their browser. We do not control the use of these third-party cookies and any concerns should be checked with Google's privacy policy a full list of cookies set by Google Analytics can be read on Google's cookie usage page.

We also use HotJar to analyse user interaction on the website and to run customer surveys. We do not control the use of these third-party cookies, you can read a complete list of cookies set by the service on HotJar's cookies page.

We also use a third-party service—LivePerson—to chat to users in real time who visit our guidance pages. This service works alongside our Professional Ethics Guidance helpline in answering solicitors' queries. LivePerson sets several cookies on your browser and you should check LivePerson Privacy Policy and cookie information page for more details.

More information about cookies

To learn more, including how to manage cookies, visit https://www.bbc.co.uk/usingthebbc/cookies/what-do-i-need-to-know-about-cookies/. If you have any questions or concerns about cookies set by www.sra.org.uk, www.my.sra.org.uk. https://form.sra.org.uk or https://events.sra.org.uk please contact us.

We keep this notice under regular review.

Last updated 23 October 2024

Use www.sra.org.uk/privacy to link to this page.