Privacy policy

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities if you have a complaint.

This privacy policy does not apply to any third party websites that may have links to our own website.

Clients of this firm should read this policy alongside our general terms and conditions, which provide further information on confidentiality.

Who are we and what do we do?

SuLe Hub Limited is a limited company, incorporated in England and Wales with a registration number and registered address at Capital Office, 124-128 City Road, London,United Kingdom, EC1V 2NX (“we”,”us”, “our”).

We operate a legal tech platform, which we make available through our websitewww.sulehub.com.

For the avoidance of any doubt we are not a regulated law firm. For this reason, we do not undertake any work that is prescribed to be reserved legal activities under the Legal Services Act 2007. If we believe that your work is likely to fall under the category of reserved legal activity, then we could either introduce you to a regulated firm of solicitors or ask you to find a regulated firm of your choice.

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to services we offer to individuals and our wider operations in the European Economic Area (EEA).

Key terms

Personal data” means any information relating to an identified or identifiable individual.

Special category personal data” means Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, Genetic data, Biometric data (where used for identification purposes), Data concerning health, sex life or sexual orientation.

data subject” means the individual who the personal data relates to.

Personal data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

·       Identity Data includes first name, last name, username or similar identifier, title.

·       Contact Data includes billing address, delivery address, email address and telephone numbers.

·       Financial Data includes bank account and payment card details.

·      Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

·      Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

·      Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

·      Usage Data includes information about how you use our website, products and services.

·      Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share “Aggregated Data” such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We collect and use this personal data to provide services to you. If you do not provide personal data we ask for, it may delay or prevent us from providing those services.

How your personal data is collected

We use different methods to collect data from and about you including through:

·      Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

o  apply for our products or services;

o  create an account on our website;

o  subscribe to our service or publications;

o  request marketing to be sent to you; or

o  give us feedback or contact us.

·      Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy for further details.

·      Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:

·      Technical Data from the following parties:

o  analytics providers such as Google based outside the UK;

o  advertising networks such as Google ads and Facebook; and

o  search information providers based outside the UK.

·      Contact, Financial and Transaction Data from providers of technical, payment and delivery services, whom all have their own privacy policy.

·      Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.

How and why we use personal data

Under data protection law, we can only use your personal data if we have a proper reason, e.g.:

·      you have given consent—where we need your consent, we will ask for it separately of this privacy policy and you can withdraw consent at any time;

·      to comply with our legal and regulatory obligations;

·      to fulfil our contract with you or take steps at your request before entering into a contract; or

·      for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests.You have the right to object to processing based on legitimate interests. We must then stop the processing unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms or the processing is required to establish, exercise or defend legal claims.

The below explains what we use your personal data for and why:

Where we process special category personal data (see above ‘Key terms’), we will also ensure we are permitted to do so under data protection laws, e.g.:

·      we have your explicit consent;

·      the processing is necessary to protect your(or someone else’s) vital interests where you are physically or legally incapable of giving consent;

·      the processing is necessary to establish, exercise or defend legal claims; or

·      the processing is necessary for reasons of substantial public interest.

Marketing

We may use your personal data to send you updates (e.g. by email, text message, telephone, post or social media channels) about our services, including exclusive offers, promotions or new services.

We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you marketing information. Where this is not the case, we will always ask for your consent.

In all cases, you have the right to opt out of receiving marketing communications at any time by:

·      contacting us at hello@sulehub.com

·      using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts/instant messaging; or

·      updating your marketing preferences on our platform.

We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

We will always treat your personal data with the utmost respect and never sell it to other organisations for marketing purposes.

Who we share your personal data with

We routinely share personal data with:

·      companies within our group;

·      third parties we use to help deliver our services to you, e.g. providers of our case management and finance system, IT service providers including cloud service providers such as data storage platforms, shared service centres and financial institutions in connection with invoicing and payments;

·      third party external advisors or experts engaged in the course of providing services to you, e.g. barristers, tax advisors, local counsel and technology service providers;

·      companies providing services for money laundering checks and other crime prevention purposes and companies providing similar services, including financial institutions and credit reference agencies;

·      other third parties we use to help promote our business, e.g. marketing agencies;

·      third parties approved by you, e.g. social media sites you choose to link your account to or third party payment providers.

 

We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We ensure all outsourcing providers operate under service agreements that are consistent with our legal and professional obligations.

 

We or the third parties mentioned above may occasionally also share personal data with:

·      our and their external auditors, e.g.in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations

·      our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations

·      law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations

·      other parties that have or may acquire control or ownership of our business (and our or their professional advisers)in connection with a significant corporate transaction or restructuring, including a merger, acquisition or asset sale or in the event of our insolvency—usually, information will be anonymised but this may not always be possible and the recipient of any of your personal data will be bound by confidentiality obligations.

If you would like more information about who we share our data with and why, please contact us(see ‘How to contact us’ below).

Where your personal data is held

Personal data maybe held at our offices and those of our group companies, third party agencies, service providers, representatives and agents as described above (see ‘Who we share your personal data with’).

Some of these third parties may be based outside the UK. For more information, including on how we safeguard your personal data when this occurs, see below: ‘Transferring your personal data abroad’.

How long your personal data will be kept

We will not keep your personal data for longer than we need it for the purpose for which it was collected or as required by law.

As a general rule, we will keep your personal data for at least seven years from the conclusion of your matter, in case you, or we, need to bring or defend any complaints or claims. However, different retention periods may apply for different types of personal data and for different services.

Following the end of the of the relevant retention period, we will delete or anonymise your personal data.

Transferring your personal data abroad

It is sometimes necessary for us to transfer your personal data to countries outside the UK and EEA.This may include countries which do not provide the same level of protection of personal data as the UK or EEA.

We will transfer your personal data outside the UK and EEA only where:

·      the UK government or European Commission has decided the recipient country ensures an adequate level of protection of personal data (known as an adequacy decision); or

·      there are appropriate safeguards in place (e.g.standard contractual data protection clauses published or approved by the relevant data protection regulator), together with enforceable rights and effective legal remedies for you; or

·      a specific exception applies under data protection law.

You can contact us (see ‘How to contact us’ below) if you would like a list of countries benefiting from a UK or European adequacy decision or for any other information about protection of personal data when it is transferred abroad.

Your rights

You have the following rights, which you can exercise free of charge:

 

If you would like to exercise any of those rights, please:

·      complete a data subject request form; or

·      email, call or write to us—see below: ‘How to contact us’; and

·      provide enough information to identify yourself (e.g.your full name, address and client or matter reference number) and any additional identity information we may reasonably request from you;

·      let us know what right you want to exercise and the information to which your request relates.

Keeping your personal data secure

We have implemented appropriate technical and organisational measures to keep your personal data confidential and secure from unauthorised access, use and disclosure. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.

We require our business partners, suppliers and other third parties to implement appropriate security measures to protect personal data from unauthorised access, use and disclosure.

We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are required to do so.

How to complain

Please contact us if you have any queries or concerns about our use of your personal data (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.

You may also have the right to lodge a complaint with the Information Commissioner (the UK data protection regulator). Please contact us if you would like further information.

Changes to this privacy policy

This privacy policy was last updated on 24 January 2024.

We may change this privacy policy from time to time. When we do we will publish the updated version on our website and ask for your consent to the changes if legally required.

Updating your personal data

We take reasonable steps to ensure your personal data remains accurate and up to date. To help us with this, please let us know if any of the personal data you have provided to us has changed, e.g. your surname or address—see below ‘How to contact us’. You can also update your personal data yourself via www.sulehub.com

How to contact us

You can contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.

Our contact details are shown below:

Full name of legal entity: SuLe Hub Limited

Email address: hello@sulehub.com

Postal address: Capital Office, 124-128 City Road,London, United Kingdom, EC1V 2NX