Privacy Policy
This is an important page and we ask that you read it carefully and raise any questions or concerns you may have on the content with the SH&P contact referred to below.
In the course of our business we collect personal data relating to clients of the firm, professional contacts and service providers. We take our responsibilities in relation to such data very seriously and understand the importance of this issue to the individual.
SH&P is a data controller for the purposes of the UK General Data Protection Regulation and the Data Protection Act 2018.
‘Personal data’ is any information relating to an identifiable individual or from which an individual can be identified. The following sets out what personal data we may hold in relation to clients of the Firm (or passed to us by clients of the Firm in relation to their clients) and how it is handled.
What personal data do we have?
- Name & address, telephone number, email address and position
- Government Identification Documents (in relation to money laundering checks)
- Proof of residential address (in relation to money laundering checks)
- The subject matter on which you instruct us
For users of our online software we hold the following additional personal data:
- Users of MySH&P: Your password to your account
In all cases, the information above is supplied by the client.
Additionally, we may collect personal data via the use of Cookies on our website or in software programs offered through our website. For details of this please see our separate Cookies Policy.
Why do we have the personal data?
We will only hold and use your personal data when the law allows us to. We may process your personal data without your knowledge or consent where this is required or permitted by law. Most commonly, we will use your personal data for the following purposes:
- Performance of contract – where it is necessary for us to process your personal data for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
- Legal or regulatory obligation – to comply with a legal or regulatory obligation to which we are subject, for example carrying out anti-money laundering checks;
- Legitimate interest – where it is in our legitimate interests or that of another third party. We will always make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law);
- Consent – generally we do not rely on consent as a legal basis for processing your personal data. If we do, you can withdraw your consent at any time.
Set out below is the personal data we may hold on you and the legal basis for having and using it:
| The data we may have | The legal basis |
| Name & address, telephone number, email address and position | To fulfil the Contract for Services we have with you or to act on a request from you prior to entering into a contract. |
| Government identification document | To comply with our legal obligations under the money laundering regulations. |
| Proof of residential address | To comply with our legal obligations under the money laundering regulations. |
| The subject matter on which you instruct us or request advice or assistance | To fulfil the Contract for Services we have with you or to act on a request from you prior to entering into a contract. |
Additional data for users of our online software
| The data we may have | The legal basis |
| Users of MySH&P: Account password | To fulfil the Contract for Services we have with you or to act on a request from you prior to entering into a contract. |
As part of the contract for services we have with you we will endeavour to notify you of changes in the law affecting your intellectual property or related to advice we have given you in relation to intellectual property which might require action by you or be of interest in terms of strategy or future decisions on such matters. Similarly, we may notify you of any offers we may make in relation to service charges or any new intellectual property service we may introduce which may be of interest to you. To do this, we may use your personal data as described above.
Regarding communications which are exclusively for the purpose of marketing or promotion you have the right to opt out of receiving them at any time by:
- Emailing us at clientcare @ shandp.com stating ‘opt out’ in the subject matter, or
- Using the “unsubscribe” option in the relevant communication
Who do we share your personal data with?
In certain circumstances, we may have to share your personal data to fulfil our contractual obligations to you in relation to your intellectual property, because a dispute has arisen between us or because we are obliged to do so in law. In all cases, the data supplied is only that necessary to fulfil the purpose. In selecting third parties to act on your behalf we only use individuals or organisations known to or recommended to us and so long as we are satisfied that they take appropriate measures to protect your personal data. The external bodies/persons with whom we might share your personal data under the circumstances described are:
- National and International bodies set up to register, administer or enforce intellectual property rights.
- Overseas attorneys whom we appoint to act in relation to your intellectual property.
- Other members of the legal profession appointed by us (with your consent) to act on your behalf.
- Other individuals or organisations to solicit evidence or assistance in relation to a particular case.
- Our communications services providers.
- The Firm’s solicitors (in case of dispute).
- Our insurers.
- Government law enforcement bodies.
- Professional regulatory bodies.
There are others who may have access to the personal data we hold electronically, incidental to maintaining our systems and software or facilitating payment for services on our behalf. These will be:
- Our IT service providers.
- Our software developers.
These service providers have access to our systems only to the extent necessary to perform their contractual obligations to us. We require all our service providers to respect the security of your personal data and to treat it in accordance with the law and the terms of the contract we have in place with them. We do not allow them to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will not disclose or sell your personal data to any other third parties for marketing purposes.
Sharing your personal data outside the UK
Some of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of personal data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is in place:
- We may transfer your personal data to countries that have been granted an adequacy regulation by the UK Secretary of State confirming that the country in question provides an adequate level of protection for personal data (for example, the European Economic Area countries); or
- We may use the UK approved International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses to ensure that personal data is adequately protected.
We may otherwise rely on a specific exception applicable under data protection law.
Please contact us (see “Your SH&P Contact” below) if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
Where is the personal data stored and How is it secured?
The personal data referred to above is held at our offices and the offices of the third parties referred to under “Who Do We Share Your Data With?” above.
The data held by SH&P is kept on hard copy files and in password protected electronic files and record systems. Access at SH&P is limited to those who need it in order to fulfil our service obligations to you. Our staff have been made aware of the importance of personal data and the Firm’s obligations under the GDPR and other relevant data protection legislation.
The SH&P IT systems are protected by a firewall at the perimeter and anti-virus, anti-malware and content filtering software. Our systems are backed up to The Cloud via a leading cloud service provider at a certified managed hosting location.
Sensitive personal data, e.g. photo identification and proof of residential address is kept separately by a Partner of the Firm in hard copy only in a secure location.
For information on the security of personal data that we share with third parties please see “Who Do We Share Your Personal Data With?” and “Sharing Your Personal Data Outside The UK” above.
How long do we keep it?
Subject to the points below we will retain your personal data for so long as you are a client of the Firm or the contact for a client of the Firm. This will include the lifetime of any intellectual property you own where we remain responsible for maintenance and record keeping.
We may keep your personal data for a period after that described above in order to respond to any questions or complaints from you or your representatives regarding the nature and quality of the services provided by us for you or to comply with any legal obligations regarding the retention of records. During this period the personal data will be retained only for these purposes.
When it is no longer necessary to keep your personal data for any of the reasons described above we will delete it.
Please also see the section ‘Your rights’ below.
Your rights
You have certain rights in relation to your personal data. In addition to the right to be informed about the personal data we hold and the use we make of it (as described in this Privacy Policy) you are also entitled within certain parameters to:
- Access the personal data we hold
- Rectify inaccurate or incomplete personal data we hold
- Request deletion of the personal data we hold (in certain circumstances)
- Restrict processing of personal data (in certain circumstances)
- Obtain and reuse the personal data that we hold (in certain circumstances)
- Object to the processing of your personal data (in certain circumstances)
- Prevent automated individual decision making and profiling (in certain circumstances)
For further information on these rights please contact us (see “Your SH&P Contact” below) or refer to the UK Information Commissioner’s Office (ICO) website.
Should you wish to exercise any of the rights referred to above please contact us (see “Your SH&P Contact” below)
Your SH&P contact for privacy
If you have any questions or concerns regarding this Policy please contact the Partner responsible for data protection within the Firm as follows:
Camille Bates
Stevens Hewlett & Perkins
First Floor
St Bartholomew’s House
Bristol BS1 2NH
United Kingdom
Email: cbates @ shandp.com
Complaints
How we handle complaints is set out on our Complaints policy page.
If you have made a complaint to us about how we handle your personal information that we have not been able to resolve, you have the right to complain to the ICO.
Updated 2nd March 2026
