Data controller and data processor
With the exception of the Solicitors Regulation Authority logo displayed on the website (as to which see below), the data controller with overall responsibility for deciding how data from the website is collected, used and stored is Colina Greenway Limited (registered in England, company number 7586807), referred to in this notice as “we” or “us”.
We may also act as data processor when you email us personal data using the contact details on the website. This is explained further below.
Our registered office and postal address is Colina Greenway Limited, The Quad, No.9 Journey Campus, Cambridge, CB3 0AX.
If you would like to contact us with any questions, concerns or requests regarding matters covered by this data privacy notice then you should email us at info@colinagreenway.com, putting “data privacy” in the subject line.
Solicitors Regulation Authority Logo
We are required by our regulator, the Solicitors Regulation Authority (“SRA”) to show its clickable logo on our website. The SRA is the data controller in respect of this logo and data collected in relation to it.
The SRA has contracted with a company called Yoshki to implement and maintain the clickable logo. We have no control whatsoever over how the logo operates or what data is collected but the SRA has provided us with the following information about the data it collects from our website.
When you visit our website your IP address is sent to Yoshki so that the SRA logo will load. Yoshki do not log any IP addresses that are sent to their server and so no record of any IP addresses that it receives are kept or used in any way other than to display the logo.
Yoshki uses Google Analytics to provide them with reporting information, including the number of times the SRA logo is hovered over, viewed and clicked. IP addresses are masked and are not stored, written to disc or used further by Google. We understand that Yoshki have confirmed to the SRA that the IP address is stored as 0.0.0.0 for all visitors.
Google Analytics gives Yoshki and the SRA access to the following data:
- which law firm websites have implemented the SRA clickable logo code. This is to help prevent inappropriate usage of the SRA clickable logo and to see which firms have adopted the service
- how many times the SRA clickable logo has been clicked – this is to help manage system performance and to gain insight into usage.
The SRA has advised us that:
- The information they collect is only ever shared between the SRA and Yoshki, to facilitate the SRA logo service; and
- Yoshki does not access, record or store any additional data such as IP addresses, page navigation behaviour, etc.
Data collected from website users
If you simply browse the website then a limited amount of personal data is collected, as follows.
Server logs: Your access to the website is logged on the servers that host it. Information we collect includes IP addresses, browser type, referring/exit pages, platform type and time stamps. This information may be used by trusted third parties, in accordance with our instructions, for administration of the site and to assist in tracing the source of any attack on the website servers. This data will be deleted from the server logs after a maximum of 2 months.
See section above for an explanation of the data collected by the SRA and its supplier Yoshki. We do not have control over or access to any of the data collected by the SRA or Yoshki.
Cookies on this website
Cookies are not set by this website.
How we process data emailed to us from the website
If you email us from the website we will use the data that you send to us, including your email address, any other contact details and details regarding the nature of your request to enable us respond to the query or message that you have sent. For these purposes we are acting as a data processor and we use the data that you have supplied solely to respond with the information that you are seeking.
If we do not form a business relationship with you as a result of your initial email communication we will not use the data you have supplied for any purpose other than responding to any subsequent requests from you (if applicable) or any request from a regulatory authority. We will not use any information that you send to us for marketing purposes unless we have received your express consent to do so. We do not operate any automated decision making processes on personal data we receive.
If following an initial contact using the email address on the website you form a business relationship with us, for example as a client or supplier, then we will process your personal data in line with our more detailed practice data privacy notice, which you can download below.
How we store personal data and how long we keep it.
If you do not form a business relationship with us following your initial contact via the website then we will keep a record of our correspondence for up to six years. Our lawful basis for holding your data is legitimate interests, both ours and yours. Your legitimate interests are served if for example you come back to us at a later date regarding the same issue. Our legitimate interests are in being able to evidence the nature of our correspondence should we receive any complaints or enquiries from a regulatory authority.
We use a third party data processor to host our IT systems, which are cloud-based. Our website is hosted by Clook and our practice management systems by Access UK Limited. Both our third party suppliers are contractually bound to keep your personal data confidential and not to use it for any purpose other than one we authorise. Our third party suppliers maintain best practice standards to ensure data security and both meet ISO27001. All your personal data is stored on servers within the UK.