Sterling LawBack to home

Privacy Policy (Pending approval)

Last updated: 4 June 2026

1. Introduction

Sterling Law is committed to protecting your privacy and handling your personal data transparently and responsibly. This Privacy Policy explains what data we collect through this settlement agreement review service, why we collect it, how it is processed, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully. By using our website or booking a call with us, you acknowledge that you have read and understood the practices described here.

2. Who we are

Sterling Law (sterling-law.co.uk) is a Legal 500 recognised law firm authorised and regulated by the Solicitors Regulation Authority (SRA No. 630147), and is the data controller responsible for your personal data.

Data Controller: Sterling Law, Temple Chambers, 3-7 Temple Avenue, London, EC4Y 0DT
Contact: oleksandr.t@sterling-law.co.uk ·

3. Data we collect

3a. Information you provide

When you book a call or otherwise get in touch about a settlement agreement review, we collect:

  • Identity and contact data: your name, email address, and phone number.
  • Appointment data: the date and time of your booking and any notes you provide when booking an onboarding call or solicitor consultation.
  • Matter information: details of your situation and any documents you choose to share with us (for example, your settlement agreement, employment contract, or identification) so that we can advise you.

3b. Technical and usage data

Collected when you visit our website, subject to your cookie choices:

  • IP address — collected server-side on form submission
  • Browser user agent — device and browser type
  • UTM parameters — marketing attribution data from the URL (utm_source, utm_medium, utm_campaign, utm_term, utm_content), stored in sessionStorage and a short-lived cookie
  • Google Analytics client ID — extracted from the _ga cookie to link your form submission with your browsing session in GA4 reports
  • Conversion IDs — unique identifiers generated at form submission to deduplicate conversion events across our analytics platforms
  • Page interaction events: scroll depth, CTA clicks, form start, link clicks — tracked via Google Analytics 4

4. How we use your data

  • Responding to your enquiry and arranging and conducting your call.
  • Providing the settlement agreement review and related legal advice if you proceed.
  • Creating and maintaining a record of your enquiry and matter in our case records.
  • Attributing conversions to the correct advertising campaigns
  • Notifying our team internally that a new enquiry or booking has been received.
  • Sending you service-related emails (for example, document requests and booking details).
  • Measuring website performance and, where you consent, advertising effectiveness.
  • Preventing misuse of our website and ensuring its security.
  • Complying with our legal, regulatory, and professional obligations.

5. Analytics and tracking technologies

Analytics and advertising technologies are only initialised after you consent via our cookie banner. Until then, Google Consent Mode keeps analytics and advertising storage denied, so no analytics or advertising cookies are set.

5a. Google Analytics 4 (GA4)

Provider: Google LLC (USA).
GA4 collects data about how visitors use our website, including pages visited, events triggered (e.g. visa page views, CTA clicks, scroll depth, form interactions), and session durations. Data is associated with a persistent _ga cookie containing a randomly generated client ID. UTM campaign parameters are attached to every event to enable source attribution in reports.

Google's privacy policy: policies.google.com/privacy

5b. Advertising

Where we run advertising campaigns, and only after you accept marketing cookies, we may use advertising cookies and tags (for example, Google Ads) to measure campaign performance and for remarketing. These are governed by the marketing option in our cookie banner via Google Consent Mode v2. No advertising cookies are set unless campaigns are active and you have consented.

6. Lead and matter management

Enquiries and bookings are recorded in our own case-management records, hosted on our secure infrastructure, and our team is notified internally (via Slack) when a new enquiry is received. Records may include your name, email, phone number, appointment details, matter notes, workflow status, and timestamps. Document collection for your matter is handled through a separate agreed channel and is not uploaded through this website.

7. Third-party processors and data sharing

We only share your information with third parties when necessary to deliver our service or where legally required. Our current processors are:

  • Google LLC — online appointment scheduling and calendar, and GA4 website analytics (USA; EU SCCs / UK IDTA in place).
  • Slack Technologies (Salesforce, Inc.) — internal notifications to our team (USA; EU SCCs / UK IDTA in place).
  • Resend (Resend, Inc.)— our transactional email provider, used to send you service-related emails (such as document requests and booking details); it processes your email address and the email content. Email is sent from Resend's EU region (Ireland).
  • DigitalOcean — provides the virtual private server, located in London, United Kingdom, on which we self-host our application and database (managed with Coolify). Your case records are stored here, in the UK.
  • Regulators, professional bodies, or authorities — where we are legally required to disclose.

We never sell your personal data to third parties.

8. Legal bases for processing (UK GDPR)

  • Enquiry and booking dataSteps prior to a contract and contractual necessity (Article 6(1)(b)): to respond to your enquiry, arrange and conduct your call, and provide the service if you proceed.
  • Maintaining our case records and internal notifications Legitimate interests (Article 6(1)(f)): keeping accurate records of enquiries and managing client relationships, where not overridden by your rights.
  • Analytics and advertising cookiesConsent (Article 6(1)(a)): only activated after you accept cookies via our banner.
  • Security and prevention of misuseLegitimate interests (Article 6(1)(f)): protecting our website, staff, and clients.
  • Regulatory and professional obligationsLegal obligation (Article 6(1)(c)) and our professional duties as solicitors.
  • Special category data (for example, health or other sensitive details relevant to your matter) — processed only where an Article 9 UK GDPR condition applies, such as the establishment, exercise, or defence of legal claims, or with your explicit consent.

9. Cookies

We use a consent banner for non-essential cookies. If you decline, only strictly necessary functionality remains active and no analytics or advertising cookies are set. You can change your choice at any time using the "Cookie settings" link in the footer.

Essential (always active)

  • sl_cookie_consent — stores your cookie consent choice (browser localStorage; retained until you clear it or the policy version changes).
  • Security and session cookies for our internal admin area, used only by authorised staff.

Analytics (consent required)

  • _ga and _ga_<id> — Google Analytics 4 client and session identifiers, used to distinguish users and sessions (up to 2 years). Set only after you accept analytics cookies.

Advertising (consent required)

  • Advertising cookies (for example, Google Ads) for conversion measurement and remarketing. Set only where campaigns are active and you accept marketing cookies.

10. International data transfers

Your case records are stored on our server in the United Kingdom. Service-related email is processed within the EU/EEA (Ireland), which is covered by the UK's adequacy regulations. Some processors — including Google and Slack — are based in the United States; for those we rely on appropriate safeguards such as UK International Data Transfer Agreements (UK IDTAs) or Standard Contractual Clauses (SCCs), in accordance with UK GDPR Article 46.

11. Data retention

  • Enquiry and matter records: retained for as long as necessary to provide our services and to meet our legal, regulatory, and professional retention obligations
    [The firm's specific retention period to be confirmed].
  • Documents you share: retained in line with your engagement and applicable regulatory requirements
    [The firm's specific retention period to be confirmed].
  • GA4 analytics data: up to 14 months (Google's default retention setting).
  • Server logs (IP address, user agent): 90 days.

12. Data security

  • All data is transmitted over HTTPS (TLS encryption).
  • Access to our case records and admin area is restricted to authorised personnel.
  • We apply appropriate technical and organisational measures to protect your data.
  • We conduct regular reviews of our data processing practices and third-party processor agreements

13. Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Right of access (Article 15): request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17): request deletion where there is no lawful basis for continued processing.
  • Right to restrict processing (Article 18): ask us to limit how we use your data while a dispute is resolved.
  • Right to data portability (Article 20): receive your data in a structured, machine-readable format.
  • Right to object (Article 21): object to processing based on legitimate interests.
  • Right to withdraw consent:withdraw analytics/advertising consent at any time via "Cookie settings" — this does not affect the lawfulness of prior processing.

To exercise any of these rights, contact us at oleksandr.t@sterling-law.co.uk. We will respond within 30 days.

14. Complaints

If you are unhappy with how we handle your data, please contact us first so we can try to resolve it. You also have the right to complain to the UK Information Commissioner's Office (ICO):

15. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be indicated by an updated "Last updated" date at the top of this page. We encourage you to review this policy periodically.

16. Contact us

For any questions about this Privacy Policy or your personal data: