Privacy Policy

We have re-written our privacy policy in order to ensure we follow best practice in protecting your privacy and comply with the EU’s General Data Protection Regulation (GDPR). Here you can find out about what data we collect, what we do with it and what you can ask us to do with your data.

What have we changed because of GDPR?

We have re-written this privacy policy in order to explain things better and we have also stopped collecting some personal data that we did not need about the job and organisation of Free Movement members. We have also implemented better ways for our users to request their data or request that we delete data and have added clear check boxes to comment forms.

We have deleted historic user data and website submissions that we no longer require.

We have implemented (or at least tried to) a “consent first” approach to placing cookies on your computer before you access our website. This wasn’t as easy as it sounds because our website uses off the shelf software and a lot of functions rely on placing information on a visitor’s website.

We have always taken privacy and data security seriously. We use a reputable hosting service called WP Engine to protect users against server-level data breaches and we have been using default encrypted SSL certificated https connections for several years to protect user privacy. Our email list has always been “double opt in”, requiring subscribers to explicitly agree for us to use their email address for correspondence.

Who are we?

SH Solicitors is a Law firm that specialises in Immigration & Family Law which was first established by Shahbon Hussain (Director/ Solicitor) in August 2013.  He can be contacted on or on his personal number 07791353378 if you have any queries.

Who is the data controller?

The data controller is Shahbon Hussain

SH Solicitors has a number of employees, but a contractor who works externally who is trained in GDPR compliance and who accesses and amends user data. The website deputy editor is also trained in GDPR compliance and has access to user data.

The contractor and web designer, have agreed to comply with GDPR requirements.

Authors and contributors to the site do not have access to user data.

Who are our data processors?

We use a number of services to handle and process user data. These are considered data processors:

– Mailchimp, a reputable email list provider service we use to manage most of our outgoing emails. Mailchimp stores and processes your email address, email preferences and name if you provide it (you do not have to).

– Optinmonster, software that helps users subscribe to our emails.

– Google, specifically Google Analytics. We use Google Analytics to assess how users find and then use our website so that we can improve our service.

– Akismet, software that prevents spam comments from being posted by monitoring spam source IP addresses.

– Xero, accounting software used for billing and also for collating financial information for accounting purposes. Colin’s accountant has access to the information stored in Xero in order to prepare accounts.

What data do we collect and why?

We collect data differently depending on how you interact with our website.

All website visitors

Like most website operators, we collect non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Our purpose in collecting non-personally identifying information is to better understand how our visitors use our website so that we can better meet user needs and expectations.

We regularly look at internal reports on what people are reading on our website so we know what is popular, where people find out about our website (known as the referral source) and how people then use the website once they arrive. From time to time, we may release non-personally-identifying information in aggregate, for example by publishing a report on trends in the usage of our website.

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. We attempt to collect explicit consent to place a cookie on your computer.

We use cookies on our website to:

  • Store your login details if you select the “remember me” option when logging in
  • Deploy pop ups using a service called Optinmonster, which we use to make it easier for website visitors to subscribe to our emails.

If you interact with our website and services further we will collect more information from you, but only with your consent.

Website commenters

Obviously, the point of leaving a public comment on one of our blog posts is for it to be publicly seen and available. To achieve this, we store your comments including email address, name (if providers), comment content and your IP address at the time of making the comment. The IP address data is used to prevent spam comments being posted, which can be a huge problem on blogs. None of us want to see more Viagra adverts. Without the IP address data we would have to stop accepting comments, basically.

We use an unchecked “tick box” to ensure we have your consent.


If you enter your email into one of our pop-ups or email collection boxes we will always email you back to confirm before adding you to our mailing list. Only if you confirm that you want to receive emails from us will we start emailing you.

We store your email address and also track which of our emails you open and what links you click in our emails. We give you some choices about what type of emails to receive from us and how often and we store your preferences. The data is securely stored on our behalf by Mailchimp but we occasionally take backups of 

How do we store your data?

We store your personal data in two ways:

  • Firstly, on our website servers. These are secure servers and your data is send to us securely via SSL encryption
  • Secondly, we store some backups of data which is monitored by our contractor. These computers are encrypted and password protected to prevent data theft if the computers themselves were stolen.

We delete local backups when they are replaced by a newer version.

How you can request a copy of your data

You can email us at to request a copy of your personal data.

How you can request that we delete your data

You can email us at  to request data deletion. We will delete as much of your data as we are permitted to: We cannot delete all of your personal data for a period of six years because we are obliged by law to retain this information.