We are committed to protecting the privacy and security of your personal information.
Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
When we use your personal data we are regulated under the General Data Protection Regulation (“GDPR”) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal data for the purposes of the GDPR. Our use of your personal data is subject to your instructions, the GDPR, other relevant UK and EU legislation and our professional duty of confidentiality.
Please familiarise yourself with the following key terms:
We, us, our, Hay & Kilner
Hay & Kilner LLP, a limited liability partnership incorporated and registered in England and Wales with registered number OC418767 whose registered office is at Merchant House, 30 Cloth Market, Newcastle upon Tyne NE1 1EE
Our data protection officer
Any information relating to an identified or identifiable individual
Special category personal data
Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, data concerning health, sexual orientation, or details of criminal offences
The table below sets out the personal data we will or may collect in the course of advising and/or acting for you.
Personal data we will collect
Personal data we may collect depending on why you have instructed or contacted us
Your name, address and telephone number
Information to enable us to check and verify your identity and to comply with our anti–money laundering obligations e.g. your date of birth or passport details
Electronic contact details e.g. your email address and mobile phone number
Information relating to the matter in which you are seeking our advice or representation
Information to enable us to undertake a credit or other financial checks on you
Your financial details so far as relevant to your instructions e.g. the source of your funds if you are instructing on a purchase transaction or to enable us to comply with our anti-money laundering and other obligations
Your National Insurance and tax details
Your bank and/or building society details
Details of your spouse/partner, dependants or other family members, and beneficiaries or trustees e.g. if you instruct us on a family matter or a Will or other matters requiring these details
Your employment status and details including salary and benefits e.g. if you instruct us on matter in which your employment status or income is relevant
Your nationality and immigration status and information from related documents, such as your passport or other identification, and immigration information e.g. if this information is required as part of our anti-money laundering checks
Details of your pension arrangements e.g. if you instruct us in relation to financial arrangements following breakdown of a relationship, Wills/administration of Estates and other matters where such information is relevant
Your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances (including relevant special category personal data) e.g. if you instruct us on matter related to your employment or in which your employment records are relevant or if we are acting for you in a clinical negligence or personal injury claim to calculate loss
Your trade union membership e.g. if we are acting for you in a clinical negligence or personal injury claim and we need to determine what funding is required
Your medical records e.g. if we are acting for you in a clinical negligence or personal injury claim or in certain circumstances where our family team are acting for you or if we need to establish whether a client has capacity
Your criminal records e.g. if our crime team are acting for you or if it is otherwise relevant to your instructions
Information about your use of our IT, communication and other systems, and other monitoring information e.g. if using our secure online client portal, or when you visit our website
Details of your professional online presence e.g. LinkedIn profile
Information relating to details of your visits to our premises including CCTV footage
We will collect most of the above information from you. The circumstances in which we may collect personal data about you include:
We may also collect information:
– sanctions screening providers; and
– credit reference agencies;
– your bank or building society, another financial institution or advisor;
– consultants and other professionals we may engage in relation to your matter;
– your employer and/or trade union, professional body or pension administrators; and
– your doctors, medical and occupational health professionals;
– case management, document management and time recording systems; or
– automated monitoring of our websites and other technical systems, such as our computer networks and connections, communications and email systems.
Should you provide information to us about any person other than yourself, such as your employees, your suppliers, or your counterparties you must ensure that such third parties have been informed and understand how their personal data will be used and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
We may use your personal data only for the following purposes:
Under data protection law, we can only use your personal data if we have a reason for doing so. We may process your personal data in connection with any of the purposes set out above on one or more of the following legal grounds:
Please note a legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
Where we are required by law to collect personal data or in order to perform a contract we have with you or process your instructions and you fail to provide such information when requested, we may be unable to process your instructions or perform the contract we have with you. If so, it may be necessary for us to cancel the contract you have with us. We will, however, notify you of this at the relevant time.
We may use your personal data to send you updates (by email, telephone or post) about legal developments that might be of interest to you and/or information about our services, including seminars or new services or products.
We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect.
You have the right to opt out of receiving promotional communications at any time or to update your marketing preferences by:
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
We routinely share personal data with:
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
Information may be held at our offices, with third party agencies or with service providers as described above (see ‘Who we share your personal data with’).
Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal data when this occurs, see below: ‘Transferring your personal data out of the EEA’.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. We will keep your personal data after we have finished advising or acting for you. We will do so for one of these reasons:
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you want to learn more about our specific retention periods for your personal data established in our retention policy you may contact Ben Jackson.
When it is no longer necessary to retain your personal data, we will delete or anonymise it.
To deliver services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA) e.g.:
These transfers are subject to special rules under European and UK data protection law.
Generally, these non-EEA countries do not have the same data protection laws as the United Kingdom and the EEA. We will, however, ensure the transfer complies with data protection law and all personal data will be secure. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal information, such as European Commission approved standard contractual clauses or if the recipient is part of the “Privacy Shield” which requires them to provide similar protection to personal data shared between the Europe and the US.
If you would like further information please contact our Data Protection Officer (see ‘How to contact us’ below).
You have the following rights, which you can exercise free of charge in most cases:
The right to be provided with a copy of your personal data
The right to require us to correct any mistakes in your personal data
|To be forgotten||
The right to require us to delete your personal data—in certain situations
|Restriction of processing||
The right to require us to restrict processing of your personal data—in certain circumstances e.g. if you contest the accuracy of the data
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party
The right to object:
— at any time to your personal data being processed for direct marketing;
— in certain other situations to our continued processing of your personal data e.g. processing carried out for the purpose of our legitimate interests.
If you would like to exercise any of those rights, please:
If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent. If you wish to do so, please contact us or “unsubscribe” to any marketing e-mail we send to you, where relevant.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our legal services.
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We are committed to maintaining the accuracy of the personal data we process. If any of the personal data that you have provided to us changes or if you become aware that we are processing inaccurate personal data about you, please get in touch. We will not be responsible for any losses arising from any inaccurate or incomplete personal data provided to us by you.
We hope that we can resolve any query or concern you may raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
This privacy notice was published on 22nd May 2018.
We may change this privacy notice from time to time.
A cookie is a small piece of data that websites store on your computer. Some cookies only exist whilst you remain on the site and are erased when you close your browser; these are known as session cookies. Others remain on your machine between sessions allowing us to recognise you when you return to the site; these are known as persistent cookies.
We use these to improve your user experience. For example, a cookie is stored when a form has been submitted but contains errors. The correct information submitted is stored temporarily so that the user does not have to repeat themselves.
We use these to remember who you are. For example, we store a cookie allowing us to automatically log you in on your return. We also like to keep track of how many different individuals are visiting our site each day; again this requires a cookie to be stored on each user’s machine.
You can enable or disable cookies by modifying the settings in your browser. You can find out how to do this, and find more information on cookies, at: www.allaboutcookies.org.
Please contact our Data Protection Officer by post or email if you have any questions about this privacy notice or the information we hold about you.
Our contact details are shown below:
Our Data Protection Officer’s contact details
Hay & Kilner LLP
Merchant House, 30 Cloth Market, Newcastle upon Tyne NE1 1EE