Hay & Kilner privacy notice

We are committed to protecting the privacy and security of your personal information.

Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

When we use your personal data we are regulated under the Data Protection Act 2018 (“DPA”) and the UK General Data Protection Regulation (“UK GDPR”) which applies in the United Kingdom and we are responsible as ‘controller’ of that personal data for the purposes of the UK GDPR. Our use of your personal data is subject to your instructions, the UK GDPR, the DPA, other relevant legislation, and our professional duty of confidentiality.

  • Key terms

    Please familiarise yourself with the following key terms:

    We, us, our, Hay & Kilner
    Hay & Kilner LLP, a limited liability partnership incorporated and registered in England and Wales with registered number OC418767 whose registered office is at The Lumen, St James’ Blvd, Newcastle Helix, Newcastle upon Tyne, NE4 5BZ

    Our data protection officer
    Ben Jackson

    Personal data
    Any information about an individual from which that person can be identified

    Special category personal data
    Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, data concerning health, sexual orientation, or details of criminal offences

  • Personal data we collect about you

    The personal data we will or may collect in the course of advising and/or acting for you.

    Personal data we will collect

    • Your name, address and telephone number
    • Information to enable us to check and verify your identity and to comply with our anti–money laundering obligations e.g. your date of birth or passport details
    • Electronic contact details e.g. your email address and mobile phone number
    • Information relating to the matter in which you are seeking our advice or representation
    • Information to enable us to undertake a credit or other financial checks on you
    • Your financial details so far as relevant to your instructions e.g. the source of your funds if you are instructing on a purchase transaction or to enable us to comply with our anti-money laundering and other obligations

    Personal data we may collect depending on why you have instructed or contacted us

    • Your National Insurance and tax details
    • Your bank and/or building society details
    • Details of your spouse/partner, dependants or other family members, and beneficiaries or trustees e.g. if you instruct us on a family matter or a Will or other matters requiring these details
    • Your employment status and details including salary and benefits e.g. if you instruct us on matter in which your employment status or income is relevant
    • Your nationality and immigration status and information from related documents, such as your passport or other identification, and immigration information e.g. if this information is required as part of our anti-money laundering checks
    • Details of your pension arrangements e.g. if you instruct us in relation to financial arrangements following breakdown of a relationship, Wills/administration of Estates and other matters where such information is relevant
    • Your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances (including relevant special category personal data) e.g. if you instruct us on matter related to your employment or in which your employment records are relevant or if we are acting for you in a clinical negligence or personal injury claim to calculate loss
    • Your trade union membership e.g. if we are acting for you in a clinical negligence or personal injury claim and we need to determine what funding is required
    • Your medical records e.g. if we are acting for you in a clinical negligence or personal injury claim or in certain circumstances where our family team are acting for you or if we need to establish whether a client has capacity
    • Your criminal records e.g. if our crime team are acting for you or if it is otherwise relevant to your instructions
    • Information about your use of our IT, communication and other systems, and other monitoring information e.g. if using our secure online client portal, or when you visit our website
    • Details of your professional online presence e.g. LinkedIn profile
    • Information relating to details of your visits to our premises including CCTV footage
  • How your personal data is collected

    We will collect most of the above information directly from you. The circumstances in which we may collect personal data about you include:

    • when you or your organisation seek legal advice from us or use any of our online client services;
    • when you correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us;
    • when you or your organisation browse, complete a form or make an enquiry or otherwise interact on our website or other online platforms;
    • when you or your organisation offer to provide, or provides, services to us; and
    • when you attend our seminars or other events or sign up to receive personal data from us, including training.

    We may also collect information:

    • from publicly accessible sources e.g. Companies House or HM Land Registry;

      • directly from a third party e.g.:
        • online anti-money laundering check providers;
        • sanctions screening providers; and
          -- - credit reference agencies;
    • from a third party e.g.

      • your bank or building society, another financial institution or advisor;
      • consultants and other professionals we may engage in relation to your matter;
      • your employer and/or trade union, professional body or pension administrators; and
      • your doctors, medical and occupational health professionals;
    • via our website—we use cookies on our website (for more information on cookies, please see the section headed “Cookies” at the end of this Privacy Notice);

    • via our information technology (“IT”) systems e.g.:

      • case management, document management and time recording systems; or
      • automated monitoring of our websites and other technical systems, such as our computer networks and connections, communications and email systems.
  • Information about other people

    Should you provide information to us about any person other than yourself, such as your employees, your suppliers, or your counterparties you must ensure that such third parties have been informed and understand how their personal data will be used and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.

  • How and why we use your personal data

    We may use your personal data only for the following purposes:

    • to register you as a client of Hay & Kilner and provide legal services to you;
    • to administer our relationship with you, including processing payments,
    • accounting, auditing, billing and taking other steps linked to the performance of our business relationship;
    • to carry out background checks, where permitted;
    • compliance with our legal obligations, including maintaining records, compliance checks or screening and recording (e.g. anti-money laundering, financial and credit checks, fraud and crime prevention and detection, which may include automated checks of personal data you provide about your identity against relevant databases). Any personal data received from the client in order to comply with the UK Money Laundering Regulations will only be processed for the purpose of preventing money laundering or terrorist financing unless such processing is permitted by law or the client consents to any alternative use of the data.
    • gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies including external audits and quality checks for Lexcel or ISO and the audit of our accounts;
    • to analyse and improve our services and communications and to ensure business policies are adhered to e.g. policies covering security and internet use;
    • to manage access to our premises and for security purposes;
    • to protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
    • for credit reference checks via external credit reference agencies;
    • for insurance purposes;
    • to exercise or defend our legal rights, or to comply with court orders;
    • for any other purposes related and/or ancillary to any of the above or any other purposes for which your personal data was provided to us;
    • for statistical analysis to help us manage our practice e.g. in relation to our financial performance, client base, work type or other efficiency measures;
    • to communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our, events and initiatives;
    • to send you details of client surveys and marketing campaigns; and
    • to collect information about your marketing preferences to personalise and improve the quality of our communications with you.

    Under data protection law, we can only use your personal data if we have a reason for doing so. We may process your personal data in connection with any of the purposes set out above on one or more of the following legal grounds:

    • for the performance of our contract with you or to take steps at your request before entering into a contract;
    • to comply with our legal and regulatory obligations;
    • because our legitimate interests, or those of a third party recipient of your personal data, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms;
    • where you have given consent; or
    • in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings.
    • Please note a legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

    Special Category Personal Data

    This includes personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, data concerning health, sexual orientation, or details of criminal offences. We will only process such data if it is necessary in relation to the matter on which we are advising you and where we have a legal basis in addition to those set out above.When processing Special Category Personal Data, we must identify two lawful bases for processing Special Category Data:

    1. A lawful basis under Article 6 of the UK General Data Protection Regulation –this is ordinarily the performance of our engagement letter with you.

    2. A lawful basis under Article 9 of the UK General Data Protection Regulation -this is ordinarily because the processing of such data is necessary for theestablishment, exercise or defence of legal claims. “Legal claims” in thiscontext is not limited to current legal proceedings and also includesprocessing necessary for actual or prospective court proceedings; obtaininglegal advice; or establishing, exercising or defending legal rights in any otherway. Where this is relevant, we will issue a separate short form notice aboutour processing of your Special Category Data.

  • Failure to provide information

    Where we are required by law to collect personal data or in order to perform a contract we have with you or process your instructions and you fail to provide such information when requested, we may be unable to process your instructions or perform the contract we have with you. If so, it may be necessary for us to cancel the contract you have with us. We will, however, notify you of this at the relevant time.

  • Promotional communications

    We may use your personal data to send you updates (by email, telephone or post) about legal developments that might be of interest to you and/or information about our services, including seminars or new services or products.

    We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.

    We will always treat your personal data with the utmost respect.

    You have the right to opt out of receiving promotional communications at any time or to update your marketing preferences. If you wish to update your marketing preferences, contact Sophie Millington at sophie.millington@hay-kilner.co.uk; or use the ‘unsubscribe’ link in emails.

    We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

  • Who we share your personal data with

    We routinely share personal data with:

    • professional advisers whom we instruct on your behalf or to whom we refer you or from whom you have been referred to us e.g. counsel, medical professionals, accountants, tax advisors, agents or other experts;
    • local and national law enforcement officials and the Court;
    • other third parties where necessary to carry out your instructions, e.g. your mortgage provider or HM Land Registry in the case of a property transaction or Companies House;
    • the Office of the Public Guardian;
    • HM Revenue & Customs;
    • credit reference agencies and with companies providing services for money laundering and terrorist financing checks and other fraud and crime prevention purposes;
    • our insurers and brokers;
    • external auditors and regulatory bodies, e.g. in relation to our ISO, Lexcel or Conveyancing Quality Scheme accreditations;
    • our auditors;
    • our bank; and
    • external service suppliers, representatives and agents that we use to make our business more efficient including providers of IT services, PR agencies, offsite storage of computer data, maintenance of office machines, telephone and call recording services, photocopying, storage of completed files and shredding of confidential documents.

    We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.

    We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

  • Where your personal data is held

    Information may be held at our offices, with third party agencies or with service providers as described above (see ‘Who we share your personal data with’).

    Some of these third parties may be based outside the United Kingdom. For more information, including on how we safeguard your personal data when this occurs, see below: ‘Transferring your personal data out of the UK’.

  • How long your personal data will be kept

    We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. We will keep your personal data after we have finished advising or acting for you. We will do so for one of these reasons:

    • to respond to any questions, complaints or claims made by you or on your behalf;
    • to show that we treated you fairly; and/or
    • for the purposes of satisfying any legal, accounting, or reporting requirements.

    To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

    If you want to learn more about our specific retention periods for your personal data established in our retention policy you may contact us at ben.jackson@hay-kilner.co.uk.

    When it is no longer necessary to retain your personal data, we will delete or anonymise it.

  • Transferring your personal data out of the UK

    To deliver services to you, it is sometimes necessary for us to share your personal data outside of the UK e.g.:

    • with service providers or advisers located outside the UK;
    • if you are based outside the UK; or
    • where there is an international dimension to the matter in which we are advising you.

    These transfers are subject to special rules under data protection law.

    We will ensure any such transfer complies with data protection law and all personal data will be secure. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal information.

    If you would like further information please contact our Data Protection Officer (see ‘How to contact us’ below).

  • Your rights

    You have the following rights, which you can exercise free of charge in most cases:

    The right to be provided with a copy of your personal data

    The right to require us to correct any mistakes in your personal data

    To be forgotten
    The right to require us to delete your personal data—in certain situations

    Restriction of processing
    The right to require us to restrict processing of your personal data—in certain circumstances e.g. if you contest the accuracy of the data

    Data portability
    The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party

    To object
    The right to object:
    — at any time to your personal data being processed for direct marketing;
    — in certain other situations to our continued processing of your personal data e.g. processing carried out for the purpose of our legitimate interests.

    If you would like to exercise any of those rights, please:

    • email, call or write to our Data Protection Officer—see below: ‘How to contact us’; and
    • let us have enough information to identify you (e.g. your full name, address and client or matter reference number);
    • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
    • let us know what right you want to exercise and the information to which your request relates.
  • Right to withdrawer consent

    If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent. If you wish to do so, please contact us or “unsubscribe” to any marketing e-mail we send to you, where relevant.

    Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our legal services.

  • Keeping your personal data secure

    We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

    We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

  • Updating your personal information

    We are committed to maintaining the accuracy of the personal data we process. If any of the personal data that you have provided to us changes or if you become aware that we are processing inaccurate personal data about you, please get in touch. We will not be responsible for any losses arising from any inaccurate or incomplete personal data provided to us by you.

  • How to complain

    We hope that we can resolve any query or concern you may raise about our use of your information.

    The UK GDPR also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.

  • Changes to this privacy notice

    This privacy notice was last updated on 5th October 2023.

    We may change this privacy notice from time to time.

  • Cookies

    A cookie is a small piece of data that websites store on your computer. Some cookies only exist whilst you remain on the site and are erased when you close your browser; these are known as session cookies. Others remain on your machine between sessions allowing us to recognise you when you return to the site; these are known as persistent cookies.

    Session Cookies
    We use these to improve your user experience. For example, a cookie is stored when a form has been submitted but contains errors. The correct information submitted is stored temporarily so that the user does not have to repeat themselves.

    Persistent Cookies
    We use these to remember who you are. For example, we store a cookie allowing us to automatically log you in on your return. We also like to keep track of how many different individuals are visiting our site each day; again this requires a cookie to be stored on each user’s machine.

    You can enable or disable cookies by modifying the settings in your browser. You can find out how to do this, and find more information on cookies, at: www.allaboutcookies.org.

  • How to contact us

    Please contact our Data Protection Officer by post or email if you have any questions about this privacy notice or the information we hold about you.

    Our contact details are shown below:

    Ben Jackson, Data Protection Officer

    Hay & Kilner LLP
    The Lumen, St James’ Blvd., Newcastle Helix,
    Newcastle upon Tyne, NE4 5BZ

‘Hay & Kilner’ and ‘Hay & Kilner Law Firm’ are both trading names of Hay & Kilner LLP, a limited liability partnership registered in England & Wales with registered number OC418767. Our registered office is at The Lumen, St James' Boulevard, Newcastle Helix, Newcastle upon Tyne NE4 5BZ and we are authorised and regulated by the Solicitors Regulation Authority (Authorisation number 643191). We use the word ‘partner’ to refer to a member of Hay & Kilner LLP. A list of the members is available at our registered office.