Terms & Conditions

HH Legal Privacy Notice

Introduction

HH Legal is a law firm offering legal services to businesses and individuals.

In order to provide our services and manage our business we collect and manage data from clients and others. We are committed to protecting the privacy rights of individuals. We comply with all aspects of the UK’s data protection legislative framework which includes the European General Data Protection Regulations [GDPR] and the UKs own legislation, as well as other confidentiality obligations which are applicable to us as solicitors.

This Privacy Notice describes the ways in which we collect, manage, store and dispose of data. We will review and update it from time to time.

Does this Privacy Policy apply to you?

This privacy notice has been written for the following categories of people (referred to in this notice as “you”):

This privacy notice does not apply to:

This Notice Covers:-

Data Controller

Your information will be held by HH Legal We have appointed a dedicated Data Protection Officer (DPO) to ensure appropriate oversight of our data processing activities. The DPO is Dominic Weir who is a partner of HH Legal, email: dominicweir@hh-legal.co.uk

Our contact details

Our main office is at;
Newgate House
Jacksons Court
Pontefract
WF8 1NB

Telephone 01977 602804
Our Privacy Officer is Dominic Weir, email: dominicweir@hh-legal.co.uk

Types of Personal Data that we hold:-

The personal information that we collect includes:

If we collect or receive your personal information in the context of our provision of legal services we might receive information from third parties such as your relatives, employer, other parties involved in the services we are providing (e.g. other parties in litigation or transactions) or others such as regulators and authorities. The information we collect will be relevant to the legal services that we are providing to our client and may include special categories of data where lawful for us to process it.

The lawful basis for processing personal information

We rely on the following legal bases to process your personal information:

Performance of a contract Applicable when we need to collect and use your personal information in order to takes steps to enter into a contract with you or to perform our obligations under a contract with you.
Legal obligation Applicable when we need to collect and use your personal information to comply with applicable laws and regulatory requirements.
Legitimate interests We may collect and use your personal information to further our legitimate business interests. We only do this where we are satisfied that your privacy rights are protected satisfactorily. You have a right to object to any processing of your personal information based on this legal basis (see below).
Establishment, exercise or defence of a legal claim This applies where we need to collect or use personal information to enable us to establish, exercise or defend a legal claim of our own or when we are working on matters for our clients or their customers.
Consent We may (but usually do not) need your consent to use your personal information. You can withdraw your consent by contacting us (see below).
Public Interest Although we are not a public body, we do collect and use some personal information where this is necessary to perform tasks that are in the public interests.

Why we collect and process personal information

Why The legal basis
To manage and administer our relationship with our clients and to provide legal and financial advice services to them Performance of a contract
Establishment, exercise or defence of a legal claim
To manage and administer our relationship with customers of our clients and to provide legal and financial advice services to them Legal obligation
Legitimate interests
Establishment, exercise or defence of a legal claim
To undertake background checks on potential clients including checking identity and checks undertaken for anti-money laundering, anti-terrorism reasons, to avoid conflicts of interest, financial and reputational checks. We do not undertake any automated decision making, but we use credit reference and fraud prevention agencies who may do so. Legal obligation
Legitimate interests
Public interest
To assist our clients with obtaining funding and insurance to help them pursue their matters and for sourcing and obtaining financial products Legitimate interests
Consent
To assist our clients (or their customers) to obtain support with their matters from experts counsel, professional advisers and funders Performance of a contract
Legitimate interests
Establishment, exercise or defence of a legal claim
To ensure that we provide excellent standards of client service through our own audit, review and quality assurance checks or by those undertaken by our clients, regulators, auditors, professional advisers and certification bodies Legitimate interests
To manage and administrate our relationships with suppliers of good and services to us Performance of a contract
Legal obligation
Legitimate interests
To make and manage client and supplier payments, including collecting payments due to us Performance of a contract
Legal obligation
Legitimate interests
To look into any complaints or queries Performance of a contract
Legitimate interests
To otherwise carry out the day-to-day operations of our businesses efficiently including managing our financial positions, business capability, planning, communications, corporate governance and audit Legal obligation
Legitimate interests
Public interest
To undertake activities designed to promote and market our services including sending out newsletters, legal updates, holding events and seminars, inviting you to enjoy our hospitality and hosting you, and keeping records of your interests in these activities Legitimate interests
Consent (where legally required)
To undertake on-line marketing activities including using a variety of digital and social media channels Legitimate interests
Consent (where legally required)
To provide “added value” services to our clients Legitimate interests
To train and develop our staff and people who work for us Performance of a Contact
Legal obligation
Legitimate interests
To run our corporate social responsibility programmes Legitimate interests
To prevent and respond to actual or potential fraud or illegal activities Legal obligation
Public interest
To establish, exercise or defend our legal rights or for the purpose of legal proceedings in which we may be involved Establish, exercise or defend legal rights
Processing employment applications Performance of a Contract
Legal obligation
Consent
Billing for our services and obtaining payment Performance of a Contract
Legal obligation
Responding to complaints Compliance with a legal obligation
Meeting our legal and regulatory obligations Compliance with a legal obligation
Improving the functionality of our website. Our legitimate interests in improving the content and performance of our website

Client Relationships and Marketing Activities

We undertake a range of activities designed to provide added value for our clients and business contacts and to build on our already excellent relationships with you.

While we want to keep you fully aware of all of the services we offer, we are keen to ensure that we are not responsible for sending you with unwanted marketing material. We therefore do our best to tailor the information and invites we send out. To do this we store information about your professional and personal interests and communication preferences. We also track your level of engagement with us including via our on-line and digital platforms.

The data protection legislative framework recognises that it is in our legitimate business interests to collect and use personal information for marketing reasons. We do not need your consent to do this lawfully, but we are obliged to inform you that you have a right to object to this. The law also allows us to send marketing communications by electronic means to our existing clients and business contacts without needing consent. Again, you have the right to object to this activity if you wish.

We believe that we can keep information for marketing purposes indefinitely, and keep communicating with you from time to time, until and unless you ask us to stop. When we send you information about the services we offer or invitations to our events, we always include a simple “unsubscribe” option. If you have any difficulty using it or wish to find out more about this activity please contact us.

Where we receive Personal Data from

The personal information hold comes from a variety of sources.

Sharing your personal data

In some limited circumstances we may share data which we collect from you with certain trusted third parties in accordance with contractual arrangements which we have in place or as required by law. These may include – 

We may also be required to share personal information with regulatory authorities, government agencies and law enforcement agencies. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.

We do not sell, rent or otherwise make personal information commercially available to any third party.

Transfers outside the European Economic Area

We do not send personal data outside the EEA as a matter of course. None of the service providers we use to help us run our businesses are based outside of the EEA.

Transfers of personal data outside the EEA can arise where we are acting for individuals or business clients with interests outside the EEA, such as in the following circumstances:

Where we are acting for individual clients that:

Where we are we acting for businesses or organisations that:

If we are required to transfer personal data outside of the EEA, we will ensure that we do so in a legally compliant manner and take steps to ensure the information is protected in the same way as if it was being used in the EEA. If you are affected, you should discuss this with the lawyer acting for you who will explain the particular safeguards that we will put in place.

If you choose not to provide your personal Data

If you choose not to provide us with certain personal data you should be aware that we may not be able to offer you certain services. For example, we cannot act for you unless we are able to check your identity and run anti-money laundering checks.

Retention Periods for Personal Data

Our policy is to not hold personal information for longer than is necessary. We have established data retention timelines for all of the personal information that we hold based on why we need the information. The timelines take into account any statutory or regulatory obligations we have to keep the information, our ability to defend legal claims, our legitimate business interests, best practice and our current technical capabilities. We delete or destroy personal information securely in accordance with the Data Retention Schedule.

How long will we retain your information?

We will usually retain your information as follows.

Type of data Retention period
Client files We need to keep records for a period which varies depending on the nature of a matter but is a minimum of 6 years for regulatory compliance and to ensure our records are adequate for the purposes of obtaining insurance to protect our clients and other parties.
Health records (for example, for personal injury claims) We will destroy these securely at the conclusion of the contract: further copies can be obtained if necessary from the original source.
Employment applications 4 months from the date of conclusion of the application
Human resources 6 years from conclusion of the period of employment
Website data 1 year

Data Security

We are committed to information security and take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us. This is kept under regular review.

Your rights

The data protection legislation provides you with the following rights.

Right to be informed

This Privacy Notice is provided to fulfil our obligation to tell you how we use your information.

Right of access

You are entitled to ask us for a copy of any personal data which we hold relating to you. This right is known as a ‘Subject Access Request’. If you wish to make a Subject Access Request you should contact our Privacy Officer in writing or by email or verbally –

Dominic Weir
Newgate House
Jacksons Court
Pontefract
WF8 1NB

Telephone: 01977 602804
Email: dominicweir@hh-legal.co.uk

We will normally send you a copy of the information within one month of your request. However that period may be extended by two further months where necessary, taking into account the complexity and number of the requests. There is usually no charge; in exceptional circumstances we may charge but will discuss this with you if that applies.

Right to rectification

If the information we hold about you is inaccurate you may contact our Privacy Officer using the contact details above.

Right to erasure

In certain circumstances you may be entitled to ask us to erase your personal data. For further information, please contact our Privacy Officer using the contact details above.

Right to data portability

If you wish to move, copy or transfer the electronic personal data that we hold about you to another organisation, please contact our Privacy Officer using the contact details above.

Right to object

You may also object to your data being used for direct marketing.

You may also object to the continued use of your data in any circumstances where we rely upon consent as the legal basis for processing it.

Where we rely upon legitimate interests as the legal basis for processing your personal data, you may object to us continuing to process your personal data but you must give us specific reasons for objecting. We shall consider the reasons you give us but if we consider that there are compelling legitimate grounds for us to continue to process your data we may continue to do so. In that event we shall let you know the reasons for our decision.

If you wish to exercise your right to object to the use of your data under this section of our Privacy Policy, please contact our Privacy Officer using the contact details above.

Rights related to automated decision making including profiling

You may object to automated decision making, including profiling, by contacting our Privacy Officer using the contact details above.

Complaints

Please let us know if you are unhappy with how we have used your personal information. To notify us of a concern please contact Dominic Weir as above.

You also have the right to complain to the Information Commissioner’s Office. Find out on their website (www.ico.org.uk) how to report a concern.

Changes to this Privacy Notice

This privacy notice was last updated on 2nd December 2020. It will be reviewed periodically and this page updated accordingly.

Cookie Policy

This document outlines how personal information may be collected and used (or not used) on this web site, and outlines responsibilities and liabilities that correspond to such collection and/or use. These terms cover this web site and its content exclusively, and do not include web sites that are linked, or malicious third-parties.

It is our commitment to end users to operate this web site with integrity and honesty – taking the time, effort, and care to protect users and information that may be provided.

Collection of Information

We only collect personal information such as names, addresses, and contact information when it is voluntarily submitted by our users. The information provided is only used to fulfill your specific request, and cannot be used for any other purpose unless permission is given by the individual who provided the information.

Third Parties

We may link to or display content from third parties on our web site. Should a user follow such links they would be leaving this web site and no longer be governed by this privacy policy. This policy and these terms apply only to content existing on this web site.

Cookies and Tracking Technology

This site may use cookies or browser tracking technologies to provide a better overall user experience. This information allows us to continue modifying the site to meet end user browser types, operating systems, and frequency of visits. Personal information cannot be collected by these methods unless expressly provided by the end user. Aggregate cookie and tracking information may be shared with third parties.

What are Cookies?

A “cookie” is a small text file that’s stored on your computer, tablet or phone when you visit a website. Some cookies are deleted when you close down your browser. These are known as session cookies. Others remain on your device until they expire or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you as a returning visitor. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. Alternatively, you can search the internet for other independent information on cookies.

How we use Cookies?

We use cookies (and sometimes other similar technologies) to:

Cookies in use

Cookie Name Cookie Description
wordpress_settings Set by WordPress to identify a specific user and customise their view of the admin interface and main site interface
wordpress_logged_in Set by WordPress – a cookie for a logged in user. It expires when user exits the browser
wordpress_test_cookie Set by WordPress – this session cookie allows us to authenticate logged in administrator users and maintains a manifest of website settings for use across the site. The system will drop a cookie to test the browser being used is able to use cookies
wp-settings-time Set by WordPress to identify a specific user and customise their view of the admin interface and main site interface
_gat Cookies set by Google Analytics and is used to throttle requests and has an expiration of 1-minute
_ga Cookie set by Google Analytics and is used to distinguish users and has an expiration of 2-years
_gid Cookie set by Google Analytics and is used to distinguish users and has an expiration of 24-hours
_gac Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out