Please read the Policy carefully to understand our views and practices regarding your personal data and how we will treat it.
1. Key terms
“Harris Hagan”, “we”, “us” or “our” means Harris Hagan of 6 Snow Hill, London, EC1A 2AY.
“Personal data” means information about individuals (including you), and information from which such individuals could be identified.
“You” means any individual whose personal data we process, including Harris Hagan clients, other solicitors, suppliers and business contacts.
2. Purpose of the Policy
This website is not intended for children and we do not knowingly collect data relating to children.
3. Who we are
The Website is operated by Harris Hagan of 6 Snow Hill, London, EC1A 2AY.
Harris Hagan is authorised and regulated by the Solicitors Regulation Authority (SRA ID: 401231) whose rules can be found at http://www.sra.org.uk/solicitors/handbook/code/content.page.
4. Information controller
The data controller is Harris Hagan. We are registered as a data controller at the Information Commissioner’s Officer (“ICO”) with registration number Z8670569: https://ico.org.uk/ESDWebPages/Entry/Z8670569
Our nominated representative is John Hagan. If you have any questions about this Policy, please contact us in the following ways:
Post: Harris Hagan, 6 Snow Hill, London, EC1A 2AY
Telephone: 020 7002 7636
5. Third party links
The Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.
6. Data we may collect about you
We may collect, use, store and transfer different kinds of personal data about you, summarised as follows:
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account details.
- Identity Data includes first name, maiden name, last name or similar identifier, marital status, title, date of birth and gender.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Usage Data includes information about how you use our website, products and services.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
7. How we may use your personal data
We are only allowed to use personal information about you if we have a legal basis to do so, and we are required to tell you what that legal basis is. This includes when we share your information with third parties. This may only be done in one or more of the following circumstances:
- where we need to fulfil a contract we have with you; or
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
- where we need to comply with a legal obligation.
A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us.
8. Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways which we plan to use your personal data, and of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground which we are relying on to process your personal data, where more than one ground has been set out in the table below.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new client||
|To manage our client relationship with you||
|To develop and carry out marketing activities||
|To communicate with you about our services||
|To manage relationships with our suppliers||
|To manage payments and recovery money owed to us||
|To run our firm in an efficient and effective way||
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||
|To use data analytics to improve our website, products/services, marketing, client relationships and experiences||
9. Disclosure of your personal data
We may share your personal data with the parties set out below for the purposes set out in the table above in section 9:
- agents and advisers we use;
- the Gambling Commission and other regulators or licensing authorities;
- companies, organisations and individuals that we introduce you to;
- any party linked with you or your business;
- companies, organisations and individuals that you ask us to share your information with;
- to our bankers to the extent necessary to comply with anti-money laundering and terrorist financing legislation;
- marketing companies who help us manage our electronic communications with you;
- third party organisations that provide IT services to us.
You can find details of how these third parties use your personal information by looking at their privacy policies, all of which should be available on the relevant websites, or on request.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
10. International transfer
We will only send your data outside the European Economic Area (“EEA”) to:
- follow your instructions to us to do so;
- comply with a legal duty;
- work with our agents and advisers who we use to help provide our services to you.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us if you require further information on the specific mechanism used by us when transferring your personal data out of the EEA.
11. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
12. Data retention
We will keep your personal information for as long as you are our client.
After you stop being a client, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for one or more of the following reasons:
- to respond to any questions or complaints from you;
- to maintain our client records;
- to comply with laws and rules applicable to us;
- to determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In respect of personal data which we receive and process in order to comply with our legal duties to prevent money laundering and terrorist financing, we are required by law to retain such personal data for a period of five years from the end of the matter we are handling for you or from the date upon which you cease to be our client. In most cases we will retain the personal data for six years from the completion of the matter, but we may do so for longer if necessary.
Where you have asked us not to send you direct marketing, we keep a record of that fact to ensure we respect your request in future.
We may use your personal information to tell you about relevant services.
We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest to do so.
You can ask us to stop sending you marketing messages at any time – you just need to contact us, or use the opt-out links on any marketing message sent to you.
14. Your legal rights
Under certain circumstances, your personal data rights are:
- your right to be informed if your personal data is being used;
- your right to get copies of the personal data we hold about you;
- your right to get your data corrected;
- your right to get data deleted;
- your right to limit how we use your data;
- your right to get personal data from us in a way that is accessible;
- your right to object to the use of your data;
- your rights relating to decisions being made about you without human involvement; and
- your right to raise a concern.
There are exceptions to these rights, particularly if we are processing your personal data for the purpose of providing legal advice to our clients, your rights may be limited.
If you wish to exercise any of the rights set out above, please contact our Managing Partner, John Hagan. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
For more details regarding your personal data rights, please visit the ICO’s website: https://ico.org.uk/your-data-matters/
You also have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues:
Telephone: 0303 123 1113
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
We keep the Policy under regular review.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Last updated 28 January 2020