Harris Hagan respects your privacy and is committed to protecting your personal data. This privacy policy (the “Policy”) describes how Harris Hagan collects and uses your personal data when you visit our website, www.harrishagan.com (the “Website”), why we need your personal data, how we use it and the protections put in place to keep it secure.  Our data processing is performed in accordance with our obligations under the EU General Data Protection Regulation and the Data Protection Act 2018.

Please read the Policy carefully to understand our views and practices regarding your personal data and how we will treat it.

1. Key terms

“Harris Hagan”, “we”, “us” or “our” means Harris Hagan of 6 Snow Hill, London, EC1A 2AY.  

“Personal data” means information about individuals (including you), and information from which such individuals could be identified.

“You” means any individual whose personal data we process, including Harris Hagan clients, other solicitors, suppliers and business contacts.

2. Purpose of the Policy

This privacy policy aims to give you information on how Harris Hagan collects and processes your personal data through your use of this website, including any data which you may provide through this website when you sign up to our blog.

This website is not intended for children and we do not knowingly collect data relating to children.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It is important that you read this privacy policy together with our Terms & Conditions and Cookie Policy or information we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Policy supplements other notices and is not intended to override them.

3. Who we are

The Website is operated by Harris Hagan of 6 Snow Hill, London, EC1A 2AY. 

Harris Hagan is authorised and regulated by the Solicitors Regulation Authority (SRA ID: 401231) whose rules can be found at http://www.sra.org.uk/solicitors/handbook/code/content.page.

4. Information controller

The data controller is Harris Hagan.  We are registered as a data controller at the Information Commissioner’s Officer (“ICO”) with registration number Z8670569: https://ico.org.uk/ESDWebPages/Entry/Z8670569 

Our nominated representative is John Hagan.  If you have any questions about this Policy, please contact us in the following ways:

Post: Harris Hagan, 6 Snow Hill, London, EC1A 2AY

Email: [email protected] 

Telephone: 020 7002 7636

5. Third party links

The Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. 

We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

6. Data we may collect about you

We may collect, use, store and transfer different kinds of personal data about you, summarised as follows:

1. Contact Data includes billing address, delivery address, email address and telephone numbers.
2. Financial Data includes bank account details.
3. Identity Data includes first name, maiden name, last name or similar identifier, marital status, title, date of birth and gender.
4. Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
5. Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
6. Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
7. Usage Data includes information about how you use our website, products and services.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

7. How we may use your personal data

We are only allowed to use personal information about you if we have a legal basis to do so, and we are required to tell you what that legal basis is.  This includes when we share your information with third parties. This may only be done in one or more of the following circumstances:

1. where we need to fulfil a contract we have with you; or
2. where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
3. where we need to comply with a legal obligation.

A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable. 

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us.

8. Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways which we plan to use your personal data, and of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground which we are relying on to process your personal data, where more than one ground has been set out in the table below.

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest
To register you as a new client	Contact Financial Identity Marketing and Communications	Performance of a contract with you Our legitimate interests Our legal duty
To manage our client relationship with you	Contact Financial Identity Marketing and Communications Transaction	Performance of a contract with you Our legitimate interests Our legal duty
To develop and carry out marketing activities	Contact Identity Marketing and Communications Transaction	Our legitimate interests
To communicate with you about our services	Contact Identity Marketing and Communications	Performance of a contract with you Our legitimate interests Our legal duty
To manage relationships with our suppliers	Contact Identity	Our legitimate interests Our legal duty
To manage payments and recovery money owed to us	Contact Financial Identity Transaction	Performance of a contract with you Our legitimate interests
To run our firm in an efficient and effective way	Contact Financial Identity Marketing and Communications Transaction Usage	Our legitimate interests Our legal duty
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	Contact Identity  Technical Usage	Our legitimate interests Our legal duty
To use data analytics to improve our website, products/services, marketing, client relationships and experiences	Technical Usage	Performance of a contract with you Our legitimate interests

9. Disclosure of your personal data

We may share your personal data with the parties set out below for the purposes set out in the table above in section 9:

1. agents and advisers we use;
2. the Gambling Commission and other regulators or licensing authorities;
3. companies, organisations and individuals that we introduce you to;
4. any party linked with you or your business;
5. companies, organisations and individuals that you ask us to share your information with;
6. to our bankers to the extent necessary to comply with anti-money laundering and terrorist financing legislation;
7. marketing companies who help us manage our electronic communications with you;
8. third party organisations that provide IT services to us.

You can find details of how these third parties use your personal information by looking at their privacy policies, all of which should be available on the relevant websites, or on request.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

10. International transfer

We will only send your data outside the European Economic Area (“EEA”) to:

1. follow your instructions to us to do so;
2. comply with a legal duty;
3. work with our agents and advisers who we use to help provide our services to you.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us if you require further information on the specific mechanism used by us when transferring your personal data out of the EEA.

11. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

12. Data retention

We will keep your personal information for as long as you are our client.

After you stop being a client, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for one or more of the following reasons:

1. to respond to any questions or complaints from you;
2. to maintain our client records;
3. to comply with laws and rules applicable to us;
4. to determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In respect of personal data which we receive and process in order to comply with our legal duties to prevent money laundering and terrorist financing, we are required by law to retain such personal data for a period of five years from the end of the matter we are handling for you or from the date upon which you cease to be our client.  In most cases we will retain the personal data for six years from the completion of the matter, but we may do so for longer if necessary.

Where you have asked us not to send you direct marketing, we keep a record of that fact to ensure we respect your request in future.

13. Marketing

We may use your personal information to tell you about relevant services.

We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest to do so.

You can ask us to stop sending you marketing messages at any time – you just need to contact us, or use the opt-out links on any marketing message sent to you.

14. Your legal rights

Under certain circumstances, your personal data rights are:

1. your right to be informed if your personal data is being used;
2. your right to get copies of the personal data we hold about you;
3. your right to get your data corrected;
4. your right to get data deleted;
5. your right to limit how we use your data;
6. your right to get personal data from us in a way that is accessible;
7. your right to object to the use of your data;
8. your rights relating to decisions being made about you without human involvement; and
9. your right to raise a concern.

There are exceptions to these rights, particularly if we are processing your personal data for the purpose of providing legal advice to our clients, your rights may be limited. 

If you wish to exercise any of the rights set out above, please contact our Managing Partner, John Hagan.  We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

For more details regarding your personal data rights, please visit the ICO’s website: https://ico.org.uk/your-data-matters/ 

15. Complaints

If you are unhappy with how we have used your personal data, you can raise a complaint with us following our Complaints Procedure or by contacting our Managing Partner, John Hagan.

You also have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues:

Website: www.ico.org.uk

Telephone: 0303 123 1113

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

16. Changes

We keep the Policy under regular review.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Last updated 28 January 2020