Please read the following information carefully. This privacy notice contains information about what data we collect and store about you and why. It also tells you who we share this information with, the security mechanisms we have put in place to protect your data and how to contact us if you have a complaint.
Who we are?
“Harris Hagan”, “we”, “us” or “our” means Harris Hagan of 6 Snow Hill, London, EC1A 2AY.
We are authorised and regulated by the Solicitors Regulation Authority (SRA ID: 401231) whose rules can be found here.
Harris Hagan collects, uses and is responsible for personal information about you. When we do this, we are the ‘controller’ of this information for the purposes of the UK General Data Protection Regulation under the Data Protection Act 2018 (“UK GDPR”) if you are a UK data subject, the General Data Protection Regulation (EU) 2016/679 (“EU GDPR”) if you are an EU data subject, and other applicable data protection laws.
We are registered as a data controller at the Information Commissioner’s Officer (“ICO”) with registration number Z8670569.
Our nominated representative for matters relating to UK GDPR is John Hagan, who can be contacted in the following ways:
Post: Harris Hagan, 6 Snow Hill, London, EC1A 2AY, FAO John Hagan
Email: [email protected]
Telephone: 020 7002 7636
Our nominated representative for matters relating to EU GDPR is Hilary Stewart-Jones, who can be contacted in the following ways:
Post: Harris Hagan, 6 Snow Hill, London, EC1A 2AY, FAO Hilary Stewart-Jones
Email: [email protected]
Telephone: 020 7002 7636
References to “GDPR” in this privacy notice refer to UK GDPR and EU GDPR as applicable.
What do we do with your information?
Information collected by us
In order to establish a relationship, market to you and carry out any work you engage us to complete for you, we collect the following personal information that you provide to us:
- “Contact Data” includes postal addresses, email addresses and telephone numbers.
- “Financial Data” includes invoicing information, credit searches, bank account details.
- “Identity Data” includes first name, maiden name, last name or similar identifier, marital status, title, date of birth, gender, national insurance numbers, passport, driving licence, visa, and other identification information.
- “Marketing and Communications Data” includes your preferences in receiving marketing from us, your communication preferences and details of any events or other business development activities you have attended with us.
- “Technical Data” includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
- “Transaction Data” includes details about payments to and from you and other details of products and services you have purchased from us.
- “Usage Data” includes information about how you use our website, products and services.
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. “Aggregated Data” could be derived from your personal information but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this privacy notice.
We do not collect any special categories of personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).
We may collect information about criminal convictions and offences for the purposes of providing services to you including in relation to applications to and correspondence with the Gambling Commission and other regulators or licensing authorities. If you provide us with such information, we will only process it for the specific purposes for which you provide it to us.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if any personal information you have provided to us changes during your relationship with us.
Information collected from other sources
We collect the following information from other sources:
- Public registers maintained by the Gambling Commission and other regulators or licensing authorities
- Membership associations and trade bodies such as the International Association of Gaming Advisors (IAGA)
How we use your personal information
We use your personal information for the following purposes:
- To register you or the legal entity that you represent as a new client
- To manage our client relationship with you or the legal entity that you represent
- To develop and carry out marketing activities
- To communicate with you about our services
- To manage relationships with our suppliers and intermediaries
- To manage payments and recover money owed to us
- To run our firm in an efficient and effective way
- To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
- To use data analytics to improve our website, products/services, marketing, client relationships and experiences
Whether information has to be provided by you, and why?
If you are a client, the personal information identified above must be provided by you to us, to enable us to establish a relationship and carry out the work that you, or the legal entity that you represent, engage us to complete. When we collect information from you, we will inform you whether you are required to provide this information to us. If you decide not to provide personal information to us, and as a result we are unable to comply with our legal and professional obligations, we may have to cease acting for you or be unable to enter into a contract with you.
Legal reasons we collect and use your personal information
We have set out below, in a table format, a description of all the ways which we plan to use personal information, and of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground which we are relying on to process your personal information, where more than one ground has been set out in the table below.
|Type of data
|Lawful basis for processing including basis of legitimate interest
|To register you as a new client
|To manage our client relationship with you
|To develop and carry out marketing activities
|To communicate with you about our services
|To manage relationships with our suppliers and intermediaries
|To manage payments and recovery money owed to us
|To run our firm in an efficient and effective way
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
|To use data analytics to improve our website, products/services, marketing, client relationships and experiences
If you are the representative of any legal entity other than an individual, we will look after and use any personal information you provide to us on the same basis as set out above. It is your responsibility to ensure that you have appropriate procedures in place (including adequate privacy notices and consents pursuant to data protection laws) when you ask us to collect and process personal information for the purposes of your matter.
Who will we share your personal information with?
We have relationships with a number of third parties with whom we routinely share personal information. These third parties are:
- agents and advisers we use;
- the Gambling Commission and other regulators or licensing authorities;
- companies, organisations and individuals to whom we introduce you;
- any party linked with you or your business;
- companies, organisations and individuals that you ask us to share your information with;
- our bankers to the extent necessary to comply with anti-money laundering and terrorist financing legislation;
- marketing companies who help us manage our electronic communications with you;
- third party organisations that provide IT services to us.
In addition, our practice may be audited or checked by our accountants or our regulator, the Solicitors Regulation Authority, or by other organisations.
You can find details of how such third parties use your personal information by looking at their privacy policies, all of which should be available on the relevant websites, or on request.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
This data sharing enables us to provide you with the legal services you have engaged us for.
We will share personal information with law enforcement agencies if required by applicable law.
We will not share your personal information with any other third parties without your consent.
Transfer of your information to countries within the European Economic Area (EEA)
We may sometimes send your personal information to countries that are within the EEA and which are subject to the EU GDPR which provides effectively identical data protection as the UK GDPR.
Transfer of your information to countries that are outside the EEA
We do not usually transfer your personal information to countries that are outside of the EEA. However, we may sometimes send such data to a recipient in a country outside the EEA which has been designated by the ICO as providing adequate data protection. If we need to send the data to a country outside the EEA that has not been so designated, we will have appropriate contract clauses agreed with the recipient in place to protect the data.
If you would like any further information, please contact us.
Third party links
How long will we store your personal information?
We will keep your personal information for as long as we have a business relationship with you or we have legitimate interests in developing a business relationship with you.
If our business relationship ends or we no longer have a legitimate interest in developing a business relationship with you, we will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for one or more of the following reasons:
- to respond to any questions or complaints from you;
- to maintain our client records;
- to comply with laws and rules applicable to us.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In respect of personal information which we receive and process in order to comply with our legal duties to prevent money laundering and terrorist financing, we are required by law to retain such personal information for a period of five years from the end of the matter we are handling for you or from the date upon which you cease to be our client. In most cases we will retain the personal information for six years from the conclusion of our business relationship, but we may do so for longer if necessary.
Where you have asked us not to send you direct electronic marketing, we keep a record of that fact indefinitely to ensure we respect your request in future.
Where you are an individual, we will only send direct electronic marketing to you where we have your express consent to do so.
Where you are a corporate subscriber that has recently purchased goods or services from us, we may also send you direct electronic marketing regarding similar products and services provided you were given an opportunity to opt out at the time that we collected your personal information.
You have the right to withdraw your consent at any time, but this will not affect the lawfulness of any processing activity we have carried out prior to you withdrawing your consent. You can opt-out here by contacting us using the following methods:
- Post: 6 Snow Hill, London EC1 2AY
- Email: [email protected]
- Telephone: +44 (0)20 7002 7636
Under the GDPR, you have a number of important rights that you can exercise free of charge. In summary, these rights are:
- Transparency over how we use your personal information and fair processing of your information;
- To access to your personal information and other supplementary information;
- To require us to correct any mistakes or complete missing information we hold on you;
- To require us to erase your personal information in certain circumstances;
- To receive a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format;
- To object at any time to processing of your personal information for direct marketing;
- To object in certain other situations to the continued processing of your personal information;
- To restrict our processing of your personal information in certain circumstances;
- To request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way.
If you want more information about your rights, please see the guidance from the ICO on Individual’s rights under the GDPR or refer to the website of your local national supervisory authority for data protection.
If you want to exercise any of these rights, please contact us.
How to make a complaint
You also have the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection:
Telephone: 0303 123 1113
Alternatively, you can contact your local national supervisory authority for data protection.
We would, however, appreciate the chance to deal with your concerns before you approach the ICO or your local national supervisory authority so please contact us in the first instance.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
For further information on the security we have in place to protect your personal information, please contact us.
We do not intend to process your personal information for any reason other than stated within this privacy notice. If this changes, we will inform you by updating our privacy notice on our website (see ‘Changes to this privacy notice’ below) and/or communicating this to you in writing.
Changes to this privacy notice
This privacy notice was last updated on 2 February 2024.
Get in touch
If you have any questions about this privacy notice or the information we hold about you, please contact us.