Hymans Robertson LLP is committed to protecting and respecting your privacy.
Under data protection laws, we are the data controller in relation to your personal information. This means we are responsible for deciding what information to collect about you and how it is used. Our contact details are set out under Contacting us (section 8).
This notice explains what personal information we collect about you, how and why we use it, who we disclose it to, and how we protect it. It also tells you about your rights. It applies to you if you use our website, sign up for events, subscribe to our publications, complete a survey or contact us with an enquiry using the forms on our website or by email. It also applies to you if we have a professional or business relationship or connection with you.
Our website content and marketing communications are directed to, and for use by, our clients, prospective clients and professional and business contacts in the United Kingdom. If you are interested in careers, please note that we have a dedicated recruitment site (which has its own privacy notice).
What are the data protection laws?
The General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act 2018 contain most of the rules about how personal information should be collected and processed. Other rules exist which govern things like email direct marketing. This privacy notice takes account of all of the rules, including GDPR. We will keep it under review – please see Changes to this privacy notice (section 10).
Personal information broadly means any information about a living individual who can be identified from that information directly, or indirectly (for example if it is combined with other available information).
1. What personal information do we collect?
We will collect the following information about you:
We do not collect special categories of personal information (also known as “sensitive personal data”, which includes information about health, racial or ethnic origin, political opinions, religious or philosophical beliefs and sexual life) without your agreement. We ask you, please, not to send us this kind of information.
If you visit one of our offices, we will ask you to complete the visitors’ book, which includes your name and details about your organisation (if applicable) and your visit. Please note that CCTV operates in some locations to assist with the prevention and detection of crime. CCTV images are normally deleted after 30 days. Full details are contained in our CCTV policy, available to visitors upon request.
2. Using your personal information
We use your personal information for the following purposes:
We may also contact you by post or phone, unless you ask us not to.
We do not use any form of automated decision-making (including profiling) which could have a negative impact on you.
3. What is the lawful basis for processing?
In general, we do not require your consent to process your personal information because the processing is necessary:
However you do have the right to object to how we process your personal information, or ask us to restrict processing.
If you object to or ask us to restrict the processing of your personal information, this won’t affect the lawfulness of the processing we’ve already carried out.
Please see Your rights (section 7) for more details.
4. Sharing your personal information with others
Sometimes we need to share your personal information with others.
We’ll only do this for the purposes explained in this privacy notice and we’ll take steps to ensure they keep the information secure and confidential and use it only for the agreed purposes.
We may share your personal information with the following:
Some of these may be located outside the European Economic Area, where data protection laws are different. However we will ensure that adequate safeguards are in place (for example, robust contracts) to make sure your personal information is protected.
5. How we protect your personal information
We employ up to date technologies and systems to protect your personal information from unauthorised disclosure or damage or misuse. We ensure that our staff receive regulation training about information security and data protection. We meet the ISO27001 standard for information security management systems.
We regularly review all our systems, policies and technologies to ensure that these continue to work effectively to protect your personal information.
Click here to see information about our certifications.
6. How long we keep your personal information
We will keep your personal information for as long as we are using it for the purposes explained in this notice.
When we no longer need it, we will archive your personal information after a certain period (usually 7 years), and then delete it permanently after an additional period (usually 13 years).
We set these periods according to the time limits on legal claims. This is for our protection and yours.
We may in certain circumstances need to hold your personal information for longer, for example in relation to a legal dispute or because of regulatory requirements.
7. Your rights
You have a number of rights under data protection laws. These are:
You also have the right:
If you would like to make a request to access or correct your personal information, or to exercise any of your other rights, you can contact us at any time using the details set out under Contacting us (section 8).
We will respond to your request within one month from the date we receive it.
Please note that some of your rights are restricted, and apply only in certain circumstances. For example, we may refuse to delete your personal information whilst we need it for a valid purpose, including to defend any potential legal claims. We will set out in our response our reasons if we are unable to meet your request.
To find out how to make a complaint to the Information Commissioner’s Office, see Contacting the Information Commissioner’s Office (section 9).
8. Contacting us
You can email: firstname.lastname@example.org. You can also write to us at: Marketing Department, Hymans Robertson LLP, One London Wall, London, EC2Y 5EA.
If you have any queries about how we use your personal information you can contact the Data Protection Officer through any of the following means:
By Post: Hymans Robertson LLP, Exchange Place One, 1 Semple Street, Edinburgh, EH3 8BL
By email: email@example.com
By Phone: 0131 656 5000
9. Contacting the Information Commissioner's Office
The Information Commissioner’s Office (ICO) is the UK's independent body set up to uphold information rights. You can find out more about the ICO on its website.
The ICO can be contacted on 0303 123 1113, by using the email form on its website, or by writing to:
Information Commissioner's Office
10. Changes to this privacy notice
This privacy notice is current as at 24 July 2019. We may make changes from time to time and you should regularly check for updates.