Privacy notice

Hymans Robertson LLP is committed to protecting and respecting your privacy.

Under data protection laws, we are the data controllers in relation to your personal information. This means we are responsible for deciding what information to collect about you and how it is used. Our contact details are set out under Contacting us (section 8).

This notice explains what personal information we collect about you, how and why we use it, who we disclose it to, and how we protect it. It also tells you about your rights. It applies to you if you use our websites or services, sign up for events, subscribe to our publications, complete a survey or contact us with an enquiry using the forms on our websites or by email. It also applies to you if we have a professional or business relationship or connection with you.

Our website content and marketing communications are directed to, and for use by, our clients, prospective clients and professional and business contacts in the United Kingdom.

What is personal information?

Personal information broadly means any information about a living individual who can be identified from that information directly, or indirectly (for example if it is combined with other available information).

1. What personal information do we collect?

We will collect the following information about you:

  • Visitors to our websites. Some of our websites use Google Analytics and Click Dimensions to collect information about how visitors use our websites. This information won’t be used to identify you unless you submit your contact details via the website, where we may then connect your prior activity on our website with your personal information. Please check the cookies policy on the particular website for more information.
  • People who use our services (for example our online services, registering for events or downloading publications) or contact us with an enquiry. We’ll collect the information you submit via our websites or when you contact us, for example your name, contact details, details about the service you’re interested in or your enquiry. We’ll also collect information needed to manage your login credentials and any one-time access codes, including email address and phone number.
  • Training and survey participants. We’ll collect the information you submit via the training or survey application, for example your name, contact details, details of training completed or responses to survey questions. If you agree to be contacted about the training or a survey, we will collect any additional information you provide, for example feedback or more detailed information about your survey responses and answers to follow-up questions.
  • Business contacts. We’ll collect your contact details, information about your work or personal circumstances and your interests, where you disclose them to anyone who works for us in a professional or business setting (for example at networking events). We may get some of this information from marketing lists we buy or agencies we work with. We’ll also collect publicly available information, information from social media if you connect with anyone who works for us and information available to third parties that we work with for the purposes of direct marketing and business development.
  • Clients, prospective clients and related persons. We’ll collect information about the identity of clients and prospective clients and (where relevant) shareholders, beneficial owners, management, directors, officers and trustees and other related persons for verification and anti-money laundering purposes. This information will be collected from you or publicly available sources or both.

We do not collect special categories of personal information (also known as “sensitive personal data”, which includes information about health, racial or ethnic origin, political opinions, religious or philosophical beliefs and sexual life) without your agreement. We ask you, please, not to send us this kind of information.

We’ll keep the amount of personal data we collect to the minimum needed. We use cookies and other tracking technologies on our websites and in our marketing emails – please check the cookies policy on the particular website for more information.

If you visit one of our offices, we will ask you to complete the visitors’ book, which includes your name and details about your organisation (if applicable) and your visit. Please note that CCTV operates in some locations to assist with the prevention and detection of crime. CCTV images are normally deleted after 30 days. Full details are contained in our CCTV policy, available to visitors upon request.

2. Using your personal information

We use your personal information for the following purposes:

  • Providing website features and security. We’ll use information we collect to help ensure that content from our site is presented in the most effective manner for you and for your device, allow you to participate in interactive features of our websites, monitor how our websites are used in order to improve them, and to help ensure that access to our site is secured.
  • Providing our services or responding to your enquiry. We’ll use your information to provide the service you’ve requested. For example, to process your registration for an event, so that we can contact you about the event you have registered for, or to send you a link to, or copy of the publication that you’ve requested. If you send us a general enquiry, we’ll forward it to the relevant department who will use your information to respond to you about your enquiry.
  • Direct marketing and business development. If you are a professional or business contact, client or prospective client, we’ll use your information to help us with business development, including establishing new business relationships and developing sales opportunities. We may also send you direct marketing communications which you have subscribed to or which we feel may be relevant and of interest you, including The Edit (our monthly tailored email) as well as information about events, thought leadership and topical updates.

    You can update your preferences or unsubscribe from our communications at any time. To do so, simply:
    • click the “update your preferences” or “unsubscribe” link in the communication that you’ve received from us, or
    • visit our preference centre and confirm your preferences, or 
    • get in touch with us via our website or the contact details below.

We may also contact you by post or phone, unless you ask us not to.

  • Research and analysis. We’ll use relevant information (for example, survey responses) to inform our research and analysis. We will always make sure that information is anonymised or aggregated so that you can’t be identified from anything we publish.
  • Identification checks (clients, prospective clients and related persons). We are obliged to verify the identity of prospective and (in some circumstances) existing clients. This involves checking the identity and good standing of clients and related persons. We may use third-party software to perform checks and carry out risk scoring.

We do not use any form of automated decision-making (including profiling) which could have a negative impact on you.

3. What is the lawful basis for processing?

In general, we do not require your consent to process your personal information because the processing is necessary:

  • in order to provide you with the information or services that you’ve requested, or
  • in order to respond to your enquiry, or
  • for our legitimate interests, which are
    • to develop and diversify our business, and
    • to provide us with insight into the types of people who use our services (this basis applies to business-to-business direct marketing in particular), or
  • in order to comply with the law.

However you do have the right to object to how we process your personal information, or ask us to restrict processing.

If you object to or ask us to restrict the processing of your personal information, this won’t affect the lawfulness of the processing we’ve already carried out.

Please see Your rights (section 7) for more details.

4. Sharing your personal information with others

Sometimes we need to share your personal information with others.

We’ll only do this for the purposes explained in this privacy notice and we’ll take steps to ensure they keep the information secure and confidential and use it only for the agreed purposes.

We may share your personal information with the following:

  • with any member of our group, for the purposes of providing information or services and developing our business relationship with you,
  • our event or service partners, so that they can contact you about the event you’ve registered for or the service you’re interested in,
  • our service providers, for example IT support and security contractors, marketing agencies and professional advisers, so that we can run our business,
  • your organisation, in connection with any services we provide to them, for example training,
  • regulators (including the Financial Conduct Authority), ombudsmen, dispute resolution bodies, government bodies or the courts, where we are under a legal obligation to do so, or to protect our rights or property, or the safety of our people, clients or others, so that we can meet our legal obligations.

Some of these may be located outside the UK, where data protection laws are different. However we will ensure that we comply with data protection laws when making any transfers outside the UK (for example, by signing appropriate contracts) to make sure your personal information is protected. Please contact us if you would like more details about transfers outside the UK.

5. How we protect your personal information

We use up to date technologies and systems to protect your personal data from unauthorised disclosure or damage or misuse. We ensure that our staff receive regular, appropriate training about information security and data protection. We meet the ISO27001 standard for information security management systems and we also have Cyber Essentials certification.

We regularly review all our systems, policies and technologies to ensure that these continue to work effectively to protect your personal information.

Click here to access more information about information security and privacy on our Trust Centre.

6. How long we keep your personal information

We will keep your personal information for as long as we are using it for the purposes explained in this notice.

When we no longer need it, we will archive your personal information after a certain period (usually 7 years), and then delete it permanently after an additional period (usually 13 years).

We set these periods according to the time limits on legal claims. This is for our protection and yours.

We may in certain circumstances need to hold your personal information for longer, for example in relation to a legal dispute or because of regulatory requirements.

7. Your rights

You have a number of rights under data protection laws. These are:

  • to request access to your personal information,
  • to request that your personal information is corrected if it is out of date, inaccurate or incomplete,
  • to request that your personal information is deleted or removed from our records and systems,
  • to make a complaint to the Information Commissioner’s Office.

You also have the right:

  • to withdraw your consent to the processing of your personal information (where we need your consent to process your personal information),
  • to object to or restrict the processing of your personal information (where we don’t need your consent to process your personal information),
  • to obtain an electronic file of your personal information or have it transferred to another data controller in limited circumstances.

How do I exercise my rights?

If you would like to make a request to access or correct your personal information, or to exercise any of your other rights, you can contact us at any time using the details set out under Contacting us (section 8).

We will respond to your request within one month from the date we receive it.

Please note that some of your rights are restricted, and apply only in certain circumstances. For example, we may refuse to delete your personal information whilst we need it for a valid purpose, including to defend any potential legal claims. We will set out in our response our reasons if we are unable to meet your request.

To find out how to make a complaint to the Information Commissioner’s Office, see Contacting the Information Commissioner’s Office (section 9).

8. Contacting us

You can email: You can also write to us at: Marketing Department, Hymans Robertson, One London Wall, London, EC2Y 5EA.

If you have any queries about how we use your personal information you can contact the Data Protection Officer through any of the following means:

By Post: Hymans Robertson, Exchange Place One, 1 Semple Street, Edinburgh, EH3 8BL

By email: 

By Phone: 0131 656 5000

9. Contacting the Information Commissioner's Office

The Information Commissioner’s Office (ICO) is the UK's independent body set up to uphold information rights. You can find out more about the ICO on its website.

The ICO can be contacted on 0303 123 1113, or by writing to:

Information Commissioner's Office
Wycliffe House
Water Lane

Or visit contact us section of the ICO's website for more information.

10. Changes to this privacy notice

This privacy notice is current as June 2024. We may make changes from time to time and you should regularly check for updates.