01744 744400
Menu

Privacy Policy

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

This Privacy Policy applies to you if you provide your personal data to us, even if you decide not to go ahead with any product or service that we offer.

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR).

Who we are:

Data is collected, processed and stored by Hattons Legal Services Limited, trading as “Hattons Solicitors”. Hattons Solicitors is a limited company, incorporated in England and Wales, authorised and regulated by the Solicitors Regulation Authority under number 628665.

We are what is known as the “Data Controller” of the personal information you provide to us. We handle and store your personal information in accordance with the law, including the UK GDPR and the Data Protection Act 2018.

What information will we collect from you?

We will only collect information from you that is relevant to the matter we are dealing with, which shall depend on what you have asked us to do or what we are contracted to do for you.

There are two types of personal data (personal information) that you may provide to us, which include:

  • Personal Data: This is general information that you supply about yourself, i.e., your name, address, gender, date of birth, contact details, financial information etc.; and
  • Sensitive personal data: Certain personal data we collect is treated as a special category to which additional protections apply under data protection law. This is, by its nature, more sensitive information, which may reveal your racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, trade union membership, health, biometric and genetic data.

Personal data is generally restricted to basic personal data and any information needed to complete identity checks. Where we process special category personal data, we will ensure we are permitted to do so under data protection laws, e.g.:

  • We have your explicit consent
  • the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent; or
  • the processing is necessary to establish, exercise or defend legal claims.

Who do we receive information from?

While acting for you we may receive information about you from various sources including the following:

  • You might volunteer the information about yourself
  • From publicly accessible services, e.g., Companies House or HM Land Registry
  • Information might be passed to us by third parties in order that we can undertake legal work on your behalf. Typically, these organisations include:
    • Claims Management Companies
    • Organisations that have referred work to us
    • Financial Institutions, who provide your personal records / information
    • Panel providers who allocate legal work to law firms
    • Accountants and other professionals
    • Central and local government
    • Courts and tribunals
    • Sanctions screening providers
    • Credit reference agencies

Please be assured that this information will be treated confidentially at all times and will only be used where necessary.

How and why we use your personal data:

Under data protection law, we can only use your personal data if we have a proper reason, e.g.:

  • Where you have given consent
  • To comply with our legal and regulatory obligations
  • For the performance of a contract with you or to take steps at your request before entering into a contract; or
  • For our legitimate interests or those of a third party

A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

The primary reason for asking you or others to provide us with your personal information is to provide legal services to you so we may perform our contract.

The following are some other examples of what we may use your information for:

  • Verifying your identity
  • Verifying source of funds
  • Liaising with you
  • Obtaining insurance policies on your behalf, including After the Event Legal Expenses Insurance
  • Progressing your file, including providing you with legal advice, carrying out litigation and attending hearings on your behalf, preparing documents or completing transactions
  • Seeking advice from third parties, including legal and non-legal experts
  • Responding to a complaint or allegation of negligence to us
  • Retaining financial records of your transactions and those transaction we make on your behalf
  • Where it is necessary for reasons of substantial public interest

How will we use your information?

We may use your information for the following purposes:

  • Provision of legal services, including advising and acting on behalf of clients
  • Direct marketing
  • Determining the effectiveness of promotional campaigns and advertising
  • Network and information systems security
  • Administering any accounts
  • Processing your bank / credit card detail in order to obtain / make payments
  • Prevention and detection of fraud
  • Credit reference checks (where appropriate)
  • Identity checks
  • Provision of education and training to customers and clients

We may use your personal information for legitimate interests such as direct marketing or under reasonable expectation to provide you with information you would expect to receive or that would benefit and enhance our relationship. This information will help us review and improve our products, services and offers. You have the right to object to this processing and should you wish to exercise that right (see ‘How to contact us’ below).

Who will we share your information with?

Hattons Solicitors have robust data protection procedures in place to oversee the effective and secure processing of your personal data. We will not sell or rent your information to third parties, nor will we share your information with third parties for marketing purposes outside the Hattons group.

Usually, we will only use your information within Hattons Solicitors. However, there may be circumstances, in carrying out your legal work, where we ned to disclose some information to third parties, for example:

  • Companies within Hattons Solicitors group
  • HM Revenue & Customs
  • HM Land Registry
  • Courts and Tribunals
  • Solicitors acting on the other side
  • Providers of identity verification
  • Asking an independent barrister or Counsel for advice or to represent you
  • Non legal experts to obtain advice or assistance
  • Translation Agencies
  • Contracted Suppliers
  • Outsourcing Companies
  • External auditors (e.g., those who audit our accounts) or our regulators, i.e., The Solicitors Regulation Authority, Information Commissioners Office etc.
  • Payment Service companies that process transactions for us (e.g., Direct Debits and card transactions, automated payment service)
  • Bank or Building Society; or other financial institutions
  • The Financial Ombudsman Service, Financial Services Compensation Scheme, Pension Ombudsman Service
  • Communication providers (e.g., text/live chat service providers)
  • Third-party funders
  • Insurance Companies, i.e., for the purposes of acquiring After the Event Insurance
  • Client feedback review platforms, including Trustpilot
  • PR & Marketing agencies who help to promote our products and services and manage our brands
  • Any third parties who may have introduced you to our services that may require updates as to the progression of your matter
  • Other Third Parties: Where we have your consent to do so, or where we are required to do so under a legal or regulatory obligation, such as the prevention of financial crime or terrorism
  • We might share some of your information with the emergency services if we think you or others are at risk

How long will we keep your information for?

Your personal information will be retained only for as long as necessary to fulfil the purposes for which the information was collected, or as required by law, or as long as is set out in any relevant contract you may hold with us. For example:

  • As long as necessary to carry out your legal work
  • For a minimum of 7 years from the conclusion or closure of your legal work should you or we, need to re-open your case for the purpose of defending complaints or claims brought against us
  • For the length of a trust

In some cases, we may retain your information for a longer period. Where this applies, we will advise you of this at the time, for example:

    • Matrimonial matters (financial orders or maintenance agreements etc.)
    • Probate matters where there is a surviving spouse or civil partner may be retained until the survivor has died to enable us to deal with the transferable Inheritance Tax Allowance
    • Wills and related documents may be kept indefinitely
    • Personal injury matters involving lifetime awards or PI Trusts may also be kept indefinitely

As a general rule, if we are no longer providing services to you, we will delete or anonymise your account data after seven years. However, as above, different retention periods apply for different types of personal data and for different services.

Following the end of the relevant retention period, we will delete or anonymise your personal data.

More information is set out in our data retention policy, which is available on request.

How we will keep your personal data secure:

We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your personal data and other information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Transferring your personal data out of the UK:

The countries outside of the UK have differing data protection laws, some of which may provide lower levels of protection of privacy.

It is sometimes necessary for us to transfer your personal data to countries outside of the UK. In those cases, we will comply with the applicable UK laws designed to ensure the privacy of your personal data.

We may use outsourcing companies located outside of the UK for paralegal services and have outsourcing agreements with companies based in South Africa and India.

Under data protection laws, we can only transfer your personal data to a country outside of the UK where:

  • the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’) further to Article 45 of the UK GDPR. A list of countries the UK currently has adequacy regulations in relation to is available here.
  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
  • a specific exception applies under relevant data protection law.

Where we transfer your personal data outside the UK, we do so on the basis of an adequacy regulation or (where this is not available) by ensuring the use of legally-approved standard data protection clauses recognised or issued further to Article 46(2) of the UK GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law and reflected in an update to this policy.

If you would like further information about data transferred outside of the UK, or a copy of the standard data protection clauses we use please contact us (see ‘How to contact us’ below).

Any changes to the destinations to which we send personal data or in the transfer mechanisms we rely on to transfer personal data internationally will be notified to you in accordance with the section on ‘Changes to this privacy policy’ below.

What rights do you have?

You have the following rights under the UK GDPR:

  • Right to be informed: This is fulfilled by way of issuing this Privacy Notice and our full explanation as to how we use your personal data.
  • Right of access: The right to be provided with a copy of your personal data
  • Right to rectification: The right to require us to correct any mistakes in your personal data
  • Right to erasure / Right to be forgotten: The right to require us to delete your personal data—in certain situations
  • Right to restriction of processing: The right to require us to restrict processing of your personal data—in certain situations, e.g., if you contest the accuracy of the data
  • Right to data portability: The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
  • Right to object: The right to object to your personal data being processed for direct marketing (including profiling). In certain other situations to our continued processing of your personal data, e.g., processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims.
  • Rights concerning automated decision-making and profiling: The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

For more information on each of those rights, including the circumstances in which they apply, please contact us (see ‘How to contact us’ below) or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

  • email, call or write to us—see below: ‘How to contact us’
  • provide enough information to identify yourself (eg your full name, address and client or matter reference number) and any additional identity information we may reasonably request from you
  • let us know what right you want to exercise and the information to which your request relates

Updating your details:

If any of the information that you have provided to Hattons Solicitors changes, for example if you change your name or e-mail address, please let us know (see below ‘How to contact us’).

Marketing Data:

We will use your personal data to send you updates (by email, text message, telephone or post) about our services, including exclusive offers, promotions or new services.

How we collect personal data:

  • The following are examples, although not exhaustive, of how we might collect your personal information:-
  • Sign up to receive one of our newsletter
  • Submitting an online enquiry
  • Following / liking / subscribing to our social media channels
  • Completing a questionnaire on our website
  • Ask us a question or submitting any queries or concerns you have via email or on social media channels
  • Post information to our website or social media channels, for example when we offer the option for you to comment on, or join discussions
  • When you leave a review about us on Trustpilot.com

The legal basis for using personal data for marketing purposes:

Hattons Solicitors handle enquiries at different stages and therefore group those enquiries in three distinct ways. We shall take the following steps in each instance:

Prospects: Consent will need to be recorded before being added to marketing campaigns.

Retainer Clients: We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you marketing information. Upon collecting your personal data, you will be provided the opportunity to opt in to receiving marketing communications from us. We hope you will provide this information as you may find our communications useful, but if you choose not to, this will have no effect on accessing our legal services. Clients will have the option to exclude themselves from marketing by clicking the unsubscribe link on any marketing emails they may receive, on the telephone when speaking with an advisor, or by contacting us.

Hattons Solicitors appreciate that you may decide that you do not wish to receive marketing communications and we shall respect that choice. We have a legal obligation pursuant to the Data Protection Act 2018 and the UK GDPR to stop sending marketing communications if you object. If you do not want Hattons Solicitors to use your personal data in this way, please let us know (see below ‘How to contact us’).
.
Fixed fee clients: Legitimate interest will be the legal basis for using your personal data for marketing purposes, as described within the ‘Retainer Clients’ section immediately above.

Social Media:

We use publicly available social media platforms to promote our services, to provide updates and to share any news and promotional updates. We may collect personal information from these social media platforms, for example, if you post a message on our Facebook page. By providing any of your information to us through these platforms you should be aware that:

  • The social media web pages are publicly available, and you must not provide any personal or sensitive information on our pages that are accessible to the public, such as your account information.
  • We may ask you for your account information via a private message to identify you and to service any request you make; and
  • Each social media platform will process any personal information you provide through the platform and will be processed in accordance with its own privacy policy. The Privacy Policies are available to view on each social media platform.

Other types of advertising:

When you visit our website or similar websites Google may use our advertisements promoting our products and services which may appear on other third-party websites you visit across the internet for remarketing purposes, including cross-device remarketing. Google and other third parties will use cookies to tailor advertisements for website users based on their previous visit to our website. More information about cookies can be found below.

We do not have any control over the advertisements you see on other third-party websites, however you can request to opt out or customise these advertisements by using the Google Ads Preference Manager.

Recording calls:

We may from time to time, record calls that you make to us or we make to you or any other third party. This is for training, monitoring and quality purposes. Some calls may be observed by staff for training and development purposes.

Use of Cookies:

We want to make the use of our website easy, useful and reliable. To do this we sometimes place small amounts of information on your device. These include small files known as cookies. They cannot be used to identify you personally, but they do make your experience as a visitor better.

Our site automatically deploys two cookies on visitors’ computers on arrival at our website, provided cookies are not blocked by the visitors’ browsers.

One of these cookies (CONCRETE5) allows us to maintain the user browsing experience and identify whether the user is logged into restricted areas. This is automatically deleted at the end of the browsing session.

The second cookie (cookieNoticeDisplayed) is deployed once a visitor has been flagged about our use of cookies by the pop-out notice. It allows the banner to remain closed as you visit different pages on the site. It is automatically deleted at the end of the browsing session – 30 minutes after leaving the site.

In addition, the site deploys a number of third party generated cookies because of the integration of various third-party applications on the site.

The cookies of which we are aware include:

From Google

__utma, __utmb, __utmc, __utmz

These cookies provide us with information about the numbers of visitors and how they reached us, they also recognise location when used with Google maps and allow the pages to be liked using Google+

We do not have control over the cookies deployed by Google we are forced to accept them to take advantages of the services this company provides which we believe to be of value to our visitors – their privacy policy which governs their use of cookies can be found here.

General Cookie Advice

You can restrict or block the cookies used by the website through your browser settings, but this will impact your user experience. The Help function within your browser should tell you how.

Alternatively, you can visit www.aboutcookies.org which provides directions on how to block cookies on all major browsers. This site also explains how you can delete cookies that have already been stored on your computer as well as general information about cookies.

You should be aware though that restricting cookies may impact on the functionality of the websites you visit.

Who can you complain to?

If you are unhappy about how we are using your information or how we have responded to your request, then you should contact us in the first instance (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.

You also have the right to lodge a complaint with the Information Commissioner’s office. The UK’s Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.

How to contact us:

If you have any queries about this policy please contact Hattons Solicitors, in writing, by post or email at the following addresses:

Hattons Solicitors
Prudential Buildings
3 Victoria Square
St Helens
Merseyside
WA10 1HQ

Email: compliance@hattonssolicitors.com

T: 01744 413170
F: 01744 744404

Changes to this Privacy Policy:

This Privacy Policy was published on 1 December 2022. We shall keep this policy under regular review and will place any updates on this page.

Hattons Legal Services Limited registered in England and Wales Reg. No. 09771400
VAT registration number 703425861.
Authorised and Regulated by the Solicitors Regulation Authority. SRA No 628665.

A list of the directors is available for inspection at the above office, together with details of their professional qualifications.
This firm is not authorised by the Financial Conduct Authority. However, we are included on the register maintained by the Financial Conduct Authority so that we can carry on insurance distribution activity, which is broadly the advising on, selling and administration of insurance contracts. This part of our business, including arrangements for complaints or redress if something goes wrong, is regulated by the Solicitors Regulation Authority. The register can be accessed via the Financial Conduct Authority website at register.fca.org.uk/s/