Privacy Policy

Last updated: 4 July 2024

This privacy policy is issued by Haddleton & Co Limited (trading as Haddletons) (“Haddletons”, “we”, “our” or “us”) and is addressed to individuals accessing and using our website and our services (“you”, “your”).

We understand the importance of trust in our relationships with you. We therefore take our legal responsibilities regarding your personal data as set out in the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended (PECR) very seriously.

Personal data is any information that identifies you, for example your name, your email address, phone number or IP address.

We want you to understand what personal information we may collect about you when you interact with Haddletons via our website www.haddletons.com, or by contacting our colleagues via email or telephone, or speaking to them in person.

Please read this privacy policy carefully as it contains important information about who we are, what personal data we collect and how we use it in connection with your interactions with us. It also contains details as to our obligations and your rights.

  • Who the Data Controller is;
  • What personal information we collect about you;
  • On what basis we use your personal information;
  • The activities for which we process your personal data;
  • How long we keep your personal information;
  • With whom we may share your personal information;
  • Information about international transfers;
  • How we protect your personal information;
  • Your rights regarding your personal information;
  • What to do if you don’t want to provide us with your personal information;
  • Methods to contact us if you have any concerns or questions;
  • Changes to this privacy statement from time to time.

Haddleton & Co Limited, with company number 10728134 and registered offices at Windsor House, Cornwall Road, Harrogate, North Yorkshire, England, HG1 2PW, is the controller of your personal data.

We are registered as a Data Controller with the Information Commissioner’s Office (ICO) under registration number ZA273529.

We collect your personal information through your interaction with our colleagues by way of email and telephone or in person, for the purpose of providing legal, HR or company compliance services (collectively the ‘Services’).

Specifically this may include:

Identity Data: your full name, date of birth, passport details;

Contact Data: your telephone number,home address, email address;

Communications Data: any information you provide us in relation to the matter on which you seek to engage our Services;

Financial Data: you bank/building society details, National Insurance number and tax details;

Marketing Data: your preferences in respect of receiving marketing materials from us;

Special Category Data:  racial or ethnic origin, physical health or mental condition, gender and sexual orientation, religious / similar beliefs, trade union membership (as relevant to a discrimination / employment claim).

In addition, for all interactions with our website we collect Technical Data such as device and online identifiers as set out in the Cookie Policy.

To collect, use, store and transfer your personal data, we have to ensure that there is a lawful basis for this. The individual lawful bases that may apply are set out below:

Consent: you have specifically given us permission, provided that we have informed you on what you are consenting to, that your consent is freely given and unambiguous;

Contractual obligations: we require your personal data for the performance of a contract (for example to provide the Services);

Legitimate interests: we require your personal data to enable us to run our business, which we can only do where we have assessed that risk to your personal data is limited;

Compliance with legal or regulatory obligations applicable to us: it is important to us that we are able to comply with laws, regulations and guidance, as well as other valid requests or demands for data as set out here;

Article 9 UK GDPR Condition: for the processing of Special Category Data, we ensure that we rely on one of the lawful bases above AND a further condition specified under Article 9 of the UK GDPR (typically Article 9 2(f) in relation to processing being necessary for the establishment, exercise or defence of legal claims).

ActivityDataType(s)Lawful Basis/Bases
Our day-to-day provision of Services to clients (including new client onboarding)Identity Data, Contact Data, and Communications Data, and Special Category Data (if applicable)We have a legal obligation to process this data to carry out our client onboarding activities, which includes collecting and verifying your Identity Data. We also rely on contractual obligations to fulfil the contracted Services and to send you statements and invoices.
Financial transactions with clientsFinancial DataWe rely on our contractual obligations to take payment from our clients for Services provided.
Our day-to-day operations with service providers / suppliersIdentity Data, Contact Data, and Communications DataWe rely on contractual obligations to fulfil the contract with our service providers/ suppliers. We have a legitimate interest to process this data to carry out our core business activities. The transactions are typically on a business-to-business basis.
Responding to your enquiries via our website’s “Contact Us” link.Identity Data, Contact Data, and Communications DataWe have a legitimate interest to ensure that we can handle your request in a way that meets your expectations. We may also rely on our contractual obligations if your enquiry is in relation to a contract with us.
RecruitmentIdentity Data, Contact Data, and Communications DataWe have a legitimate interest to ensure that the recruitment process is followed and that we can grow our business.
MarketingMarketing DataWe may send marketing materials to you and process your marketing preferences on the basis of your consent or our legitimate interests.   Please note that you can at all times unsubscribe from any of our newsletter that you have subscribed to by clicking the link at the bottom of the newsletter or by contacting: [email protected]
To customise, administer and improve our website, troubleshoot and analyse data of website visitsTechnical DataWe have a legitimate interest to provide our website visitors with the best possible user experience.
To comply with valid requests from regulators or other official bodies of authority, and for litigation case management and evidentiary purposes.All types of data as described aboveTo comply with our legal and regulatory obligations, including but not limited to the Solicitors Regulation Authority, ICO, HMRC and for our legitimate interests to manage legal proceedings and to defend us against possible civil claims or regulatory enforcement action.
We may need to share your personal data with members of our group and third parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency. In such cases information will be anonymised where possible and only shared where necessary.Identity Data, Contact Data, Marketing Data, Communications DataDepending on the circumstances: To comply with our legal and regulatory obligations, including but not limited to the Companies Act 2006 and TUPE, as relevant. In other cases, for our legitimate interests or those of a third party, i.e. to protect, realise or grow the value in our business and assets.
Protecting the security of systems and dataTechnical DataTo comply with our legal and regulatory obligations, including but not limited to PECR. We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests or those of a third party, and to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us.

We adhere to the principles of data avoidance and data economy. Therefore, we only store your personal data for as long as is necessary to achieve the purposes stated herein or as provided for by various storage periods provided for by law. After discontinuation of the respective purpose or expiration of these deadlines, the corresponding data will be routinely and in accordance with the statutory provisions blocked or deleted.

In connection with legal action or a regulatory investigation involving Haddleton & Co Limited we will always keep your personal information for the period required by law and where we need to do so. Otherwise, we keep your personal information where you have contacted us with a question or request, for as long as necessary to allow us to respond to your question or request.

Taking into consideration all our legal obligations to retain information for contract, audit, regulatory and tax purposes, we also regularly review the length of time we retain your personal data and consider the purpose or purposes for which we hold it.

We may share your personal date with any entity associated with us (e.g. a subsidiary or holding company), our employees, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this privacy policy.

Where permitted or required by law, we may share your personal information with trusted third parties such as:

CategoryExamplesMain Purpose
Service providersIT providers, Website hosts, Case Management Systems providersTo enable us to provide the Services safely and securely in accordance with our legal and contractual obligations, to suitably administer client matters and to support us to successfully run our business.
AuditorsAnnual statutory accounts auditor, regulatory compliance auditorsTo enable auditors to verify authenticity of information provided.
BarristersCounsel and legal representation during court hearingsTo enable us to provide our Services in the event of court attendances.
Professional advisersBanks, credit reference agencies, insurers, legal advisers, brokersTo fulfil our legal obligations for client onboarding, or to enable us to resolve a claim made by you or in which you have been involved.
Third parties in connection with re-organisation of our businessProspective buyer / sellerTo share client / supplier information to enable us to continue services during and after a corporate transaction.
Law Enforcement AuthoritiesCourts, tribunals, regulators, policeTo comply with our legal obligations to enable us to provide our Services to clients.

In the event that your personal data is shared with third parties, we ensure that this is shared safely and securely, that it is governed by suitable contractual / professional confidentiality and data protection compliance obligations and that it is limited to the personal data that is strictly required for the purpose.

Where you submit personal information for publication on our website, we will publish and otherwise use that information with your consent.

We will not without your express consent, provide your personal information to any third parties for the purpose of direct marketing.

We are based in the United Kingdom (UK), and we typically do not transfer your personal data outside the UK and EEA.

Depending on computer systems utilised by third parties with whom your personal data may be shared from time to time, your personal data may be transferred to organisations and stored in countries outside of the UK or EEA. We have appropriate contractual arrangements in place with relevant third parties to ensure that in case of such transfers of your personal data to countries outside the UK or EEA, your personal data is protected to the same high standard as required under the UK GDPR and Data Protection Act 2018.

We use a variety of technical and organisational security measures such as secure offices and hardcopy storage, secure passwords and secure Cloud storage protected by encryption to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction in line with applicable data protection and privacy laws. We also have implemented various layers of protection against cyber-attacks.

Before we share your personal information with third parties, we will where required put in place a written agreement which commits the third party to keep your information confidential, and to put in place appropriate security measures to keep your information secure.

In addition, we have relevant training programmes on data protection and cybersecurity in place and our colleagues are aware and ensure that that your personal data is handled safely and securely.

Please note that the transmission to us of information via the internet or a mobile phone network connection may not be completely secure and any transmission is at your own risk.

You have several rights regarding the processing of your personal data. You have the right:

  • To withdraw consent: If you have consented to receive email alerts from us with news and updates or have engaged in any other activity with us for which we have asked you for your consent, you have the right to withdraw your consent at any time. In respect of the news and update email alerts, you can withdraw your consent by using the “Unsubscribe” option in the email or you can contact us on [email protected] to notify us of any withdrawal of consent.
  • Of access to your personal data: You have a legal right to see a copy of the personal data that we keep about you, subject to certain exemptions.
  • To rectify inaccurate or incomplete personal data: You can ask us to correct any data which is inaccurate or incomplete.
  • Of erasure of your personal data: you can ask us to delete your personal information (with the exception of us being required to keep it to comply with a legal obligation).
  • To restrict processing of your personal data: We will retain enough information to enable the restriction but will not process any further personal data, until and unless we lift the restriction (of which you will be informed).
  • To object to processing of your personal data: you can stop or prevent us from using your data (in cases where we are using it with your consent or for our legitimate interests).
  • To move, copy or transfer your personal data (data portability): Please contact us if you would like us to transfer your personal data electronically to another organisation.

Please note that the above-mentioned rights, with the exception of the right to withdraw your consent (in general) and to object to processing of your personal data (for the purpose of email alerts), are not absolute. Under certain conditions, we may refuse to comply with your request to exercise the above-mentioned rights. If we refuse your request, you will be informed of the reasons for refusal.

In accordance with applicable data protection legislation, we follow security procedures when we process your personal data. We may therefore request proof of your identity before disclosing certain information to you or acting on any rights requests.

We will respond to your rights request within one calendar month of receipt of all documents required to fulfil your request (for example valid ID). In cases where the request is complex or if you make several requests, we may require up to two additional months but we will ensure that we will inform you of this within the first month of a validly received rights request.

Where you are given the option to share your personal information with us, you can always choose not to do so.

If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. This could mean that you may be unable to make use of the Services offered by us.

You always have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) if you have any concerns regarding the way in which we process your personal data. Their contact details can be found on their website www.ico.org.uk or by telephone: 0303 123 1113.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO therefore we would like to ask you to please contact us in the first instance.

If you have any questions or requests regarding this privacy policy, or if you would like to exercise your rights, please contact Haddletons using the contact information below:

Haddleton & Co Limited

Windsor House, Cornwall Road, Harrogate, North Yorkshire, England, HG1 2PW

Tel +44 (0)333 023 1700

Email: [email protected]

This privacy policy was last updated on 4 July 2024 and may be amended again in whole or in part, at any time and without prior notice. You should review this Privacy Policy (including the Cookies Policy) regularly as we may amend it from time to time, and as you are bound by any changes we make to this policy from the date of the change. We will post any amendments on our website to keep you up to date.