Hymans Robertson LLP is committed to protecting and respecting your privacy.
Under data protection laws, we are the data controller in relation to your personal information. This means we are responsible for deciding what information to collect about you and how it is used. Our contact details are set out in the Contacting Us section of this privacy notice.
This notice explains what personal information we collect about you, how and why we use it, who we disclose it to, and how we protect it.
It applies to you if you use our website, sign up for events, subscribe to our publications or contact us with an enquiry using the forms on our website or by email. It also applies to you if we have a professional or business relationship or connection with you.
Our website is directed to, and for use by, our clients, prospective clients and professional and business contacts in the United Kingdom. It also contains information about careers at Hymans Robertson – however please note that we have a dedicated recruitment site which has its own privacy notice.
What are the data protection laws?
The Data Protection Act 1998 contains most of the rules about how personal information should be collected and processed. It is being replaced on 25 May 2018 by the EU General Data Protection Regulation (GDPR). Other rules exist which govern things like email direct marketing. This privacy notice takes account of all of the rules, including GDPR. We will keep it under review – please see the changes to this privacy notice section.
Personal information broadly means information about a living individual who can be identified from that information directly, or indirectly (for example if it is combined with other available information).
1. What personal information do we collect?
We will collect the following information about you:
We will always try to keep the amount of personal information we collect to the minimum needed.
2. Using your personal information
We use your personal information for the following purposes:
We may also contact you by post or phone, unless you ask us not to.
3. What is the lawful basis for processing?
In general, we do not require your consent to process your personal information because the processing is necessary:
However you do have the right to object to how we process your personal information, or ask us to restrict processing.
We do not generally collect “sensitive personal data” or “special categories of data” where the rules about how we process it are stricter.
If you object to or ask us to restrict the processing of your personal information, this won’t affect the lawfulness of the processing we’ve already carried out.
Please see the Your rights section for more details.
4. Sharing your personal information with others
Sometimes we need to share your personal information with others. We’ll only do this for the purposes explained in this privacy notice and we’ll take steps to ensure they keep the information secure and confidential and use it only for the agreed purposes.
We may share your personal information with the following:
Some of these may be located outside the European Economic Area, where data protection laws are different. However we will ensure that adequate safeguards are in place (for example, robust contracts) to make sure your personal information is protected.
5. How we protect your personal information
We employ up to date technologies and systems to protect your personal information from unauthorised disclosure or damage or misuse. We ensure that our staff receive regulation training about information security and data protection. We meet the ISO27001:2013 standard for information security management systems.
We regularly review all our systems, policies and technologies to ensure that these continue to work effectively to protect your personal information.
Click here to see information about our certifications.
6. How long we keep your personal information
We will keep your personal information for as long as we are using it for the purposes explained in this notice.
When we no longer need it, we will archive your personal information after a certain period (usually 7 years), and then delete it permanently after an additional period (usually 13 years).
We set these periods according to the time limits on legal claims. This is for our protection and yours.
We may in certain circumstances need to hold your personal information for longer, for example in relation to a legal dispute or because of regulatory requirements.
7. Your rights
You have a number of rights under data protection laws. These are:
You also have the right:
If you would like to make a request to access or correct your personal information, or to exercise any of your other rights, you can contact us at any time using the details set out in the Contacting Us section.
We will respond to any request received from you within one month from the day we receive your request.
Please note that some of your rights are restricted, and apply only in certain circumstances. For example, we may refuse to delete your personal information whilst we need it for a valid purpose, including to defend any potential legal claims. We will set out in our response our reasons if we are unable to meet your request.
To find out how to make a complaint to the Information Commissioner’s Office, see Contacting the Information Commissioner’s Office.
8. Contacting us
You can email: firstname.lastname@example.org. You can also write to us at: Marketing Department, Hymans Robertson LLP, One London Wall, London, EC2Y 5EA.
If you have any queries about how we use your personal information you can contact the Data Protection Officer through any of the following means:
By Post: Hymans Robertson LLP, Exchange Place One, 1 Semple Street, Edinburgh, EH3 8BL
By email: email@example.com
By Phone: 0131 656 5000
9. Contacting the Information Commissioner's Office
The Information Commissioner’s Office (ICO) is the UK's independent body set up to uphold information rights. You can find out more about the ICO on its website.
The ICO can be contacted on 0303 123 1113, by using the email form on its website, or by writing to:
Information Commissioner's Office
10. Changes to this privacy notice
This privacy notice is current as at 3 May 2018. We may make changes from time to time and you should regularly check for updates.