Handley Gill
LEGAL, REGULATORY & COMPLIANCE CONSULTANTS

Privacy Policy

Privacy Policy 

This document sets out how Handley Gill Limited uses your personal data when:

  • you access our Website (www.handleygill.com / www.handleygill.co.uk);

  • you submit an enquiry using our website or otherwise interact with us via our website or on social media;  

  • we communicate with each other; and/or,

  • we provide our services and administer our business.  

This privacy policy should be read in conjunction with our website terms and conditions, our cookies policy, and any supplementary privacy policies which are provided to you in connection with specific processing activities.

Handley Gill Limited (collectively referred to as “Handley Gill”, “we“, “us” and “our” in this Privacy Policy) is a company registered in England with registered number 12608561 and registered address at International House, 64 Nile Street, London N1 7SR. We are registered with the Information Commissioner’s Office under the Data Protection Act 2018 under registration number ZA767642.

Personal data means any information about an individual from which that person can be identified, whether directly or indirectly. When Handley Gill decides why and how personal data is used, it is the “controller” of those data and is required to ensure that it handles those data in accordance with the law. When Handley Gill handles data on behalf of third parties, we act as their processor, and while we still comply with our legal obligations, they are responsible for the data.

At Handley Gill we respect your privacy and are committed to protecting your personal data. We take measures to ensure the security and confidentiality of data, and use personal data in accordance with applicable legislation and this privacy policy, and any other privacy notices issued in connection with specific data processing activities. It is important that you read this privacy policy, together with any other privacy notice which supplements it, so that you are fully aware of how and why we are using your data, and that you regularly refer back to it to check for any changes.  

This privacy policy contains the following information:

1            Data we collect about you

2            How your personal data is collected

3            How we use your personal data

4            Disclosures of your personal data

5            International transfers

6            Data retention

7            Your legal rights

8            Contact us

1. Data we collect about you

The categories of personal data that we may collect about you include:

  • Identity Data: title; first name; last name; nationality; National Insurance number; copies of identity documents.

  • Contact Data: address; email address; telephone number(s); social media and communications platform aliases; company or organisation; role.

  • Technical Data: internet protocol (IP) address; browser type and version; time zone setting and location; browser plug-in types and versions; operating system and platform; and the device used to access this site.

  • Usage Data: information about how you use our website.

  • Marketing and Communications Data: your preferences in receiving marketing from us and our third parties; topics of interest; your opinions regarding our services; communications between us; your communication preferences (you may receive marketing communications from us if you have requested information from us or have negotiated for or contracted to receive our services and you have not opted out of receiving that marketing).

  • Contractual and Transactional Data: agreements between us or which you enter into on behalf of an organisation; services you request and/or we provide to you.

  • Financial and Payment Data: bank account; credit/debit card numbers; sort code; CVC code; expiry date; related billing information; credit reference report.

  • Special Category Data: race or ethnicity; religious or philosophical beliefs; sex life; sexual orientation; political opinions; trade union membership; information about your health; genetic and biometric data.

  • Criminal Conviction and Offence Data.

  • Education and Work Data: academic institutions; employers; qualifications; experience; references.

  • Other Data Necessary for the Provision of our Services.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.

We collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law, as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.

2. How your personal data is collected

We may obtain your personal data:

  • directly from you;

  • from individuals or entities acting on your behalf;

  • from our clients;

  • from your organisation;

  • when you or your organisation browse, complete a form or make an enquiry or otherwise interact with us via our website, social media or other platforms;

  • from search engine and web analytics providers;

  • our third party advertisers;

  • by referrals;

  • from our professional advisers, including, without limitation, our insurers;

  • from courts, law enforcement bodies, regulators, government departments or agencies, lawyers or other parties;

  • companies providing anti-money laundering and anti-terrorist financing services, credit reference and other fraud and crime prevention companies, financial institutions, and related regulatory bodies; and/or,

  • from the public domain.

3. How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • where you have provided your consent;

  • where we need to perform the contract we are about to enter into or have entered into with you;

  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;

  • where we need to comply with a legal obligation; and/or,

  • where it is necessary for the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

Where we process special category personal data, or criminal conviction and offence data, this will usually be in the following circumstances:

  • where you have provided your explicit consent;

  • where you have manifestly made the data public;

  • where it is necessary for the establishment, exercise or defence of legal claims;

  • where it is necessary when exercising our / your rights and obligations in the field of employment, social security and social protection law;

  • where it is necessary for reasons of substantial public interest, such as being:

    • necessary for the administration of justice;

    • necessary for ensuring equality of opportunity or treatment;

    • necessary for the prevention or detection of an unlawful act;

    • necessary for making a disclosure concerning suspicions of terrorist financing or money laundering; and/or,

    • necessary for responding to a communication from an elected representative acting on behalf of an individual.

Alternatively, we may rely on an exemption in the UK GDPR and/or Data Protection Act 2018 to legitimise our processing.

We have set out below a description of the ways we plan to use your personal data, and the legal grounds we rely on to do so. We have also identified what the relevant legitimate interests are where appropriate. Please note that we may process your personal data in reliance on one or more lawful bases depending on the specific purpose for which we are using your data. Where permitted to do so, we may also use your personal data for an alternate, but compatible, purpose.

Purpose/Activity:

  • To manage our relationship with you or your organisation

  • To develop and carry out our marketing activities

  • To analyse how our products and services are used, including our website

  • To communicate with you about our products and services

  • To develop, manage and improve our brands, products, services and relationships

Type of data:

  • Identity

  • Contact

  • Technical

  • Usage

  • Marketing and Communications

Lawful basis for processing, including basis of legitimate interest​:

  • Consent

  • Legitimate interests, including: developing, promoting and expanding our business, products and services; obtaining feedback on our products and services; understanding the products and services our clients require and how we can best deliver them, including personalising our communications, products and services; sharing updates regarding our products and services; maintaining our records; identifying and resolving technical issues

Purpose/Activity:

  • To deliver our products and services

  • To process and fulfil the contract

  • To exercise our rights set out in agreements or contracts

  • To collect and recover money that is owed to us

Type of data:

  • Identity

  • Contact

  • Marketing and Communications

  • Contractual and Transactional

  • Financial and Payment

  • Special Category

  • Criminal Conviction and Offence

  • Other Data Necessary for the Provision of our Services

Lawful basis for processing, including basis of legitimate interest​:

  • Consent

  • Legitimate interests: registering you / your organisation as a client,  including determining the suitability of working with you / your organisation; facilitating the provision of our services; maintaining our standards of service; conducting administrative activities; maintaining our records; managing our finances, including in connection with accounting and auditing; complying with our policies and standards; maintaining security; complying with legal and other regulations; handling legal issues and claims

  • Performance of a contract

  • Compliance with our legal obligations

  • Prevention, investigation, detection or prosecution of criminal offences

  • Manifestly made public

  • Establishment, exercise or defence of legal claims

  • Administration of justice

  • Prevention or detection of an unlawful act

  • Making a disclosure concerning suspicions of terrorist financing or money laundering

  • Responding to a communication from an elected representative acting on behalf of an individual

Purpose/Activity:

  • To administer and protect our business, brand, assets and staff

Type of data:

  • Identity

  • Contact 

  • Technical Data

  • Contractual and Transactional

  • Financial and Payment

  • Special Category

  • Criminal Conviction and Offence

Lawful basis for processing, including basis of legitimate interest​:

  • Legitimate interests: ensuring the efficient operation of our business and website, including in connection with accounting and auditing; monitoring compliance with our policies and standards; maintaining our standards of service; conducting administrative activities; maintaining our records; managing our finances; maintaining security; providing an appropriate working environment; preventing or detecting unlawful acts; enforcing our legal rights and interests; complying with legal and other regulations; handling legal issues and claims; contributing to the administration of justice

  • Legal obligation

  • Prevention, investigation, detection or prosecution of criminal offences

  • Establishment, exercise or defence of legal claims

  • Manifestly made public

  • Making a disclosure concerning suspicions of terrorist financing or money laundering

  • Responding to communication from elected representative

Purpose/Activity:

  • To detect, investigate, report, and seek to prevent financial crime

  • To manage risk for us and our customers

  • To obey laws and regulations that apply to us

  • To respond to complaints and seek to resolve them

Type of data:

  • Identity

  • Contact

  • Technical

  • Contractual and Transactional

  • Financial and Payment

  • Special Category

  • Criminal Conviction and Offence

Lawful basis for processing, including basis of legitimate interest​:

  • Consent

  • Legitimate interests: determining the suitability of working with you / your organisation; maintaining our standards of service; managing security; preventing or detecting unlawful acts; enforcing our legal rights and interests; complying with legal and other regulations; handling legal issues and claims; contributing to the administration of justice; maintaining our insurance

  • Legal obligations

  • Prevention, investigation, detection or prosecution of criminal offences / unlawful acts

  • Establishment, exercise or defence of legal claims

  • Manifestly made public

  • Administration of justice

  • Making a disclosure concerning suspicions of terrorist financing or money laundering

Purpose/Activity:

  • In connection with advertising, considering responses to, and engaging individuals to fulfil job vacancies

  • To manage employment and staffing

  • To obtain or respond to references

  • To monitor and ensure equal opportunities

Type of data:

  • Identity

  • Contact

  • Contractual and Transactional

  • Education and Work

  • Financial and Payment

  • Special Category

  • Criminal Conviction and Offence

Lawful basis for processing, including basis of legitimate interest​:

  • Consent

  • Performance of a contract

  • Legitimate interests: matching your education, skills, and experience with our requirements; carrying out background checks; monitoring compliance with our policies and standards; monitoring and managing your performance; providing an appropriate working environment; conducting diversity monitoring; managing our finances and resourcing; conducting legal, accounting and taxation administration; complying with our legal obligations and/or handling legal issues and claims; contributing to the administration of justice; maintaining security; preventing or detecting unlawful acts

  • Compliance with our legal obligations

  • Prevention, investigation, detection or prosecution of criminal offences / unlawful acts

  • Manifestly made public

  • Establishment, exercise or defence of legal claims

  • Exercising our / your rights and obligations in the field of employment, social security and social protection law

  • Administration of justice

  • Equality of opportunity or treatment

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case.

4. Disclosures of your personal data

We may share your personal data with:

  • our clients;

  • other companies in our group which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006, and affiliates;

  • our professional advisers, including, without limitation, our insurers;

  • our suppliers, business partners and sub-contractors;

  • our third party advertisers;

  • search engine and web analytics providers;

  • with courts, law enforcement bodies, regulators, government departments or agencies, lawyers or other parties;

  • companies providing for anti-money laundering and terrorist financing services, credit reference and other fraud and crime prevention companies, financial institutions, and related regulatory bodies; and,

  • other third parties to which you request that we disclose your data.  

In the event that we were to sell our business or assets, we may disclose your personal data to any prospective/actual purchaser and/or their advisers.

5. International transfers 

When we process your personal data, we may process it in countries outside of the European Economic Area (‘the EEA’, which is comprised of the EU in addition to Iceland, Norway and Liechtenstein), for example when we engage third party service providers based in other countries. When we conduct relevant international transfers of your personal data, we will only do so in circumstances where:

  • You provide your explicit consent;

  • It is necessary to conclude or perform a contract in your interest between us and an individual or entity;

  • It is necessary for the establishment, exercise or defence of legal claims;

  • The European Commission has determined that the country to which the data is to be transferred ensures an adequate level of protection; and/or

  • We have entered into standard contractual clauses approved by the European Commission with the transferee and, where necessary, have conducted an appropriate risk assessment.

Should you require further information, please contact us using the details below.

6. Data retention

We will retain your personal data for as long as is necessary to fulfil the purposes for which we collected it. This will typically mean that we will retain your personal data for as long as you / your organisation is a customer of ours and/or for as long as you are content to receive communications from us, and for a period thereafter as necessary to comply with legal, accounting, taxation or regulatory requirements, to prevent fraud, or as required in the context of establishing, exercising or defending legal rights or responding to your communications.

We may also retain your personal data outside of these periods, where we are unable to delete it for technical reasons, in which case we will isolate it and securely store it until secure destruction / erasure is possible.

Otherwise, we will securely destroy / erase your personal data, or shall anonymise it.

In practice, we will retain your personal data for a short time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place.

7. Your legal rights

You have the right, with some exceptions, to ask us to provide you with a copy of any personal data we hold about you in respect of which we are the data controller, and to be provided with information regarding how we process that data.

If the personal data we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.

If we rely on your consent to process your personal data, you can withdraw that consent at any time.

You can ask us not to process your personal data for marketing purposes.

If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is investigated.

In some circumstances you can ask us to erase your personal data if it is no longer necessary for us to use it, you object to the use of your personal data and we don't have a good reason to continue to use it, or we haven't handled your personal data in accordance with our obligations.

If you have provided us with your personal data, you can request that we provide a copy of it to you or another data controller in a commonly used, machine-readable format.

To exercise these rights, we need to be suitably satisfied of your identity and so may request that you provide identification documents or confirm other details we may hold about you.

You can exercise these rights by contacting us using the details below.

You will not have to pay a fee to exercise your rights, however we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We will respond to all requests at the earliest opportunity and in most cases will do so within a month of receipt. On occasion, if your request is particularly complex or is one of a number of requests, it may take us longer to provide a substantive response to your request. If this is the case, we will inform you as soon as possible.

We would ask that should you have any queries or concerns that you address them to us in the first instance. If you are not happy with our response, or if you wish to complain, you can contact the Information Commissioner's Office: https://ico.org.uk.

8. Contact us

Should you have any queries regarding this policy or the use of your personal data, you may contact us at our registered address or by email:

Handley Gill Limited

International House

64 Nile Street

London

N1 7SR

info@handleygill.com

We keep this policy under regular review and reserve the right to update and alter this policy from time to time in order to reflect changes in the way we process your personal data, or to reflect legal and technical requirements. We will post any amendments to this policy on this page. Where appropriate, and we are in a position to do so, we will notify you of amendments by email.

Last updated: February 2024.