HAY BUSINESS SERVICE (UK) Privacy Policy
Effective Date: 1 August 2025
1. Introduction
At HAY Business Service (UK) Co Ltd (“we”, “us”, “our”), your privacy is our priority. We are committed to protecting the personal data of our clients, contacts, website users, suppliers and stakeholders in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable laws. This policy explains how we collect, use, share and protect personal information in connection with our legal, intellectual property, business, strategic and other consultancy and coaching services. This privacy policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or website or social media users of these changes. Instead, we recommend that you check our website and social media accounts occasionally for any policy changes.
2. Who We Are
HAY Business Service (UK) Co Ltd
Registered in England & Wales
Company Number: 11296523
Registered Office: 131 Gallants Farm Road, EN4 8EL
Email: [email protected]
We are the data controller for the purposes of this privacy policy and are responsible for determining how personal information is processed and protected.
3. What Personal Information We Collect
In the course of delivering legal, intellectual property, business, strategic and other consultancy and coaching services to UK and international clients, we may collect and process the following types of personal information for compliance hecks and matter management:
A. Client and Contact Identity Data
For individuals - Full name, title, marital status, family status, residential address,
job title, professional position
For businesses - Full business/company name, business/company address, VAT
registration number, corporate, financial, accounting and tax documents
Contact details: email addresses, telephone numbers, postal and
correspondence addresses
Identification documents: passport, driver’s licence, utility bills and other
residential proof
B. Client Matter and Service Data
Information provided before and during instructions, consultations and/or legal or consultancy service delivery
Contracts, commercial agreements, intellectual property records, corporate filings
Background data for advisory, legal, consultancy or coaching purposes, including but not limited to:
AML, KYC and other compliance checks reports and records
Financial, accounting, tax, investment, insolvency/bankruptcy information, billing and payment records
Shareholder and ownership details
Employment, regulatory and/or immigration history
Litigation history, claims and/or disputes
Intellectual property portfolios, licences and/or enforcement issues
C. Third-Party Information
Where relevant to client work, we may collect information about third parties (e.g. counterparties, other shareholders, directors, employees, staff or contractors)
You confirm that you have authority to share third-party data with us where applicable, and that the use of such third party data by us will not violate any personal data or other laws and regulations anywhere in the world
D. Engagement and Communication Data
Records of correspondence, including online enquiry forms, emails, telephone notes and recordings, meeting summaries, online meetings summaries and recordings, instant messages and chats, social media messages and chats, and
other online messages and communications
Feedback, testimonials, complaints or other user-generated submissions
Details and recordings relating to event registration and attendance, online course registration and attendance, webinar registration and participation and other forms of engagement
E. Marketing and Preference Data
Contact preferences and communication consents
Subscription records including membership, retainer and online course registrations and renewals, legal updates, bulletins or promotions
Engagement and traffic analytics (e.g. email open/click rates), website analytics, marketing analytics, social media analytics
F. Website, Social Media and Technical Data
IP address, browser type, device information, access timestamps
Cookies and behavioural tracking (see our Cookie Policy)
Login credentials and usage patterns on restricted or member-only areas of our websites, online course platforms and/or social media accounts
G. Financial and Transactional Data
Billing contact, invoice records, payment and bad debts history
Bank details (for fee settlement or disbursements)
VAT or tax identifiers (for business clients)
H. Special Category and Sensitive Data
We may collect and process special category data only where strictly required for legal services and:
You provide explicit consent
It is necessary for legal claims or obligations
It is required for compliance (e.g. background checks, AML regulations)
4. How and Why We Process Your Data
We may collect and process special category data only where strictly required for legal services and:
Contractual obligation: to perform the services you have engaged us to deliver
Legal and regulatory obligation: to comply with UK law and professional regulatory requirements
Legitimate interests: to respond to your enquiry, to manage and improve our business operations, website and social media operations, client relationships, IT systems and risk management, to undertake business and marketing research and analysis, to engage in sales and marketing and business development activity in relation to our services such as sending you newsletters, legal updates, marketing communications and other information that may be of interest to you,
and so on
Consent: where you have consented to provide us with your personal information or explicitly opted in to receive marketing or other non-essential communications
5. Use of Cookies and Tracking Technologies
Our website and social media accounts use cookies to:
Monitor site and social media usage and performance
Personalise user experience
Track marketing campaigns and visitor sources
A cookie is a piece of data stored on a user’s hard drive containing information about the user. The information below explains the cookies we use on our website and social media accounts and why we use them:
Google and Social Media Analytics cookies: we use these cookies to collect information about how visitors use our website and social media accounts, including details of the site and account where the visitor has come from and the total number of times a visitor has been to our website and social media accounts. We use the information to improve our website and social media accounts and enhance the experience of its visitors. You can enable or disable cookies by modifying the settings in your browser. You can find out how to do this, and find more information on cookies, at: www.allaboutcookies.org
You can enable or disable cookies by modifying the settings in your browser. You can find out how to do this, and find more information on cookies, at: www.allaboutcookies.org.
6. Sharing and Disclosure of Personal Data
We may share your data with:
Professional advisers and service providers (e.g. IT and communications support, cloud platforms, website hosting, social media account managers, matter management and CRM platforms, legal advisers, accountants, tax advisers, etc.)
External legal counsel or consultants or agents, where required for client work or general consultation
Government, regulatory, tax, judicial or law enforcement bodies, where legally and legitimately mandated
Where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process
Third parties involved in business transfers, mergers or acquisitions (subject to confidentiality)
Third parties relevant to the services that we provide
We never sell or rent personal data to third parties
7. Links to other websites
Our website and social media accounts may contain links to other websites and social media accounts run by other organisations. This privacy policy applies only to our website and social media accounts‚ so we encourage you to read the privacy statements on the other websites and social media accounts that you visit. We cannot be responsible for the privacy policies and practices of other sites and accounts even if you access them using links from our website or social media account.
In addition, if you linked to our website or social media account from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site or account and recommend that you check the policy of that third party site or account.
8. International Transfers of Personal Data
Some data may be processed, stored and/or transferred outside the UK. Where this occurs, we ensure:
Transfers are to countries with adequate protection (as approved by the UK)
Or we use appropriate safeguards such as Standard Contractual Clauses (SCCs)
9. Retention of Data
We retain personal data only for as long as necessary to:
Transfers are to countries with adequate protection (as approved by the UK)
Or we use appropriate safeguards such as Standard Contractual Clauses (SCCs)
After this period, data will be securely deleted or anonymised.
10. How We Protect Your Data
We implement technical and organisational measures to protect your information, including:
Encryption, secure servers, and password protection
Access restrictions and role-based data controls
Regular audits, staff training, and confidentiality agreements
While no system is 100% secure, we regularly test and improve our safeguards.
11. Your Data Protection Rights
You have rights under UK GDPR, including the right to:
Obtaining information regarding the processing of your personal information and access to the personal information which we hold about you. Please note that there may be circumstances in which we are entitled to refuse requests for
access to copies of personal information. In particular, information that is subject to legal professional privilege or litigation privilege will not be disclosed other than to our client and as authorised by our client.
Requesting that we correct your personal information if it is inaccurate or incomplete.
Requesting that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information but we are legally entitled to retain it.
Objecting to, and requesting that we restrict, our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information
but we are legally entitled to refuse that request.
In some circumstances, receiving some personal information in a structured, commonly used and machine-readable format and/or requesting that we transmit those information to a third party where this is technically feasible.
Please note that this right only applies to personal information which you have provided to us.
Withdrawing your consent, although in certain circumstances it may be lawful for us to continue processing without your consent if we have another legitimate reason (other than consent) for doing so.
Lodging a complaint with the relevant data protection authority, if you think that any of your rights have been infringed by us. We can, on request, tell you which data protection authority is relevant to the processing of your personal information.
While no system is 100% secure, we regularly test and improve our safeguards.
12. Complaints
We encourage you to contact us with any concerns about your data. You may also lodge a complaint with the Information Commissioner’s Office (ICO):
Website: https://www.ico.org.uk
Phone: 0303 123 1113
13. Updates to This Policy
We may update this policy from time to time. Significant changes will be published on our website or notified to you directly. Continued use of our services after changes implies your acceptance of the updated policy.
14. Contact Us
Data Protection Enquiries
HAY Business Service (UK) Co. Ltd.
Email: [email protected]
QUICK LINKS
LEGAL
CUSTOMER CARE
Copyright©2025 HAY Business Service (UK) Co. Ltd. All Rights Reserved.