We respect the privacy of every person who visits or registers with www.haysmac.com or (the “Site”) and we are further committed to ensuring a safe online experience. We also respect the privacy of every person who uses the products and services that we make available from the Site or who engages with us to use the products or services that HaysMac LLP provides (be it through the Site or not) (our “Services”) or whose personal information we may process as a result of providing the Services to others, or who applies to work here.
Purpose of this Policy
This privacy policy (“Privacy Policy”) explains our approach to any personal information that we might collect from you or which we have obtained about you from a third party and the purposes for which we process your personal information. This Privacy Policy also sets out your rights in respect of our processing of your personal information.
This Privacy Policy will inform you of the nature of the personal information about you that is processed by us and how you can request that we delete, update, transfer and/or provide you with access to it.
This Privacy Policy is intended to assist you in making informed decisions when using the Site and our Services and/or to understand how your personal information may be processed by us as a result of providing the Services to others or when you apply to work at HaysMac LLP. Please take a moment to read and understand it. Please note that when using the Site it should be read in conjunction with our Website Terms of Use.
Please also note that this Privacy Policy only applies to the use of your personal information obtained by us, it does not apply to your personal information collected during your communications with third parties.
Who are we and what do we do?
The site and our services are operated by HaysMac LLP (“we”, “us”, or “our”).
The data controller responsible for your personal information processed via the Site or in relation to the Services is HaysMac LLP and subsidiary entities; HaysMac Corporate Finance Limited; Ely Place Administration Services Limited and HaysMac IT Consultants Limited
HaysMac LLP is an English limited liability partnership under number OC423459 and whose registered office is at 10 Queen Street Place London EC4R 1AG
How to contact us?
If you have any questions about this Privacy Policy or want to exercise your rights set out in this Privacy Policy, please contact us by:
- sending an e-mail to dataprotection@haysmac.com; or
- calling us on: 020 7969 5500
What personal information do we collect and how do we use it?
Our primary goal in collecting personal information from you may be to: (i) verify your identity; (ii) help us deliver our Services; (iii) improve, develop and market new Services; (iv) carry out requests made by you on the Site or in relation to our Services; (v) investigate or settle inquiries or disputes; (vi) comply with any applicable law, court order, other judicial process, or the requirements of a regulator; (vii) enforce our agreements with you; (viii) protect the rights, property or safety of us or third parties, including our other clients and users of the Site or our Services; (ix) provide support for the provision of our Services; (x) recruitment purposes; and (xi) use as otherwise required or permitted by law.
To undertake these goals we may process the following personal information:
If you are a visitor to the Site:
- Name and job title.
- Contact information including email address.
- Demographic information such as postcode, preferences and interests.
- Other information relevant to provision of Services.
If you are an individual client in receipt of our Services or prospective individual client:
- Name and job title.
- Contact information including email address.
- Payment information.
- Other information relevant to provision of Services.
- Information that you provide to us as part of our providing the Services to you which depends on the nature of your instructions to us and the work we are carrying out for you.
- Relevant information as required by anti-money laundering regulations and regulatory rules which require us to conduct due diligence on our clients. This may possibly include evidence of source of funds, at the outset of and possibly from time to time throughout our relationship with clients, which we may request and/or obtain from third party sources. The sources for such verification may comprise documentation which we request from the prospective client or through the use of online sources or both.
Primarily we are engaged by corporate instructors (i.e. other corporate entities) and as such those instructors are not data subjects. As part of such instructions personal information about other persons may be provided to us (e.g. personal information relating to, without limitation, any of our corporate clients’ or prospective clients’ workers (including their employees, directors, members, or contractors), any opponent or vendor or purchaser personal information including personal information relating to their legal advisors or workers as relevant or similar).
If you are an individual whose personal information may be processed by us as a result of providing the Services to others (including our individual clients and corporate clients) we will process a variety of different personal information depending on the Services provided in question.
This may include personal information relating, without limitation, to any of our corporate clients’ or prospective clients’ workers (including their employees, directors, members, or contractors), any opponent or vendor or purchaser personal information including personal information relating to their legal advisors or workers as relevant or similar.
This is a non-exhaustive list which is reflective of the varied nature of the personal information processed as part of a law firm providing legal services:
We might also need to process personal information in relation to other third parties instructed either by our own clients or other persons or companies involved with us providing the Services to our client (for instance, foreign accountancy practices, tax advisers, law firms, experts, HMRC).
Please note also that we do not have to provide information to you about how we process your personal information when we do so as a result of providing the Services to others and may indeed be subject to professional obligations of secrecy in respect of the Services. We are providing the information in this Notice, however, because we believe in being as transparent as possible about its data privacy practices and want you to be able to understand how we may process your data (and about how you can exercise any applicable data subject rights)
If you are a potential recruit:
- Name and job title.
- Contact information including email address.
- Curriculum vitae, your education, employment history and similar matters and similar information that you may provide to us.
- Other information relevant to potential recruitment.
In particular, we may use your personal information for the following purposes:
Fulfilment of Services.
We collect and maintain personal information that you voluntarily submit to us during your use of the Site and/or our Services to enable us to perform the Services. Please note also that our Terms of Business also apply when we provide the Service.
Who do we share your personal information with for this purpose?
We may share personal information with a variety of the following categories of third parties as necessary when providing the Services:
- Experts (for example foreign lawyers, tax or medical advisors, accountants, valuers)
- Insurers (including but not limited professional indemnity insurers)
- Regulators/tax authorities/corporate registries
- Courts and Tribunals
- Crime enforcement agencies
- Translators
- IT and telephony service providers for hosting and support services
- Document storage providers
- Cloud based providers of accountancy systems
Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide the Services as effectively as we can.
What is our legal basis?
It is necessary for us to use your personal information to perform our obligations in accordance with any contract that we may have with you or it is in our legitimate interest or a third party’s legitimate interest to use the personal information to ensure we provide the Services in the best way that we can.
Client services.
Our Site uses various user interfaces to allow you to request information about our Services. Contact information may be requested in each case, together with details of other personal information that is relevant to your enquiry. This information is used in order to enable us to respond to your requests.
Who do we share your personal information with for this purpose?
We do not share your personal information for this purpose.
What is our legal basis?
It is in our legitimate interest or a third party’s legitimate interest to use your personal information in such a way to ensure that we provide the very best client service we can to you or others.
Your feedback about our Services.
From time to time we will contact you to invite you to provide feedback about our Services in the form of online or postal communications. We use this information to help us improve the quality of service provided by our staff. We also use your feedback to monitor the quality of our Services.
Who do we share your personal information with for these purposes?
We use a third party service provider to assist us with client surveys and feedback requests.
What is our legal basis?
It is in our legitimate interest to use the information you provide to us in your feedback for the purposes described above.
Business administration and legal compliance.
We may use your personal information for the following business administration and legal compliance purposes:
- to comply with our legal obligations (including any accountancy regulatory body requirements such as the ICAEW Know Your Client, Anti-Money Laundering, Anti-Bribery or similar obligations including but without limitation maintaining regulatory insurance);
- to respond to enquiries, investigations, and to deal with regulators, relevant tax authorities, crime and enforcement agencies and similar bodies;
- for internal training and administration purposes;
- to enforce our legal rights or defend our position or to take advice in this context;
- protect rights of third parties; and
- in connection with a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets.
Who do we share your personal information with for these purposes?
We will share your personal information with professional advisers such as lawyers and accountants and/or governmental or regulatory authorities, crime and enforcement agencies and judicial bodies such as courts and tribunals.
What is our legal basis?
Where we use your personal information in connection with a business transition, to enforce our legal rights, or to protect the rights of third parties it is in our or a third party’s legitimate interest to do so. For all other purposes described in this section, it is our legal obligation to use your personal information to comply with any legal obligations imposed upon us.
Recruitment.
We use your personal information for the following recruitment purposes:
- To assess your suitability for any position for which you may apply including partner level positions or summer placements and also any business support or services role whether such application has been received by us online, via email or by hard copy or in person application.
- To review our equal opportunity profile in accordance with applicable legislation and to take steps to ensure that HaysMac LLP does not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation and that all recruitment decisions are made entirely on the basis of merit.
Who do we share your personal information with for these purposes?
We will share your personal information with third parties who assist us in carrying out our recruitment activity.
What is our legal basis?
Where we use your personal information in connection with recruitment it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal information in such a way to ensure that we can make the best recruitment decisions. We will not process any special data except where we are able to do so under applicable legislation or with your explicit consent.
Client insight and analysis.
We analyse your contact details with other personal information that we observe about you from your interactions with our Site, our email communications to you and/or with our Services.
Where you have given your consent (where lawfully required), we use cookies, log files and other technologies to collect personal information from the computer hardware and software you use to access the Site, or from your mobile device. This includes the following:
- an IP address to monitor Site traffic and volume;
- a session ID to track usage statistics on our Site;
- information regarding your professional interests, experiences with our Services and contact preferences.
Our web pages and e-mails contain “cookies” “web beacons” or “pixel tags.” (“Tags”). Tags allow us to track receipt of an e-mail to you, to count users that have visited a web page or opened an e-mail and collect other types of aggregate information. Once you click on an e-mail that contains a Tag, your contact information may subsequently be cross-referenced to the source e-mail and the relevant Tag. In some of our e-mail messages, we use a “click-through URL” linked to certain website administered by us or on our behalf.
Please see our Cookie Policy for further information.
By using this information, we are able to measure the effectiveness of our content and how visitors use our Site and our Services. This allows us to learn what pages of our Site are most attractive to our visitors, which parts of our Site are the most interesting.
Who do we share your personal information with for these purposes?
We share your personal information with a variety of third party service providers to assist us with client insight analytics (Google Analytics).
What is our legal basis?
Where your personal information is completely anonymised, we do not require a legal basis to use it as the information will no longer constitute personal information that is regulated under data protection laws. Our collection and use of such anonymised personal information may be subject to other laws where your consent is required. Please see our Cookie Policy for further details.
Where your personal information is not in an anonymous form, it is in our legitimate interest to use your personal information in such a way to ensure that we provide the very best products and services to you and our other clients.
Marketing communications.
We carry out the following marketing activities using your personal information:
Postal marketing.
We use your name and address to send you marketing communications by post.
Our postal marketing will include personalised and non-personalised postal marketing. Personalised marketing is marketing which has been specifically tailored to you. For example, our personalised postal marketing will feature those of our Services that we think are most likely to appeal to you. Non-personalised marketing is marketing about our Services generally and is not tailored to any particular individual.
Where we are sending you personalised postal marketing, we also use information that we observe about you from your interactions with our Site, with our email communications to you and/or with our Services in order to decide what sort of personalised marketing communications to send you. Please see the “Client Insight and Analysis” section above for more details about the personal information collected and how it is collected.
Who do we share your personal information with for these purposes?
We share your personal information with a variety of third party postal providers who assist us in delivering our postal marketing campaigns to you.
What is our legal basis?
Where your personal information is not in an anonymous form, such as your postal address, it is in our legitimate interest to use your personal information for postal marketing.
Email marketing.
We use your name and email address to send you marketing communications by email, where you have consented to receive such marketing communications or where we have another lawful basis to do so.
Our email marketing will include personalised and non-personalised email marketing. Personalised marketing is marketing which has been specifically tailored to you. For example, our personalised email marketing will feature those of our Services that we think are most likely to appeal to you. Non-personalised marketing is marketing about our Services generally and is not tailored to any particular individual.
Where we are sending you personalised email marketing, we will also use information that we observe about you from your interactions with our Site, with our email communications to you and/or with our Services in order to decide what sort of personalised marketing communications to send you. Please see the “Client Insight and Analysis” section above for more details about the personal information collected and how it is collected.
Who do we share your personal information with for these purposes?
We share your personal information with our third party email marketing providers who assist us in delivering our email marketing campaigns to you.
What is our legal basis?
Where your personal information is completely anonymised, we do not require a legal basis to use it as the personal information will no longer constitute personal information that is regulated under data protection laws. However, our collection and use of such anonymised personal information may be subject to other laws where your consent is required. Please see our Cookie Policy for further details.
Where your personal information is not in an anonymous form, it is in our legitimate interest to use your personal information for marketing purposes.
We will only send you marketing communications via email where you have consented to receive such marketing communications, or where we have a lawful right to do so.
- Any other purposes for which we wish to use your personal information that are not listed above, or any other changes we propose to make to the existing purposes will be notified to you using your contact details.
How do we obtain your consent?
Where our use of your personal information requires your consent, you can provide such consent:
- at the time we collect your personal information following the instructions provided; or
- by informing us by e-mail, post or phone using the contact details set out in this Privacy Policy.
Our use of cookies and similar technologies
Our Site uses certain cookies, pixels, beacons, log files and other technologies of which you should be aware. Please see our Cookie Policy to find out more about the cookies we use and how to manage and delete cookies.
Third Party contractors and other controllers
As mentioned above, we may appoint sub-contractor data processors as required to help us to deliver the Services, such as but not limited to, ixbrl tagging providers where we do so, they will process personal information on our behalf and at our direction. We conduct an appropriate level of due diligence and put in place necessary contractual documentation in relation to any sub-contractor to ensure that they process personal information appropriately and according to our legal and regulatory obligations.
Further, we may appoint external data controllers in common with us where necessary to deliver the Services, such as but not limited to, legal advisers valuers foreign accountants. Where we do so, we will comply with our legal and regulatory obligations in relation to the personal information including but without limitation (where necessary) putting appropriate safeguards in place to ensure any personal information is processed according to our legal and regulatory obligations.
Extra-EEA Transfers
If you are based within the EEA, please note that where necessary to deliver the Services we will transfer personal information to countries outside the EEA. Not all countries provide the same level of protection in relation to personal information as within the EEA. Where necessary to make such transfers, we will comply with our legal and regulatory obligations in relation to the personal information. This will includes having a lawful basis for transferring personal information and putting appropriate safeguards in place to ensure an adequate level of protection for the personal information.
How long do we keep your personal information for?
Regarding visitors to the Site, we will retain relevant personal information for at least 12 months from the date of our last interaction with you and in compliance with our obligations under the EU General Data Protection Regulation (or similar legislation around the world), or for longer where we are required to do so according to our regulatory obligations or professional indemnity obligations.
Regarding personal information we have processed as part of providing the Services to any client, we will retain relevant personal information for at least seven years from the date of our last interaction with that client and in compliance with our obligations under the EU General Data Protection Regulation (or similar legislation around the world) or for longer where we are required to do so according to our regulatory obligations or professional indemnity obligations. See our Terms of Business for further details.
If personal information is only useful for a short period e.g. for specific marketing campaigns, we may delete it.
Confidentiality and security of your personal information
We are committed to keeping the personal information provided to us secure and we will take reasonable precautions to protect personal information from loss, misuse or alteration.
We have implemented information security policies, rules and technical measures to protect the personal information that we have under our control from:
- unauthorised access;
- improper use or disclosure;
- unauthorised modification; and
- unlawful destruction or accidental loss.
All of our members, employees, workers and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with, the processing of personal information, are obliged to respect the confidentiality of the personal information of all visitors to the Site and all users of our Services.
How to access your information and your other rights?
You have the following rights in relation to the personal information we hold about you. Please note that these rights are subject to certain exemptions which may be applicable to any request you make:
Your right of access..
If you ask us, we’ll confirm whether we’re processing your personal information and, subject to any applicable exemptions, provide you with a copy of that personal information (along with certain other details) within the timescales or extended timescales provided for by the GDPR for complex requests, or as applicable provide you will an explanation of why we will not be complying with your request. If you require additional copies, we may need to charge a reasonable fee.
Your right to rectification.
If the personal information we hold about you is inaccurate or incomplete, you’re entitled to have it rectified. If you are entitled to rectification and if we’ve shared your personal information with others, we’ll let them know about the rectification where possible and where this would not involve disproportionate effort. If you ask us, where possible and lawful to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
Your right to erasure.
You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable because that was the legal basis on which we were processing your personal data). If you are entitled to erasure and if we’ve shared your personal information with others, we’ll take reasonable steps to inform those others where possible and where this does not involve disproportionate effort. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
Your right to restrict processing
You can ask us to ‘block’ or suppress the processing of your personal information in certain circumstances such as where you contest the accuracy of that personal information or you object to us. If you are entitled to restriction and if we’ve shared your personal information with others, we’ll let them know about the restriction where it is possible for us to do so and does not involve disproportionate effort. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal information with so that you can contact them directly.
Your right to data portability
With effect from 25 May 2018, you have the right, in certain circumstances, to obtain personal information you’ve provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
Your right to object
You can ask us to stop processing your personal information, and we will do so, if we are:
- relying on our own or someone else’s legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing; or
- processing your personal information for direct marketing.
Your rights in relation to automated decision-making and profiling.
You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
Your right to withdraw consent.
If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.
Your right to lodge a complaint with the supervisory authority.
If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal information, you can report it to the Information Commissioner’s Office (ICO) in the UK where your concern relates to HaysMac LLP You can find details about how to do this on the ICO website or by calling their office on 0303 123 1113.
Collection of information by third-party sites and sponsors
The Site contains links to other sites whose information practices may be different from ours. Visitors should consult the other sites’ privacy notices as we have no control over information that is submitted to, or collected by, these third parties.
Changes to this Privacy Policy
We may make changes to this Privacy Policy from time to time.
To ensure that you are always aware of how we use your personal information we will update this Privacy Policy from time to time to reflect any changes to our use of your personal information. We may also make changes as required to comply with changes in applicable law or regulatory requirements. We will notify you by e-mail of any significant changes. However, we encourage you to review this Privacy Policy periodically to be informed of how we use your personal information.