Skip to Content

Privacy Policy

Welcome to Hewitsons LLP’s privacy policy.

Hewitsons LLP respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Hewitsons LLP is the controller of the personal data that it collects from you or otherwise receives and is responsible for your personal data. This means that it determines the purpose and means of the processing of your personal data and will process your personal data in accordance with this policy. Occasionally we may act as a processor of data on behalf of a client, for example, where we collect personal data on trustees for the purpose of completing the HMRC trust register on the client’s instructions.

1.   Definitions

we / our / us  

  Refers to Hewitsons LLP, a limited liability partnership registered in England and Wales under registered number OC334689 whose registered office is at Shakespeare House, 42 Newmarket Road, Cambridge, CB5 8EP, regulated and authorised by the Solicitors Regulation Authority;
personal data

  means any information relating to an identified or identifiable natural person. An ‘identifiable natural person’ is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 
Special categories of personal data and details of criminal offences   means data relating to your racial or ethnic origin; your political opinions; your religious beliefs or other beliefs of a similar nature; your membership of a trade union; your physical or mental health or condition; your sexual life; your sexual orientation; your biometric or genetic data; the commission or alleged commission by you or any offence; or any proceedings for any offence committed or alleged to have been committed by you, the disposal of such proceedings or the sentence of any court in such proceedings; and
UK GDPR   means the retained UK law version of the General Data Protection Regulation ((EU) 2016/679). Personal data is subject to the legal safeguards specified in the UK GDPR.


2.   The Data we collect from you

2.1    As described above, personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

2.2    We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

2.2.1    Information you give us: This is information about you that you give us: by contacting us via our website or filling in online forms on our website at www.hewitsons.com (our website); or by communicating with us by post, telephone, e-mail or otherwise. The information you give us may include: your name; contact details; identification documents such as your passport and driver’s licence as well as documents that include your National Insurance number and tax identification number; information about you in connection with the matter on which you require our advice or services; financial information such as credit searches, bank account and credit card information; biographical information; information about your job, background, interests and personal life; images captured by CCTV cameras at our offices; marketing and communications information, including your subscription preferences in receiving marketing materials from us and your communication preferences; and expressions of opinion about you. Please be aware that if you fail to provide to us information that we ask for, we may be unable to provide our services to you or otherwise fulfil your requirements. It is important that we hold current and accurate information about you, so please provide us with any appropriate updates.

2.2.2    Information we collect about you: In respect of each of your visits to our website we will automatically collect the following information: 

2.2.2.1    technical information, which may include the Internet protocol (IP) address used to connect your computer or other device to the Internet, your login information, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform; and

2.2.2.2    information about your visit to our website, which may include the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), pages you viewed or information you searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from pages.

2.2.3    Information we receive from other sources: We may receive information about you from third parties such as: other professional advisers, consultants and administrators; financial institutions and financial advisers; witnesses, opponents, courts, arbitration panels and tribunals; other parties and their advisers associated with legal proceedings or contract negotiations in which we are involved on your behalf; or from publicly available sources (such as Companies House, HM Land Registry and the Intellectual Property Office).

3.    Cookies 

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookies Policy

4.    How we use your personal data 

4.1    We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

4.1.1    We comply with the law. We will only use your personal data to the extent that the law allows us to do so. Under the UK GDPR we will rely on one or more of the following legal bases for processing your personal data:

4.1.1.1    where it is necessary to perform a contract we have entered into or are about to enter into with you;

4.1.1.2    where we need to comply with our legal and professional obligations to our clients and to third parties. This includes, for example, our professional and contractual duties to our clients, the courts and our regulators. It also includes other legal obligations that we have, for example, in respect of anti-money laundering;

4.1.1.3    where it is necessary for the purposes of our legitimate interests (or those of a third party) and your interests or fundamental rights and freedoms do not override those interests. Our ‘legitimate interests’ means our interests in conducting and managing our business and providing services to our clients. In assessing our legitimate interests, we make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests; and

4.1.1.4    where you have given us your consent.

4.1.2    Information you give us. We will use this information to the extent that it is appropriate to do so: 

4.1.2.1    to process an enquiry received from you, or to respond to an expression of interest from you regarding our services;

4.1.2.2    to carry out our obligations arising from any contracts entered into between you and us, and to pursue our rights in relation to any such contract;

4.1.2.3    to provide you with marketing communications such as newsletters, updates about legal developments and information about our services, and to invite you to events and seminars that we think may be of interest to you. From time to time we may host these events with other organisations. If you register to attend we may share your contact details with the other organisation, but only for the purposes of the relevant event;

4.1.2.4    to provide payments, rebates or other benefits to you;

4.1.2.5    to request feedback and comments from you on our services or to provide information to you which may be of interest to you;

4.1.2.6    to notify you about changes to our services or the terms on which we provide our services;

4.1.2.7    to try to ensure that content from our website is presented in the most effective manner and appropriate format for you and for your computer, tablet or mobile device; and

4.1.2.8    to process any application which you may have made for employment with, or engagement by us.

4.1.3    Information we collect about you. We will use this information to the extent that it is appropriate to do so: 

4.1.3.1    to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; 

4.1.3.2    to improve our website to try to ensure that content is presented in the most effective manner for you and for your computer or other device;

4.1.3.3    to allow you to participate in interactive features of our website or services, when you choose to do so;

4.1.3.4    as part of our efforts to keep our website and IT systems safe and secure; and 

4.1.3.5    to make suggestions and recommendations to you and other users of our website about our services that may be of interest to you or them. 

4.1.4    Information we receive from other sources. We will use this information to the extent that it is appropriate to do so to combine with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

4.1.5    Special categories of personal data and details of criminal offences. Certain personal data is subject to additional safeguards. We may process some special categories of personal data and details of criminal offences in order to: comply with legal or regulatory obligations; comply with our contractual duties; comply with our legal and professional obligations; establish or defend legal claims; or otherwise with your consent.

4.2    We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

4.3    If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

4.4    Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5.    Personal data of children 

If our legal advice, services or representation on your behalf in any particular matter involves a child or children below the age of 16 years, we will process the personal data of such child or children only if and to the extent that consent to such processing is given or authorised by a parent or guardian of the child or children concerned. In these circumstances we will explain to the parent or guardian why we need any personal data relating to the child or children and how it will be used, both when we first collect the data and as the particular matter progresses.

6.    Marketing Communications 

6.1    We may use your personal data to send you marketing communications (by email, telephone or post) including newsletters, updates about legal developments that might be of interest to you and/or information about our services, including any new or restructured services.

6.2    We have a legitimate interest in processing your personal data for our marketing and business development purposes. This means that we do not usually need your consent to send you newsletters, legal updates and information about our services. However, where consent is needed, for example to send you electronic communications, we will ask for this consent separately and clearly.

6.3    We will always treat your personal data with the utmost respect, and we will never sell or share it with other organisations for marketing purposes.

6.4    You have the right to opt out of receiving marketing communications at any time by sending an email to marketing@hewitsons.com or by using the ‘unsubscribe’ link in our emails. Where you opt out of receiving these marketing communications, this will not apply to personal data provided to us as a result of a product/service experience or other transactions. 

7.    Disclosure of your personal data 

7.1    We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.

7.2    We may share your personal data with selected third parties set out below including:

7.2.1    other lawyers and professional advisers who we instruct on your behalf or to whom we refer you for other services, and other third parties where necessary to carry out your instructions or complete any matter for you (for example, Companies House, HM Land Registry and the Intellectual Property Office);

7.2.2    courts, arbitration panels, tribunals and other judicial authorities, in relation to any legal proceedings or settlement negotiations in which we have been instructed to represent you, and persons appointed to mediate or resolve any dispute in which you are involved and in relation to which we have been instructed to represent you;

7.2.3    companies and other organisations providing IT and other business support services to whom we outsource certain functions required in relation to our business, for example, archiving, shredding, taxi and courier, translation, disaster recovery, and hardware/software support and development services (outsource providers);

7.2.4    relevant parties and/or their professional advisers if there is a merger, acquisition, change of control, joint venture, sale or other similar arrangement involving Hewitsons LLP;

7.2.5    our insurers, advisers, auditors, and external assessors, public authorities including HMRC or other bodies as required so as to comply with our insurance, legal or regulatory obligations;

7.2.6    cloud service and other IT services providers, including the entity that hosts our website, for the purposes of storage of data and the provision of hosting services;

7.2.7    analytics and search engine providers that assist us in the improvement and optimisation of our website; and

7.2.8    credit card processors and other payment services providers, for the purposes of effecting payments by or to you.

7.3    We only allow our outsource providers and other service providers to handle your personal data if we are satisfied that they take appropriate measures to protect your personal data. We also impose contractual obligations on our outsource providers and other service providers to ensure that they can only use your personal data to provide services to us and to you.

8.    INTERNATIONAL TRANSFERS

8.1    In the course of delivering services to you and carrying out some of the activities referred to in this policy, it is sometimes necessary to transfer your personal data outside of the UK, for example: if you or our outsource providers are based outside of the UK; if there is an international dimension to the matter on which we are advising you; or if one of our lawyers or members of staff needs to access it remotely while they are travelling outside the UK. 

8.2    Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

8.2.1    We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; and 

8.2.2    Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

8.3    In addition to the safeguards referred to in paragraph 8.2, a transfer of your personal data outside of the UK may take place based on the conditions and requirements in Article 49 of the UK GDPR. This may involve obtaining your explicit consent to the proposed transfer or we may make the transfer if it is necessary for the performance of a contract between us. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

8.4    Where necessary we have entered into contracts with our outsource providers and other third parties with whom we may share your personal data to ensure that your personal data is not transferred outside of the UK without one or more of the safeguards referred to in paragraph 8.2 being implemented, or unless the conditions and requirements in Article 49 of the UK GDPR have been met. 

9.    DATA SECURITY

9.1    We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

9.2    We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

10.    DATA RETENTION

10.1    We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

10.2    To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. 

10.3    In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

11.    YOUR LEGAL RIGHTS

11.1    Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:

11.1.1    Request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.

11.1.2    Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

11.1.3    Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data in certain other circumstances, namely where you have successfully exercised your right to object to processing (see paragraph 11.1.4 below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with applicable law. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

11.1.4    Object to processing of your personal data where we are relying on our legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

11.1.5    Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example, if you want us to establish its accuracy or the reason for processing it.

11.1.6    Request the transfer of your personal data to you or to another person or entity. In that case we will provide to you, or to the person or entity to whom you wish us to transfer your personal data, your personal data in a structured, commonly used, machine-readable format.

11.1.7    Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

11.1.8    Lodge a complaint with the UK Information Commissioner’s Office (ICO) or another applicable regulator. If you have any complaints about the way in which we process your personal data please do contact us, as set out in paragraph 14 below, as we would appreciate the opportunity to resolve your complaint.

11.2    You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

11.3    We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

11.4    We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

11.5    If you wish to exercise any of the rights set out above, please contact us using the contact details provided as set out in paragraph 14 below.

12.    Other Websites 

Our website may, from time to time, contain links to third party websites, plug-ins or applications. If you follow any of these links, please note that the providers of these other websites, plug-ins and applications may have their own privacy policies and we do not control these third-party websites and we have no responsibility for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every websites you visit.

13.    Changes to our privacy policy and your duty to inform us of changes 

13.1    We keep our privacy policy under regular review. Any changes we make to this policy in the future will be posted on our website and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this policy.

13.2    It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

14.    Contact 

Any questions about this privacy policy or our privacy practices should be sent by email to dataprotection@hewitsons.com, or sent by post to our Risk & Compliance Partner, Rebecca Austin, c/o Hewitsons LLP, Shakespeare House, 42 Newmarket Road, Cambridge, CB5 8EP.