Privacy policy

1. Introduction

Hamlins LLP (“we/us”) are a limited liability partnership incorporated under the Limited Liability Partnership Act 2000 with the registered number OC314426 and have our registered office at 1 Kingsway, London WC2B 6AN.

We are committed to protecting your personal data. This privacy policy gives you detailed information on when and why we collect your personal data, how we use it and how we keep it secure. Please read this policy carefully alongside our Cookie Policy and our Data Retention Policy to understand our views and practices regarding your personal data and how we will treat it.

More information can be provided on request. Definitions, and words in bold type, are defined in the Appendix at the end of this privacy policy.

2. Our responsibilities

For the purpose of the applicable Data Protection Legislation, we are the data controller of any personal data we process. As a data controller, we are responsible for ensuring our systems, processes, suppliers and People comply with Data Protection Legislation in relation to the personal data we handle.

We provide our People with training and require our People to comply with this privacy policy, our Cookie Policy and our Data Retention Policy when dealing with personal data.

We take Personal Data Breaches very seriously, and are required to notify the Information Commissioner’s Office in the event of such a breach.

When using, collecting and disclosing personal data, we follow the core data protection Principles underlying the Data Protection Legislation.

We have policies, procedures and records to demonstrate compliance with the Principles. Please contact us for further information on these policies, procedures and records.

3. How we collect, use and disclose your personal data

Generally, we collect your personal data when you interact with us (for example, when entering into a relationship with us as a Client, a third party service provider or one of our People). However, from time to time we also need to collect personal data from other third parties in connection with our relationship with you. We also look at how our users access and use our Website, so we can offer the best possible experience. The following tables, available by clicking the dropdowns, summarise how we collect, use and disclose your personal data:

4. Transfer of Data between Jurisdictions and use of suppliers

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). We also use suppliers in connection with the operation of our business and they may have access to the personal data we process.  For example, an IT supplier may collect data on our behalf and/or see our personal data when providing software support, or a company which we use for a marketing campaign may process contacts’ personal data for us. When contracting with suppliers and/or transferring personal data to a different jurisdiction, we take appropriate steps to ensure that there is adequate protection in place and that the Principles are adhered to.

5. Your rights

Personal data must be processed in line with an individual’s rights, including the right to:

  • request a copy of their personal data;
  • request that their inaccurate personal data is corrected;
  • request that we stop processing your personal data;
  • request that their personal data is deleted and destroyed when causing damage or distress;
  • to object to the processing to of your personal data and;
  • opt out of receiving electronic communications from us.

Should you wish to make a request in line with your rights as an individual, please forward it to us using details provided in the contacts section at the end of this privacy policy.  Our People must notify or inform our Data Protection Officer immediately if they receive such a request. If such request is deemed excessive Hamlins maintains the right to charge a proportionate fee.

The Data Protection Legislation gives you the right to access information held about you. Your right of access can be exercised in accordance with the Data Protection Legislation (as applicable).

6. Security

Information security is a key element of data protection.  We take appropriate measures to ensure our systems, processes, suppliers and People secure personal data and protect it from loss or unauthorised disclosure or damage. Please contact us if you require further information regarding our policy and approach to information security.

7. Computer Security

Keep yourself safe from malware and viruses with adequate, up to date security on your computer. You can usually download free basic protection from providers such as AVG and McAfee, but for more comprehensive cover, it’s best to choose security software. Keep your software switched on and up to date, and make sure that your operating system has the latest updates. It’s a good idea to run regular scans on your computer.

When you’re opening emails, be careful. Don’t click on links to download files or open attachments you haven’t asked for, or aren’t expecting, as they may contain viruses. Back up all your files so they’re available if the worst happens and your computer is infected by a virus.

8. Cookies

Our Website uses cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you browse our Website and also allows us to improve our Website.  For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

9. Links to other websites

We sometimes provide you with links to other websites, but these websites are not under our control. We will not be liable to you for any issues arising in connection with their use of your information, the website content or the services offered to you by these websites.

We recommend that you check the privacy policy and terms and conditions on each website to see how each third party will process your information.

10. Changes to our privacy policy

We keep our privacy notice under regular review. If we make changes to our Privacy Policy that affect how we handle your data, we will let you know by email. Minor changes will not be notified. You can check our Privacy Policy at this page at any time. This privacy notice was last updated on 21 April 2023.

11. Contacts and complaints

Questions, comments and requests regarding this privacy policy are welcomed and should be made to

You should direct all complaints relating to how the firm has processed your personal data to our Data Protection Officer.

Our People must inform our Data Protection Officer immediately if they receive a complaint relating to how we have processed personal data so our complaints procedure can be followed.

We hope that we can resolve any query or concern you raise about our use of your personal information.

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws has occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at

Date updated 21 April 2023


Client: a current or prospective Hamlins client being someone who engages us to provide them with legal advice.

Controller: a personal/organisation who determines the purpose for which, and the manner in which, any personal data is processed.

Data Protection Legislation: the Data Protection Act 1998 and any other applicable laws relating to the processing of personal data including the Privacy and Electronic Communications (EC Directive) Regulations 2003 and all related regulations, regulatory codes of practice, opinions and guidance issued from time to time, including by the Information Commissioner, and in each case any amending, superseding or replacement applicable law including (from and including 25 May 2018, where applicable) the General Data Protection Regulation 2016/679/EU.

People: all people providing services to or working for us, including but not limited to our employees, directors, members, and contractors.

Personal data: information (including opinions) which relates to an individual and from which he or she can be identified either directly or indirectly through other data which we have or are likely to have in our possession. These individuals are sometimes referred to as data subjects.

Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed by an organisation electronically. A personal data breach may mean someone outside the organisation gets unauthorised access to personal data, but a breach can occur if there is unauthorised access within the organisation or if an employee accidentally alters or deletes personal data.

Principles: these core principles specify personal data should be: processed lawfully, fairly and in a transparent manner; collected for specified, explicit and legitimate purposes; adequate, relevant and limited to what is necessary; accurate and, where necessary, kept up to date; kept for no longer than is necessary; processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Additionally, organisations must adhere to the principle of accountability.

Process: the ‘processing’ of personal data captures a wide range of activities, and includes obtaining, recording and holding personal data and performing any operation of the personal data (including erasure/destruction).

Processor: any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

Purpose: the purposes identified in the “Purpose” column of the tables in section 3 of this privacy policy (How we collect, use and disclose your personal data), as applicable.

Third party: a person, organisation or other body other than the data subject, controller or processor.

Website: (including all pages linked within the site map).