Added value, client relationship and marketing activities
We undertake a range of activities designed to provide added value for our clients and business contacts and to build on our already excellent relationships with you.
While we want to keep you fully aware of all of the services we offer, we are keen to ensure that we are not responsible for sending you with unwanted marketing material. We therefore do our best to tailor the information and invites we send out. To do this we store information about your professional and personal interests and communication preferences. We also track your level of engagement with us including via our on-line and digital platforms.
The data protection legislative framework recognises that it is in our legitimate business interests to collect and use personal information for marketing reasons. We do not need your consent to do this lawfully, but we are obliged to inform you that you have a right to object to this. The law also allows us to send marketing communications by electronic means to our existing clients and business contacts without needing consent. Again, you have the right to object to this activity if you wish.
We take the view that we can keep information for marketing purposes indefinitely, and keep communicating with you from time to time, until and unless you ask us to stop. When we send you information about the services we offer or invitations to our events, we always include a simple “unsubscribe” option. If you have any difficulty using it or wish to find out more about this activity please contact us.
Sources of information
The personal information we have comes from a range of sources.
- You give us your personal information directly, when you engage with us, including via our websites or digital media channels
- We obtain additional information in the course of undertaking checks in order to comply with our statutory and regulatory obligations or where such checks are in our legitimate business interests
- We obtain and generate personal information in the course of providing legal or financial services and assisting you with obtaining funding and insurance
- We obtain contact details and other information from our business contacts
- We collect information from publicly available sources such as telephone directories, social media, the internet and news articles, and occasionally buy marketing lists of business contacts
- We collect personal information while monitoring our technology tools and services, including our websites, email and social media communications. For information about our use of tracking devices and cookies, please refer to our Cookies policy.
If you wish to give us personal information about another person, please speak to us to ensure that you are legally entitled to give us the information and for advice on whether you need to inform that person.
Sharing your personal data
A number of third parties may have access to your personal information or we may share or send it to them. In order for us to provide our services to you certain third parties may also collect personal data about you on our behalf. This includes:
- Suppliers, bound by obligations of confidentiality, who provide goods, services and professional advice to us to help us run our businesses
- Credit reference agencies to help us undertake identity and credit checks
- Third parties engaged in the course of services we provide to clients such as experts, counsel, other professional advisers, funders and insurance providers
- Third parties involved in our clients’ matters such as counterparties in litigation and transactions, their representatives and other advisers, courts and tribunals, government agencies and law enforcement agencies
- Third parties who wish to offer our financial advice clients’ financial products
- Third parties who capture and manage client advice outcomes on behalf of our financial services clients
We may also be required to share personal information with regulatory authorities, government agencies and law enforcement agencies. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
We do not sell, rent or otherwise make personal information commercially available to any third party.
The firm uses a telephone answering service, to provide switchboard and telephone answering services. As part of this service the provider will take personal details, included but not limited to contact details, about you to allow them to notify us that you have called us and so that we may call you back.
Hugh James Trust Corporation Limited and PRD Trust Corporation Limited
A trust corporation is a company which can hold assets in England and Wales as well as abroad, as defined by s68(18) of the Trustee Act 1925. Trust corporations can act as, amongst other things, executors and trustees, attorneys and deputies.
Hugh James Trust Corporation Limited (HJTC) and PRD Trust Corporation Limited (PRDTC) are wholly owned by the partners of Hugh James. They are non-trading entities and do not have any employees.
HJTC and PRDTC do not undertake any work themselves but, rather, instruct Hugh James to undertake on its behalf any work which it is required to undertake in matters where it is appointed. Hugh James undertakes work for HJTC and PRDTC in exactly the same way and on exactly the same terms as it does for any other client. A limited number of senior members of Hugh James are empowered to take decisions on behalf and sign documents on behalf of Hugh James Trust Corporation Limited.
Any data processed for the purposes of HJTC and PRDTC’s appointments will be processed by Hugh James and in accordance with this privacy policy.
Transfers outside the European economic area (EEA)
We do not send personal data outside the EEA as a matter of course. None of the service providers we use to help us run our businesses are based outside of the EEA.
Transfers of personal data outside the EEA can arise where we are acting for individuals or business clients with interests outside the EEA, such as in the following circumstances:
Where we are acting for individual clients that:
- live outside the EEA
- have assets or relatives based outside the EEA
- work or have worked for businesses that have operations based outside the EEA
- have had accidents outside the EEA
- have a reason to make a claim against a business, individual, trust, estate or organisation based outside the EEA
Where we are we acting for or in conjunction with businesses or organisations that:
- have operations or employees / contractors that based outside the EEA
- buy goods or services from businesses or organisations that are based outside the EEA
- are entering into transactions with business, organisations or individuals based outside the EEA
- have potential legal disputes with a business, individual, trust, estate or organisation based outside the EEA.
If we are required to transfer personal data outside of the EEA, we will ensure that we do so in a legally compliant manner and take steps to ensure the information is protected in the same way as if it was being used in the EEA. If you are affected, you should discuss this with the lawyer acting for you who will explain the particular safeguards that we will put in place.
Choosing not to give personal information
If you choose not to provide us with certain personal data you should be aware that we may not be able to offer you certain services. For example, we cannot act for you unless we are able to check your identity and run anti-money laundering checks.
Keeping personal information
Our policy is to not hold personal information for longer than is necessary. We have established data retention timelines for all of the personal information that we hold based on why we need the information. The timelines take into account any statutory or regulatory obligations we have to keep the information, our ability to defend legal claims, our legitimate business interests, best practice and our current technical capabilities. We have developed a Data Retention Policy that captures this information. We delete or destroy personal information securely in accordance with the Data Retention Policy.
Security
We are strongly committed to information security, and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us including the use of encryption and pseudonymisation. We have Cyber Essentials Plus certification. If you wish to discuss the security of your information, please contact us.
Individual rights
You have a number of rights in relation to your personal data which we have. Not all of the rights apply in all circumstances. If you wish to exercise any of the rights, please contact us in the ways detailed below:
- You have a right of access to the personal information we hold about you
- You have the right to ask us to correct any information we hold about you that you think is wrong or incomplete
- You have the right to object to any processing of your personal information where we are relying on a legitimate interest to do so, and you think that your rights and interests outweigh our own and you wish us to stop. There may, however, be legal or other legitimate reasons why we need to keep or use your information. If this is the case, we will consider your request and explain why we cannot comply with it. You can ask us to restrict the use of your personal information while we are considering your request.
- You have the right to object if we process your personal data for the purposes of direct marketing. If you no longer want to receive communications from us, please contact us. We will stop sending you communications but will continue to keep a record of you and your request not to hear from us. If we deleted all of your information from our direct marketing databases, we would have no record of the fact that you have asked us not to communicate with you and it is possible that you may start receiving communications from us at some point in the future, if we obtain your details from a different source.
- You have the right to ask us to delete your information. This is also known as the right to be forgotten or to erasure. We will not always agree to do this in every case as there may be legal or other legitimate reasons why we need to keep or use your information. If this is the case, we will consider your request and explain why we cannot comply with it. You can ask us to restrict the use of your personal information while we are considering your request.
- Where our processing of your personal information is based on your consent, you have the right to withdraw it at any time. Please contact us if you want to do so.
- You may have a right to obtain the personal information that you have given us in a format that be easily re-used and to ask us to pass this personal information on in the same format to other organisations. Please contact us to find out if this right applies to you.
Contact us
If you wish to exercise any of your rights under GDPR or if you are unhappy with the way in which we have used your personal data, please contact our Head of Compliance and Quality, Joanne Cromwell on 029 2267 5241 or by email at [email protected] or by post to Hugh James, Two Central Square, Cardiff, CF10 1FS.
You also have the right to complain to the Information Commissioner’s Office (ICO). Visit the ICO website to find out how to report a concern.
Changes to this privacy notice
This privacy notice was last updated on 22 February 2024. We keep this privacy notice under regular review and may change it from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We would encourage you to check this privacy notice for any changes on a regular basis.