Privacy Policy

This policy explains how Hayhills collects, uses and protects personal data in accordance with UK data protection law.

Last Updated: 10 May 2026

Hayhills Limited trading as Hayhills Legal Advisory (“Hayhills”, “we”, “our” or “us”) respects your privacy and is committed to protecting personal data responsibly, transparently and in accordance with applicable data protection laws.

This Privacy Policy explains how Hayhills collects, uses, stores, shares and protects personal data when:

  • you visit or interact with our website;
  • submit an enquiry;
  • upload documents;
  • communicate with us;
  • request information or advisory support;
  • engage Hayhills in relation to advisory services; or
  • otherwise interact with Hayhills in a professional or commercial capacity.

This Privacy Policy should be read together with our Website Terms and Conditions and Cookie Policy.

1. About Hayhills

Hayhills Limited trading as Hayhills Legal Advisory (“Hayhills”) is a commercial legal advisory consultancy providing non-reserved legal advisory services only.

Hayhills is not a firm of solicitors, is not authorised or regulated by the Solicitors Regulation Authority (“SRA”), and is not an authorised legal practice.

For the purposes of applicable data protection legislation, including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, Hayhills acts as a data controller in relation to personal data processed through this website and in connection with its advisory services.

2. Contact Details

Hayhills Legal Advisory
Hayhills Limited trading as Hayhills Legal Advisory
Registered address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, UK
Email: info@hayhills.com
Website: hayhills.com

If you have any questions regarding this Privacy Policy, your personal data, or your legal rights, please contact Hayhills using the details above.

3. The Types of Personal Data We Collect

Hayhills may collect, use, store and process different categories of personal data depending on the nature of your enquiry, engagement or interaction with us.

These categories may include:

Identity Data

Including:

  • full name;
  • title;
  • date of birth;
  • nationality;
  • passport or identification information;
  • and other identifying details.

Contact Data

Including:

  • residential or business address;
  • telephone numbers;
  • email addresses;
  • communication preferences;
  • and related contact information.

Financial and Transaction Data

Including:

  • billing information;
  • payment details;
  • bank account information;
  • transaction history;
  • invoices;
  • and payment records.

Advisory and Matter Data

Including:

  • enquiry information;
  • correspondence;
  • instructions;
  • dispute information;
  • contractual documentation;
  • employment-related information;
  • property-related information;
  • uploaded documents;
  • commercially sensitive information;
  • and related matter information voluntarily provided to Hayhills.

Technical and Usage Data

Including:

  • IP address;
  • browser type and version;
  • device identifiers;
  • operating system;
  • website usage information;
  • cookies;
  • analytics information;
  • traffic data;
  • and related technical information.

Marketing and Communication Data

Including:

  • marketing preferences;
  • newsletter subscriptions;
  • responses to communications;
  • event registrations;
  • and communication history.

4. Special Category Data and Sensitive Information

Depending on the nature of a matter, Hayhills may process limited categories of sensitive personal data, including information relating to:

  • health;
  • ethnicity;
  • family or relationship matters;
  • employment matters;
  • financial circumstances;
  • disputes;
  • allegations;
  • criminal offence information;
  • or other sensitive information voluntarily disclosed to Hayhills.

Hayhills will only process such information where:

  • there is an appropriate lawful basis;
  • processing is reasonably necessary;
  • and suitable safeguards are in place.

5. How Personal Data Is Collected

Hayhills may collect personal data through:

  • website enquiry forms;
  • direct communications;
  • telephone calls;
  • emails;
  • consultations and meetings;
  • document uploads;
  • payment processes;
  • referrals;
  • publicly available sources;
  • third-party professionals connected to a matter;
  • cookies and analytics technologies;
  • and other lawful interactions.

Information may also be received from:

  • clients;
  • counterparties;
  • consultants;
  • advisers;
  • law firms;
  • experts;
  • accountants;
  • public registers;
  • and other connected parties.

6. How Hayhills Uses Personal Data

Hayhills may process personal data for purposes including:

  • responding to enquiries;
  • assessing whether a matter is suitable for Hayhills;
  • carrying out conflict, compliance and risk checks;
  • providing advisory services;
  • preparing documents and correspondence;
  • communicating regarding matters;
  • arranging consultations and meetings;
  • processing invoices and payments;
  • maintaining internal records;
  • managing relationships;
  • administering the website;
  • improving website functionality and user experience;
  • monitoring website usage;
  • maintaining security and fraud prevention measures;
  • complying with legal, insurance, accounting and regulatory obligations;
  • protecting legal rights and commercial interests;
  • obtaining professional advice;
  • managing complaints, disputes or claims;
  • and sending updates or marketing communications where permitted by law.

7. Lawful Bases for Processing

Hayhills processes personal data only where lawful grounds exist under applicable data protection laws.

These may include:

Performance of a Contract

Where processing is necessary:

  • to provide requested advisory services;
  • to take steps prior to entering into an engagement;
  • or to perform contractual obligations.

Legitimate Interests

Where processing is reasonably necessary for:

  • operating and developing the business;
  • responding to enquiries;
  • managing relationships;
  • protecting legal and commercial interests;
  • maintaining records;
  • preventing fraud;
  • maintaining website functionality and security;
  • improving services;
  • and administering matters efficiently.

Hayhills seeks to balance its legitimate interests against the rights and freedoms of individuals.

Legal and Regulatory Obligations

Where processing is necessary to comply with:

  • applicable laws;
  • court orders;
  • taxation obligations;
  • anti-fraud obligations;
  • law enforcement requests;
  • insurance requirements;
  • or other lawful obligations.

Consent

Where consent is required, including:

  • certain marketing communications;
  • certain cookies;
  • or specific processing activities where applicable.

Consent may be withdrawn at any time.

8. Marketing Communications

Hayhills may send legal updates, newsletters, event invitations or other communications where:

  • consent has been provided; or
  • such communications are otherwise permitted by law.

You may unsubscribe or opt out of marketing communications at any time by:

  • using the unsubscribe facility;
  • or contacting Hayhills directly.

Hayhills does not sell personal data to third parties for marketing purposes.

9. Disclosure and Sharing of Personal Data

Hayhills may share personal data where reasonably necessary with:

  • consultants engaged by Hayhills;
  • external professional advisers;
  • accountants;
  • insurers;
  • IT and hosting providers;
  • CRM and communication providers;
  • website developers;
  • analytics providers;
  • payment processors;
  • document management providers;
  • regulated solicitors, barristers or law firms where referral or specialist support is required;
  • public authorities;
  • courts;
  • regulators;
  • law enforcement agencies;
  • and other lawful recipients where necessary.

Hayhills requires third parties processing personal data on its behalf to respect confidentiality, security and applicable data protection laws.

10. International Transfers

Certain matters may involve overseas elements, overseas counterparties or overseas professional advisers, including India-related matters.

Where personal data is transferred outside the United Kingdom, Hayhills will take reasonable steps to ensure that appropriate safeguards and protections are implemented in accordance with applicable data protection laws.

11. Data Security

Hayhills takes reasonable technical, administrative and organisational measures to protect personal data against:

  • unauthorised access;
  • misuse;
  • accidental loss;
  • destruction;
  • alteration;
  • disclosure;
  • or unlawful processing.

Access to personal data is restricted to individuals who reasonably require access for legitimate business or advisory purposes and who are subject to confidentiality obligations where appropriate.

Whilst Hayhills seeks to protect personal data appropriately, transmission of information over the internet cannot be guaranteed to be completely secure.

12. Data Retention

Hayhills retains personal data only for as long as reasonably necessary for:

  • advisory purposes;
  • contractual purposes;
  • legal obligations;
  • insurance purposes;
  • accounting and taxation requirements;
  • dispute resolution;
  • limitation periods;
  • and legitimate business interests.

Retention periods may vary depending on:

  • the nature of the matter;
  • legal obligations;
  • risk considerations;
  • and operational requirements.

As a general guide:

  • enquiry information where no engagement follows may be retained for up to 12 months;
  • matter-related information may generally be retained for up to 6 years following conclusion of a matter unless longer retention is reasonably necessary.

Hayhills may anonymise certain information for research, analytical or operational purposes.

13. Your Rights

Under applicable data protection laws, individuals may have rights including:

  • the right to request access to personal data;
  • the right to request correction of inaccurate information;
  • the right to request erasure;
  • the right to object to processing;
  • the right to restrict processing;
  • the right to data portability;
  • the right to withdraw consent;
  • and the right to lodge a complaint with the Information Commissioner’s Office (“ICO”).

Certain rights are subject to legal exemptions and limitations.

Requests relating to personal data may be made using the contact details set out in this Privacy Policy.

14. Complaints

If you have concerns regarding how Hayhills handles personal data, please contact Hayhills first so that we may attempt to resolve the issue appropriately.

You also have the right to lodge a complaint with the Information Commissioner’s Office:

Information Commissioner’s Office (ICO)

15. Cookies and Website Technologies

Hayhills uses cookies and similar technologies in connection with the operation and functionality of this website.

Further information is available in our Cookie Policy.

16. Third-Party Websites and Links

This website may contain links to third-party websites, platforms or services.

Hayhills is not responsible for:

  • the privacy practices;
  • security;
  • content;
  • or operation of third-party websites or services.

Users should review the relevant privacy policies of any third-party websites visited.

17. Changes to This Privacy Policy

Hayhills may amend or update this Privacy Policy periodically to reflect:

  • operational changes;
  • legal developments;
  • regulatory guidance;
  • website developments;
  • or changes to services.

The latest version of this Privacy Policy will always be published on this website.

Continued use of the website following updates may indicate acceptance of the revised policy.