Skip to content

Last updated: 8-May-2018

Introduction

Thanks for reading our privacy notice. We’re a controller of personal information. This privacy notice tells you how we collect, use and share your personal information and what your rights are – and how to exercise them.

This notice applies to you if you are:

  • A private client: a private individual who is a client or prospective client
  • A client contact: a contact for us at a private sector, public sector or third sector client or prospective client
  • A client-related individual: an individual whose details we hold because we’ve acquired them in the course of providing legal or other professional services, normally because you are involved in some way in a case, transaction or other matter that also concerns our client, for example if you are on the other side of a contract negotiation
  • An intermediary/business associate: a third party intermediary or business associate, such as a contact at a firm of accountants, who we work with for business development purposes
  • A supplier: either an independent supplier such as counsel or other professional who provides services for our client’s benefit, or a business supplier, such as a sole trader or partnership or a contact for us at a corporate supplier who provides services to us as a business
  • A prospective employee: a job applicant/prospective employee, or a work placement or work experience student
  • An interested person: an individual who is not a client but is interested in our services, updates or events and who may receive updates or attend events, or who makes an enquiry
  • A relative of a member of our staff: a close family member or next of kin of a member of our staff, or
  • A website visitor: a visitor to our website who isn’t in any of the categories above.

This notice doesn’t apply to Ward Hadaway staff (partners, consultants, employees or other workers).

There are a couple of technical definitions to get out of the way first. Here they are.

By “personal information” we mean personal data as defined in UK data protection law. In general, it means any information relating to you, which identifies you or allows you to be identified. That may be your name, an ID number, location, an online identifier or factors specific to you (e.g. physical, physiology (thoughts, feelings), genetic, mental, economic, cultural or social factors).

By “sensitive” personal information we mean two things: 1. what’s technically known as “special categories” (personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health or data concerning an individual’s sex life or sexual orientation) and 2. criminal data (criminal offences or related security measures, including the alleged commission of offences, proceedings for an offence committed or alleged to have been committed or the disposal of those proceedings, including sentencing).

For ease, we’ve split this privacy notice up into 3 parts:

Part 1: Introduction and summary

Part 2: Important information about your rights in relation to consent and to object to our use of your personal information

Part 3: Key information required by the GDPR.

We’ve also got a separate cookie notice.

If you have any queries about this privacy notice, please contact us. Please see “Our identity and contact details” in section a of Part 3 below (Key information required by the GDPR) for our contact details.

Part 1: Introduction and Summary

Here’s a summary overview to help you navigate. Find yourself in the left hand column, then read across the table.

Type of individualOur main uses of your personal informationWhere to find out more
A private client: a private individual who is a client or prospective client; private clients buy our services for themselves rather than their businesses; for example, they may be buying or selling or re-mortgaging a home; need a power of attorney, want to make a will or get advice on succession planning; they may want a pre-nup or be going through a divorce; they may need tax advice; they may have been accused of or charged with a criminal offence; they may want advice and representation in a personal injury or road traffic claim; they may be getting advice as a private shareholder or investor, for a dispute with their employer or someone else, or about their position as a director or officer• To enter into a contract with you and to provide agreed services to you as our client.
• To keep accounts and records.
We may, if you consent, send you marketing newsletters (such as legal updates by email) and invite you to marketing events (such as seminars). Please note that we track whether our marketing emails are opened and whether links in the emails are clicked on. This is built into the emails and to stop this occurring you need to unsubscribe from the emails.
How to withdraw your consent or object to our use (where applicable)
Look in Part 2.
It tells you how to withdraw any consent you've given (see section j as well) and how to object to both direct marketing and to our use where it's based on a balancing test (called "legitimate interests") which involves weighing our interests or a third party's interests against your rights.
Other information
Look in Part 3; here's what's in the different sections.
• Sections a and b: our contact details
Section c: the purposes and legal basis for our use of your personal information
Section d: the legitimate interests often underpinning our use of your personal information
Section e: the types of personal information we may get from someone other than you
Section f: third parties with whom we may share your personal information
Section g: transfers (exports) of personal information
Section h: storage periods
Section i: your GDPR rights
Section j: withdrawing consent
Section k: complaints to the ICO
Section l: information you must provide (either by law or under a contract)
Section m: sources of personal information (where you aren't the source).
Private clients and client contacts can find further client-specific information in the letter of engagement and our terms of business.
A client contact: a contact of ours at a private sector, public sector or third sector client or prospective client• To enter into a contract with our client and to provide agreed services with our client, i.e. your employer or the company of which you're an officer.
• To keep accounts and records.
We may, if you don't object, send you marketing newsletters (such as legal updates by email) and invite you to marketing events (such as seminars). Please note that we track whether our marketing emails are opened and whether links in the emails are clicked on.
A client-related individual: an individual whose details we hold because we've acquired them in the course of providing legal or other professional services, normally because you are involved in some way in a case, transaction or other matter that also concerns our client; for example if you are on the other side of a contract negotiation, you are an employee where your employer is being sold (which you may not know about until it's happened) or you are a creditor of an insolvency practitioner that we act for – the possibilities are so wide ranging we can't list them all here• To provide agreed services to our client.
• To keep accounts and records.
An intermediary or business associate: a third party intermediary or business associate, such as a contact at a firm of accountants, who we work with for business development purposes• To develop our business with clients. We may, if you don't object, send you marketing updates and event invites. Please note that we track whether our marketing emails are opened and whether links in the emails are clicked on.
• To keep accounts and records.
A supplier: either an independent supplier such as counsel or other professional who provides services for our client's benefit, or a sole trader or partnership or a contact for us at a corporate supplier who provides services to us as a business• Independent suppliers: to provide agreed services to our client alongside your services.
• Business suppliers: to receive agreed services from you or your employer or company.
• To keep accounts and records.
A prospective employee: a prospective employee, work placement or work experience student • To evaluate your application and enter into a services or employment contract or similar contract with you.
An interested person: an individual who is not a client but is interested in our services, updates or events and who may receive updates or attend events, or who makes an enquiryTo provide you with the updates or events you have requested, or to respond to your enquiry. Please note that we track whether our marketing emails are opened and whether links in the emails are clicked on.
A relative of a member of our staff: a close family member or next of kin of a member of our staffOur member of staff may give us your name, address and date of birth which we may use to contact you in an emergency or to administer any family-based benefits.
A website visitor: a visitor to our website who isn't in any of the categories above.• We don't make any routine use of your personal information (such as an online identifier) other than in statistical form, i.e. Google Analytics statistics about the online footfall to our site. Unless you fill in a form on our website, we probably can't identify you.
Look in Part 3:
• Sections a and b: our contact details
Section i: your GDPR rights
Section k: complaints to the ICO
Section m: sources of personal information (where you aren't the source).
Please also see our cookies notice.

Part 2: Important information about your rights in relation to consent and to object to our use of your personal information

Your rights in relation to consent: You may, at any time, withdraw your consent or explicit consent to us using or transferring your personal information or sensitive personal information. Here’s a summary of how we may rely on your consent:

  • To send you direct marketing by email, if you are an “individual subscriber” (a term defined in ePrivacy law which includes consumers and unincorporated entities, e.g. sole traders and partnerships) such as a private client or perhaps an interested person
  • For some marketing-related purposes: for example if you are a client contact, we may ask you for consent to act as a referee for us, or to feature in a case study or press release
  • To use your sensitive personal information, if you tell us about a disability or health condition so we make reasonable adjustments or accommodate you and we don’t have another legal basis for that use
  • To use your sensitive personal information when we’re providing legal services, and we don’t have another legal basis for that use
  • To transfer (export) your personal information to a third country if there is no other basis for the transfer
  • To set and read cookies when you browse our site; we will rely on your browser settings to indicate your consent to the use of cookies on our website. To withdraw your consent, please adjust your browser settings. Please see our cookie notice for further details.

To withdraw your consent (other than for cookies), please contact us.

Please see:

  • section a in Key information required by the GDPR below for our contact details
  • sections c and g in Key information required by the GDPR below for further details of where we rely on your consent, and section j in Key information required by the GDPR below for further details of your right to withdraw consent.

Your right to object: You may, at any time, object to our direct marketing and to our use of your personal information which is based on our own or others’ legitimate interests. Here’s a summary of how we may use direct marketing and rely on our use being legitimate:

  • To send you direct marketing by email, if you work for a “corporate subscriber” (a term defined in ePrivacy law which includes companies and public sector bodies) and are a client contact or intermediary
  • To promote our business
  • To operate and improve our business
  • For client relationship management
  • For supplier relationship management
  • For network and information security
  • To report possible criminal acts/threats to competent authorities
  • To further our client’s legitimate interests.

You may object to our use on that basis. To exercise your right, please contact us.

Please see:

  • section a in Key information below for our contact details
  • section d in Key information below for further details of our reliance on the legitimate interests basis for processing, and section i in Key information below for further details of your right to object.

Part 3: Key information required by the GDPR

Here are important details about us and our use of your personal information.

RequirementOur details
a. Our identity and contact details

Identity and contact details and, where applicable, of the representative
Our principal office is at:
Sandgate House
102 Quayside
Newcastle upon Tyne
NE1 3DX
United Kingdom
Telephone: +44 (0)191 204 4000
Fax: +44 (0)191 204 4001
Email: privacy@wardhadaway.com
b. Data protection officer and queries
Contact details of the data protection officer, where applicable
We do not have a data protection officer.
For queries, comments or complaints, please contact us. Our contact details are in the "Identity and contact details" section a above. If calling, please ask for the Information Security Manager and please mark any correspondence for the attention of the Information Security Manager.
We are entered in the Information Commissioner's register of data controllers with registration number Z6533228.
c. Purposes and legal basis
The purposes of the use for which the personal information is intended as well as the legal basis for the use
Here is a summary of the purposes for which we use personal information and the legal bases for our use.
Here's a key to the second column:

Consent: your consent to one or more specific purposes

Contract: entering into a contract with you or performing a contract with you

Legal obligation: we're required by law to do this

Vital interests: to protect your own or another individual's vital interests (e.g. life or death situation)

Public task: we're required to do this because it's a duty of ours as a public body; or it's required in the public interest

Legitimate interests: we've identified this as a legitimate interest of ours or a third party; we consider that use of your personal information is necessary to achieve that legitimate interest; and we've balanced all that against your interests, rights and freedoms

The third column gets a bit more technical. Where we're dealing with sensitive personal information we need not one legal basis but two, from a different list (and the list is a lot longer).

The main ones are:
Explicit consent: your explicit consent to one or more specific purposes
Legal claims: to establish, exercise or defend a legal claim
Prevention/detection of unlawful acts: this is where we must use personal information without consent so as not to prejudice preventing or detecting unlawful acts
Regulatory requirements relating to unlawful acts and dishonesty etc.: this is where we must use personal information without consent to comply with (or help someone else comply with) a regulatory requirement that involves establishing if someone has committed an unlawful act or is dishonest etc.
Public domain: you've deliberately put your sensitive personal information into the public domain
Vital interests: that's the same as column 2 except it has to be where the individual is incapable (physically or legally) of giving consent.
You can find more details on the ICO website at https://ico.org.uk
Our purposes Legal basis (all personal information)Additional legal basis (sensitive personal information)
To enable us to provide legal services including advising and acting on behalf of our clients• Consent
• Contract
• Legal obligation
• Legitimate interests
• Explicit consent
• Public domain
• Legal claims
• Prevention/detection of unlawful acts
• Regulatory requirements relating to unlawful acts and dishonesty etc.
• Suspicion of terrorist financing or money laundering
Archiving in the public interest
To enable us to provide certain financial products and services as part of our normal professional services• Consent
• Contract
• Legal obligation
• Legitimate interests
• Explicit consent
• Legal claims
• Prevention/detection of unlawful acts
• Regulatory requirements relating to unlawful acts and dishonesty etc.
Suspicion of terrorist financing or money laundering
To provide advice and other professional services of an advisory, consultancy or intermediary nature, including town and country planning advice• Consent
• Contract
• Legal obligation
• Legitimate interests
• Explicit consent
• Legal claims
• Prevention/detection of unlawful acts
• Regulatory requirements relating to unlawful acts and dishonesty etc.
Suspicion of terrorist financing or money laundering
To maintain our accounts and records• Contract
• Legal obligation
• Legitimate interests
• Legal claims
• Prevention/detection of unlawful acts
• Regulatory requirements relating to unlawful acts and dishonesty etc.
Suspicion of terrorist financing or money laundering
To promote and advertise our services• Consent
• Legitimate interests
• Explicit consent
Public domain
To support and manage and train our prospective employees (where appropriate)• Consent
• Contract
• Legal obligation
• Vital interests
• Legitimate interests
• Explicit consent
• Employment, social security and social protection law
• Vital interests
• Public domain
• Legal claims
• Health or social care
• Equal opportunities
• Prevention/detection of unlawful acts
Regulatory requirements relating to unlawful acts and dishonesty etc.
To analyse data and produce reports for business planning and management• Legitimate interests• N/A
d. Legitimate interests
Our legitimate interests
Where the use of information is based on the legitimate interests condition, the legitimate interests pursuedTo operate and improve our business, which includes providing legal services (and some related financial services), consultancy services such as town and country planning advice and analysing data to produce reports for business planning and management
Client relationship management; this may include keeping your details on our marketing database, corporate hospitality and other client care activities and keeping accounts and records
Supplier relationship management; this will mainly be limited to keeping accounts and records but we also use it where appropriate to improve services to our clients; this may include information about your performance in providing services to us or to our clients; note that we have both independent suppliers, such as experts, counsel, enquiry agents and cost draftsmen, and suppliers who process personal information on our behalf, such as our IT service providers
Direct marketing and promoting our services; examples include:
o Keeping you informed of updates and events that we feel may be of interest to you based on your position, attendance at events or selection of "interested areas" when signing up for a newsletter (but for "individual subscribers" such as private clients, only with their consent)
o For our "Fastest 50": contacting you as a representative of your business to confirm details and invite you to take part so we can acknowledge successful local businesses.
o Obtaining contact and position details from publicly available sources such as Companies House
o Obtaining contact details of senior staff members in the NHS from a third party provider, Ingenium, to let them know about services we can offer
o Obtaining website statistics from Google Analytics
o If you are an intermediary, for example an accountant, using your contact details for business development purposes.
Network and information security; for example we use a range of tools to secure and protect our network and systems.
Reporting possible criminal acts/threats to competent authorities, where applicable.
Others' legitimate interests
We may also use your personal information because it is in our clients' legitimate interests as well as or instead of our own. For example if our client is entering into a contract with you or your business, we will have and use your name and contact details for our client's benefit.
e. Personal information collected indirectly – categories
The categories of personal information collected indirectly
We collect the following categories of personal information indirectly (e.g. from third parties):
Identity checks on individual clients and some officers of corporate clients for anti-money laundering purposes and to prevent fraud, from a credit reference agency (these are not credit checks).
Sanctions checks to ensure we do not deal with a sanctioned individual, from official sanctions lists, before engaging with a client.
A wide range of personal information, which may include sensitive personal information, from clients or third parties (e.g. other lawyers, the court, witnesses); we may be supplied with information about you under a court order or because another person or organisation is required by law to provide the information to us. If we receive information about you in confidence from a client, we cannot tell you we have that information because we would breach our professional duty of confidentiality to the client if we did. Nor can we provide you with your personal information where it's covered by legal professional privilege.
Personal details of senior NHS staff, being name, address, job title and contact details including telephone and email address, to promote our services, from a third party provider, Ingenium.
Contact details and job-related information from publicly available sources to keep our marketing database up to date, including Companies House and business websites, or to contact someone else involved in a matter or check a supplier before engaging them.
Relationship and contact details from a member of our staff, if they list you as next of kin or give us your details for the purpose of a family-related benefit.
Direct messages and other interactions, from the social media platforms we use (Twitter and LinkedIn).
f. Recipients
The recipients or categories of recipients of the personal information, if any
If you are a private client or a client contact, we may share your personal information with:
Credit reference agencies, such as Equifax, to run an ID verification check.
If you are a private client, a client contact, a client-related individual or independent supplier, we may share your personal information with:
Independent suppliers, such as experts, counsel, enquiry agents, accountants, cost draftsmen and other professionals, who may handle your personal information in the course of providing advice or in connection with legal or planning proceedings. They are required to respect and preserve the confidentiality of personal information. This is often in accordance a professional code of practice. Please see your client care letter and terms of business or speak to your adviser for further details of independent suppliers who may be involved in your matter. These suppliers will only be engaged when needed in order to progress your matter.
Official bodies, such as the courts or tribunals if you are involved in litigation, the Land Registry if you buy or sell a property, Companies House if you are an officer of a company, the UK Intellectual Property Office, Information Commissioner's Office etc. if and as appropriate. Please see your client care letter and terms of business or speak to your adviser for further details of official bodies who may be involved in your matter.
The National Crime Agency. We may be required by law to report suspicions that a criminal offence has or may have been committed to the National Crime Agency.
Insurers in relation to any claim or potential claim.
Other prospective clients or legal directories or readers of published materials, for example if you consent to be a referee, feature in a case study or provide a quote.
Auditors in relation to our compliance with accounting rules and (with client consent) in relation to our compliance with ISO quality standards.
If you are a contact at a prospective client we may share your information with:
Intermediaries/business associates. Where we give seminars and hold events in conjunction with intermediaries or business associates, we will write to you about the event ourselves rather than disclosing your details to those third parties although the third parties will be given your name and the name of the organisation you work for if you attend.
Bright Lights. We occasionally use a company called Bright Lights Limited for telemarketing purposes; they will be passed limited information in order to contact prospects or interested persons about services we have provided or to follow up on training offered.
Whoever you are, we may share your personal information with:
Business suppliers who process personal information on our behalf, such as our IT service providers. They will have incidental access to your personal information but will be obliged to keep it confidential, act only on our instructions, keep it secure, and help us with our data protection compliance where appropriate.
Another law firm in the context of a merger or acquisition between us and them, and with any successor firm to Ward Hadaway.
We will not otherwise disclose your personal information to any third party unless required or permitted to do so by law.
g. Transfers outside of the European Economic Area (EU member states, Norway, Iceland and Liechtenstein)
Where applicable, the fact that personal information is to be transferred to a third country or international organisation and the existence or absence of an adequacy decision by the European Commission, or in the case of transfers subject to appropriate safeguards or non-repetitive, limited transfers based on compelling legitimate interests, reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.
Our transfers
We do not, as a matter of course, transfer personal information to third countries or international organisations. Where we do, we will mostly rely on "derogations", for example that the transfer is necessary for the establishment, exercise or defence of legal claims, or to perform a contact with you or another contract which is in your interests. Occasionally, the transfer may be with your explicit consent.
In some cases if you are based outside the EEA, or part of the transaction takes place outside the EEA, we will be required to send your personal information outside the EEA to progress the work. Depending on which country is involved there may or may not be an "adequacy decision". There will almost certainly not be "appropriate safeguards" in place. See below for an explanation of these technical terms.
For example, if a US corporation had acquired your employer’s business, we might need to transfer your information to the US, a country outside the EEA.
Further information about transfer options and explanation of technical terms
Here is a short explanation of the options for transferring personal information to third countries or international organisations.
First, an "adequacy decision" which is a legal decision by the European Commission that adequate protection is provided by a country, territory, specified sector(s) or an international organisation. It is based on an assessment of the following: (a) rule of law and other legal considerations (b) existence and functioning of an independent supervisory authority and (c) international commitments and obligations/participation.
Secondly "appropriate safeguards" which may take several forms, including:
• standard data protection clauses adopted by the European Commission (known as "model clauses")
• other contract clauses that have been approved by the Information Commissioner
• "binding corporate rules" which apply to a group of companies or enterprises engaged in a joint economic activity
• an approved code of conduct or approved certification mechanism, which binds the organisation in the third country and can be enforced.
Thirdly, "derogations" (exceptions to the rules) such as legal claims, explicit consent or contact performance, which can only be used in the absence of an adequacy decision or appropriate safeguards. Please note that the absence of an adequacy decision and appropriate safeguards creates possible risks for individuals. In the EEA individuals have certain rights and remedies if the use of their personal information is unlawful. Individuals may not have the same rights and remedies if their personal information is used in a third country or by an international organisation.
h. Storage period
The period for which the personal information will be stored, or if that is not possible, the criteria used to determine that period
Job applicants and other prospective employees
If you send a speculative CV and there is no position available, we may hold your personal information for up to 6 months.
If you apply to be a trainee but do not join us, we may hold your personal information for up to 18 months.
If you join us on a work placement or on work experience, we may hold your personal information for up to 12 months.
Relatives of members of staff
If we hold your details as next of kin or in connection with benefits provided to members of staff, we may hold your personal information for the duration of employment or (if in connection with benefits) as long as the benefit is applicable to the employee, partner or consultant.
Business suppliers
We may hold contact data, transaction details and feedback on our suppliers for up to 7 years after the end of the business relationship, for tax purposes.
Intermediaries and business associates, private clients and client contacts
We will hold your personal information in our marketing database until you are asked to be removed from it.
Website visitors
The cookies placed on your device will be readable by our site until they expire or you clear them or dispose of your device. Please see our cookie notice for further details.
Client files
If you are a private client, a client contact, a client-related individual or independent supplier, your information will be held on our client files.
Client files may contain personal information of clients and anyone else involved in the matter or transaction. The default period for which we will store client files is 6 years, starting from file closure. This may be increased based on the nature of transaction and area of work, as set out below. Where applicable, these retention periods may be extended where we retain personal information for compliance with legal or regulatory obligations (such as anti-money laundering laws or professional obligations to conflict check) or for the purpose of legal claims.

Areas of WorkYears
Litigation6
Crime6
Debt Collection6
Immigration6
Personal injury6
Property sales of whole10
Children18
Commercial Property10
Commercial Transactions10
Financial Services10
Matrimonial18
ProbateIndefinite
Property sales of part10
Residential Property purchases10
Sale of leasehold property10
Secured lending10
Change of NameIndefinite
Company formationIndefinite
Court of protectionIndefinite
Declaration of trustsIndefinite
Estate AccountsIndefinite
Partnership agreementsIndefinite
Patents / Intellectual PropertyIndefinite
PensionsIndefinite
InvestmentsIndefinite
Power of AttorneyIndefinite
SettlementsIndefinite
Tax10
TrustsIndefinite
Wills / codicilsIndefinite

i. Individual rights
The existence of the right to request access to and rectification or erasure of personal information or restriction of use concerning the individual or to object to use as well as the right to data portability
You have rights to make a request to us:
• for access to your personal information
• for rectification or erasure of your personal information
• for restriction of processing concerning you
• to object to our processing which is based on legitimate interests
• to object to direct marketing
• to port (transfer) personal information you have provided to us, either to you or to another provider.
These rights are more complicated than the simple summary above. To find out more about them, please visit the Information Commissioner's website. To exercise your rights, please contact us. If you would prefer to complete a form, please ask us and we will send you one. Our contact details are in the "Identity and contact details" section a above.
Please make it clear which right(s) you want to exercise, for example by putting "right to object" in the subject line of the email if you wish to exercise the right to object. Thank you.
j. Withdrawal of consent
Where the use is based on consent (for ordinary or sensitive personal information), the existence of the right to withdraw consent at any time, without affecting the lawfulness of use based on consent before its withdrawal
You have a right to withdraw any consent (including explicit consent) you give us at any time.
This will not affect the legality of our consent-based use before you withdrew consent.
You can unsubscribe from email updates at any time by using the opt-out in the email or by emailing unsubscribe@wardhadaway.com. To withdraw consent to cookies, please adjust your browser settings (our cookie policy has further details).
To exercise your right to withdraw, please contact us. Our contact details are in the "Identity and contact details" section a above.
Please make it clear you want to exercise this right, for example by putting "Withdrawal of consent" in the subject line of the email. Thank you.
k. Complaints
The right to lodge a complaint with a supervisory authority
You have a right to complain to the Information Commissioner, whose contact details are:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate).
Website: https://ico.org.uk which sets out email addresses and an email form.
l. Information collected directly – legal or contract requirement
Whether the provision of personal information is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the individual is obliged to provide the personal information and of the possible consequences of failure to provide that information
Legal requirement
If you’re a personal client, or manage or represent the client (e.g. as a Trustee, Director, Executor) or are a client contact, we may ask for identity and address documents and use personal details such as name, address and date of birth to run an ID verification check with an electronic ID verification provider (such as Equifax). This is because we have a legal obligation to perform anti-money laundering and client due diligence checks before starting work for many clients (and at other times throughout our relationship). Such electronic checks leave a ‘soft footprint’ on your credit reference file that is visible to you, but not to third parties such as lenders. It is not a credit check and will not affect your ability to obtain credit. Ward Hadaway does not receive any information regarding your credit status.

If we ask you for ID, you must provide satisfactory documents or we won’t be able to provide our services.
Contract requirements
If you're a private client, client contact, supplier, prospective employee or interested person, we'll normally need your personal details (name and contact details) to provide services, receive goods and services, process your application or respond to your enquiry. For suppliers and prospective employees, we may also need your financial details (e.g. bank details and VAT number where applicable) so we can pay you.
m. Sources of personal information collected indirectly
The source of the personal information and if applicable, whether it came from publicly accessible sources
The sources of the personal information we collect indirectly are listed below.
Clients. We may be given your details by a client, so that the client can obtain legal advice, or establish, exercise or defend legal rights.
Others involved in client matters. We may obtain information about you from other lawyers, the other party to legal proceedings or from the court in connection with legal proceedings (including prospective proceedings).
By law. We may be supplied with information about you under a court order or because another person or organisation is required by law to provide the information to us.
Public domain. We use a range of publicly available sources to keep our marketing database up to date, including Companies House and business websites. If we're deciding whether to use counsel or lawyers in other jurisdictions, we will look in online legal directories and other online sources.
Communities and groups. Our people network with a wide range of other people from general or sector-specific communities and groups, including networking events, panels, steering groups and conferences to name a few. It's quite possible that someone we meet gives us your details as a person we may want to contact for legitimate business reasons.
Ingenium. A company called Ingenium IDS Ltd trading as Ingenium) provides us with name, job title and contact details of senior members of NHS staff. We use this to contact those NHS staff with details of what we can offer. Please see Ingenium's privacy policy for further details.
Referees. We may receive a reference or other information for prospective employees (for examples schools may send us information for you if you apply for work experience) and also for suppliers.
Google Analytics provides us with statistics about the footfall to our site. If you've been on our site, unless you've completed a form we won't know who you are from the statistics. Please see Google's privacy site and privacy policy for further details.
Social media platforms provide us with direct messages and other data about interaction with individuals
Please note that if we have received information about you in confidence from a client, we cannot tell you we have that information because we would breach our professional duty of confidentiality to the client if we did. Nor can we provide you with your personal information where it's covered by legal professional privilege.
n. Automated decision-making
The existence of automated decision-making, including profiling. This means a decision based solely on automated profiling which produces legal effects concerning the individual, and which must not be based on special categories of (i.e. sensitive) personal information without explicit consent or substantial public interest, with safeguards. Meaningful information about the logic involved, as well as the significance and the envisaged consequences of the processing for the individual must also be provided.

We do not conduct automated decision-making. All decisions about you are made by humans.

If your browser settings permit, we have placed cookies on your computer for analytics and other site-improvement purposes. You can give or withdraw consent at any time by changing your cookie settings.