Privacy Policy

Last Updated: 3rd March 2025

Introduction

Hayat Private Legal Services LTD (“we,” “us,” or “our”) is committed to safeguarding the privacy of our clients, website visitors, and other individuals (“you” or “your”) whose personal data we process. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data when you interact with us, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are registered with the Information Commissioner’s Office (ICO) under registration number ZB870151. 

1. Data Controller

Hayat Private Legal Services LTD is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data protection practices, please contact us at:

• Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
• Email: info@hayatlegal.co.uk
• Telephone: 0800 856 4000

2. Personal Data We Collect

We may collect and process various types of personal data about you, including but not limited to:

• Identity Data: Full name, title, date of birth, and gender.
• Contact Data: Postal address, email address, and telephone numbers.
• Financial Data: Bank account details, payment card information, and transaction history.
• Employment Data: Occupation, employment history, and professional qualifications.
• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
• Usage Data: Information about how you use our website, products, and services.
• Marketing and Communications Data: Your preferences in receiving marketing materials from us and your communication preferences.

3. How We Collect Your Personal Data

We collect personal data through various methods, depending on how you interact with our services. The data we collect helps us provide legal and financial services effectively while ensuring compliance with relevant regulations.

Direct Collection

We obtain personal data directly from you when you voluntarily provide it to us. This happens when you:

• Contact us to inquire about our services
• Fill out forms on our website or provide documents for case assessment
• Engage us for legal or financial consultation services
• Communicate with us via email, phone, or other channels
• Provide payment details for transactions
• Subscribe to newsletters or marketing updates
• Participate in surveys, feedback requests, or promotions

Automated Collection

Certain data is automatically collected when you visit our website or interact with our online services. This includes:

• Device information, such as your IP address, browser type, and operating system
• Website usage data, including page views, time spent on our site, and interaction patterns
• Cookie-based tracking, which helps improve website functionality and user experience

This data is primarily used to enhance website performance, improve service offerings, and ensure security.

Third-Party Sources

We may receive personal data from external sources, including:

• Publicly available databases and records
• Financial institutions or legal professionals involved in your case
• Background verification services when necessary for due diligence
• Analytics and marketing service providers who track interactions with our content

All data collected through these means is used in accordance with our privacy commitments, ensuring compliance with data protection regulations and maintaining confidentiality.

4. How We Use Your Personal Data

We will only use your personal data when legally permitted to do so. The most common circumstances under which we process your data include:

• Performance of a Contract: When we need to process your personal data to fulfill a contract we are about to enter into or have already entered into with you. This applies when you engage our services, request legal assistance, or interact with us regarding an ongoing matter.

• Legal or Regulatory Obligation: When we must process your data to comply with a legal or regulatory obligation imposed on us, such as retaining financial records for tax compliance, complying with anti-money laundering laws, or responding to legitimate legal requests from regulatory authorities.

• Legitimate Interests: When processing is necessary for our legitimate business interests or those of a third party, provided that your rights and freedoms do not override these interests. This includes using personal data to improve our services, monitor the security of our website, manage business operations, and prevent fraud or misuse of our services.

• Consent: When we rely on your explicit consent to process certain types of personal data, such as sending marketing communications or collecting special category data (where required). You can withdraw your consent at any time by contacting us.

Purposes for Processing Your Personal Data

We process personal data for the following purposes:

• To register you as a client: When you inquire about our services or formally engage us, we collect and store relevant personal data to create your client profile and manage our professional relationship.

• To provide legal and financial consultation services: We process your personal data to deliver the services you request, including CIFAS marker removal, financial appeals, and other professional legal services.

• To process payments and financial transactions: When you make payments for our services, we collect financial data, including bank details or payment card information, to complete transactions and maintain financial records.

• To communicate with you regarding legal services and case updates: We use your contact details to keep you informed about your case status, appointments, document requirements, and service-related communications.

• To comply with legal and regulatory requirements: We process and store certain personal data to meet our legal obligations, such as tax reporting, compliance with anti-fraud regulations, and responding to regulatory authorities if required.

• To protect our business and ensure security: We process personal data for fraud prevention, security monitoring, and protecting our business interests against unauthorized access or misuse of our services.

• To send marketing communications and service updates: Where permitted, we may use your data to send you promotional materials, industry updates, legal insights, and information about additional services that may benefit you. You may opt out of marketing communications at any time.

• To improve our website and services: We analyze how users interact with our website and services to enhance user experience, improve service offerings, and ensure our legal solutions remain effective and relevant.

We ensure that your personal data is processed only for these specified purposes and take appropriate security measures to protect it at all times.

7. Disclosures of Your Personal Data (Continued)

We may share your personal data with the following categories of third parties where necessary and in accordance with this Privacy Policy:

• Service Providers: External third-party service providers who perform services on our behalf, such as IT and system administration services, payment processing, legal compliance services, fraud prevention services, and professional advisory services.
• Regulatory and Legal Authorities: Government bodies, regulators, law enforcement agencies, courts, and other authorities where we are legally required to disclose personal data to comply with applicable laws, regulations, or legal proceedings.
• Business Partners: Trusted business partners who assist us in providing our services, such as financial institutions, banks, and CIFAS-related organizations.
• Professional Advisors: Accountants, auditors, legal advisors, and other professional service providers who assist us in conducting our business operations and ensuring compliance with legal obligations.
• Third-Party Analytics and Marketing Providers: Companies that provide website analytics, marketing, and advertising services to help us understand and improve our online presence and advertising effectiveness.

We require all third parties with whom we share your data to respect the security of your personal data and process it in accordance with applicable laws. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in line with our instructions.

8. International Transfers

In some cases, we may transfer your personal data outside the United Kingdom or European Economic Area (EEA). Whenever we transfer your data internationally, we ensure that adequate safeguards are in place to protect your data by implementing one or more of the following measures:

• Ensuring the country to which the data is being transferred is deemed to provide an adequate level of protection by the UK government or European Commission.
• Implementing standard contractual clauses (SCCs) approved for use in the UK or EEA, which oblige the recipient to protect your data to the same standard as within the UK or EEA.
• Relying on specific legal exceptions where applicable.

If you would like further information on the mechanisms used for international data transfers, please contact us using the details provided in Section 1.

9. Data Security

We have implemented appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed without authorization. These measures include:

• Secure data storage with encryption and access control mechanisms.
• Regular security assessments and updates to our IT systems.
• Access restrictions to personal data, allowing only authorized personnel to process such information.
• Secure payment processing with compliance to industry standards such as PCI DSS.
• Employee training on data protection and security protocols.

Despite these measures, no transmission of data over the internet can be guaranteed as 100% secure. If you suspect any breach of your personal data, please contact us immediately.

10. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including satisfying legal, regulatory, tax, accounting, or reporting requirements. The specific retention period will depend on the nature of the data and applicable legal obligations.

When determining the appropriate retention period, we consider:

• The amount, nature, and sensitivity of the personal data.
• The potential risk of harm from unauthorized use or disclosure.
• The purposes for which we process your personal data and whether we can achieve those purposes through other means.
• Legal and regulatory requirements.

In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

11. Your Legal Rights

Under data protection laws, you have certain rights regarding your personal data. These rights include:

• Right to Access: You have the right to request access to your personal data that we hold and receive a copy of it.
• Right to Rectification: You can request correction of any inaccurate or incomplete personal data we hold about you.
• Right to Erasure (Right to Be Forgotten): You may request the deletion of your personal data where there is no lawful reason for us to continue processing it.
• Right to Restrict Processing: You can request that we limit the way we process your personal data in certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transfer it to another service provider.
• Right to Object: You may object to the processing of your personal data in certain circumstances, such as when we rely on legitimate interests as the legal basis.
• Right to Withdraw Consent: Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.

If you wish to exercise any of these rights, please contact us at info@hayatlegal.co.uk. We may need to verify your identity before fulfilling your request. We aim to respond within one month, but complex cases may require additional time.

12. Complaints and ICO Registration

We take data protection seriously and are registered with the Information Commissioner’s Office (ICO) under registration number ZB870151. If you have any concerns about our handling of your personal data, you may file a complaint with us using the contact details in Section 1.

If you are not satisfied with our response, you have the right to lodge a complaint with the ICO:

• Website: https://ico.org.uk
• Telephone: 0303 123 1113
• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Third-Party Links

Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. We encourage you to read the privacy policy of every website you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time in response to legal, regulatory, or operational changes. Any changes will be posted on our website with the date of the latest revision. We encourage you to review this policy periodically to stay informed about how we protect your personal data.

15. Contact Us

If you have any questions about this Privacy Policy or your personal data, please contact us at:

• Email: info@hayatlegal.co.uk
• Telephone: 0800 856 4000
• Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom