Privacy policy

We may collect personal information from you in the course of our business, including through your use of our website, when you contact/request information from us, when you engage our legal services or as a result of your relationship with one or more of our staff and clients.

The personal information that we process includes:

• Basic information, such as your name (including name prefix or title), the company you work for, your title or position and your relationship to a person. 

• Contact information, such as your postal address, email address and phone number(s)

• Professional information such as those from business networking sites provided by you. 

• Financial information, such as payment-related information

• Technical information, such as information from your visits to our website or applications or in relation to materials and communications we send to you electronically, collected through cookies and other tracking technologies. 

• Information you provide to us for the purposes of attending meetings and events, including access and dietary requirements. 

• Identification, background, and financial verification information provided by you or collected as part of our business acceptance and ongoing monitoring.

• Personal information provided to us by or on behalf of our clients or generated by us in the course or providing services to them. 

• Any other information relating to you which you may provide to us directly.  

As a Law firm, most of the personal information we collect, and use is required to fulfil legal or contractual obligations that arise during the delivery of a client matter [when we are instructed to provide a legal service]   

Your personal information may be collected, exchanged and used with/by a client, from you, other third parties, or from publicly available sources. 

We take care to only collect and use information required to fulfil our lawful purpose and retain for a proportionate period.

Our retention polices reflect our statutory obligations and specific business requirements.  The retention period will vary according to the category and nature of the information, and why we have it. 

We have statutory obligations to retain some documents in their original format; for everything else, we routinely scan and destroy. 

Please contact [email protected] for further details about retention schedules relating to your information.

See below for the most common activities involving the use of your personal information.

Onboarding checks

• Purpose: Fulfil our legal obligations/our legitimate interests

• Detail: We are required to conduct regulatory and public interest duties before we act for you (including conflicts, identity, PEP’s, AML and other fraud detection/prevention). We may be obligated to share your information with appropriate official bodies. 

• Collection: We may use multiple sources - Direct from you, indirect, research, legal.

• Categories: These include identity, contact, financial, special category and criminal conviction and offence.

Delivering your service

• Purpose: Fulfil a contract

• Detail: Access and use of your personal information will vary according to the nature of your specific matter.

• Collection & share: We may share your information when we consult or engage with other professional agencies, experts, sub processors, data controllers or other third parties to perform duties or provide a service to deliver the expectations of your engaged service [including but not limited to; other legal professionals, courts, witnesses, consultants, Experts]

• Categories: Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information.

Administration of our relationship

• Purpose: Fulfil our legal obligations / our legitimate interests.

• Detail: Manage, review, and update documents within your client and matter file. Provide invoices and carry out billing and other related financial functions and debt recovery.

• Categories: Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information.

Industry updates

• Purpose: Our legitimate interests

• Detail: We will add your contact details to our marketing database keep you up to date with legal insights, service and events information related to your service area.  We may also ‘opt you in’ to receive other relevant marketing and promotional materials, you may ‘opt out’ of these.

• Categories: Contact, preferences

Statutory obligations - other

• Purpose: Fulfil our legal obligations

• Detail: We may undertake other activities commensurate with a law firm, to the extent required to comply with legal, regulatory, governmental, or other statutory or judicial obligation or requirement, such as complying with a court order or information request.   

• Collection: Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information.

Our business operations

• Purpose: Our legitimate interests

• Detail: We may use elements of your matter file for our own business purposes, such as billing, generating management information and reports. We may perform audits, accountancy tasks, compliance, training, and performance reviews. When we do, we ensure that the use of personal information for these purposes are relevant and proportionate.

• Collection: Information will vary depending on the nature of the matter. Categories may include special category and criminal conviction and offence information.

Transparency

When we process [collect, use or share] your information we will be transparent with you, unless we have legal or professional obligation not to.

Retention

Generally, most of the information generated during the provision of our legal services is retained for a minimum of 6 years from the matter closure date. This is in keeping with our professional indemnity requirement and is the primary limitation period under the Limitation Act 1980. However, depending on the nature of the information and the engaged services, some information may be subject to significantly different retention requirements.

Our client services are regulated by the Solicitors Regulation Authority, these regulations mandate us to maintain confidentiality of client affairs, unless permitted by law or the client consents.

This means, when we process your information to deliver a client service, we may do this without your knowledge or consent. Confidentiality rules may also exempt us from fulfilling some data protection rights requests, such as your right of access. 

Activities that may take place involving your personal information

Delivering client services

• Purpose: Fulfil a contracted service

• Detail: Access and use of your personal information will vary dependant to the nature of the specific matter. 

• Collection & share: We may share your information when we consult or engage with other professional agencies, experts, sub processors, data controllers or other third parties to perform duties or provide a service to deliver the expectations of the engaged service [including but not limited to; other legal professionals, courts, witnesses, consultants, Experts]

• Categories: Information used will vary depending on the nature of the matter and may include special category and criminal conviction and offence information.

Administrating client relationships

• Purpose: Fulfil our legal obligations/our legitimate interests

• Detail: Manage, review, and update documents within the client matter file

• Categories: Information used will vary depending on the nature of the matter and may include special category and criminal conviction and offence information

Statutory obligations

• Purpose: Fulfil our legal obligations

• Detail: We may undertake other activities commensurate with a law firm, to the extent required to comply with legal, regulatory, governmental, or other statutory or judicial obligation or requirement, such as complying with a court order or information request.  

• Categories: Information used will vary depending on the nature of the matter and may include special category and criminal conviction and offence information.

Our business operations

• Purpose: Our legitimate interests

• Detail: Your information may be processed when we perform duties conducted during the administration of our management information, these may include reporting, audits, accountancy, compliance, and performance reviews. 

• Categories: Categories of information used will vary depending on the nature of the matter and may include special category and criminal conviction and offence information.

Phone

• Detail: Tools used for calls include mobile or landline, and platforms such as Microsoft teams. These automatically collect and display your personal information.  We may use this information to maintain our records and demonstrate accountability and to help improve the efficiency and effectiveness of our call handling. 

• Voicemail: Our automated systems may generate an email, audio file and / or text transcript of the call recording. Automated emails may be sent to the intended recipient to notify them of the message and copy of the information.  Other authorised personnel may access and review the contact. Further processing will be dependent on the nature and purpose of your contact.

• Collection: Technical, from the caller

• Categories: Identity, contact, date / time technical. Plus, any personal information provided by the caller.

Microsoft email

• Detail: We process and monitor email communications, including file attachments, for viruses or malicious software and to operate data loss prevention. Emails are generally retained within the recipient’s inbox for a period of 6 months and then archived ‘beyond reasonable use’. Further processing of emails will be dependent on the nature and purpose of your contact. We use transport layer security (TLS) to encrypt and protect email traffic. Where your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

• Collection: Technical, from the sender.

• Categories: Identity, contact, technical. Plus, any personal information provided by the sender. 

iManage secure send

• Detail: We may exchange documents by iManage Secure Send, you will receive a standard Microsoft email with a link to attachments, these are held securely within our systems. Access via the link is limited to the specified recipients and are set to expire at a date selected by the sender. This will be transparent when you access the link. Audit logs and automated notifications contain detail of activities you perform, such as the date and time you open or download the information, this is used for compliance and accountability purposes.

• Collection: Technical, from the sender.

• Categories: Identity, contact, technical. Plus, any personal information provided by the sender. 

Microsoft Teams

• Detail: When you take part in a Teams call or video conference or meeting your images and other personal information, comments and uploaded documents may be visible and accessible to all call participants. When calls are recorded you will be presented with an alert banner. During the call, automated transcripts are available to participants. Depending on the call quality and personal pronunciation, these do not always provide accurate narrative. Attendance records, transcripts, uploaded documents, and recordings are accessible and may be retained by the host and processed in line with the meeting purpose, training, audit, and accountability purposes. This information may be shared with relevant parties. We cannot account for the content and accuracy of information provided by other participants. 

• Collection: From participants, technical.

• Categories: Identity, contact, technical. Plus, any personal information provided by the participants.

Post

• Detail: Deliveries received into our post rooms are scanned and shared electronically with the intended recipient. Unless originals are required, all physical copies are securely destroyed. Royal Mail standard or recorded delivery is used for routine outgoing post. Other third-party courier services may be used for secure delivery or courier services. Although we undertake reasonable due diligence, we cannot guarantee against loss or destruction. We track deliveries during transit and receipt and retain an audit log for accountability. 

• Collection: From the sender.

• Categories: Identity, contact, technical. Plus, any personal information provided by the sender.

Social Media

• Detail: We use social media tools for our marketing purposes. Where you opt-in to receive our marketing materials, we may share your email and preferences with our contracted social media service agent for this purpose; we may prompt you to ‘follow us’ or participate in ‘threads’ relating to our general services. We do not endorse the use of social media for the purpose of communicating with you about an engaged matter and discourage you from sharing any personal information of this nature on a public platform or within other insecure tools. Where you contact us using these tools or technologies, we cannot guarantee its protection or ongoing security. We cannot account for information posted to our platforms by unrelated third parties.

• Collection: From the poster

• Categories: Identity, contact, technical. Plus, any personal information provided by the sender.

Other tools or platforms

• Detail: If we use other third-party platforms, we will provide you with a notice to inform you and provide relevant privacy information. Where available audit logs and automated notifications contain details of activities you perform, such as the date and time you open or download the information, this is used for compliance and accountability purposes.

• Collect: Direct from you, indirectly from other participants, technical

• Categories: Identity, contact, technical, usage. Plus, any personal information provided by the sender.

Other uses

• Purpose: Legitimate interests, detection and prevention of crime, vital interests.

• Detail: When we communicate with you or receive communications about you, we review and assess content. Depending on the nature of the information we may have a duty to report, consult, or share with other relevant parties or agencies. We may also use the information for our own reasonable business interests. 

• Categories: Identity, contact, technical, usage. Plus, any personal information provided by the sender.

Website analytics

• Cookies: When you visit and interact with our website, cookies and similar technologies automatically collect technical information about your equipment, browsing actions and patterns. We use this to improve your experience, record your permissions and to record pop up activities within our domain. We use performance cookies for our statistical purposes and to plan and manage our website performance.  More information on this can be found within our Cookie Policy. When you access a link from our website to a third-party website, you should review their notices.

• Collection: From the machine in use.

• Categories: Identity, preferences, technical, usage.

Contact us form

• Detail: Information you provide is triaged and processed to effectively manage the query. We use consolidated information to review and improve our services.

• Collection: From the visitor.

• Categories: Identity, contact, technical, usage. Plus, any personal information provided by the visitor.

Subscribe – insights, events, and updates

• Detail: Information provided by you is analysed and added to our secure subscriber database. This information is processed to provide you with communications based on upon your preferences or to facilitate events you have registered to attend. We remove your details when you opt-out.

• Collection: From the subscriber

• Categories: Identity, contact, preferences, technical, usage.

Register for an event

• Detail: When you register for an event your information is added to our subscriber database, this is used by the events team to facilitate the event, manage your attendance, and gain post event feedback. [see section: attending an event]. We will let you know on the subscription pages if the event is delivered using a third party and if your information will be shared with them for the same purpose.

• Collection: From the subscriber

• Categories: Identity, contact, preferences, technical, usage

Applying for employment, training, or work experience

• Detail: When applying via our website pages, you will be directed to our third-party online application portal. You will a receive notice and be provided with a link to their privacy notice, you should review this prior to creating your profile. We will receive a copy of this information to progress your application. 

• Collection: From the applicant

• Categories: Identity, career, contact, preferences, technical, usage. Plus, any personal information you provide. 

Third party access

• Detail: Our trusted third parties may access our website to provide us with technical support during routine or operational performance and maintenance.

When viewing content created by Hill Dickinson, such as our profile page and/or any associated promotional banners/articles – you may be asked to submit your name, email addresses, and job titles - through forms embedded in the LinkedIn platform. This information is provided directly by you and is done so in accordance with the LinkedIn privacy notice terms. (LinkedIn Privacy Policy). Additionally, when visiting the LinkedIn platform, cookies on the website may obtain certain information from you automatically such as IP Address and LinkedIn user details – for further information please view the Cookie Policy | LinkedIn

Managing your visit

• Purpose: Health & safety and maintaining security.

• Detail: Our reception services may ask you to ‘sign in’ and wear an ID badge. This is to facilitate your visit, ensure your safety and to manage our security. If you inform us about any additional requirements relating to your visit, we may use this to make reasonable provisions for you. On occasion, there may be a requirement to complete an individual risk assessment, implement reasonable adjustments or to investigate an accident or manage an incident. Your information may be processed and shared with relevant third parties such as a fire marshal, building manager, HR, or the Health and Safety Executive. 

• Retention: Information may be retained for six months; a longer retention will be applied in the event of any incidents or accidents or claims. 

• Collection: Direct from you.

• Categories: Identity, contact, special category.

Access card activity

• Purpose: Security, monitoring and legitimate interests.

• Detail: Door entry cards issued to staff and visitors grant specific rights-based access within building locations.

• Use: Information may be accessed and used for related purposes such as health and safety, personnel management, and detection and prevention of crime. Where we act as a data processor for other businesses that operate within the building [data controllers], we may share information. 

• Collection: Technical 

• Categories: Identity, usage, activity, technical.

Guest and staff Wi-Fi

• Purpose: Provide services and account for use.

• Detail: On each visit where you connect to our services, you will be provided with a processing notice, you will be required to accept terms and conditions from your device. When you connect, automation allocates your device with an IP address and generates audit logs that capture details of your activities. 

• Collection: From the device connected, Technical.

• Categories: Technical and usage.

Capture and use of CCTV

• Purpose: Detection and prevention of crime

• Detail: Each office location benefits from CCTV systems, either operated and managed by us or by a third-party such as a building manager. Relevant signage is provided to alert you of its presence [for example, on approach, in reception areas, within common parts, hallways, stairwells]

• Collection: Systems continually record, and store images, time, and location.

• Monitoring & use: Images are accessible by nominated individuals to view for the purpose of monitoring activities. When an incident occurs or following a disclosure request, information may be reviewed and extracted from the system, and a copy made and retained. We make reasonable efforts to extract specific images and obscure images of individuals not subject to the activity. Information may be used to progress action or evidence activity relating to our stated purpose.

• Sharing: Information may be disclosed with relevant parties.

• Retention: Automated deletion is set in line with the local regulatory retention period; the UK is 31 days. 

• Categories: Images captured will be representative of your activities and footage may reveal sensitive information about you and/or any criminal activities taking place.

Unless you provide express consent, we limit the use of your subscription information for our marketing purposes. We do not share, allow access to, or sell your information to third parties for additional marketing purposes. We will be transparent with you and provide details of any proposed additional use of your information.

Your subscription

When you agree to receive promotional materials by subscribing via our website or sign up for an event [that we run or co-host]. Subscription information is stored within our secure marketing database. We may use software to review and categorise your preferences and identify relevant materials to provide.

Your interactions

We may use our approved third-party tools to deliver materials to you. We use analytic tools to monitor delivery success, we use this information to improve email services.

Consent

Where you have not contacted us or engaged with our emails, we may contact you periodically to confirm your continued consent.

Suppression list

When you unsubscribe or ‘opt out’ we may add your name to our suppression list to ensure that you do not receive future materials.

Maintenance

Our trusted third parties may access our database to provide us with technical support during routine or operational performance and maintenance.

You can change your preferences or unsubscribe ‘Opt-out’ at any time by following the embedded links within the footers of our direct marketing emails, or you can let us know by email to [email protected], or through the ‘contact us’ form on our website.

Collection

From the subscriber.

You can change your preferences or unsubscribe ‘Opt-out’ at any time by following the embedded links within the footers of our direct marketing emails, or you can let us know by email to [email protected], or through the ‘contact us’ form on our website.

Categories

Identity, contact, preferences, and usage.

You can change your preferences or unsubscribe ‘Opt-out’ at any time by following the embedded links within the footers of our direct marketing emails, or you can let us know by email to [email protected], or through the ‘contact us’ form on our website.

When you sign up to or attend an event, your name, contact details, dietary requirements and any special considerations needed for your event will be shared with our Events Team to facilitate the access to our building and to ensure your safety, comfort, and security on the day. We will contact you with details of the event, plus any joining instructions you may need. We may also send reminders to you in the lead up to your event and possibly request feedback from you after the event.

When you arrive, you will be provided with a Visitor Badge to wear during the day. If you have provided additional requirements or need special assistance this information will be shared with the Events Team and Facilities Team as required.

Photography is likely to take place at our events. You can decline individual photos being taken of you by speaking directly to the photographer or member of the Events Team. Please be aware that you may appear in group or wide shots with other attendees and it may not always be possible to remove or obscure your image. All photos are stored securely and retained by our Events Team may be shared on social and media platforms, website and with joint organisers (if applicable).

You will be asked to provide your name and contact details to our Events Team for the purposes of gaining access to Hill Dickinson’s office for the day of your event. This information will be process by our Events Team and Security Team (Reception) in the strictest confidence in advance in readiness for your upcoming event. Please see our Data Retention section for further information.

On occasion, we may run events with co-hosts and guest speakers or at venues who operate their own reception or facilities. We may share relevant attendee information for the purpose of facilitating the event. We will let you know before you subscribe to the event if co-hosts or guest speakers will be provided with your information for their own legitimate interests such as to send you event materials or obtain your feedback.

Broadgate Tower (London office)

A Hill Dickinson event

You will be asked to provide your name and contact details to our Events Team for the purposes of gaining access to The Broadgate Tower, 20 Primrose Street, London. EC2A 2EW. Your information will be shared with The British Land Company PLC acting as landlords of The Broadgate Tower to enable access to the building on the day of your event. For further information please visit my.broadgate.co.uk/privacy.

A Joint event with a 3rd party

You will be asked to provide your name and contact details for the purposes of gaining access to The Broadgate Tower. This information will be processed by our Events Team and will be shared with The British Land Company PLC acting as landlords of The Broadgate Tower, 20 Primrose Street, London. EC2A 2EW. For further information please visit my.broadgate.co.uk/privacy.

A third-party event.

You will be asked to consent to the sharing of your personal information to The British Land Company PLC acting as landlords of The Broadgate Tower, 20 Primrose Street, London. EC2A 2EW, to enable them to provide you with access to the building for your event. For further information please visit my.broadgate.co.uk/privacy.

Your contacts

A member of the team will review and triage your complaint or request made via [email protected] or [email protected]

Identity

We may use your personal information to take reasonable measures to verify your identity and confirm your authority to make the complaint, enquiry, or request.

Investigations

We review information you provide and other relevant personal information that we hold, we may share this with relevant personnel, to the extent required to investigate and manage the query.

3rd-party sharing

We may share your personal information with relevant third-parties or agencies such as the regulator, clients, solicitors, or insurers).

Mitigations

We may make changes or update your information and implement appropriate actions to achieve the required outcome.

Collection

Direct, Indirect, technical.

Categories

Identity, contact, technical and any information relevant to your contact.

Applications

When applying for a position via our website pages, you will be directed to our third-party online application portal. You will a receive notice and be provided with a link to their privacy notice, you should review this prior to creating your profile. Where you make an application by other means, your information will be added to this process and shared with us to progress your application.

Our systems

We utilise a contracted specialist recruitment system to track and manage the selection and recruitment process. This includes to store, send, and receive [email] communications with you and associated parties involved in the recruitment process, securely store your application, test results scores, online interview or video presentation.

Third systems

We may use contracted services of third-party providers to deliver elements of the recruitment process or conduct assessments on our behalf. When we do, we will inform you in advance and provide you with links to their privacy notice. Unless otherwise stated, relevant information obtained and processed will be shared with us to manage your application.

Unsuccessful applicants

We are required to retain information of unsuccessful applicants for a period six months. However, with your consent we may add your details to our ‘Talent pool’ and your information may be retained for this purpose for up to two years.

Pre-employment checks

Information of successful applicants is further processed and may be shared with relevant parties to obtain references, manage health questionnaires, conduct conflict of interest, PEP’s, DBS, and other background checks.

Equality & diversity

When you update voluntary sections of the application forms, such as equality, diversity and equal opportunities information, your responses are used and shared solely for the purposes and monitoring of equal opportunities statistics. These are not accessible to the hiring manager or recruitment panel.

Collection

From the candidate, recruitment panel and contracted third parties.

Categories

Identity, career, criminal, contact, preferences, technical, usage. Plus, any personal the information you provide.

Successful applicants

Our employee privacy notice is available for those who work with us. Available upon request to HR department or data protection officer.

In addition to the activities described within this notice, your personal information is likely to be further accessed and processed during our routine business operational tasks and administration duties. These activities are commensurate with head office functions for a business of this nature.

Hill Dickinson LLP is our UK based head office. We have contractual relationships with each registered office to lawfully deliver and administer our business activities included within the following ‘head office functions’.

Host information

Deliver our IT services, apply security and monitoring practices, improvements and testing, maintenance.

System security

Your information may be processed when we apply security measures. We use physical, electronic, and administrative safeguards designed to protect your personal data from loss, misuse, and unauthorised access, use, alteration, or disclosure. We store all personal data you provide to us behind firewalls on servers employing security protections. We continually review and improve our technical systems and tools to maintain resilience, security, and adaptability of our IT Infrastructure. We achieve and work towards accreditations and information security best practice standards, such as Cyber Essentials Plus, ISO 27001, ISO 9001.

Physical security

Your information may be processed when we apply physical security measures. We apply high standards of on-site physical security and have technical and organisational measures to protect our offices and physical information and data assets.

Risk assessments

Your information may be processed when we carry out risk assessments and reviews. Activities that require the use of personal information undergo risk assessments to ensure they are lawful and comply with our data protection polices; these are regularly reviewed to ensure ongoing suitability.

Our people

Our people may be process, access and review your information for duties consistent with their position and responsibilities, such as delivering a client service and performance management. Bespoke training is a mandatory requirement for all of those who have access to personal information. We restrict access to personnel and service providers who have a legitimate ‘need to know’. There are contractual obligations of confidentiality and data protection; we have disciplinary provisions in place to address performance.

Our third parties

When we use third parties to perform activities for us, we complete due diligence checks to ensure information remains secure, confidential, and used for the contracted purposes.

Overseas transfers

Where overseas or cross boarder transfers are required, we ensure appropriate technical or contractual security measures are in place.

Automated decision making

We do not make use of automated decision-making tools that fall into a category requiring your notification. If our position changes, we will update this notice and inform you directly where required.

Management information

Your information may be processed when we produce management information such as budgets, client satisfaction, performance reviews or resource management.

Sale or transfer of business or assets

We may disclose your personal information to a prospective seller or buyer or successor in the event that we sell or buy any part of our business group, entity or assets or seek to acquire new businesses, merger, divestiture, restructuring, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, where one of the transferred assets is the personal data we hold.

Other obligations

Other relevant obligation to which we are legally bound such as to comply with court order, legal or regulated request.

Our legal rights

Your information may be lawfully processed when our obligations or legal rights outweigh your right to privacy. We take reasonable measures that protect and enforce our legal rights against breach of contract or agreement, detection or prevention of fraud or crime, and to protect people, property, or assets.

Non-personal information

We may process and share other, non-personal information without restriction of this notice. However, we will consider our other regulatory or contractual obligations prior to use.

The General Data Protection Regulations and the UK Data Protection Act 2018 [the Regulations] provide individuals within the UK and EEA with specific data protection rights, explained by the UK regulator: For the public | ICO.

More about your data protection rights

• Your right to make a data protection complaint

• Your right to be informed if your personal data is being used

• Your right to get copies of your data

• Your right to get your data corrected

• Your right to get your data deleted

• Your right to limit how organisations use your data

• Your right to data portability

• The right to object to the use of your data

• Your rights relating to decisions being made about you without human involvement

These rights are not absolute and the ability to enforce your rights is dependent on the nature of the information and why we have it.

There are exemptions within data protection regulations and other legislation or Acts, to which we are bound. These may override your rights.

These rights may vary for those outside of the UK and EEA; please contact us for more information.

There are no restrictions for who you can ask or how you make your request. However, we encourage you to contact [email protected].

For any queries or requests associated to M. Lamari & Co LLC, email [email protected] however, any/all data related queries sent to the firm’s main email address ([email protected]) will be directed to the necessary teams as required.

More about making a request

You may find the ICO guidance helpful: Preparing and submitting your subject access request | ICO

When we receive your request, we will let you know we have received it and inform you if we need any additional information from you such as to verify your identity.

We usually provide an outcome within one month, however if we need any extra time we will let you know and provide you with an explanation.

If you wish to speak to us about a concern or to make a complaint about how we manage your information or how we have responded to your request, please contact the [email protected].

For any queries or requests associated to M. Lamari & Co LLC, email [email protected] however, any/all data related queries sent to the firm’s main email address ([email protected]) will be directed to the necessary teams as required.

More about raising a concern

You may find the ICO guidance helpful: How to make a data protection complaint to an organisation | ICO

If you are unhappy about how we have managed your information or dissatisfied about how we have responded to your information request or compliant, you have the option to raise concerns directly with the information regulator.

Each office location may be subject to one or more data protection authority; the relevant authority will depend on your location and where the processing takes place.

If you are making a complaint about our UK operations please complain to the ICO

Find details about your relevant data protection authority within ‘our registered offices’ section.

Head office contact details: contact us, No.1 St. Paul’s Square, Liverpool, L3 9SJ, [email protected].

Data protection regulations: DPA [2018], GDPR [2018] Information Commissioner’s Office (ICO)

Hill Dickinson LLP

• Other Trading Names: Bullivant Jones, Middleton Potts, Hill Taylor Dickinson

• ICO registration: Z5452429

• Companies House (UK): OC314079

Hill Dickinson Business Services Limited

• ICO registration: Z2629280

• Companies House (UK): 7525975

Hill Dickinson International Limited

ICO registration: Z9656081

Companies House (UK): 6705219

Hill Dickinson Pension Trustees Limited

• ICO registration: ZA532925

• Companies House (UK): 11907689

St. Pauls Trustees Limited

• ICO registration: ZA736869

• Companies House (UK): 4554331

Hill Dickinson Services Limited

• ICO registration: ZA744249

• Companies House (UK): 2983433

Hill Dickinson Trust Corporation Limited

• ICO registration: ZA744246

• Companies House (UK): 5608747

St Paul's Secretaries Limited

• ICO registration: ZA744248

• Companies House (UK): 02631053

Hill Dickinson Services (London) Limited

• ICO registration: ZA736840

• Companies House (UK): 2801145

Hill Dickinson Hong Kong LLP

• Other Trading Names: Hill Dickinson

• Registered address: 33B United Centre, 95 Queensway, Admiralty, Hong Kong

• Companies House (UK): OC383692

• ICO registration: ZA054417

• Data protection regulations: The Personal Data (Privacy) Ordinance Ordinance PCPD HK

• Head office contact details: Contact us, No.1 St. Paul’s Square, Liverpool, L3 9SJ

Hill Dickinson Singapore LLP

• Registered address: 3 Anson Road, Springleaf Tower, #24-03, Singapore 079909, Singapore

• Data protection regulations: The Personal Data Protection Act 2012 PDPC Singapore

• Head office contact details: Contact us, No.1 St. Paul’s Square, Liverpool, L3 9SJ

Hill Dickinson LLP’s Singapore office is a member of Hill Dickinson PDLegal Alliance, a formal law alliance with PDLegal LLC, licensed in Singapore. Hill Dickinson LLP’s Singapore office and PDLegal LLC are registered under Singapore’s Limited Liability Partnership Act (Chapter 163A) and Companies Act (Chapter 50), respectively, with limited liability.

Hill Dickinson Monaco LLP

• Registered address: Palais Saint James, 5 Avenue Princesse Alice, MC98000 Monaco

• Data protection regulations: Act n° 1.165 On the protection of personal data Data protection Authority of Monaco

• Head office contact details: Contact us, No.1 St. Paul’s Square, Liverpool, L3 9SJ

Hill Dickinson Greece LLP

• Registered address: 2 Defteras Merarchias St, Piraeus 185, 35, Greece

• Data protection regulations: GDPR [2018] Hellenic Data Protection Authority (HDPA)

• Head office contact details: Contact us, No.1 St. Paul’s Square, Liverpool, L3 9SJ

M. Lamari & Co LLC

• Registered address: Ulysses House, 2nd Floor, Office 201, 67 Spyrou Araouzou Avenue, Limassol, 3036, Cyprus

• Data protection regulations: The Cyprus Data protection regulations as well as the EU General Data Protection Regulation (‘GDPR’).

• DPO contact details: George Zambartas, [email protected].

• Regulator details: Office of the Commissioner for Personal Data Protection https://www.dataprotection.gov.cy/

M. Lamari & Co LLC is a law firm and Hill Dickinson Consultancy Cyprus Ltd is a corporate service provider both regulated and licensed by the Cyprus Bar Association, both are associated offices of Hill Dickinson LLP. This notice complies with the transparency requirements of the Cyprus Data protection regulations as well as the EU General Data Protection Regulation (‘GDPR’).

Changes to this notice may occur periodically, either during our annual review or following interim changes to legislation or the way we work.

We will update section ‘Privacy notice history’ with details of amendments and version history.

Where there are significant changes that materially alter how we use or treat your personal data we will make best endeavours to notify you directly.

Minor amendment: added section 2.4.5
Date: 07/08/2025
Version: 19

Minor amendment: amended address in section 4.6.
Date: 04/08/2025
Version: 18

Minor amendment: Incorporated Limassol policy into this privacy policy. Updated sections 1, 3.2, 3.3 and added new section 4.6.
Date: 17/07/2025
Version: 17

Minor amendment: Updated section 2.4.7
Date: 15/05/2025
Version: 16

Minor amendment: Updated section 5.1 and amended email address in sections 1, 2.3, 2.4.8, 3.2, 3.3 and 4.1.
Date: 16/12/2024
Version: 15

Minor amendment: Updated section 4.3, addition of Singapore disclaimer.
Date: 21/08/2024
Version: 14

Minor amendment: Updated section 1, section 3.1 and section 4.4.
Date: 27/03/2024
Version: 13

Minor amendment: Addition of link to Limassol privacy notice.
Date: 15/02/2024
Version: 12

Minor amendment: Use and sharing of images.
Date: 15/06/2023
Version: 11

Minor amendment: Full review & redraft.
Date: 31/05/2023
Version: 10

Minor amendment: Update of CCTV data controller responsibilities and retention period
Date: 31/10/2022
Version: 9

Minor amendment: Location change - Singapore office address.
Date: 01/12/2021
Version: 8

Minor amendment: Collect & use your information: attendance reporting.
Date: 16/06/2021
Version: 7

Minor amendment: Location change - Hong Kong office address.
Date: 28/05/2021
Version: 6

Minor amendment: Wording: Information by voicemail.
Date: 14/05/2021
Version: 5

Minor amendment: Full review & redraft.
Date: 15/07/2020
Version: 4

Minor amendment: Direct Marketing information: direct marketing emails.
Date: 11/09/2019
Version: 3

Minor amendment: Add: Hill Dickinson Pension trustees limited 11907689.
Date: 10/07/2019
Version: 2

Minor amendment: Name update: Data protection officer.
Date: 13/05/2019
Version: 1