Hartwell & Co
 Contact Us

Privacy Policy

Last updated: 9 January 2026

Data Controller Information

Hartwell & Co

23 Castle Street

Edinburgh EH2 3DN

United Kingdom

Phone: +44 131 225 4687

Email: info@domain.com

Our Commitment to Your Privacy

At Hartwell & Co, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website or use our services. We are committed to complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

We believe in transparency and want you to understand exactly what happens to your information. If you have questions about anything in this policy, please don't hesitate to contact us using the details provided above.

What Personal Data We Collect

Information You Provide Directly

When you contact us or use our services, you may provide:

  • Name and contact details (email address, phone number, postal address)
  • Information about your legal matter or business inquiry
  • Any other information you choose to share in correspondence or forms
  • Payment information when engaging our services

Information Collected Automatically

When you visit our website, we automatically collect:

  • Browser type and version
  • Operating system and device information
  • IP address and approximate location
  • Pages visited and time spent on our website
  • Referring website or search terms used

Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience on our website. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you have given explicit permission for specific processing activities
  • Contractual necessity: When processing is necessary to fulfill our obligations to you
  • Legal obligations: When we must process data to comply with legal requirements
  • Legitimate interests: When processing is necessary for our legitimate business interests, balanced against your rights

How We Use Your Personal Data

To Provide Legal Services

We use your information to understand your legal needs, provide advice, prepare documents, and represent your interests as agreed in our engagement letter.

To Communicate With You

We use your contact details to respond to inquiries, send updates about your matter, and provide information you've requested.

To Improve Our Website

We analyze website usage data to understand how visitors interact with our site, identify technical issues, and make improvements to user experience.

For Marketing Purposes

With your consent, we may send you information about our services, legal updates, or other content we think might interest you. You can opt out at any time.

To Comply With Legal Obligations

We may process and retain your data to comply with professional regulations, anti-money laundering requirements, and other legal obligations.

Data Sharing With Third Parties

We may share your personal data with:

  • Professional advisors and service providers who assist us in delivering legal services
  • Courts, tribunals, and regulatory authorities when required by law
  • Other parties directly involved in your legal matter (with your consent)
  • Analytics and technology service providers who help us operate our website

We never sell your personal data to third parties.

How We Protect Your Data

We take data security seriously and have implemented appropriate technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

Data Encryption

All data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols.

Secure Storage

Personal data is stored on secure servers with restricted access and regular security audits.

Access Controls

Only authorized personnel have access to personal data, and access is granted on a need-to-know basis.

Regular Monitoring

We continuously monitor our systems for potential vulnerabilities and security threats.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours, as required by law. We will provide information about the nature of the breach, the likely consequences, and the measures we are taking to address it.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes. Legal and professional requirements typically require us to retain client files for at least six years after the conclusion of a matter. Website analytics data is typically retained for 26 months.

Your Data Protection Rights

Under UK data protection law, you have several important rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR).

Right to Rectification

If you believe any of your personal data is inaccurate or incomplete, you can request that we correct or complete it.

Right to Erasure

In certain circumstances, you can request that we delete your personal data. This is sometimes called the "right to be forgotten." Please note that legal and professional obligations may require us to retain certain data.

Right to Object

You have the right to object to certain types of processing, including processing based on legitimate interests and direct marketing.

Right to Data Portability

In certain circumstances, you can request to receive your personal data in a structured, commonly used, and machine-readable format, or have it transmitted directly to another controller.

Right to Restrict Processing

In certain circumstances, you can request that we restrict how we use your personal data while we verify its accuracy or resolve other issues.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: info@domain.com

Phone: +44 131 225 4687

Post: 23 Castle Street, Edinburgh EH2 3DN

We will respond to your request within one month. If your request is particularly complex or you have made multiple requests, we may extend this by a further two months. We will let you know if this is the case and explain why the extension is necessary.

Your Rights and Opt-Out Instructions

You are not required to provide any personal information when using this website. If you prefer not to share your data, you may:

  • Avoid filling out contact forms, account registrations, or any data-submitting features
  • Disable cookies through your browser settings (see our Cookie Policy for more details)
  • Contact us directly to request the deletion of any previously shared personal data

We respect your privacy choices. If you would like us to delete your data, please reach out to us at the contact details provided on our Contact page. We will process your request promptly, subject to any legal obligations that require us to retain certain information.

For marketing communications, you can unsubscribe at any time by clicking the unsubscribe link in any email we send you, or by contacting us directly. Your preference will be updated immediately.

Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Information Commissioner's Office

Wycliffe House, Water Lane

Wilmslow, Cheshire SK9 5AF

Helpline: 0303 123 1113

Website: ico.org.uk

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will update the "Last updated" date at the top of this page and may notify you through other means, such as email or a notice on our website. We encourage you to review this policy periodically to stay informed about how we protect your personal data.