Introduction
HYS Solicitors (“HYS”) is a trading name of Hulse Yazdi Limited (company number 09057743). We are regulated by the Solicitors Regulation Authority (SRA ID 625170).
HYS is a business-to-business law firm providing legal services to corporate clients and public sector bodies. In some limited circumstances, we may provide legal services to individuals. We advise across a range of legal practice areas typical of a full service law firm for businesses, details of which are available on our website.
Data ControllerFor the purpose of UK data protection law, HYS is the data controller in relation to the personal data processed when providing legal services. In this policy, “we”, “us” and “our” refer to HYS.
How to contact usOur registered address is: Sandbrook House, Sandbrook Way, Rochdale, OL11 1RY
HYS takes its data protection obligations under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018) and related information rights legislation seriously. If you wish to contact us about data protection or information rights matters, please contact our Data Protection Lead (DPL):
Dean Hulse Director and Barrister
Contact details:Email: info@wearehy.com Telephone: 0161 804 1144 Address: Sandbrook House, Sandbrook Way, Rochdale, OL11 1RY
The personal data we collect
Personal data means information that identifies you as an individual.
Depending on how you interact with us, we may collect and use the following types of personal data:
Client onboarding and relationship management
Where a client instructs HYS in relation to a specific matter, or subscribes to our membership service, we process personal data as part of the onboarding and relationship management process. This typically includes details of key business contacts, such as names, job titles, email addresses and telephone numbers.
Anti-Money Laundering and regulatory checksWe are required to comply with laws and regulations relating to Anti-Money Laundering (AML) and counter-terrorist financing. To meet these obligations, we may be required to carry out identity checks and, where appropriate, source of funds or source of wealth checks. This may involve processing identification documents and related personal information.
Client files and legal matters
When we act for clients, we process personal data relating to individuals connected with the legal services we provide. This applies across all of our practice areas.
Core personal data processed in client mattersAcross most client files, we typically process:
- names and contact details
- job titles and professional roles
- correspondence and communications
- case-related documents and records
- financial and transactional information (where relevant)
In the course of providing legal services, some matters may involve the processing of special category personal data, as defined by data protection law. This typically arises where the nature of the legal advice requires it.
We only process special category personal data where it is relevant, necessary and lawful, and appropriate safeguards are applied.
Examples of situations where this may arise include:
- employment-related matters involving health or occupational information
- regulatory or compliance matters involving sensitive personal information
- data protection or subject access request services, where special category data appears within records provided to us
Other personal data that we process may include:
- Technical data – IP address, browser type and version, device information and operating system
- Usage data – how you use our website and services
- Marketing and communications data – your marketing preferences and communication choices
We collect personal data in a number of ways, including:
- When we provide legal services to you
- When you contact us by phone, email, letter or video call
- When you request a quote, instruct us, or complete onboarding
- When you provide feedback
We collect data through our website:
- When you actively provide it (for example, requesting a quote)
- Automatically, through cookies and similar technologies
- From third parties, such as analytics providers
For more information, please see our Cookie Policy.
Our lawful basis
HYS primarily provides legal services to organisations rather than to individuals. We therefore process personal data mainly on the basis of legitimate interests.
We rely on the following lawful bases under the UK GDPR:
Article 6(1)(f) – legitimate interestsProcessing is necessary for our legitimate interests in providing legal advice and services to our clients, managing and administering legal matters, communicating with relevant business contacts, and maintaining accurate legal and professional records. These interests are not overridden by the rights or freedoms of individuals given the professional context and safeguards in place.
Article 6(1)(c) – legal obligationProcessing is necessary to comply with legal and regulatory obligations, including anti-money laundering, regulatory and accounting requirements.
Where we process special category personal data, we rely on: Article 9(2)(f) – the establishment, exercise or defence of legal claims
What we use your personal data for
We use your personal data to:
- Decide whether we can act for you and meet regulatory requirements
- Deliver our legal services and manage payments
- Communicate with you and manage our relationship
- Improve our website and services
- Comply with legal and regulatory obligations
- Provide relevant information about our services (where permitted)
Who we share personal data with
We may share personal data with the following categories of recipients, where this is necessary in connection with the legal services we provide:
- our clients and their authorised representatives
- opposing parties
- government departments and public bodies, where relevant
- courts, tribunals and regulatory bodies (including the Information Commissioner’s Office, where applicable)
- UK Land Registry
- counsel, experts and other professional advisers
- third-party service providers who support our business operations (such as IT and systems providers), where appropriate contractual and confidentiality safeguards are in place
We only share personal data where this is lawful, necessary and proportionate, and only for the purposes set out in this notice.
International transfers
Some service providers may be based outside the UK. Where this happens, we ensure appropriate safeguards are in place, including UK-approved contractual protections. You can request more information about these safeguards by contacting us.
Data security
We have appropriate technical and organisational measures in place to protect your personal data. Access is limited to those who need it, and all staff and partners are subject to confidentiality obligations.
Retention
We keep your personal data only for as long as necessary for the purposes it was collected, including legal, regulatory and professional obligations.
In some cases, we may retain data longer if there is a complaint or a potential legal claim. You can request further details about retention periods at any time.
Your rights
You have rights under data protection law, including the right to request:
- access to your personal data
- rectification of inaccurate data
- erasure of personal data
- restriction of processing
- to object to processing in certain circumstances
These rights are not absolute and are subject to applicable laws governing information rights. If you wish to make an information rights request, please contact the Data Protection Lead using the details provided in this policy.
Complaints
You have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk We would welcome the opportunity to resolve any concerns first, so please contact us directly.
Changes to this policy
We keep this policy under review and may update it from time to time.
Last updated: February 2026.
Third-party links
Our website may include links to third-party websites. We are not responsible for their privacy policies and recommend reviewing them when you leave our site.