07834 039 328 thayes@hayesltd.com

Hayes Associates Limited Privacy Notice 


This Notice

We have updated this Notice, to incorporate the changes brought about by the General Data Protection Regulation (GDPR) that came into force on 25th May 2018. GDPR includes provisions on Privacy Notices in Articles 12, 13 and 14. 


About us

Hayes Associates Ltd. provides management consultancy in form of data protection, information management and governance and cyber security to a wide variety of organisations. It has been established since 1988. 

What is a Privacy Notice?

A Privacy Notice is a statement by the company to its customers, the public and staff that describes how we collect, use, retain and disclose personal information which we hold.  


Why issue a Privacy Notice?

Hayes Associates Limited recognises the importance of protecting personal and confidential information in all that we do and takes care to meet its legal and regulatory duties.  This notice is one of the ways we can demonstrate our commitment to our values and to being transparent and open. It also shows our commitment to respecting diversity, acting with integrity, demonstrating compassion, striving for excellence and listening and supporting others.


This notice explains what rights you have to control how we use your information.


Legal basis for processing your information

We only process your information if we have a lawful reason to do so. We make sure you know how we use your information, and tell you about your rights.

We rely on the following specific conditions in Articles 6 and 9 of the GDPR to process your information:

6(1) (f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. 

6(1) (c) ‘…for compliance with a legal obligation to which the controller is subject’ 

We also comply with the Common Law Duty of Confidentiality

What information do we collect from you, and why?

We may ask for or hold personal confidential information about you which will be used to help us deliver appropriate care and treatment.  This supports us to collect the minimum that we require for the provision of our service.  

These records may include:

  • Basic details, such as name, date of birth, address, phone number, mobile number and email address (where you have provided it to us)
  • Financial information where a transaction is required. 


Most of your records are electronic and are held on a computer system and secure IT network. 


How we use your information

  • To enable us to provide our services 
  • To process financial transactions where required. 
  • To comply with any associated regulatory requirements


It helps you because:

  • Accurate and up-to-date information helps us to provide you with the best possible service.


Where possible, when we use information to update you about future services and provision, this will be non-identifiable. 


How we keep your information safe and confidential

Hayes Associates Limited is committed to keeping your information secure. Information is retained in secure electronic and paper records and access is restricted to those who need it. Security and access controls, operational policies and procedures are in place to protect your information.

The GDPR regulates the processing of personal information.  Strict principles govern our use of information and our duty to ensure it is kept safe and secure.  

Hayes Associates Ltd. is registered with the Information Commissioners Office (ICO).  

Everyone working for the company is subject to the Common Law Duty of Confidentiality, as well as the GDPR and Data Protection Act 2018 provisions.  Information provided in confidence will only be used for the purposes for which have consented, unless there are other circumstances covered by the law.

All of our staff are required to protect information, inform you of how your information will be used and to allow you to decide if and how your information can be shared.  This will be noted in your records.


Who we share your information with

We do not share your information with any other Third Parties without your specific consent. 


Contacting us about your information 

We have a senior person responsible for protecting the confidentiality of your information. 

If you have any questions or concerns about the information we hold on you, the use of your information or would like to discuss further, please contact as below

Email: thayes@hayesltd.com

How can I access the information you hold about me, and what are my rights? 

Under the GDPR a person may request access to information (with some exemptions) that is held about them by an organisation. This is called a Subject Access Request. There is no fee for this unless a request is unfounded or excessive, particularly if it is repetitive. In that case, a reasonable fee may be charged. 

To submit a Subject Access Request, please email to 

Your Rights under the GDPR Subject are:

  1. Right to be informed
  2. Right to access
  3. Right of rectification
  4. Right to erasure
  5. Right to restriction of processing
  6. Right to data portability
  7. Right to object
  8. Automated individual decision-making, including profiling

We will comply with your rights and our responsibilities as stated above


Data breaches under GDPR

Under the GDPR we have a duty to report certain types of breach to the Information Commissioner’s Office (ICO). If the breach creates a risk to your rights and freedoms we will notify you without undue delay and the ICO within 72 hours of becoming aware of the breach, where possible.

If the breach is likely to bring a high risk of adversely affecting your rights and freedoms, we will also inform you without undue delay.

Contacting us if you have a complaint or concern

We try to meet the highest standards when collecting and using personal information.  We encourage people to bring concerns to our attention and we take any complaints we receive very seriously.  You can submit a complaint through to us at:

Email: thayes@hayesltd.com

Following your complaint, if you are still dissatisfied with our decision you may wish to contact: 

Information Commissioner’s Office

Wycliffe House

Water Lane




You can find more information on their website at www.ico.gov.uk  The Information Commissioner will not normally consider an appeal until you have exhausted your rights of redress and complaint to the Trust.