Trowers & Hamlins

Sign up

Home » Our website » Privacy notices » Privacy notice – for third parties

Privacy notice – for third parties

Trowers & Hamlins is committed to protecting your privacy.

The reason for this notice

Data protection law in the European Union is changing in 2018.  The EU General Data Protection Regulation, the UK's Data Protection Act 2018, comes into force in May 2018, and later in the year a new EU Regulation relating to privacy in electronic communications is expected to come into force.  For convenience we refer to this body of law as 'DP legislation'.

We expect to amend this notice as new legislation is passed, and as guidance is given so that the notice is as up to date as possible.

This privacy notice (sometimes called a processing or privacy policy) aims to inform third parties how we will process their personal information.  By 'third parties' we mean:

  • individuals who have no contract with us but whose data we are handling; and, where different;
  • visitors to our website; or
  • individuals who receive marketing information from us.
  • We have a separate privacy notice for clients (also available on our website) and for our staff since the basis on which we process their personal data is different. 

Who we are

Trowers & Hamlins LLP ('we',' our', 'the firm') is a data controller for the purposes of the DP legislation and the Malaysian Personal Data Protection Act 2010.  We are registered with the UK Information Commissioner's Office with registration number Z1436854 and with the Office of the Malaysian Personal Data Protection Commissioner.  In some circumstances the data controller is Trowers & Hamlins (Services) Limited (registration number Z6861461).

Your data privacy rights

Personal data is information which identifies a living person, whether directly or indirectly.  A reference to 'you' and 'your' in this notice is to individuals whose personal data we are processing.

You have the right to access personal data that we hold for you and can find out more about your rights under the DP legislation at

Your rights depend on the basis upon which we are processing your data and are difficult to summarise in a general document.

If you have any requests concerning your personal information or any queries with regard to our processing, please contact us at and your enquiry will be forwarded to the correct person.  Alternatively you can write to our Data Privacy Partner, 3 Bunhill Row, London EC1Y 8YZ.  We will respond to your enquiry within 30 days unless the query is complex.  We will advise you if this is the case.

You will not have to pay a fee to access your personal information (or to exercise any other right as a data subject).  However, we may charge a reasonable fee, if your request is clearly unfounded or excessive.

You have the right to lodge a complaint with the Information Commissioner in respect of our processing of your personal data.  Further details are available at

How we collect personal data

We collect personal data in the course of our business from or about a number of different categories of people both directly and indirectly.  This includes:

  • people involved in matters we act on for our clients such as customers of our clients;
  • people with whom we, or our staff, have a business relationship e.g. when you give us a business card; or refer work to us and/or
  • other third parties who visit our website, request information or receive marketing services (updates, events and seminars).

What we collect

We collect personal information which can include one or more of the following:

  • basic information such as your name, title or position, and related information such as the company you work for;
  • contact options e.g. phone, email or post;
  • identification information collected as part of our client inception process;
  • financial information such as payment related information;
  • information to help us help you, inviting you to events of interest to you and, when you attend those events, information such as access or dietary requirements; and/or
  • any other information relating to you from public sources and/or provided to us by you.

From time to time this information may include special category data (which the DP legislation requires us to treat with extra care).  Special category data can include information about your health, racial or ethnic origin, religious or political beliefs, trade union membership, sex life or sexual orientation.

Where personal information has been supplied to us indirectly, e.g. by a client, we respect any specific requirements they may make about our use of that data but will process the data as data controllers in our own right. 

What we do with your information

We process personal information for the purpose of providing legal services to our clients and also for our own business purposes including:

  • to provide information requested by you;
  • to tell you about our services including details of events, seminars and publications (as permitted by you or by law);
  • disclosures to our regulators, auditors, our own legal or professional advisors, our insurers and insurance brokers;
  • to provide our website and improve its use including monitoring and auditing;
  • recruitment (further information can be found on our careers portal); and/or
  • fraud prevention (including money laundering and bribery) and for the prevention or detection of crime (including use of CCTV on our premises).

What is the basis for processing your data?

We will only process your personal data where we have a lawful basis for doing so.  This is set out in the DP legislation.  The lawful basis will be one or more of the following, that the process is necessary for:

  • compliance with our legal and regulatory obligations;
  • to pursue our legitimate business interests;
  • establishing, exercising or defending legal claims; and/or
  • to perform a contract to which you are a party or taking steps prior to entering into such a contract.

This notice can only be a general summary.  You may at any time request to see and, if appropriate, amend, your personal data.  Details are given under 'Your data privacy rights'.

Transfer of personal data

We are an international law firm and our offices work collaboratively with each other.  We may need to process your information outside the location where it was given to us.  This may involve the transfer of your information outside the European Economic Area (the EEA), or vice versa.  The level of data privacy protection in countries outside the EEA may be less than offered within the EEA.  We have robust data transfer agreements between our offices and where third parties process data outside the EEA we take all reasonable steps to ensure that personal data is protected and secure. 


At the foot of every marketing mailing we send out, we offer recipients the opportunity to opt out of any future mailings of that type, or indeed, request to be completely removed from our contacts database.  The email also links to this privacy notice.  You may also request to be removed from this database at any time by contacting, or writing to Data Privacy Partner, 3 Bunhill Row, London, EC1Y 8YZ.

Events with third parties

On occasion we will host an event jointly with a third party.  We will only release your details to that third party on the basis of them conducting a specific and singular mailing.  They will be requested to sign a contract indicating their understanding of our privacy notice and their commitment to use your details in accordance with the principles of the Data Protection legislation and other applicable laws, and will be considered a data controller for the purpose of that particular mailing.  You will have an opportunity to subscribe to further mailings from them or from us, or to unsubscribe as set out above.


We are committed to safeguarding the privacy of visitors to our website.

You are not required to provide any personal information on the public areas of our website. However, you may choose to do so by completing the contact forms on various sections of our website.  If you do, your personal information will be treated as set out in this notice.


We use cookies on our website so that we can track how users navigate through our site, in order to enable us to evaluate and improve our site.  We use this information to compile statistical data on the use of our website. Information obtained is used on an anonymous, aggregated basis and you cannot be identified from this.

To find out more about cookies and how we use them please read the detailed cookies policy on our website.

Other websites

Our website may contain links to other websites outside our control and which are not covered by this Privacy Notice.  If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.


We use up-to-date data storage and security techniques to protect your personal information from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss.  The firm is accredited with Cyber Essentials Plus and is Lexcel accredited.  Our employees and any third parties we engage to process personal information are required to respect its confidentiality.

Storage and disposal of personal data

We hold personal data and other information for different periods reflecting both good data protection practice and our regulatory, statutory and contractual requirements.  These periods are set out in our data retention policy, which is revised from time to time.  Please contact us if you would like to know the retention period for your own data.

Personal data supplied for the purpose of due diligence checks is used only for that purpose and destroyed five years after the termination of the business relationship between us.

Malaysia Personal Data Protection Act 2010 Notice

In accordance with the Malaysian Personal Data Protection Act 2010 this notice explains our data processing practices, how we comply with the Personal Data Protection Act 2010 and your options regarding the way in which your personal data is used. Under the Personal Data Protection Act 2010, we are required to ensure the accuracy of and provide you access to your personal information to make any changes to it.  You may at any time request to see and amend this data; if you would like to do so, please contact

Changes to this notice

We reserve the right to update this privacy notice at any time.
Operative from 25 May 2018
Version: 1.0.0

To download a pdf copy of our privacy policy for third parties click here.