P.H. HARDY

Privacy Policy

Privacy Policy

Last updated: 26 March 2026

This Privacy Policy explains how Paul Hardy trading as P.H. Hardy collects, uses, stores, shares, and protects personal data through phhardy.com.

1. Who we are

For the purposes of UK data protection law, the data controller is:

Paul Hardy
Trading as: P.H. Hardy
Email: mail(at)phhardy.com

If you have any privacy questions, requests, or complaints, please contact us using the details above.

2. Scope of this policy

This Privacy Policy applies to personal data collected through:

a. phhardy.com
b. the enquiry form and related contact channels
c. email, messaging, and other communications arising from website enquiries
d. any associated supporting processes used to review rights enquiries, verify interested parties, and manage commercial discussions

3. The kind of personal data we collect

Depending on how you interact with the website, we may collect and process the following personal data:

A. Information you provide directly

B. Technical and usage information

C. Transaction and negotiation records

If discussions progress, we may also collect records relating to rights discussions, verification, legal correspondence, deal status, draft terms, and related commercial communications.

4. Special category data

This website is not intended to collect special category personal data or criminal offence data, and you should not submit such information through the website unless it is strictly necessary and you are legally permitted to do so.

5. How we collect personal data

We collect personal data:

a. directly from you when you complete forms, email us, or otherwise contact us
b. automatically through the operation of the website and associated systems
c. from public sources, professional databases, company websites, LinkedIn pages, or similar sources where reasonably necessary to verify a professional or commercial enquiry
d. from advisers, service providers, or counterparties where relevant to legitimate rights discussions or deal administration

6. Why we use your personal data and our lawful bases

Under the UK GDPR, we must have a lawful basis for processing personal data. The lawful basis we rely on depends on the purpose.

A. To respond to enquiries and take steps requested before a possible contract

We process enquiry details so we can respond to your request, discuss rights, provide information, assess fit, and where relevant take steps at your request before entering into a contract.

Lawful basis: contract, where the processing is necessary to take steps at your request prior to entering into a contract, and legitimate interests where broader review or administration is required.

B. To manage and document business communications

We keep records of enquiries, follow ups, negotiations, and commercial discussions.

Lawful basis: legitimate interests, namely operating, protecting, and developing the business, maintaining an audit trail, and administering rights discussions. Legitimate interests can be used where the processing is necessary for a genuine business purpose and is balanced against the individual’s interests and rights.

C. To verify interested parties and protect confidential materials

We may verify identity, company affiliation, professional status, and apparent authority before disclosing non public materials.

Lawful basis: legitimate interests, namely protecting intellectual property, confidential information, deal process integrity, and business security.

D. To operate, secure, and improve the website

We use technical data, logs, and similar information to administer the site, troubleshoot issues, prevent misuse, and maintain security.

Lawful basis: legitimate interests, namely website administration, security, fraud prevention, and service integrity.

E. To comply with legal obligations

We may process and retain information where needed to comply with applicable laws, regulations, court orders, tax obligations, accounting obligations, or legal claims.

Lawful basis: legal obligation.

F. To use non essential cookies or analytics

Where we use non essential cookies or similar technologies, we rely on your consent where required by law. UK rules require consent for non essential cookies, while certain strictly necessary technologies may fall within an exception.

7. If you do not provide personal data

If you do not provide the information requested in the enquiry form, we may be unable to assess your enquiry properly, respond meaningfully, verify you, or provide any further materials.

8. How we share personal data

We do not sell personal data.

We may share personal data where reasonably necessary with:

a. website hosting providers
b. website developers, administrators, and technical support providers
c. email and communication providers
d. CRM, form, storage, document management, and workflow providers
e. legal, tax, accounting, and professional advisers
f. counterparties, agents, publishers, producers, or other business parties where you ask us to progress a rights discussion or where sharing is necessary for a contemplated transaction
g. regulators, law enforcement bodies, courts, or other authorities where required by law or necessary for legal claims

All such sharing is limited to what is reasonably necessary for the relevant purpose.

9. International transfers

Some of our service providers or advisers may process personal data outside the UK. Where personal data is transferred outside the UK and a restricted transfer occurs, UK data protection law requires appropriate safeguards to be in place. We will take steps intended to ensure that any such transfer is protected by an appropriate mechanism, such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to standard contractual clauses, or another lawful transfer mechanism.

10. Data retention

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including for legal, regulatory, evidential, and record keeping purposes. UK data protection law does not impose one fixed retention period, but requires information to be kept no longer than necessary.

As a working policy, unless a longer period is justified:

a. routine website logs and security records are kept for up to 12 months
b. general rights enquiries and related correspondence are kept for up to 24 months from the last meaningful contact
c. negotiations, verified commercial discussions, and transaction records may be kept for up to 6 years after the end of the relevant matter, or longer where reasonably necessary for legal claims, rights management, or evidential purposes. In England and Wales, actions founded on simple contract are generally subject to a six year limitation period.

We may retain information for longer where required or permitted by law, where necessary to establish, exercise, or defend legal claims, or where a right or asset history reasonably requires it.

11. Your data protection rights

Depending on the circumstances, you may have the right to:

a. be informed about how your personal data is used
b. request access to your personal data
c. request correction of inaccurate or incomplete personal data
d. request erasure of your personal data
e. request restriction of processing
f. object to processing based on legitimate interests
g. request transfer of certain data in a portable format
h. withdraw consent at any time where we rely on consent

The rights available to you depend on the lawful basis and the circumstances of the processing. Privacy notices must explain these rights, and individuals can also complain to the ICO.

To exercise any of these rights, contact us using the details in section 1.

12. Complaints

If you have concerns about how we handle personal data, please contact us first so we can try to resolve the matter.

You also have the right to complain to the Information Commissioner’s Office in the UK.

13. Cookies and similar technologies

This website may use cookies, pixels, tags, scripts, local storage, or similar technologies.

These may include:

a. strictly necessary technologies required for the website to function, maintain security, or provide a service you request
b. preference technologies that remember settings or choices
c. analytics technologies that help us understand website performance and usage
d. embedded media or third party technologies where relevant

Where the law requires consent, non essential cookies or similar technologies will only be set after you give valid consent through the site’s consent mechanism. You should ensure your live cookie banner and actual site behaviour match this statement.

Current cookie tool / consent platform: CookieYes
Current analytics tools: N/A

If you do not use analytics, ad pixels, or other non essential cookies, remove any references that do not apply.

14. Security

We take reasonable technical and organisational measures intended to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

However, no internet transmission or storage system can be guaranteed to be completely secure, and you provide information at your own risk.

15. Third party websites

This website may contain links to third party websites. This Privacy Policy does not apply to those websites, and you should review their own privacy policies.

16. Children

This website is aimed at professional and commercial users and is not directed to children. We do not knowingly collect personal data from children through the rights enquiry process.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date.