Call us today on 0161 543 8884 or email us at | info@wearehy.com

Privacy Policy

Introduction

Who we are

HY Education Solicitors (“HYE”) is the trading name of HY Education Solicitors Limited (company number 12191172). We are regulated by the Solicitors Regulation Authority (SRA ID 668949).

HYE is a specialist education law firm providing legal services to schools, multi-academy trusts and other education sector organisations. We provide a range of specialist legal products and services, details of which are available on our website.

Data Controller

For the purpose of UK data protection law, HYE is the data controller in relation to the personal data processed when providing legal services. In this policy, “we”, “us” and “our” refer to HYE.

How to contact us

Our registered address is:
Sandbrook House, Sandbrook Way, Rochdale, OL11 1RY

HYE takes its data protection obligations under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018) and related information rights legislation seriously. If you wish to contact us about data protection or information rights matters, please contact our Data Protection Lead (DPL):

Dean Hulse
Director and Barrister

Contact details:
Email: info@wearehy.com
Telephone: 0161 543 8884
Address: Sandbrook House, Sandbrook Way, Rochdale, OL11 1RY

The personal data we collect

Personal data means information that identifies you as an individual.

Depending on how you interact with us, we may collect and use the following types of personal data:

Client onboarding and relationship management

Where a client instructs HYE in relation to a specific matter, or subscribes to one of our subscription services, we process personal data as part of the onboarding and relationship management process. This typically includes details of key contacts, such as names, job titles, email addresses and telephone numbers.

Anti-Money Laundering and regulatory checks

We are required to comply with laws and regulations relating to Anti-Money Laundering (AML) and counter-terrorist financing. To meet these obligations, we may be required to carry out identity checks and, where appropriate, source of funds or source of wealth checks. This may involve processing identification documents and related personal information.

Client files and legal matters

When we act for clients, we process personal data relating to individuals connected with the legal services we provide. This applies across all of our practice areas.

Core personal data processed in client matters

Across most client files, we typically process:

  • names and contact details
  • job titles and professional roles
  • correspondence and communications
  • case-related documents and records
  • financial and transactional information (where relevant)

This information may relate to client representatives, employees, pupils or students, parents and guardians, governors, trustees, witnesses, counterparties and other third parties.

Processing of special category personal data

Some of our specialist legal services necessarily involve the processing of special category personal data, as defined by data protection law. This includes personal data revealing information about an individual’s health, special educational needs or disabilities, safeguarding concerns, or other sensitive matters.

We only process special category personal data where it is relevant, necessary and lawful.

Education law matters

In education-related matters, we may process special category personal data, for example where information relates to:

  • safeguarding
  • special educational needs and disabilities (SEND)
  • health or medical information
  • behavioural or welfare issues

Employment law matters

In employment-related matters, we may process special category personal data, for example where information relates to:

  • health, medical or occupational issues
  • absence linked to health conditions
  • matters requiring reasonable adjustments or support

Data protection, DPO and SAR services

When providing data protection advice, acting as a Data Protection Officer (DPO), or handling subject access requests, we may process special category personal data where it appears within records provided to us. This may include:

  • copies of personal data under review
  • special category personal data contained within those records
  • redacted documents and audit trails created as part of the review process

The examples above are not exhaustive and the specific types of special category personal
data processed will depend on the nature of the legal services provided.

Other

Other personal data that we process may include:

  • Technical data – IP address, browser type and version, device information and operating system
  • Usage data – how you use our website and services
  • Marketing and communications data – your marketing preferences and communication choices

How we collect your personal data

We collect personal data in a number of ways, including:

  • When we provide legal services to you
  • When you contact us by phone, email, letter or video call
  • When you request a quote, instruct us, or complete onboarding
  • When you provide feedback

We collect data through our website:

  • When you actively provide it (for example, requesting a quote)
  • Automatically, through cookies and similar technologies
  • From third parties, such as analytics providers

For more information, please see our Cookie Policy.

Our lawful basis

We rely on the following lawful bases under the UK GDPR:

Article 6(1)(f) – legitimate interests

Processing is necessary for our legitimate interests in providing legal advice and services to our clients, managing and administering legal matters, communicating with relevant individuals, and maintaining accurate legal records and marketing activities.

Article 6(1)(c) – legal obligation

Processing is necessary to comply with legal and regulatory obligations, including anti- money laundering, regulatory and accounting requirements.

Where we process special category personal data, we rely on:

Article 9(2)(f) – the establishment, exercise or defence of legal claims

What we use your personal data for

We use your personal data to:

  • Decide whether we can act for you and meet regulatory requirements
  • Deliver our legal services and manage payments
  • Communicate with you and manage our relationship
  • Improve our website and services
  • Comply with legal and regulatory obligations
  • Provide relevant information about our services (where permitted)

Who we share personal data with

We may share personal data with:

  • local authorities and other public bodies
  • government departments and agencies, including the Department for Education and,
    here relevant, HM Land Registry
  • courts, tribunals and regulatory bodies (including the Information Commissioner’s
    Office, where applicable)
  • counsel, experts and other professional advisers
  • third-party service providers who support our business operations (such as IT and
    systems providers), where appropriate contractual and confidentiality safeguards are
    in place

We only share personal data where this is lawful, necessary and proportionate, and only for the purposes set out in this policy.

International transfers

Some service providers may be based outside the UK. Where this happens, we ensure appropriate safeguards are in place, including UK-approved contractual protections. You can request more information about these safeguards by contacting us.

Data security

We have appropriate technical and organisational measures in place to protect your personal data. Access is limited to those who need it, and all staff and partners are subject to confidentiality obligations.

Retention

We keep your personal data only for as long as necessary for the purposes it was collected, including legal, regulatory and professional obligations. In some cases, we may retain data longer if there is a complaint or a potential legal claim. You can request further details about retention periods at any time.

Your rights

You have rights under data protection law, including the right to request:

  • access to your personal data
  • rectification of inaccurate data
  • erasure of personal data
  • restriction of processing
  • to object to processing in certain circumstances

These rights are not absolute and are subject to applicable laws governing information rights. If you wish to make an information rights request, please contact the Data Protection Lead using the details provided in this policy.

Complaints

You have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk

We would welcome the opportunity to resolve any concerns first, so please contact us directly.

Changes to this policy

We keep this policy under review and may update it from time to time.

Last updated: February 2026.

Third-party links

Our website may include links to third-party websites. We are not responsible for their privacy policies and recommend reviewing them when you leave our site.