Privacy Notice

As an essential part of our business, we collect and manage client and non-client data. This notice explains when and why we collect personal information about you; how we use it, the conditions under which we may disclose it to others and how we keep it secure.

1.     About Hayes Medicals

Hayes Medicals is a trading name for Hayes & Co Services Ltd; we are a Medical Reporting Organisation, working alongside law firms to provide medical evidence. We are a Limited Company registered in England and Wales, Company Registration Number 07032192. Depending on the nature of your claim, our service may also be regulated by MedCo, who we are registered with under ID: MRO97.

We observe data protection legislation and are committed to protecting and respecting privacy and rights. Specifically, we act as a Data Controller in respect of the information gathered and processed by us.

We are registered with the Information Commissioners Office under registration number ZA104428. Our Data Protection Officer is Rebecca Fenton. If you have any comments or queries regarding the use of your data, she can be contacted as follows:

Address: GM House, Wilkinson Way, Haslingden Road, BB1 2EH
Email: [email protected]
Telephone: 01254 274 929

2.     What Information Do We Collect About You?

The exact information we will request from you depends on what you have asked us to do or what we are contracted to do for you. This notice is intended for client, or prospective clients, only.

There are two types of personal information:

  • Personal Data: this is general information such as your:
    • Name, address and contact details including telephone number(s) and email address;
    • Date of Birth;
    • Past or present GP contact details, hospital(s) attended (if relevant), including information on medical treatments;
  • Special Data (Sensitive Data): this, by its nature is more sensitive and may include your:
    • Racial or ethnic origin;
    • Physical and mental health details including access to medical records, where appropriate.

2.1   Children

Our services are not specifically aimed at children as they are generally represented by a parent or guardian. If you are a child and need further advice or explanation about how we use your data, please contact our Data Protection Officer.

3.     Sources of Information

Information about you may be obtained from a number of sources, including, but not limited to:

  • You may volunteer the information yourself using any, or a mixture of, the following methods:
    • Telephone;
    • Email;
    • Letter;
    • Online.
  • You may provide information relating to someone else (if you have the authority to do so);
  • Information may be passed to us by third parties in order that we can obtain medical evidence on your behalf. Typically, these third parties can be:
    • Law firms you have instructed to perform instructions under a Contract;
    • Medical institutions who may provide your personal medical records or information;
    • Medical experts reviewing your injuries and providing comment as part of your medical evidence;
    • Insurance companies providing details to assist progress of your claim.

Please also be advised that when you visit our website, cookies will be used to collect information about you such as your Internet Protocol (IP) address which connects your computer or mobile device to the Internet, and information about your visit such as the pages you viewed or searched for, pages response times, and download errors for example. We do this so that we can measure our website’s performance and make improvements in the future. Cookies are also used to enhance our website’s functionality and personalisation, which includes sharing data with third party organisations. You can control this by adjusting your cookies settings.

On occasion, we may voice record client telephone conversations, and therefore any information captured via this medium, will automatically be stored for training and monitoring purposes.

4.     Why Do You Need This Information?

The primary reason for asking you to provide us with your personal data is to allow us to carry out your requests/instructions, or those of your legal representative, which will usually be to represent you and carry out medico-legal work. This can include, but is not limited to:

  • Verifying your identity;
  • To communicate with you;
  • To establish how your matter will be funded;
  • To obtain your medical evidence including, but not limited to:
    • Booking and attending appointments;
    • Providing non-legal advice;
    • Obtaining medical documents;
    • Preparing documents;
    • Disclosing evidence;
    • To seek advice from third parties such as legal and non-legal experts;
    • Responding to any complaint or allegation of negligence made against us; 

5.     Who Has Access to My Personal Data?

Hayes Medicals operates a data protection regime to oversee the effective and secure processing of your personal data.

The service we provide requires us to liaise with your legal representative and medical experts in order to obtain the medical evidence you require, to facilitate this we must disclose relevant information as and when we are instructed to do so to fulfil this service. These may include:

  • Your instructed legal representative;
  • Other solicitors, for example, solicitors representing the other party;
  • Non legal experts such as Medical Experts;
  • Medical institutions such as past or present GP, hospital or relevant treatment centre;
  • Translation agencies;
  • Contracted suppliers;
  • External auditors or our regulator MedCo;
  • Insurance companies;
  • Providers to identity verification;
  • Any disclosure required by law or regulation; such as the prevention of financial crime and terrorism;
  • In the event of an emergency and we think you may be at risk.

6.     Your Rights

Under the terms of data protection regulation, you have the following rights available to you:

6.1   Right to be Informed

This Privacy Notice fulfils our obligation to tell you about the ways in which we use your information.

6.2   Right to Access

You have the right to ask us for a copy of any personal data that we hold about you. This is known as a “Subject Access Request”. Except in exceptional circumstances (which we discuss and agree with you in advance), you can obtain this information at no cost. We will send you a copy of the information within 30 days of your request. If for any reason we are not able to comply with this timeframe, we will let you know the reasons why and confirm the date by which we will comply.

A request for access to your personal data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc. This means that a Subject Access Request will not normally result in you getting a copy of your file because you are only entitled to your personal data – not the documents that contain that data.

To make a Subject Access Request, please write to our Data Protection Officer Rebecca Fenton at Suite 21, Kings Court, 33 King Street, Blackburn, BB2 2DH.

6.3   Right to Rectification

If any of the information that we hold about you is inaccurate, you can contact us and request that we correct it.

6.4   Right to Erasure or the ‘Right to be Forgotten’

From 25th May 2018, you can ask us to erase all personal information that we hold about you. Where it is appropriate that we comply, your request will be completed within 30 days.

6.5   Right to Object

You have the right to object to:

a)       The continued use of your data for any purpose listed in Section 4 above, for which consent is identified as the lawful basis for processing i.e. you have the right to withdraw your consent at any time.

b)       The continued use of your data for any purpose listed in Section 4 above, for which the lawful basis of processing is that it has been deemed as legitimate.

6.6   Right to Restrict Processing

If you wish us to restrict the use of your data because:

i.            You think it is inaccurate but this will take time to validate;

ii.            You believe our data processing is unlawful but you do not want your data erased;

iii.            You want us to retain your data in order to establish, exercise, or defend a legal claim, or

iv.            You wish to object to the processing of your data, but we have yet to determine whether this is appropriate.

6.7   Right to Data Portability

If you would like to move, copy or transfer the electronic personal data that we hold about you to another organisation, please contact our Data Protection Officer.

6.8   Rights Related to Automated Decision Making

Automated individual decision-making is a decision made by automated means without any human involvement.

For example, the collection and analysis of data to gain insights in to behaviours and characteristic. Automated individual decision-making does not have to involve profiling, although it often will do.

This right doesn’t apply if the automated decision is:

  • Necessary for entering into, or the performance of, a contract between you and Hayes Medicals;
  • Based on your explicit consent; or
  • Authorised by EU or UK law which also sets out suitable safeguards to the rights, freedoms and legitimate interests of the individual (e.g. for fraud and tax-evasion monitoring/prevention or to ensure the security and reliability of the services you provide to the individual).

If you would like to object to automated decision making without any individual involvement, and to the profiling of your data, please contact our Data Protection Officer.

7.     How Do We Protect Your Personal Data?

We recognise that your information is valuable and we take all reasonable measures to protect it whilst it is in our care.

We have exceptional standards of technology and operational security in order to protect personally identifiable data from loss, misuse, alteration or destruction. Similarly, we adopt a high threshold when it comes to confidentiality obligations; both internal and external parties have agreed to protect confidentiality of all information, to ensure all personal data is handled and processed in line with our stringent confidentiality and data protection policies.

We use computer safeguards such as firewalls and data encryption and annual penetration testing. We also enforce, where possible, physical access controls to our buildings and files to keep data safe.

8.     How Long Do We Keep It For?

Your personal information will be retained, usually in computer or manual files, only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us. For example:

  • As long as necessary to carry out your legal work;
  • For a minimum of 6 years from the conclusion or closure of your legal work; in the event that you, or we, need to re-open your case for the purpose of defending complaints or claims against us;
  • For the duration of a trust;
  • Some information or matters may be kept for 16 years; such as commercial transactions;
  • Personal injury matters which involve lifetime awards or PI Trusts may be kept indefinitely.

9.     Complaints

If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate further. Our Data Protection Officer is Rebecca Fenton and you can contact her as follows:

Address: GM House, Wilkinson Way, Haslingden Road, BB1 2EH
Email: [email protected]
Telephone: 01254 274 929

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO). You can contact the ICO as follows:

Telephone: 0303 123 1113

10.     Marketing Communications

We may contact you for the purpose of direct marketing. This means that we may use personal data collected in line with this Privacy Notice, to contact you about our products, services and events. These communications may be delivered by post, email or social media platforms. We will not send marketing communications via SMS or call you without your specific consent. We would never pass or sell your details to a third party.

10.1            Collecting Your Personal Data

We collect your personal data in a number of ways, including but not limited to:

  • Submitting an online enquiry;
  • Following/liking or subscribing to our social media channels;
  • Taking part in any competition or promotion run on our website of through our social media channels;
  • By completing a questionnaire or survey via our website;
  • Asking a question, or submitting your query or complaint via our website, email or social media channels;
  • Posting information on our website or social media channels, for example, commenting or joining in discussions;
  • When you leave a review about us on, Google Reviews or other media platform.

Whenever we collect your personal data, you will be provided the opportunity to ‘opt in’ to receiving marketing communications from us. We hope you find our communications useful, but if you choose not to receive such information, we confirm that this will have no effect on accessing our legal services.

10.2            How We May Use Your Details

The following are examples, although not exhaustive, of how we may use your personal information for our legitimate business interests:

  • Fraud prevention;
  • Direct marketing;
  • System security;
  • To monitor and record information relating to the use of our services, to include our website;
  • Identifying usage trends;
  • Enable business development including sending legal updates, publications and details of events;
  • Determining the effectiveness of promotional campaigns and advertising.

We may use your personal information for legitimate interests such as direct marketing or under reasonable expectation to provide you with information you would expect to receive or that would benefit or enhance our relationship with you. This information helps us review and improve our service.

10.3            Your Rights

You have the right to object to this processing. Should you wish to do so, please contact our Data Protection Officer, Rebecca Fenton. You can contact her as follows:

Address: GM House, Wilkinson Way, Haslingden Road, BB1 2EH
Email: [email protected]
Telephone: 01254 274 929

10.4            How We Protect Your Information

We will only ever use non sensitive personal information to target individuals with marketing materials. Sensitive information will never be used to target marketing communications. We may use personalisation to collect analytics to inform marketing and produce relevant content for the marketing strategy to enable it to enhance and personalise the customer experience.