Privacy Notice

Data security

In order to prevent unauthorised access, distortion or disclosure of your personal data we have put in place appropriate physical, technical and organisational measures. Our service providers are required to do the same. Some of our security measures include:

• All data is managed and maintained in our secure data centres, which are accredited with the required security standards.
• We conduct an annual audit of our security controls using a third party CREST accredited security specialist. In addition, we conduct security self-assessments on a quarterly basis and report findings to our Risk Committee.
• Our finance department processes all other transaction types via an external cloud based provider which is compliant with all required security standards.
• Laptops and desktops are locked down and also kept secure by a documented suite of IT policies, including both our Information Security Policy and Computer Usage Policy. All mobile devices are encrypted.
• We have a full Business Continuity Plan in place and review it annually. It covers the restoration of the firm's business activities in line with the SRA Code of Conduct.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to keep it safe, for example emails sent externally from HFW are encrypted using TLS.

Where you are using our IT services and we have given you (or you have chosen) a password to access certain parts of our Website, you are responsible for keeping this password confidential. Please do not share your password with anyone, except as required within your organisation.

We will make any legally-required disclosures of any breach of the security, confidentiality, or integrity of your electronically stored personal data to you either directly or by posting a clear notice on our Website without undue delay.