Privacy Policy
Hanahoe and Hanahoe LLP – Privacy Policy
Last updated: March 2026
1. Who We Are
Hanahoe and Hanahoe LLP is a firm of solicitors regulated by the Legal Services Regulatory Authority (LSRA).
Registered Address:
16 North Main Street, Naas, Co. Kildare
Data Protection Contact:
officemanager@hanahoeandhanahoe.com
For the purposes of data protection law, Hanahoe and Hanahoe LLP acts as a Data Controller in relation to personal data collected through our website and in the course of providing legal services.
2. Scope of This Policy
This Privacy Policy applies to:
- Visitors to our website
- Individuals who contact us via website or email
- Clients and former clients
- Opposing parties and third parties in legal matters
- Individuals whose personal data is contained within client files
3. What Personal Data We Collect
Depending on the nature of the legal services provided, we may process:
Identity and Contact Data
- Name
- Address
- Email address
- Telephone number
- Date of birth
- PPS number (where required)
Client and Matter Data
- Correspondence to and from you
- Legal documentation
- Court pleadings
- Contracts and agreements
- Property and title documentation
- Probate and estate documentation
We may also process personal data relating to opposing parties, witnesses, beneficiaries, or other individuals involved in legal matters where necessary for the provision of legal services.
Financial Data
- Bank account details
- Transaction information
- Billing information
Special Category Data (Article 9 GDPR)
Where necessary for legal services, we may process:
- Health or medical information
- Information relating to family matters
- Information relating to employment disputes
- Other sensitive information relevant to legal proceedings
Criminal Convictions Data (Article 10 GDPR)
In certain legal matters, we may process information relating to criminal offences or alleged offences. Such data is processed only where necessary for the establishment, exercise, or defence of legal claims or in the administration of justice, and under the control of authorised personnel in accordance with the Data Protection Act 2018.
AML & Regulatory Data
In compliance with anti-money laundering legislation, we may collect:
- Passport or driving licence
- Proof of address
- Source of funds information
Website Data
For website enquiries:
- Name
- Email address
- Telephone number
Technical Data
- IP address
- Website usage data
- Analytics data
4. How We Collect Personal Data
We collect personal data:
- Directly from you via website contact forms
- Via email correspondence (Microsoft 365)
- Through our case management system (CORTBase)
- Through telephone calls
- Via our telephone answering service (Kendlebell), which collects contact information on our behalf
- From courts, public bodies, and third parties involved in legal matters
- For AML verification purposes
Kendlebell acts as a data processor on our behalf and relays contact information securely via email.
5. Purposes of Processing
We process personal data for:
- Responding to website enquiries
- Providing legal advice and representation
- Conducting conveyancing and property transactions
- Handling probate and estate administration
- Managing litigation and dispute resolution
- Complying with LSRA regulatory obligations
- Complying with anti-money laundering legislation
- Billing and financial administration
- Establishing, exercising, or defending legal claims
6. Lawful Bases for Processing
We rely on the following lawful bases under GDPR:
Contract
Processing necessary to provide legal services under a retainer agreement.
Legal Obligation
Processing required to comply with:
- Legal Services Regulation Authority requirements
- Criminal Justice (Money Laundering and Terrorist Financing) legislation
- Tax and accounting obligations
- Court rules and statutory obligations
Legitimate Interests
Processing necessary for:
- Business administration
- Record keeping
- IT and network security
We ensure such interests do not override your rights.
Special Category Data
Where we process special category data, we rely on:
- Processing necessary for the establishment, exercise, or defence of legal claims
- Administration of justice
- Compliance with legal obligations
Criminal Convictions Data
Processed under Article 10 GDPR and the Data Protection Act 2018 where necessary for legal proceedings.
7. Legal Professional Privilege
Communications between solicitors and clients may be protected by legal professional privilege.
Where applicable, this may limit the rights of access or disclosure under data protection law.
8. Cookies and Website Technologies
Our website uses:
- Google Analytics (or equivalent analytics tools)
- Cookie consent management tools
Non-essential cookies are placed only following your consent.
Further details are available in our Cookie Policy.
9. Sharing Personal Data
We may share personal data where necessary with:
- Barristers and counsel
- Courts and tribunals
- Opposing solicitors
- Expert witnesses
- Banks and financial institutions
- Revenue Commissioners
- Land Registry and public bodies
- CORTBase (case management provider)
- Microsoft 365
- Kendlebell telephone answering service
- IT support providers
Where required, third parties may act as independent data controllers. In such cases, those third parties are responsible for their own compliance with data protection law.
All processors are required to process personal data securely and in accordance with data protection law.
10. International Transfers
Personal data is processed within the European Economic Area.
Where service providers operate outside the EEA, appropriate safeguards such as EU Standard Contractual Clauses are in place.
11. Data Retention
We retain personal data in accordance with:
- Legal Services Regulatory Authority requirements
- Anti-money laundering legislation
- Statutory limitation periods
- Professional practice obligations
Retention periods vary depending on the type of legal matter:
- Litigation files are retained for a minimum of 6 years following completion of the matter.
- Conveyancing files are retained for a minimum of 12 years in accordance with professional obligations.
- Title deeds and original property documents are retained until returned to a lending institution (where a mortgage exists) or otherwise in accordance with client instructions.
- Anti-money laundering documentation is retained in accordance with statutory requirements (typically 5 years).
In certain circumstances, personal data may be retained for longer where required for legal proceedings, regulatory investigations, complaints handling, or to establish, exercise, or defend legal claims.
12. Security Measures
We implement appropriate technical and organisational measures including:
- Secure hosting
- SSL encryption
- Password-protected systems
- Restricted staff access
- Secure case management systems (CORTBase)
- Microsoft 365 security controls
- Antivirus and monitoring systems
13. Your Data Protection Rights
Under GDPR, you have the right to:
- Access your personal data
- Request rectification
- Request erasure (where legally permitted)
- Restrict processing
- Object to processing
- Data portability (where applicable)
- Lodge a complaint with the Data Protection Commission
Requests may be made by contacting:
officemanager@hanahoeandhanahoe.com
We may require proof of identity before processing requests.
Certain rights may be limited where personal data is subject to legal professional privilege or where restrictions apply under data protection law.
14. Complaints
If you are not satisfied with how we process your personal data, you may lodge a complaint with:
Data Protection Commission
https://www.dataprotection.ie
15. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available on our website.