Privacy Policy

Welcome to Hines’ privacy policy.

This privacy policy aims to give you information on how Hines collects and processes your personal data, including any data you may provide when you visit our website or offices and/or engage with us in respect of a transaction or potential transaction as a client (“Hines Clients”) or an advisor.

Hines Associates Limited, whose registered office is at 42 Carlyle Square, London, SW3 6HA (“Hines”, ‘we”, “us” or “our” in this privacy policy), is the controller of your data which means that we are responsible for how your data are collected and used. We respect your privacy and will protect any of your personal data that we process. All personal data are processed in accordance with applicable data protection laws.


Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, job title, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Transaction Data includes details about payments to and from you and other details of services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
  • Usage Data includes information about how you use our website and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.

There are more sensitive types of personal information which require a higher level of protection under certain applicable data protection laws, commonly known as Special Categories of Personal Data. We do not collect such sensitive information about you except, where applicable, health information in the event that we have to give you first aid on site for events and meetings that you voluntarily provide to us. We do not collect any information about criminal convictions and offences unless revealed by due diligence conducted to comply with a legal obligation or given to us in connection with our role, or potential role, as financial adviser in connection with a transaction, in order to comply with a legal obligation.

We may process your personal information without your knowledge or consent, where this is required or permitted by law.


Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.


We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
    • apply for our services;
    • request marketing to be sent to you;
    • visit our offices; or
    • give us feedback or contact us.
  • Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
  • Third parties or publicly available sources. We may receive personal data about you from various third parties including partner organisations involved in our work, and publicly available sources.


We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into with Hines Clients or have entered into with Hines Clients.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.


We have set out below, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To provide our financial services to Hines Clients (including seeking and receiving advice from our professional advisors)

(a) Identity

(b) Contact


Necessary to perform the contract we have entered into with Hines Clients.
To document your visit to our offices

(a) Identity

(b) Contact

(c) Special Category Data (Health)


Necessary for an individual’s vital interests.

To send communications because you have requested or provided us with your contact details (e.g. updates about Hines’ business, activities and opportunities)

(a) Identity

(b) Contact

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity

(b) Contact

(d) Usage

(e) Marketing and Communications

(f) Technical

Necessary for our legitimate interests (to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy)
Improving, enhancing and developing our financial services and business operations

(b) Usage

(c) Technical

Necessary for our legitimate interests (advance our services)
To administer and protect our organisation (e.g. reporting requirements)

(a) Identity

(b) Contact


Necessary for our legitimate interests (complying with our regulatory and legal obligations, including assessing and managing risk)
Website analytics, to see where users are visiting our website from (a) Technical Necessary for our legitimate interests (to study how visitors use our website and view our services)


We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

Promotional offers from us

We may use your Identity, Contact, Technical and Usage Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us, provided us your contact details or purchased services from us and you have not opted out of receiving that marketing.

Opting out

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a service purchase, warranty registration, product/service experience or other transactions.


We may share your personal data with the parties set out below for the purposes set out in the table above.

  • Internal Third Parties including investors in Hines.
  • External Third Parties, such as auditors, professional advisors, lawyers, consultants, regulators and financial intermediaries.
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.


At present we do not transfer any of your personal data outside of the UK. In the event that any changes occur to our processes requiring such a transfer, we will notify you through updating this privacy policy.


We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a business contact, supplier, professional advisor, counterparty with whom Hines conducts business (including client) we will retain and securely destroy your personal information in accordance with our data retention policy.


Hines acknowledges that the information you provide may be confidential and will maintain the confidentiality of and protect your information in accordance with its normal procedures and all applicable laws. We employ appropriate technical and organisational security measures to help protect your personal data against loss and to guard against access by unauthorised persons. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


You have the right to know what personal data we process about you and may request a copy. You are also entitled to have incorrect personal data about you corrected and you may in some cases ask us to delete your personal data. You can also object to certain personal data about you being processed and request that processing of your personal data be limited. Please note that the limitation or deletion of your personal data may mean we will be unable to provide the communications and invitations described above. You also have the right to receive your personal data in a machine-readable format and have the data transferred to another party responsible for data processing. Where we have requested consent to process your personal data, you will have the right to withdraw consent.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) which is the UK regulator for the processing of personal data ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.


If you have any questions about how we process your personal data, please feel free to contact us in the following ways:

Email Address:

Postal Address: 42 Carlyle Square, London, SW3 6HA


We may change this policy from time to time by updating this page. You should check this page from time to time to ensure you are happy with any changes.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.