Privacy & Cookies Policy

Who we are

This is the Privacy & Cookies Policy of Hilton-Baird Audit & Survey Limited, part of the Hilton-Baird Group of companies, which comprises:

  1. Hilton-Baird Financial Solutions Limited, a company registered in England and Wales under company number 03832884;
  2. Hilton-Baird Collection Services Limited a company registered in England and Wales under company number 04319452;
  3. Hilton-Baird Audit & Survey Limited, a company registered in England and Wales under company number 04126136; and
  4. Hilton-Baird Management Services Limited, a company registered in England and Wales under company number 09719155.

Each company’s registered address is Fleming Court, Leigh Road, Eastleigh, Hampshire, SO50 9PD and additional contact details are available on our websites. Any Data Protection enquiries should be directed to When we refer to “HBAS”, “we”, “us” or “our” we are talking about all the Companies within the Hilton-Baird Group.

Your use of our website and our services indicates your agreement to the terms of use set out on our website, which you should consult.  

We are committed to protecting any data that we collect concerning you and processing it only in ways which comply with the Data Protection Act 2018 (and any replacement legislation) (“the DPA”, for short) and the European Union’s General Data Protection Regulation (“the GDPR”).   

This notice explains what personal data we collect about you, how we will tell you about the data we collect and what we do with it, and explains the legal basis on which we process your personal data under the GDPR.


Information collected

We may collect, use, store and transfer different kinds of Personal Data about you.  The Personal Data we collect will depend on the relationship you have with HBAS. 

If you are:

An employee of HBAS, someone working with us under a contract for services, or someone who applies for employment or work with us, we will provide you with specific privacy information and also ask for your consent to use Special Categories of Personal Data which we’re likely to obtain as a result of our working relationship. Although you should refer to any more specific privacy information we give you, we will also collect the following information on you:

A business contact, including persons who supply us with goods (including hiring things to us) or services and any contacts at a company or other organisation which does so, we may collect the following types of data on you:

A client or potential client, being a company or other organisation who has approached us in order to instruct or potentially instruct our services:

A customer of our client, including persons who we have identified or been notified as customers for our client and any contacts at a company or other organisation which has similarly been identified, we may collect the following types of data on you:

Information source

We collect two types of information from site users: statistical data (e.g. how many users use the site, and which pages they view); and personal data (including names and e-mail addresses).

Statistical data

The statistical data we capture includes your IP address as you browse the site. This is purely for website statistics, recording the number of users to the site and which pages they visit.  This information does not tell us who you are, and we only use this to monitor the effectiveness of the site.

Personal data

Personal data is obtained from a variety of sources, depending upon the agreement with our client.

In some instances, data will have been provided by our client or obtained directly form the customers. Additionally, we source or purchase data from GDPR compliant data providers and online resources in the public domain.

We may receive Personal Data about you from various third parties and public sources including directors, shareholders and employees at any business or organisation you are associated with, public registers, credit reference agencies and public bodies or authorities.

We also obtain personal data through offline methods, either directly (for instance, over the telephone or when you formally instruct us) or indirectly (for instance, from your colleagues when they advise you’re the most appropriate contact).

Additionally, we process personal data relating to the individuals within the businesses we are instructed to review on behalf of our clients. Furthermore, in the course of this activity, we will process data relating to the debtors of those businesses. This will, on occasion, be conducted on a confidential basis.

Personal data is only captured online when you provide it, such as but not limited to when you fill in a contact form, subscribe to our email service, download a resource or enter a competition, for example.

We may also receive Personal Data about you from other members of our Group in connection with the business of the Group or any member of the Group.

If you fail to provide Personal Data

Where we need to collect Personal Data by law, or under the terms of a contract we have with you and you fail to provide that data when requested:

How we will tell you what we are going to do with your information

Where we obtain information directly from you, we will provide you with a copy of the information in this notice upon our first point of contact with you or direct you to where this information is available on our website. If we require you to provide specific items of information, we will also explain the consequences if you do not provide these. 

Where we obtain information from third parties, including your colleagues or other data controllers, with some exceptions we’ll provide you with a copy or link to this Privacy Notice within one month, when we first use it to communicate with you, or before we disclose your data to any other person or organisation – whichever comes first.

We don’t have to provide this information to you if we’re obliged by law to obtain or disclose your information, or if we have professional or legal obligations of secrecy under European or domestic law. Sometimes it may be impossible to provide this information, or it may involve disproportionate effort. In such cases, we’ll take measures which we think are appropriate in the circumstances to protect your interests, and we’ll always ensure that this Privacy Notice is publicly available.

This Privacy Notice (and copies of privacy information which we give to you in the circumstances above) explains the purposes for which we process your data. If we intend to process that data for a new purpose which is incompatible with the information we gave you previously, we’ll provide you with new and updated information.

How we use your information

Keeping you informed about our products and services

In order to pursue our legitimate interests in promoting our services and providing you with information which may be helpful to you, we will use your information to contact you via direct mail, email, SMS and/or telephone with selected material, tips and guides you may find useful and of interest, as well as relevant information about the products and services provided by Hilton-Baird Audit & Survey and the other companies within the Hilton-Baird Group until such a time as you object.    

Where we hold your information for these purposes, we may also process it in order to deal with any enquiry about or objection to how we use it, to personalise our offers or the information we provide to you, and to ensure that our records are accurate and up-to-date. We may use third party service providers to help us check and verify information you have given to us. 

We may also use your information to conduct market research and analysis, to enable us to better understand the needs of our customers and business contacts, and to tailor our services and communications to their needs and circumstances. 

We may do this ourselves or may engage a third-party service provider to do so. Third party service providers may compare your data to publicly available information or to information they legitimately hold or obtain about you and may analyse or provide this data to us to help us in the conduct of our business. We will ensure that any service provider only processes your information in a way that complies with the law. 

You have a right to tell us not to process your personal data for direct marketing purposes. We will give you the option to refuse marketing when we collect your details. You can also exercise this right at any time by contacting us at, or by updating your communication preferences in, or unsubscribing from, any marketing email which we send to you.

Performing contracts with you

We may use your information to take steps to enter into, or to perform, a contract with you. This might include responding to an enquiry you make about our products or services. 

Additionally, where we have a contract with a funder, we will process information on its client and their debtors in order to enable us to fulfil our obligations to the funder. The legal basis for this processing is legitimate interest as it is necessary, and it is not possible to achieve this result in another less intrusive way. We have conducted a legitimate interest assessment and balanced this processing against your individual interests, rights and freedoms.

Complying with our legal obligations

We may use your information where necessary to comply with a legal obligation to which we are subject.   

Other services to which you have given consent

From time to time, we may offer the opportunity to receive other specific services or communications from third parties to persons who consent to our doing so. Where we ask for consent, we will explain how your data will be processed and ask for a clear expression of consent to each specific service or communication. 

Telling us about your preferences

You may change your preferences or withdraw your consent at any time using any of the following methods:

Under the DPA and GDPR, you have a right of access to information we hold on our records about you. Please note that the DPA allows us to charge a fee for this service.

Should you wish to make a complaint over our use of your personal data at any time, you can do so by contacting the Information Commissioner’s Office (ICO).

Sharing of your data with third parties

Data may be shared with other companies within the Hilton-Baird Group.

We use a third-party service,, to publish our website. These sites are hosted at, which is run by Automattic Inc. We use a standard WordPress service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. WordPress requires visitors that want to post a comment to enter a name and email address. For more information about how WordPress processes data, please see Automattic’s privacy notice.

We use a third party provider, InboxGuru, to deliver our email communication, capture visitors’ personal data when they choose to supply it through the forms on our website, and to assign lead scores to our contacts based on their website activity. This information allows us to send more relevant information to visitors. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our communication. For more information, please see InboxGuru’s privacy notice.

We use the WOW Analytics software of a third-party provider, CommuniGator, to collect and analyse visitor information such as browser usage, new visitor numbers, responses to marketing activity and other general website trends, helping us to improve the website and to make our marketing campaigns more relevant. For more information, please see CommuniGator’s privacy notice.

Your email address and personal information will never be made available to another organisation for marketing purposes without your explicit consent. However, please note that under Article 6(1)(f) of GDPR, from 25 May 2018 we will have the right to contact you and pass your details to third parties where we have a genuine and legitimate reason to do so, unless this is outweighed by harm to your rights and interests. We also have the right to share your details in the event the sharing of such information is necessary for the performance of a contract.

We will always maintain control over the confidentiality of your information. However, we can disclose your information to authorised parties if we are required to by law.

Transferring your data outside the European Union

All personal data is stored and processed within the EU, with the exception of the following data processors we work with. Where this is the case, this data transfer is GDPR compliant.


Personal data processed for us by InboxGuru is hosted in The US. As InboxGuru is an American company, it also participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework, and is committed to subjecting all Personal Information received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. This framework is considered by the European Commission to provide adequate protection for the rights of EU citizens in personal data.


Personal data processed for us by Google may be stored and processed in the United States of America and any other country in which Google or its contractors maintain facilities.  Google LLC (the parent company of the Google group) is self-certified under the EU-U.S. Privacy Shield Framework on behalf of itself and its wholly-owned U.S. subsidiaries and will process your data subject to it.

This framework is considered by the European Commission to provide adequate protection for the rights of EU citizens in personal data.

Automated Decision Making

We use our marketing automation provider, InboxGuru, to assign lead scores to our contacts based on various factors. These scores can be generated by reviewing the webpages visited, any action taken off the back of any email we have sent, or by matching any personal information that has been provided to us, for instance job title. This allows us to contact or send more relevant information to visitors, based on this information.

How long we keep your data

Under the GDPR, we’re required to ensure any personal data we hold is accurate and, where necessary, kept up to date, but also that we keep it no longer than is necessary for the purposes we use it for.  We may also be required by law to retain certain types of data for a longer period. 

All telecommunications data is kept in line with the European Union’s Data Retention Directive, for a minimum of one year and a maximum of two years. A copy is archived for the minimum period, after which time all archived data is purged and erased.

Additional information

We take appropriate technical and organisational security measures to ensure any information you provide to us is stored securely and confidentially and is not processed except in accordance with the GDPR and the DPA. However, we cannot guarantee the security of any information disclosed online, including the possibility that another person or organisation may monitor, intercept or obtain your information other than from us. By using our website, you accept the security implications of providing information over the internet and agree not to hold us responsible for any harm arising from those risks, unless we have been proved to be negligent.

You have the following rights in relation to your personal data under the GDPR, which can be exercised from 25 May 2018:

  1. The right to require us to correct any inaccurate personal data we hold on you or to supplement or complete any incomplete personal data.
  1. The right to object to any processing we undertake for our own legitimate interests (or those of a third party) on grounds related to your own personal situation.
  1. The right to have your personal data erased:

a. if it is no longer necessary for the purposes we have processed it;

b. where we have used it only by your consent and you have withdrawn your consent;

c. where we hold that data for direct marketing only;

d. where you have exercised a right under article 21(1) of the GDPR, we cannot meet the requirements of that article for continued use of your data, and there is no other legal basis for our use of it;

e. if we have unlawfully used your data;

f. if we have a separate legal obligation under European or domestic law to erase it; or

g. if you are a child under the law of your own EU member state.

  1. You have the right to request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. 
  1. You have the right to request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format.

 Note that this right only applies:


To assist your navigation of this website, make full use of the tools and aid our prevention of fraud, we may send ‘cookies’ from this website to your computer, mobile phone or tablet. However, we do not collect any personal data or personal information about you unless you provide information to our server.

Our Cookie Policy

For the best browsing experience when using our website and to ensure that we can continue to adapt the site to our visitors’ interests and expectations, your computer, mobile phone or tablet will need to accept cookies.

Below is a list of the main cookies we use on our site and what they are used for:

utm_visitor, VisitorID, AssetTrackId

Description: These are used when you have visited our website from an email marketing campaign via one of our providers, InboxGuru. These allow us to link individuals already known to us and opted in to our communication to website activity.

CRMC, CC, CC2, PostID, gator_td

Description: These are used when you have visited our website from one of our email marketing campaigns via our provider, CommuniGator. These allow us to link individuals already known to us and opted in to our communication to website activity.

OriginalReferralURL, OriginalTargetURL, RecentReferralURL, RecentTargetURL

Description: These cookies show us how you found our website, which website you came from and which of our webpages you visited first. This helps us to review which of our online marketing channels is most effective. They also enable us to reward some external websites for directing you to us.

om-second-297444, om-297444, om-global-cookie, om-interaction-cookie

Description: This allows us to serve a subscribe pop-up to our regular blog visitors and also prevent it from being shown if you come from one of our newsletters.


Description: This cookie allows some of the features on our website to function correctly, such as our quote and solutions engine tools. The website and these features wouldn’t work without it.

__utma, __utmb, __utmc, __utmz, _gat, utm_campaign, utm_content, utm_medium, utm_source, utm_term

Description: These cookies enable the function of Google Analytics software. This software helps us to collect and analyse visitor information such as browser usage, new visitor numbers, responses to marketing activity and other general website trends.

This information helps us to improve the website and to make our marketing campaigns more relevant. The data stored by these cookies can only be seen by the team at Hilton-Baird Audit & Survey and Google, and never shows any confidential information.

Additional information: Our website uses Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses cookies to help us to analyse how users use the site.

The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. To opt out of being tracked by Google Analytics across all websites visit

For more information, visit

wow.anonymousId, wow.session, ASP.Net_SessionId, PHPSESSID

Description: These cookies enable the function of WOW Analytics software. This software helps us to collect and analyse visitor information such as browser usage, new visitor numbers, responses to marketing activity and other general website trends.

This information helps us to improve the website and to make our marketing campaigns more

relevant. The data stored by these cookies can only be seen by the team at Hilton-Baird Audit & Survey and WOW Analytics, and never shows any confidential information.

X-LI-IDC, __qca, bcookie, X-LI-IDC, visit, NSC_MC_WT_FU_IUUQ)

Description: LinkedIn cookies are introduced by the LinkedIn share button. This is only present on our blog pages. They are used to track which pages you visit.

Additional information: For more information, visit

pid, _twitter_sess, k, guest_id and original_referer

Description: This enables the Tweet button on our blog pages, which allows you to easily compose a Twitter message containing a link to the page. The cookies store anonymous session data and, if your computer is already logged in to Twitter, may contain session or other data identifying the logged in account.

Additional information: For more information, visit

khcookie, NID, SNID and PREF

Description: We may use Google Maps on our website to provide detailed information on how to locate our facilities. We would use Google’s interactive maps because we believe they provide a helpful way for our visitors to identify how best to travel to us, and on the basis that Google adheres to its privacy policy.

Additional information: For more information, visit For terms of service for Google Maps, visit

Social media

Should you opt to ‘share’ content through social networks such as Twitter and LinkedIn directly from our website, you may be sent cookies from these websites. Hilton-Baird Audit & Survey has no control over the settings of these cookies, so we would advise you to check their individual websites for more information about the cookies they send and how to manage them.

Any site containing a social sharing button may set a cookie when you are also logged in to their service. We do not control the dissemination of these cookies and you should check the relevant third party website for more information about these.

Updates to this Policy

We reserve the right to update our Privacy & Cookies Policy at any time. We will take reasonable steps to draw your attention to any changes in our Policy. However, to be on the safe side, we suggest that you read this document each time you use the website to ensure that it still meets with your approval. Should you disagree with any changes made, you may withdraw your consent at any time using the methods outlined above.