McCluskey Browne Solicitors
Privacy Policy
BACKGROUND:
McCluskey Browne, Solicitors is a law firm and provides legal advice and assistance to its clients. We are regulated by the Law Society of Scotland. We respect and value the privacy of our clients and other individuals, including staff and suppliers’ staff, and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
1. Information About Us
McCluskey Browne, Solicitors, 7 Portland Road, Kilmarnock, KA1 2BT
Email address: [email protected]
Telephone number: 01563 554545
If you have any questions on this Privacy Notice, how we handle your personal data or wish to make a subject access request, contact our Data Protection Compliance Partner using the above details.
2. What Does This Notice Cover?
This Privacy Notice explains how we, as a Data Controller, use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under “Data Protection Law” which includes the General Data Protection Regulation 2016/679, the UK Data Protection Act 2018 and all relevant EU and UK Data Protection Legislation.
3. What is Personal Data?
Personal data is defined by the GDPR and includes any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
4. What Personal Data Do We Collect – McCluskey Browne is a full service law firm, and therefore we use a variety of personal information depending on the services we deliver:
(a) Identity Data – ID information including your name, date of birth, gender, marital status, National Insurance Number, Passport and Driving Licence.
(b) Contact Data – (a) – including residential and other postal address, email address and phone number.
(c) Financial Data – Your financial position, status and history including bank details and credit rating. This data may be used in a wide range of legal matters including debt recovery, litigation, other forms of dispute resolution, matrimonial, employment, personal tax, trusts, wills, business creation/acquisition/disposal, property matters, lending, borrowing, other financing.
(d) Transactional Data – Information relating to payment, credit and debits relative to a client’s matter (e.g. to pay for the legal service, to pay for outlays, to settle a claim, property purchase/sale, other asset purchase/sale). We do not store credit or debit card details, but will use them to process payments.
(e) Contractual Data – Information obtained by providing you with legal services.
(f) Communications Data – Personal information contained in communications with individuals.
(g) Social Relationships Data – Information relating to an individual’s family and social relationships may be used in range of types of cases.
(h) Open data and public records – information relating to individuals that are, or can be, collected from public or open sources.
(i) Consents Data – Permissions, consents or preferences given to us by individuals, including marketing permissions, contact permission, mandates to contact employers, other solicitors, and/or GPs and other medical specialists.
(j) Technical Data – We may collect personal information when you visit our website to monitor usage. This could include your IP address, operating system and browser type.
(k) Special Category Data – Race, ethnic origin, politics, religion, trade union membership, sex life, sexual orientation, genetic or biometric data, health and medical information, criminal convictions data. We will only collect and use these types of information where we need to and if the law allows us to, e.g. in connection with personal injury, employment, matrimonial, litigation etc.
5. Your personal data is collected from a wide range of sources including:
• directly from you or your representative when contacting us in writing, by email, in person, by telephone, through our website, or by any other method.
• information you or your representative have made publicly available.
• • other people you know, including family members, people financially linked to, you, their representatives as well as our clients in circumstances where you are involved in a matter in which we act, for example as a witness, beneficiary, guarantor, buyer, seller, debtor, defender, pursuer, employee, or employer.
• other organisations which have referred you to us, for example estate agents, accountants, financial advisers, other solicitors, insurance companies, banks.
• open data and public records, for example from various registers (Land Register, Register of Inhibitions, Companies House, OSCR, etc.), fraud prevention agencies, credit reference agencies to verify the identity of our clients and beneficial owners to assist us in complying with our legal obligations.
6. How Do You Use My Personal Data?
(a) To respond and communicate – With you regarding your instructions, questions, comments, support needs, complaints or concerns.
(b) Using client information – We will collect, store and use the personal data that you provide in your instructions and during the course of our solicitor/client relationship, in order that we can perform our obligations under our service agreement with clients. We will use such personal data to:
• provide clients with legal advice, including communicating with them by email, letter and/or telephone, etc. in connection with the services that we provide;
• represent clients as their solicitors in connection with such services;
• process and make payments in connection with such matter(s).
• process personal information as part of updating, reviewing and enhancing client records and undertaking analysis for management purposes.
• To protect our business
• If clients do not provide us with all of the personal information that we need to collect in order to perform our obligations under our service agreement, then this may affect our ability to provide them with legal advice and/or represent them as their solicitors.
(c) Business clients (including bodies corporate, public bodies and/or charities) and other stakeholders including suppliers – We will use personal information about key individuals (e.g. director, shareholder, partner, trustee, beneficial owner) in the business, so that we can operate and administer the services which we provide and comply with our legal obligations.
(d) To comply with our legal obligations to prevent financial crime – Including money laundering under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, we will use personal data including name, address, date of birth, country of residence/citizenship, personal identification (which may include passport number or driving licence number), information about any criminal convictions, information about roles held in public office, and information about your status as or your relationship and association with a politically exposed person.
We will give personal information to and receive personal information from third parties where that is necessary to meet our legal obligations, including credit reference agencies, fraud prevention agencies, the police and other law enforcement and government agencies, and regulators.
(e) To comply with regulatory obligations – We will provide the Law Society of Scotland, with names of individuals for whom our solicitors act under Powers of Attorney.
(f) Other parties – We will process personal information of individuals who are not our client, but have a relationship with our client as described above, and will, use this information to comply with our duty as a legal adviser to our client.
(g) Financial management and debt recovery – We may give personal information to and receive personal information from third parties where that is necessary to recover debts due by you to us, for example, credit reference agencies and sheriff officers.
(h) To market services to you – For marketing and business development activities including promoting our business.
(i) Automated decision making and profiling – We do not use personal data to make decisions solely by automated means without any human involvement.
(j) Online Activity – We may collect information about your computer, including where available your IP address, operating system and browser type, for system and business administration and for usage monitoring.
7. Our Legal Basis For Using Your Personal Information
Under the GDPR we must always have a lawful basis for using personal data. Your personal data may be used for one of the following purposes:
• we have your consent (if consent is needed);
• we need to use the information to comply with our legal or regulatory obligations;
• we need to use the information to perform a contract with you, including taking steps to enter into a contract with you; and/or
• it is fair to use the personal information either in our interests or someone else’s interests, where there is no overriding disadvantage to you – this can include where it is in our interests to exercise our rights under contract, to run our business in an efficient and proper way and to promote our services.
Where we have your consent, you have the right to withdraw it at any time.
8. How Long Will You Keep My Personal Data?
We will retain your personal information for as long as is required to comply with our obligations set out above.
We have a data retention policy that sets out the periods and rules for retaining and reviewing all information that we hold. This sets out different retention periods, which depend upon the nature of the information, and you can request details by contacting our Data Protection Compliance Partner.
9. How and Where Do You Store or Transfer My Personal Data?
We will only store or transfer your personal data within the United Kingdom or the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the GDPR or to equivalent standards by law.
10. Do You Share My Personal Data?
We may be required to share personal information with statutory or regulatory authorities and organisations to comply with legal obligations imposed upon us. Such organisations include counterparties to any transaction, dispute or legal proceedings on which we are advising, police and other law enforcement agencies, the Law Society of Scotland, Department of Work & Pensions, HMRC, Revenue Scotland, Scottish and UK courts, Registers of Scotland and / or local authorities.
We may also share personal data with our or your other professional advisors for the purposes of taking advice and in the event of any legal claims.
Where we employ third party suppliers to provide services, including IT Systems, and archiving, these suppliers may process personal data on our behalf as “processors” and are subject to written contractual conditions to only process that personal data under our instructions and protect it.
We may be required to share personal information with other organisations such as credit reference agencies, sheriff officers, property search companies, Companies House, expert witnesses, translators, local agents, accountants and / or auditors.
11. What Are Your Rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
(a) Request access – to your personal data, by way of a “subject access request” to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
(b) Request correction – this enables you to have any incomplete or inaccurate data we hold about you corrected, through we may need to verify the accuracy of the new data you provide to us.
(c) Request erasure – this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may now always be able to comply with your request of erasure for specific legal reasons which will e notified to you, if applicable, at the time of your request.
(d) Object to processing – you have the right at any time to require us to stop using your personal data for direct marketing purposes. In addition, where we use your personal data to perform tasks carried out in the public interest or for our legitimate interests or those of a third party then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
(e) Request restriction of processing – this enables you to ask us to suspend the processing of your personal data in the following scenarios: (i) if you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it as you need to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
(f) Request the transfer – – of your personal date to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applied to automated information which you initially provided consent for us to use or where we use the information to perform a contract with you.
(g) Withdraw consent – at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
You can exercise your rights by contacting our Data Protection Compliance Partner. If you remain dissatisfied you have the right to lodge a complaint with the Information Commissioner’s Office at www.ico.org.uk
12. How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request” and should be made in writing and sent to the email or postal address shown in Part 1. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
13. Changes to this Privacy Notice
We keep this Privacy Notice under regular review. Any changes will be made available on our website www.mccluskeybrowne.co.uk. Paper copies of the Privacy Notice can be obtained by emailing us at [email protected] with your address.
This Privacy Notice was last updated on 25th May 2018.