We want you to know that when you use our organisation you can trust us with your information. We are determined to do nothing that would infringe your rights or undermine your trust. This Privacy Notice describes the information we collect about you, how it is used and shared, and your rights regarding it.
We are registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that we hold and process. Our registered address is 1 Lanyon Quay, Belfast, BT1 3LG, our registration number is ZA021826, and our Data Protection Officer (DPO) is Ross Davidson. Our Data Protection Officer can be contacted at email@example.com
The vast majority of the information that we hold about you is provided to us by you when you seek to use our services, or if you wish to receive our news and marketing information.
OUR LAWFUL BASIS FOR PROCESSING YOUR INFORMATION
The General Data Protection Regulation (GDPR) requires all organisations that process personal data to have a lawful basis for doing so. We will only ever process your personal data for one of the lawful basis identified in the GDPR. Usually, we process your personal data for the purpose of performing our legal services contract with you, or for related business purposes, as a valued client or contact of our firm.
HOW WE USE YOUR INFORMATION
First and foremost, we process your personal data to provide you with legal services pursuant to our contract with you. We also process personal data to provide our valued clients and contacts with news and information relevant to our firm and our business relationship with them.
These purposes necessitate many different types of data processing including for example, the use of emails and personal details in our internal and external documents and correspondence, the processing of payment information, communicating with you about services, news, updates and events, investigating and addressing legal proceedings relating to your use of our services or as otherwise allowed by applicable law, and compliance with our regulatory and statutory obligations.
We do not use automated decision-making in the processing of your personal data.
We may need to collect and process both personal data and special categories of personal data as defined in the GDPR from our clients to perform our contract for legal services.
WHO WE MAY SHARE YOUR PERSONAL DATA WITH
By entering into a contract for legal services with us you consent to us sharing your personal data as may be required for the proper performance of that contract and any matters arising form or relating to that contract. For example we may share it with other advisors in relation to ongoing matters that we are engaged by you on, Counsel in relation to contentious or potentially contentious matters, our legal advisors in the event of a dispute or investigation into our conduct, law enforcement officials, government authorities, or other third parties to meet our legal obligations.
We may also share your personal data with a third party in connection with (or during negotiations of) any merger, sale or refinancing of our business.
Lastly, we may share your personal data with any other party where we ask you and you consent to the sharing.
TRANSFERS TO THIRD COUNTRIES AND INTERNATIONAL ORGANISATIONS
We do not transfer any personal data to third countries or international organisations unless it is necessary for the performance of our contract with you and we seek to satisfy ourselves that such transferred data is fully protected and safeguarded as required by the General Data Protection Regulation.
We retain your personal data while you remain a client unless you ask us to delete it. Our Retention and Disposal Policy (copy available on request) details how long we hold data for and how we dispose of it when it no longer needs to be held. We will delete or anonymise your information at your request unless there is an unresolved issue (such as claim or dispute), we are legally required to, or, there are overriding legitimate business interests, including but not limited to fraud prevention and protecting clients' safety and security.
The General Data Protection Regulation gives you specific rights around your personal data. For example, you have to be informed about the information we hold and what we use it for, you can ask for a copy of the personal information we hold about you, you can ask us to correct any inaccuracies with the personal data we hold, you can ask us to stop sending you direct mail, or emails, or in some circumstances ask us to stop processing your details. Finally, if we do something irregular or improper with your personal data you can seek compensation for any distress you are caused or loss you have incurred. You can find out more information from the ICO’s website http://ico.org.uk/for_the_public/personal_information and this is the organisation that you can complain to if you are unhappy with how we deal with you.
ACCESSING AND CORRECTING YOUR INFORMATION
You may request access to, correction of, or a copy of your information by contacting us at firstname.lastname@example.org.
You may opt out of receiving emails and other messages from our organisation by following the instructions in those messages.
We will occasionally update our Privacy Notice. When we make significant changes, we will notify you of these through email. We will also publish the updated Notice on our website.