At Malcomson Law, we take your privacy seriously. It is important that you understand exactly what we do with personal data that you and others provide to us, why we gather it and what it means to you. We are providing you with this documentation in compliance with our obligations under the General Data Protection Regulation (GDPR), which came into force on the 25th May 2018.
From that date, GDPR, together with any other Irish legal requirements amend existing Data Protection Law in place and enhance accountability and transparency obligations on organisations when using your personal data.
GDPR also introduces changes which will give you greater control over your personal information.
It is hoped that this summary explains the most important aspects of how we use your information and what rights you have in relation to your personal information.
The Information We Collect About You.
During the course of our business, we hold the following:-
- Data to identify you for Anti Money Laundering purposes, including your contact information, PPS number, Marital status, Gender, Date of Birth and Nationality;
- Financial information and bank details;
- Employment records, Education records and Medical records;
- Information about you provided by others, e.g. family members;
- Information which you have consented us to using;
- Other personal information (and this list is not exhaustive), to include the following: photo images, CCTV images and information provided when exercising your rights detailed below.
When Do We Collect Your Information?
We collect information as follows:-
- When you, the client, provide this information to us;
- Information that may be provided to us by third parties;
- Information which we gather or garner from you during the course of the provision of our legal services;
How We Use Your Information On A Legal Basis.
We use, and share, your data where:-
- It is necessary in relation to your Contract of Engagement to provide you with legal services or because you have asked us to carry out some other service on your behalf;
- You have agreed or explicitly consented to the using of your data in a specific way – you may withdraw your consent at any time;
- It is necessary because we have to comply with a legal obligation. For example, complying with our ‘know your client’ obligations and compliance with anti-money laundering legislation, Regulatory Authorities and Law Enforcement;
- It is necessary to protect your vital interests in exceptional circumstances;
The legal basis for this processing is our legitimate interest in the administration of our client’s files and in the provision of legal services. We may also use your data subject to your consent where we have a legitimate interest in marketing and promoting our firm’s legal services
Persons with whom we share your Personal Data.
When providing our legal services to you, we may share your information with:-
- Your authorised representatives;
- Third parties with whom we need to share your information to facilitate (i) transactions you have requested and (ii) all legal services that you have requested and also third parties with whom you ask us to share your information;
- Service providers who provide us with support services;
- Statutory and Regulatory Bodies and Law Enforcement Authorities;
- Third parties in connection with a sale or purchase;
- Persons making an enquiry or complaint;
- Professional Bodies, Non Statutory Bodies and Members of Trade Associations;
- Health Care Professionals and Medical Consultants;
- Third party advisors.
How Long We Hold Your Data.
The legislation and regulatory rules set by Authorities and the guidelines set down by the Law Society of Ireland, define how long we hold your data and is dependent on the type of transaction or legal advices which we have provided to you. We will retain your information for no longer than is necessary for the purpose for which it was obtained by us or as required or permitted for legal, regulatory, fraud prevention and legitimate business purposes, including, if relevant, to deal with any claim or dispute that might arise in connection with the services you receive from us.
Implications Of You Not Providing Your Data.
If you choose not to provide information we may not be able to:-
- Provide you with the requested legal services;
- Continue to provide you with legal services, assess stateability and, where relevant, give you a recommendation for legal services. We will notify you when we ask for information that is not a contractual requirement or, indeed, not to comply with our legal obligations.
Using Companies to Process Your Information Outside the European Economic Area (EEA).
In some cases, we may transfer information about you and your products and services with us to our service providers and other organisations outside the EEA. We will always take steps to ensure that any transfer of information outside of the EEA is correctly and carefully managed in accordance with applicable data protection law to protect your privacy rights.
How To Exercise Your Information Rights, Including Your Right To Object.
From the 25th May 2018, you will have several enhanced rights in relation to how you use your information, including the right, without undue delay, to:-
- Find out if we use your information, access your information, receive copies of your information;
- Have inaccurate incomplete information corrected and updated;
- Object to particular use of your personal data for our legitimate business interests or direct marketing purposes;
- In certain circumstances, to have your information deleted or use of your data restricted.
- In certain circumstances, the right not to be subject to a decision based solely on automated processing. Where we make such automated decisions a right to have a personal review of the decision;
- Exercise the right to data portability, i.e. obtain a transcript of a full copy of your information which we hold, to include transfer to another provider, and without your consent at any time where processing is based on consent.
How You Contact Us
If you have any questions about how we use your information or if you wish to exercise any of your data rights, you can contact the Data Compliance Administrator at Malcomson Law, Iceland House, Arran Court, Smithfield, Dublin, D07 E76E.
If we are unable to deal with your request fully within a calendar month (due to the complexity or a number of requests) we may extend this period by a further two calendar months and shall explain the reason why.
Dated this 25th day of May 2018 – V2018.01