Murphy McElligott Solicitors
- Responsibility for your data?
For the purposes of the Data Protection Act 2018 and the EU General Data Protection Regulation (EU Regulation 679/2016) (the “GDPR”), Murphy McElligott Solicitors is the controller of all personal data described in this Privacy Statement.
Data “controllers” are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed, who make independent decisions in relation to the personal data and who otherwise control that personal data.
In particular, a Data Protection representative has been appointed within the firm to monitor compliance with our data protection obligations and with this Privacy Statement and related policies.
- What personal data do we collect?
Personal data means any information relating to an identifiable natural person. Personal data can be factual or it can be an opinion about that person, their actions or behaviour.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, last name, job title, copies of passport and date of birth.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Client Data includes information you provide to us which is relevant to the advice/service which we are providing you with.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- How do we collect your personal data?
We collect your personal data as follows:
- We collect information from you when we are setting you up as a new client of the firm which can include anti-money laundering documentation, identifying information and financial data.
- We collect certain personal data through our website through use of contact forms.
- We collect personal data and other information from you during the course of providing you with legal services.
- We may also receive your personal data from other sources such as from our client in the course of providing them with legal services or from publicly available sources such as the Company Registration Office.
- We may collect your personal data at client events or seminars.
- For what purposes do we process your personal data?
- Providing legal advice and any other service which you have requested;
- Administering billing, processing payments etc. in connection with the services we provide;
- To comply with our legal and compliance obligations including with regard to record keeping, anti-money laundering and tax laws;
- For any purpose which may arise as necessary during the course of our providing services to you.
- What are our legal bases for processing?
For the purposes set out at 4(i) and (ii) above we rely on your consent, the legitimate interests of Murphy McElligott and our clients and/or that certain processing is necessary for the performance of our contract with you.
For the purpose set out at 4(iii) we rely on the legal basis that the processing is necessary for compliance with a legal obligation to which we are subject.
For the purpose set out at 4(v) we may rely on your consent, our legitimate interests, the fact that such processing is necessary for the purposes of performing our contract with you and/or that the processing is necessary for the purposes of complying with a legal obligation to which we are subject.
Where we rely on consent as a legal basis, you may withdraw consent at any time by informing us in writing.
Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal.
- Do we share your personal data with anyone else?
We may share your personal data with the following parties in connection with our processing of your personal data. These will include email service providers, barristers, experts or as may otherwise arise in the course of our providing our services to you.
We require all third parties to enter into a data processing agreement with us which complies with our obligations under the GDPR. This agreement requires third parties to have appropriate security systems in place and only to use your personal data on our instructions and in accordance with data protection law.
- Keeping your personal data secure
We take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. We limit access to your personal data to those employees, agents and other third parties who are required to have access to your personal data and where they have agreed that they are subject to a duty of confidentiality.
We have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We have procedures in place to deal with actual and suspected data breaches which include an obligation on us to notify the supervisory authority and you, the data subject, where legally required.
- Transferring personal data abroad
There are circumstances in which we will have to transfer your personal data out of the European Economic Area for the purposes of carrying out the services we provide to you. Where the need for such a transfer arises we will always ensure that there are appropriate safeguards in place to protect your personal data such as:
- the European Commission has issued a decision confirming that the country to which we transfer the personal data ensures an adequate level of protection for the data subjects’ rights and freedoms;
- appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from the Data Protection Team;
- you have provided explicit consent to the proposed transfer after being informed of any potential risks; or
- the personal data is being transferred to a company in the US which has self-certified its compliance with the EU-US Privacy Shield which has been found by the European Commission to provide an adequate level of protection to the personal data of EU citizens.
- For how long do we keep your personal data?
Your personal data will be deleted when it is no longer reasonably required for the purposes described above or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data.
- Your data protection rights
Under certain circumstances, by law you have the right to:
- Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be the subject of any automated decision-making by us using your personal information or profiling of you.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Contact us
You can contact us in writing with any queries, complaints or requests to exercise your data protection rights.
- Updates to this Privacy Statement
Our Privacy Statement may change from time to time, and any changes to this Privacy Statement will be posted on the Murphy McElligott website and will be effective when posted.