Who we are:
We are F.G. MacCarthy Solicitors of Dunkellin Street, Loughrea, Co. Galway. You can contact us at this address by post, by telephone at 00 353 91 841841, or by email at email@example.com.
Our Data Protection representative is Denis Broderick who can be contacted at the same postal and e-mail address.
Why we process your data and the lawful basis for processing your data.
Website Users;For people who only view and interact with our website, we process and collect certain information relating to you. Generally, unless you submit information to us, such as via an online “contact us” form, we only collect the normal technical and device-related information from your use of our website and apps. We do so to secure our websites and apps, understand how you use them, and analyse how we can improve them.
The legal basis for this processing is our legitimate interest in the administration and operation of our legal services as well as our legitimate interest in marketing and promoting our firm’s legal services.
Clients;We collect and use information (process data) relating to our current, prospective and former clients. We also collect and use information relating to individuals connected with clients, such as their employees, partners, directors, company secretaries, shareholders or beneficial owners and, in the case of deceased clients, their beneficiaries and dependents and next of kin.
We use this information primarilyin order to; provide our clients with legal advice, to complete property transactions & commercial transactions for clients, to assist in the administration of estates, to assist clients with legal claims or legal proceedings and to assist client with their legal rights.
Third Parties;We also collect, use and otherwise process information relating to individuals where their information is considered by us or our clients to be relevant to the legal advice and assistance we provide to our clients. For example, in the course of litigation, we collect or receive information relating to plaintiffs, claimants, defendants, notice parties, third parties, solicitors, barristers, witnesses, expert witnesses, summons servers and service providers such as stenographers and private investigators.
While much of the information processed, will relate specifically to the type of legal services we provide to our clients, we will also use information as part of our administrative, financial and operational processes. This information may include your contact details, payment and financial information, marketing profiles and client relationship information, in addition to the information you give us so we can provide legal services to our clients. We will also collect and process AML information (described below). In carrying out this processing we rely on the following legal bases: contractual necessity, compliance with our legal obligations and legitimate interests (described below).
AML compliance: We may collect and use your information in the context of compliance with anti-money laundering (AML) laws and our regulatory obligations. This includes your ID and proof-of-address information. Shareholders with more than 25% interest in a company, who live outside of Ireland, are required to complete a Politically Exposed Persons (PEP) questionnaire. AML information may be sent to other solicitors and law firms that rely on our AML collection practices. Equally, we may receive AML information from other law firms. In carrying out this processing we rely on the following legal basis: compliance with our legal obligations.
Special Categories:In the course of providing legal services to our clients, we may need to process certain information that attracts special protection under EU law (Sensitive Information). For example, in the context of litigation or disputes, we might process information relating to health (e.g. medical condition), genetics, race, religious beliefs, sex life, sexual orientation, or trade union membership. Similarly, if we represent clients in a criminal case, we will collect information about the alleged offences and any related criminal history. In the context of our AML obligations, we might process information relating to political opinions or criminal convictions. We rely on exceptions contained in Article 9 of the GDPR and in the Data Protection Act 2018 to process this information.
Where we process such special categories of data relating to you, our legal basis for processing will be that the processing is necessary for the establishment, exercise or defence of legal claims, (which are specific exceptions in the Data Protection Act 2018) and other exceptions in Article 9 of the GDPR when processing special categories of personal data.
Our Legal Bases; In order to collect, use, share, and otherwise process your information for the purposes described in this Notice, we rely on a number of legal bases, some of which are mentioned above, including where:
necessary to perform a contract we have with you, such as our Terms of Engagement, and to provide the Services (we refer to this as contractual necessity above);
you have consented to the processing (in which case you may revoke your consent at any time);
necessary for us to comply with a legal obligation, or to establish, exercise or defend legal claims;
necessary to protect your vital interests or those of others;
necessary in the public interest;
necessary for the purposes of our or a third party’s legitimate interests, such as those of clients, partners, staff or others, provided that those interests are not overridden by your interests or fundamental rights and freedoms; and
Legitimate Interests; Where we collect, use, disclose and otherwise process your information based on legitimate interests, we may rely on the following interests:
· Provision of legal services: We use your information to pursue our clients and other affected individuals’ legitimate interests in obtaining and/or benefitting from legal advice and assistance, as well as our interests in providing legal advice and assistance to our clients.
· Keeping our Services Safe and Secure:We use your information in certain instances as necessary to pursue our and your legitimate interests of keeping some of our Services, such as our domains, websites, safe and secure.
· Marketing our Services:We use your information as necessary to pursue our legitimate interests in marketing our Services.
· Providing, improving and developing the Services: We use your information as necessary to pursue our legitimate interests in tailoring and improving our Services. For example, if you are a client, we may send you a survey or questionnaire to understand your experience in obtaining legal services from us.
Information received from third parties
We receive and obtain your information from a variety of sources, including from third parties. For example, in the course of providing legal services, we may receive information about you from our clients, other solicitors firms, barristers, insurance companies, experts, doctors, hospitals, actuaries, witnesses, summons servers, private investigators, discovery processes,engineers, accountants, auctioneers,banks, brokers, the Revenue Commissioners, The Property Registration Authority, government departments, public and semi-state bodies, public registries and databases (ie the CRO and Property Registration Authority), internet searches and publicly available information.
In the course of providing the legal services to our clients, we share information with various parties, including our clients, service providers, other solicitors firms, barristers, mediators, arbitrators, translators, couriers, independent experts, witnesses, insurance companies doctors, hospitals, actuaries, summons servers, private investigators, engineers, accountants, auctioneers, banks, brokers, the Revenue Commissioners, The Property Registration Authority, government departments, regulators, and statutory & public bodies.
We do this based upon the legal bases and exceptions mentioned above.
Experts, advisors, lawyers and others connected to the provision of legal services: We share your information with a variety of third parties so we can provide our legal services. This may include sharing your information with our clients, other solicitors and law firms, barristers, insurance companies, experts, doctors, actuaries, witnesses, mediators, summons servers and private investigators, engineers, accountants, auctioneers,banks, brokers, including recipients located outside of the EEA.
Courts and statutory bodies:We share your information with the Courts, regulatory bodies (including the Law Society), the Revenue Commissioners, government departments, public and statutory bodies for a variety of reasons, including where necessary to provide legal services and where required in order to comply with a legal or regulatory obligation.
Legal and safety reasons: We may retain, preserve, or share your information if we have a good-faith belief that it is reasonably necessary to (a) respond, based on applicable law, to a legal request (e.g., a subpoena, search warrant, court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce the terms of our Engagement Letter or any other contracts we have with you; (e) prevent physical injury or other harm to any person or entity, including you and members of the public.
Service providers: We may share your personal information to help us provide our services and communicate with you. Categories of service providers include IT software and hosting providers, records-storage companies and our Town Agents. Where such third parties are processors, these third parties are contractually required to use it only to provide their service to us and are contractually barred from using it for their own purposes.
Business re-organisation: In instances where our business is subject to a re-organisation, we may, in accordance with our legitimate interests, need to share information in the course of the transaction. In such circumstances, your information may be disclosed, where permitted by applicable law.
Who we share your data with
We may retain your information for as long as necessary in light of the purposes set out in this Notice, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for us to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled.
We take account of guidance issued by the Law Society of Ireland in determining how long to store client files. We also have certain legal obligations to retain certain information for specific periods such as AML information.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We also consider regulatory and Law Society guidance, as appropriate.
We do not transfer your data to a country outside the European Economic Area (“EEA”). Our Case Management Software provider may as part of the support service they provide, have to occasionally transfer data relating to our case management system to a subcontractor located outside the EEA. The safeguard we have put in place for this transfer is that we have contractually provided that our Case Management software provider has entered into European Commission approved standard contractual clauses with any such sub-contractor.
Transfers of data outside the European Economic Area
You have a number of rights in relation to your information that we process. To exercise these rights, please contact our Data Protection representative at the contact details above at the start of this privacy notice.
While some of these rights apply generally, certain rights apply only in specific circumstances. We describe these rights below.
Access:You have the right to request access to your information that we control.
Data Portability:You have the right to request that some of your personal information that you initially provided to us is returned to you or another controller in a commonly used machine readable format.
Rectify, Restrict and Delete: You have the right to ask us to restrict the processing of your information or to rectify or delete your information. Please note that despite a deletion request, we may continue to process your information if we have a legal basis to do so.
Object:If we process your information based on our legitimate interests explained above, or in the public interest, you can object in certain circumstances. In such cases, where legally required to do so, will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing, you can always object using the unsubscribe link in such communications or by contacting us at firstname.lastname@example.org.
Revoke Consent: Where you have previously provided your consent, you have the right to withdraw your consent to our processing of such information at any time. For example, you can withdraw your consent to email marketing by using the unsubscribe link in such communications or contacting us at email@example.com. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
Complain: You have the right to submit a complaint about our use of your information with a supervisory authority. The Irish supervisory authority is the Data Protection Commission.
These rights are subject to a number of exceptions under law. For instance, the Irish Data Protection Act 2018 provides that certain of your rights under the GDPR and Data Protection Act 2018 (such as the right of access and objection) may not apply:
to personal data processed for the purpose of seeking, receiving or giving legal advice,
to personal data in respect of which a claim of privilege could be made for the purpose of or in the course of legal proceedings, including personal data consisting of communications between a client and his or her legal advisers or between those advisers, or
where the exercise of such rights or performance of such obligations would constitute a contempt of court.
If you are unhappy with how we process personal data, we ask you to contact us so that we can rectify the situation.
Your rights relating to personal data
If you do not provide us with your information for the purposes described above, we cannot provide you with legal advice, represent you in legal proceedings or send relevant communications to you.
Without Prejudice to the foregoing, you may browse our website without providing us with any personal data and this will not affect your ability to view our website.
Requirement to process personal data
We do not use any personal data for the purpose of automated decision-making or profiling.
Automated decision-making and profiling
Our website and domains may contain links to other websites and services, which are managed and controlled by third parties. Please note that this Notice does not apply in those cases and we are not responsible for the privacy practices of such third parties.
Third party services
From time to time, we may amend this Privacy Notice. If we make material changes to the Notice, we will take steps to notify you, such as by posting a notice on our website. The Notice was last updated at the date indicated further below.
Updated 31st October 2018