We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Who we are
Merchiston Solicitors Ltd [trading as Merchiston Solicitors)] collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation [GDPR] which applies across the European Union (including in the United Kingdom) and we are responsible as 'controller' of that personal information for the purposes of those laws.
Personal information that we collect and use
In the course of providing a legal service to you as a firm of solicitors we collect data from you and we will in such circumstances explain why such as for the need to carry out regulatory checks. We ordinarily collect the following personal data when you provide it to us:
- Such as your name, address gender, date of birth, contact details, financial information etc.
- Sensitive personal data: is, by its nature, more sensitive information and may include your racial or ethnic origin, religion, sexual orientation, political opinions, health data, trade union membership, philosophical views, biometric and genetic data.
In the majority of cases personal data will be restricted to basic information and information needed to complete ID checks. However, some of the work we do may require us to ask for more sensitive information.
The legal basis for processing your personal data
We need to process your personal information in order to:
- Perform our contract with you (see Article 6.1.b of the GDPR)
- Comply with our legal obligations (see Article 6.1.c of the GDPR) for example our obligations under the Money Laundering Regulations 2017.
- Pursue legitimate business interests providing our services to you, or to pursue the legitimate interests of third parties as long as your interests and fundamental rights do not override those interests (see Article 6.1.f of the GDPR).
- For the establishment, exercise or defence of legal claims, where necessary (see Article 9.2.f of the GDPR)
Sources of information
We also obtain personal information from other sources as follows:
- You may volunteer the information about yourself
- You may provide information relating to someone else – if you have the authority to do so
- Information may be passed to us by third parties in order that we can undertake your legal work on your behalf. Typically, these organisations can be: banks or building societies, organisations that have referred work to us, medical or financial institutions – who provide your personal records / information
- Submitting an online enquiry
- Following/liking/subscribing to our social media channels
- Take part in one of the competitions or promotions we run on the website or on our social media channels
- Agree to fill in a questionnaire or survey on our website
- Ask us a question or submit any queries or concerns you have via email or on social media channels
- Post information to the our website or social media channels, for example when we offer the option for you to comment on, or join, discussions
- When you leave a review about us on Trustpilot.com or Google Reviews
If we collect your personal data for marketing purposes, you will be provided the opportunity to 'opt in' to receiving marketing communications from us. We hope you will provide this information, so you find our communications useful but if you choose not to this will have no effect on accessing our legal services. Any contacts who have not engaged by opening an email over a period of 6 months will be removed from marketing communications.
How we use your personal information
The primary reason for asking you to provide us with your personal data, is to allow us to carry out your requests – which will ordinarily be to represent you and carry out your legal work.
the following are some examples, although not exhaustive, of what we may use your information for:
- Verifying your identity
- Verifying source of funds
- Communicating with you
- To establish funding of your matter or transaction
- Processing your legal transaction including: Providing you with advice; carrying out litigation on your behalf; attending hearings on your behalf; preparing documents or to complete transactions
- Keeping financial records of your transactions and the transactions we make on your behalf
- Seeking advice from third parties; such as legal (e.g. barristers) and non-legal experts
- Responding to any complaint or allegation of negligence against us
- fraud prevention
- direct marketing
- network and information systems security
- data /analytics /enhancing, modifying or improving our services
- identifying usage trends
- determining the effectiveness of promotional campaigns and advertising.
We may use your personal information for legitimate interests such as direct marketing or under reasonable expectation to provide you with information you would expect to receive or that would benefit and enhance our relationship. This information will help us review and improve our products, services and offers.
Who we share your personal information with
We will share personal information with law enforcement or other authorities if required by applicable law. We will not share your personal information with any other third party. We generally share information within Merchiston Solicitors. However, there are circumstances in carrying out legal work for you we may need to disclose information to third parties for example:
- Court or Tribunal;
- Solicitors acting on the other side;
- Asking an independent Barrister or Counsel for advice; or to represent you
- Non-legal experts to obtain advice or assistance;
- Translation Agencies;
- Contracted Suppliers;
- External auditors or our Regulator; e.g. Lexcel, SRA, ICO etc;.
- Bank or Building Society; or other financial institutions
- Insurance Companies;
- Providers of identity verification;
- Any disclosure required by law or regulation; such as the prevention of financial crime and terrorism
- If there is an emergency and we think you or others are at risk.
- In the event we share information with third parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so. There may be some uses of personal data that may require your specific consent. If this is the case, we will contact you separately to ask for your consent which you are free to withdraw at any time.
How long your personal information will be kept
Your personal information will be retained, usually in computer or manual files, only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us. For example:
- As long as necessary to carry out your legal work
- For a minimum of 6 years from the conclusion or closure of your legal work; in case you, or we, need to re-open your case for the purpose of defending complaints or claims against us
- Some information or matters may be kept for 16 years – such as matrimonial matters (financial orders or maintenance agreements etc.)
- Wills and related documents may be kept indefinitely
Under the General Data Protection Regulation you have a number of important rights. In summary, those include rights to:
- access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
- require us to correct any mistakes in your information which we hold – 'the right to rectification.'
- require the erasure of personal information concerning you in certain situations - 'the right to be forgotten', this right only applies in the following specific circumstances:
- Where the personal data is no longer necessary in regards to the purpose for which it was originally collected,
- Where consent is relied upon as the lawful basis for holding your data and you withdraw your consent
- Where you object to the processing and there is no overriding legitimate interest for continuing the processing
- The personal data was unlawfully processed
- Where you object to the processing for direct marketing purposes – the right to object. We must stop processing your personal data unless:
i) We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
ii) The processing is for the establishment, exercise or defence of legal claims.
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner's Office (ICO) on individuals rights under the General Data Protection Regulation. If you would like to exercise any of those rights, please:
- email, call or write to our Data Protection Officer at firstname.lastname@example.org
- let us have enough information to identify you [(e.g. account number, user name, registration details)],
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates [including any account or reference numbers, if you have them]
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We have exceptional standards of technology and operational security and our computers use firewalls and data encryption to keep your data safe. Our providers use for instance multiple encryption methods, protocols, and algorithms across the products and services they provide to help provide a secure path for data to travel through the infrastructure, and to help protect the confidentiality of data that is stored within the infrastructure. We rely on some of the strongest, most secure encryption protocols in the industry to provide a barrier against unauthorized access to your data.
How we protect your personal information
We will only ever use non-sensitive personal information to target individuals with marketing materials; such as name, address, telephone, email, job description and previous buying behaviours. Sensitive information or specific details will never be used to target marketing communications. We may use personalisation to collect analytics to inform marketing and produce relevant content for the marketing strategy to enable it to enhance and personalise the "consumer experience".
If you do not wish us to continue to contact you in this way, you can either follow the unsubscribe instructions on any of our communications to you or contact us by emailing email@example.com with your name and email address. Your details will be removed immediately. Once unsubscribed, you may still receive transactional emails from us regarding your legal case. Any questions regarding this notice and our privacy practices should be sent by email firstname.lastname@example.org
How to complain
We hope that can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: [0303 123 1113].
Changes to this privacy notice
This privacy notice was published on 24.5.18 and last updated on this date.
We may change this privacy notice from time to time, when we do we will inform you via email.
How to contact us
Please contact our Data Protection Officer at email@example.com or call 02035406340 if you have any questions about this privacy notice or the information we hold about you.