Definitions and Interpretation
In this policy the following terms have the following meanings:
• “Personal data/information” means any and all data that relates to an
identifiable person who can be directly or
Indirectly identified from that data. In this case
It means personal data that you provide to Us
In order to fulfil a contractual arrangement;
• “we/us/our” means Doughtys W.S. Solicitors and Estate Agents
Our Data Protection Officer is Marina B. Kerr and can be contacted by email at email@example.com, by telephone on 018907 51100, or by post at 3 Church Street, Eyemouth, Berwickshire TD14 5DH. All our staff receive data protection training and we have detailed data protection and information security procedures in place.
We understand that your privacy is important to you and that you care about how your personal data is used and shared. We will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law.
What data do We collect?
When we enter into a contractual relationship with you, we may collect some or all of the following personal and non-personal data:
• date of birth;
• business/company name;
• job title/profession;
• contact information such as postal address, email address and telephone numbers;
• financial information such as bank details, credit/debit card numbers;
• IP address;
• web browser type and version;
• operating system.
We receive personal information directly from you and sometimes from third-parties for example:
• estate agents;
• financial advisers;
• other solicitors;
• insurance companies;
• search information providers
• credit reference agencies.
• fee assessors
We may collect information when an individual gets in touch with us with a question, complaint, comment or to provide feedback. In these cases the individual is in control of the personal information shared with us and we will only use the data for the purposes of responding to the communication.
How we use your personal information
Our use of personal data will always have a lawful basis, either because it is necessary for;
• Contract – your personal information is processed in order to fulfil a contractual arrangement, and/or
• Legitimate interests – this means the interests of Doughtys W.S. managing our business to allow us to provide you with the best service in the most secure and appropriate way e.g. to
transfer your data to certain third parties such as statutory or regulatory authorities and organisations in the course of our transactions with you including Department of Work and Pensions, HMRC, Registers of Scotland, Scottish Courts and Tribunal services, Office of the Public Guardian, Local Government agencies and the Law Society of Scotland and/or
• Consent – where you have given clear consent to us using your personal information for a specific purpose, and/or
• Legal Obligation – where there is statutory or other legal requirement to share the information e.g. when we have to share your information for law enforcement purposes.
Will my personal information be shared with third parties?
We may supply your personal information to third parties such as IT providers and Accounting Services. These third parties must at all times provide the same levels of security for your personal information as Doughtys W.S. provide and, where required, are bound by a legal agreement to keep your personal information private, secure and to process it only on the specific instructions of Doughtys W.S.
We may also supply your personal information to government bodies and law enforcement agencies but only: if we are required to do so when the particular circumstances of your matter so require or by the requirements of any applicable law; in our reasonable opinion, such action is reasonably necessary to comply with legal processes; to respond to any legal claims or actions; or to protect the rights of Doughtys W.S., its clients and the public.
Disclosure and Confidentiality
Solicitors are under a professional and legal obligation to keep affairs of clients confidential. This obligation, however, is subject to some exceptions:-
• Legislation on anti-money laundering and terrorist financing places solicitors under a legal duty in certain circumstances to disclose information to the National Crime Agency. Where a solicitor knows or suspects that a transaction on behalf of a client involves money laundering the solicitor may be required by law to make a money laundering disclosure. If that happens, we may not be able to inform you that a disclosure has been made or the reasons for it because the law prevents “tipping off”. Please note that we accept no responsibility for any loss arising from compliance with the ant-money laundering provisions of the Proceeds of Crime Act 2002 (and any amending legislation or related regulations) howsoever caused;
• Scottish Legal Complaints Commission (SLCC) and other supervisory bodies may call for a file which is the subject of a complaint; and,
• A court order can compel disclosure of confidential material in certain circumstances.
How and where do We store your data?
The security of your information is very important to us. As part of our commitment to keeping your data safe, our IT providers maintain physical, electronic and managerial procedures to keep safe the information we collect and store in our database.
Your data will only be stored within the European Economic Area (EEA), however, please note that although we do not normally transfer personal data outside the EEA, we may do so when the particular circumstances of your matter so require. All such third parties are required to maintain confidentiality in relation to your personal information. We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK under the GDPR.
How long do We store your personal information?
We have a data retention policy that sets out the time periods and reasons for retaining all information that we hold.
The time period for which we keep information varies according to what we use the information for. We will keep your information for as long as it is relevant and useful for the purpose for which it was collected.
After it is no longer necessary for us to retain your personal information, we will dispose of it in a secure manner according to our data retention and deletion policies.
Visitors to Our Website
You can browse our website without disclosing your personal information. If, however, you choose to submit details through our website we can assure you that we are committed to ensuring that your information is secure. For this purpose, we will not hold your personal data for any longer than is reasonable. Further, we have taken reasonable steps to protect your information against unauthorised access and against unlawful processing, accidental loss, damage and destruction. Nevertheless, any personal information submitted by you is at your own risk.
Our website uses essential cookies to function correctly, and some third party services may also set cookies on your browser. Any cookies that collect and use your personal information will request your consent when you access the website for the first time. You can change your privacy settings in relation to cookies at any time via your internet browser settings.
Prospective, current and former employees
If you apply to work for or with us, whether as an employee, advisor or consultant, we will process your personal information for the purpose of recruitment, and in anticipation of entering into a contract with you. If you are unsuccessful we will retain your information for
7 years before destroying it.
If you are an employee of Doughtys W.S., we collect and use your personal information for the purpose of carrying out our duties as an employer, to support you in your employment at Doughtys W.S. and to fulfil our contractual obligations as an employer.
This will include collection and use of your personal details, financial information, health information, and information relating to your performance, attendance and activity at work. If you leave employment at Doughtys W.S., we will continue to process your personal information in order to end your contract with us, to fulfil any outstanding obligations we have as your employer, and to meet our statutory obligations.
We share some employee information with public bodies such as HMRC in line with statutory obligations, or with other organisations with whom you have given us your consent to share information with. Employee information is held only for as long as is necessary.
What are your rights?
As a data subject, you have the following rights under the GDPR;
• the right to be informed about the collection and use of your personal data;
• the right of access to the personal data we hold about you;
• the right to rectification if any personal data we hold about you is inaccurate or incomplete;
• the right to erase your personal information at any time, for example where you cease to be an active client of ours. Whilst we will generally seek to comply with your request, there will be circumstances where we are entitled to retain such personal information, as previously mentioned in the “How long do we store your personal information?” section;
• the right to restrict the processing of personal data;
• the right to data portability such as obtaining a copy of personal data to re-use with another service or organisation;
• the right to object to us using personal data for particular purposes;
• rights in relation to automated decision making and profiling.
For more information or to exercise your data protection rights, please contact us using our contact details as noted in the “Introduction” section. You also have the right to complain to the Information Commissioners Office, which regulates the processing of personal data.
What happens if Our business changes hands?