Mellotte O’Carroll Solicitors (“we”) are committed to respecting and protecting your privacy and would like you to feel safe when you give us your personal details. We will always clearly identify ourselves in correspondence and on our website. Our principal business is the provision of legal services and advice. To provide you with relevant information and/or respond to your requests we sometimes request that you provide us with information about yourself.
This Data Protection Notice [Privacy Statement] will inform you of the information we gather and how it is used. We maintain the same privacy practices with respect to data that is collected off-line and on-line and this notice also covers both those methods of data collection and use. We comply with EU General Data Protection Regulation (GDPR) for the collection, use, and retention of all personal data.
Why do we gather personal data?
Our principal business is the provision of legal services and advice. We require personal data to facilitate the provision and promotion of these services.
What personal data do we collect?
The type and level of personal data collected by us depends on the relationship we have with you. In all cases the information collected will be adequate, relevant and limited to what is necessary in relation to the purposes for which it will be processed. The personal data we require is predominantly obtained directly from you, however, it may also be obtained from publicly available sources or from relevant third parties such as your accountant, financial institutions or employer. You should also be aware that telephone conversations on landlines may be recorded for verification purposes.
What will we use your personal data for?
The personal data we hold will be used for the following purposes:
- to assess your requirements and provide relevant services and opportunities
- to develop and deliver efficient services to you
- to meet legal and regulatory obligations
- to keep you informed of our products and services
- for other related or compatible purposes
Sharing information with third parties
In certain instances, we may make your information available to third parties with whom we have a relationship where that third party is providing services on our behalf. We will only provide those third parties with information that is necessary for them to perform the services and we take measures to protect your information.
We may transfer your information to other countries inside and outside the EU. The transfer of information outside the EU will only occur where it is necessary for the provision of our services and we can reasonably ascertain that anyone to whom we pass it provides an adequate level of protection that is ensured within the EU.
We may disclose information we have collected about you on the website if required to do so by law or when necessary to protect our rights or our employees.
How long will your personal data be retained for?
We will hold your information for the duration of your relationship with us and thereafter for the minimum periods set down by the various legislative requirements to which we are subject. Thereafter we will retain your data pursuant to the following criteria/principles (our Retention Policy). In most cases, it will mean a minimum period of retention of at least (7.5) years after the expiry of our relationship, unless we are required to retain it for a longer period to meet legal, regulatory or evidential requirements. On expiry of the relevant minimum period, and once it has been verified that there is no longer a known and lawful purpose for continued retention of your data, it will be scheduled for destruction. We may retain your contact details for the purposes of keeping you informed of our products and services where we have your consent to do so.
What rights as a data subject do you have?
The General Data Protection Regulation sets out the rights for individuals which include the rights to:
- access your personal data that we retain and process
- have inaccuracies corrected
- have your personal data erased
- seek restriction on processing of your personal data
- object to processing of your personal data
- data portability
- withdraw your consent
- lodge a complaint with the Data Protection Commission
These rights are not an absolute and do not apply where they would adversely affect the rights and freedom of others or where the controller is required to comply with a legal obligation which requires processing. (For example, due to the nature of our business, most of the information we hold is subject to other legal requirements so the right of erasure may not always apply.) We do not make automated decisions which produce legal effects.
How do you complain or submit requests?
Complaints and requests to exercise the above rights can be made directly to us by submitting your request to firstname.lastname@example.org . When doing so, please provide us with relevant information to allow us to deal with your complaint or request. We will acknowledge your request within 5 working days.
If you think that we are not meeting our data protection obligations, and if you are not satisfied with our response to your concerns, then you may complain directly to the office of the Data Protection Commission who will look into the matter for you.
How do you object to the processing of my personal data for marketing?
As a valued client or business contact of ours, we would like to send you, for example, notifications of upcoming events and news that we feel are relevant to you and may be of interest. We will respect your contact preferences so if you do not want to receive any further such notifications from us you can unsubscribe by clicking the unsubscribe button in any of our contact emails. You can also unsubscribe at any time by emailing email@example.com.
How secure is your data?
Our intent is to strictly protect the security of your personal information; honour your choice for its intended use; and carefully protect your data from loss, misuse, unauthorised access or disclosure, alteration or destruction. We have taken appropriate steps to safeguard and secure information we collect online, including the use of encryption when collecting or transferring sensitive data such as credit card information.
However, you should always take into consideration that the internet is an open forum and that data may flow across networks with little or no security measures, and therefore such information may be accessed by people other than those you intended to access it.
What personal data is collected via our website?
Our website does not collect personal information from you and you can visit our website without telling us who you are or revealing any information about yourself. We only measure and analyse non-identifying, aggregate usage data in order to administer the site, and to constantly improve the quality of our service and site performance. We may collect data from you on our website in the future but will only do so where you have chosen to give it to us in which case we will process it to address issues you have raised.
We may use data in cookies to provide you with a more personalised service and present you with information online that is of interest to you. Most web browsers give you some control over whether you allow cookies to be collected. You can easily delete or clear cookies on your browser at any time.
Where do you get further information?
If you have any questions in relation to this Data Protection Notice [Privacy Statement] or would like more information on the policies referenced herein please contact us on +353-(0)9064 92692 or email firstname.lastname@example.org .
We have CCTV cameras mounted in the front hall and elsewhere in the interior of our building. These cameras are used exclusively for safety and security reasons.
Withdrawing your consent
You have the right to have your personal data “erased” in certain circumstances, for example:
- your personal data is no longer necessary for the purposes for which it was collected or processed;
- your personal data is processed unlawfully, that is, some way which is in breach of the General Data Protection Regulation or Data Protection Legislation;
- your personal data has to be erased with a legal obligation;
- you withdraw your consent to processing and there is no other legal reason for processing;
- the processing of your personal data is based on legitimate interest and you object and we cannot demonstrate that there are no overriding legitimate grounds for the processing.