Donaldson McConnell & Co Ltd (the ‘Company’) is a company registered in Northern Ireland (NI636810), operating from 8-10 Graham Gardens, Lisburn, Co. Antrim, BT28 1XE.
In order to comply with our responsibilities under the General Data Protection Regulations 2016 and the Data Protection Act 2018, we have an obligation to ensure we are clear with how your data is handled while in our possession.
We are committed to protecting and respecting the privacy of our clients and the data which we collect and process as Data Controller. This policy provides details on what information and data we collect from them in relation to providing our services and activities, why we need it, how we will use it, how we will take care of it, who we will share it with and details of the data subject’s rights in relation to our processing of this data.
If you are a client of the Company you should read this notice in conjunction with our Terms which have been furnished to you separately and which are also available here
Data Protection Principles
This policy has been developed to help the Company be compliant with the Regulations. The regulations clearly set out principles which any party handling data must comply with. These principles are that all data shall be:
- Processed fairly and lawfully
- Held only for specified purposes and not used or disclosed in any way incompatible with those purposes
- Adequate and relevant
- Accurate and up-to-date
- Not kept for longer than is necessary for the purpose it was collected
- Processed in accordance with the rights of data subjects
- Kept secure
- Not transferred outside the European Union
How will we collect information from you?
In order to provide our services and activities as solicitors,we must collect certain information. The type and level of information we collect will depend on which of our services are required. We will collect the information we require to provide these services through meetings, general conversations, telephone conversations, email, sharing of documents (photocopies/email/fax/post) and other forms of communication which are needed to enable us to provide our services.
What information will we collect from you?
The information we will need to collect from you will depend on the services you require from us and what information we will need to ensure the full provision of those services. The information collected will include:
- Date of birth
- Contact numbers
We may also need to collect additional specific information depending on the service you require. The information collected and required will depend on the type of case and not all of the information detailed below may be required. Examples detailed as follows:
House Sales & Purchases
Copy of ID
Copy of utility bills
Divorce, Separation & Family Law
Details of assets
Medical records & reports
Other reports relating to the case
Copy of ID
Copy of utility bills
Details of Minors
Date of birth
Reports relating to the case
Claims & Compensation
Copies of ID
Copies of utility bills
Wills & Estates
Full financial history of deceased
Copy of utility bills
Business & Commercial
Copy of ID
Copy of utility bills
Financial information business
Sensitive commercial information
Not all of the data we collect is personally identifiable information.
What is our legal basis for processing your information?
Under the regulations, we may only use your information if we have a lawful basis for doing so. This means either we will have your consent, a contractual, statutory or legal obligation to process the information in our possession.
Once we are engaged for any of the services we will ensure you are aware of how we will use the data and information you provide us.
How will we use the information you provide to us?
The information we collect from you will be used to:
- Deliver our services and manage cases as per the services needed and required by the client
- Maintain our records
- Maintain communications with the client
- Confirm identity and to prevent fraud
- Investigate and deal with any complaints
- Verify any information supplied
- To provide evidence of best practice, statutory and legal responsibilities
- Fulfil and comply with any statutory or legal obligation
- To process invoices and payments
Any information you provide us will not be used in any way you have not been informed about until you have been informed and we have your specific consent.
Who has access to your information?
The staff of the Company will have access to the information you provide to us. We may also need to provide access to our databases to external contractors such as our IT service provider; and our case management software providers; our accountants during audits and we may also need to provide limited access to certain information to the Law Society of Northern Ireland for statutory and legal reasons.
Who may we share your information with?
We may need to provide access to or share certain elements of your information with 3rdParties in order to provide certain aspects of our service(s) or to fulfil statutory and legal obligations (for example the Law Society of Northern Ireland carries out annual reviews of all Home Charter Scheme solicitors as part of its regulatory duties.) Not all of the information shared will be personally identifiable data.
These 3rdparties (“3rdParties”) may include, but not be limited to:-
- Legal Services Commission
- Courts or Tribunals
- Other Solicitors representing other parties in your case
- Your GP
- Non-legal experts to obtain advice or assistance
- The Law Society of Northern Ireland
- Banks or Building Societies or Lenders
- Estate agents,
- Mortgage brokers
- Land & Property Services
- The Rates Agency
- HM Revenue & Customs
- Companies House
- Land Registry
- Registry of Deeds
- Insurance companies
- Compensation Recovery Unit and Social Security Agency
- Any body who is entitled to view the information as a statutory requirement
- When compelled by court order or;
- As part of any criminal investigation
How long will we keep your information?
The Company has a statutory and legal obligation to keep information for a period of time after it has been used. Once information is no longer required it will be erased and removed from our systems in a controlled and secure manner. Exceptions to this will be your wills, codicils, enduring power of attorney or your title deeds which will be held indefinitely, subject to your instructions.
How will we protect your information?
We will endeavour to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to protect your personal information from loss and unauthorised access, copying, use, modification, disclosure or deletion.
Our business and the way we deliver our services may change from time to time. As a result, it may be necessary for us to make changes to this policy. We would ask you review this policy periodically, either by viewing it on our website or making a request for an updated version. This policy was last updated on April 2019.
The rights of data subjects
The Regulation sets out the following rights applicable to data subjects:
- The right to be informed– You have the right to be informed how your data will be collected, what type of data will be collected, how it will be used, how it will be protected, who it will be shared with, if it will be transferred outside the EU, how long it will be kept and how you can request copies.
- The right of access– You have the right to request copies of the data we hold on you but not on other individuals. We will provide a first copy free of charge but an additional copy will incur a fee.
- The right to rectification– You have to right to ask us to rectify any of the data we hold if you believe it to be incorrect. We may ask you for evidence to support any rectifications or changes.
- The right to erasure(also known as the ‘right to be forgotten’) – You have the right, in certain circumstances, to have the data we hold on you erased. If we have a legal or statutory obligation to keep the data we cannot erase it, but we will inform you of any instances where this applies.
- The right to restrict processing– You have the right, in certain circumstances, to ask us to restrict the processing of your data. If you believe the data is incorrect or being processed unlawfully you may request we restrict the processing without deleting the data.
- The right to data portability– You have the right to request copies of the data we hold on you in an electronic or machine-readable
- The right to object– You have the right at any time to object to how any data we hold on you is processed. Please see ‘Requesting information and complaints’ below for how to contact us.
Requesting information and complaints
Our clients can request details of the information held by the Company which relates to them or their children. You can do this by emailing our Data Protection Officer at the relevant email address, email@example.com or by writing to 8-10 Graham Gardens, Lisburn, Co. Antrim, BT28 1XE.
If at any time you are unhappy with how the Company has processed or processes their data, you wish to make alterations to any data which you believe is incorrect, irrelevant, wishes to make an erasure request or wish to stop hearing from us you can raise this issue with our appointed Data Protection Officer at the relevant email address, firstname.lastname@example.org or by writing to us at 8-10 Graham Gardens, Lisburn, Co. Antrim, BT28 1XE.
When you contact us we may ask you to verify your identity. This is to ensure we are providing any information only to the correct individual(s).
If you feel your request was not handled or dealt with correctly by the Company you may raise the issue with the Information Commissioners Office, you can contact them on 0303 123 1113.