Introduction

This policy summarises the key points about how Elliott Duffy Garrett collects, uses and discloses personal data and ensures compliance with the GDPR and Data Protection Act.
Clients should read this policy alongside the Terms and Conditions of Engagement that we issue to you.

Responsibilities

The Firm is the data controller of the personal data we process and therefore is responsible for ensuring our systems, processes, suppliers and staff comply with data protection laws in relation to the information we handle.

Principles of Data Protection

The Firm has adopted the principles below to govern our use, collection and disclosure of personal data. Data will be:

  1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’);
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (‘data minimisation’);
  4. accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data which is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay (‘accuracy’);
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; (‘storage limitation’);
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

Collection, Use and Disclosure

As a Firm we collect and process personal data obtained and created in relation to providing legal services. Personal data will only be processed where one of the following conditions is met:

  1. the processing is necessary for the purposes of the legitimate interests of the Firm (which are the provision of legal services to clients & the effective management of the Firm);
  2. the processing is necessary for compliance with any legal obligation to which the Firm is subject;
  3. the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  4. the data subject has consented; or
  5. the processing is necessary to protect the vital interests of the data subject or another person;

Where the provision of personal data is a statutory or contractual requirement or a requirement relating to entering into a contract, if you fail to provide that data it might affect our ability to enter into a contract with you or to continue to provide services to you.

The table below provides a summary of how we collect and use personal data:

Types of data Collection Use Disclosure
​Information processed for relationship management and file opening procedures such as name, business information and identification documentation. Additional personal data will be processed when individuals are named in matters on which we are advising Relationship management and file opening information is collected from the client directly and further information (e.g. to verify identity) may be collected from third parties, such as publicly available sources.

​
All additional personal data is collected when supplied to us, or created by us in connection with a particular matter on which we are advising. eg through clients or other law Firms
​Relationship management and file opening data is used for providing legal services, administration, commercial purposes (eg creditworthiness) and as required by law (eg anti money laundering).
All other personal data will be used for the purposes of providing legal services and to comply with our legal/ professional/statutory/ regulatory obligations/internal compliance/ security
​​Personal data: 
- may be transferred to service providers;
- which is shared with service providers will be limited to that which is required for providing the service and will be adequately protected;
-may be disclosed to Courts /Tribunals/legal representatives ;
-may be disclosed to our clients in the course of providing legal services;
– may be disclosed to regulatory bodies, such as the Law Society NI;
-may be disclosed to other third parties including, but not limited to, National Crime Agency, professional indemnity insurers, brokers, auditors, Lexcel/ISO inspectors and other professional advisors.

Individuals’ Rights

Personal data must be processed in line with individuals’ rights, including the right to:

  1. request access to their Personal Data;
  2. receive certain information about the Firm’s processing activities;
  3. request that their inaccurate Personal Data is corrected;
  4. restrict processing in specific circumstances;
  5. erasure
  6. object to processing;
  7. rectify inaccurate data;
  8. to withdraw consent to processing if that is the basis on which the data is processed;
  9. be notified of a Data Breach which is likely to result in high risk to their rights and freedoms; and
  10. complain to the Information Commissioners Office

Should you wish to make a request in line with your rights as an individual, please forward it to the Managing Partner of Elliott Duffy Garrett. Further information on these rights is available at the Information Commissioners website https://ico.org.uk/.

Data Retention

The Firm operates the following data retention periods:

  1. Manual files are destroyed after 10 years save for property transaction files which are destroyed after 15 years (in exceptional circumstances, files may be kept indefinitely e.g at the client’s request) ;
  2. Electronic files are retained indefinitely;
  3. Anti- Money Laundering information is retained indefinitely.

How to Make a Complaint

You should direct all complaints relating to how the Firm has processed your personal data to the Managing Partner.

Security

Information security is a key element of data protection.  The Firm takes appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage.

Cookies

Cookies are small text files placed on your computer and are commonly used on the internet. We use session cookies – these are temporary and are deleted as soon as you close your browser. We use them to:

  1. collect anonymous information that will help us understand visitors’ browsing habits on our website
  2. compile statistical reports on website activity, e.g. number of visitors and the pages they visit
  3. temporarily store any information which you may enter in tools, such as calculators or demonstrations on our website
  4. We do not use cookies to remember information about you when you visit our site, or to track your use of the internet after you leave our site, nor do we store any personal information in them that others could read and understand.

Cookies will not be used to contact you for marketing purposes and they do not in any way compromise the security of your computer.

You can use this website with no loss of functionality if cookies are disabled from the web browser. Your internet browser’s help section will have specific instructions about how to manage or disable cookies. More information on cookies can be found online, such as at www.aboutcookies.org. This includes information on how to disable cookies.