This policy summarises the key points about how Tara WalshSolicitors collects, uses and discloses personal data and ensures compliance with the GDPR and Data Protection Act.
Clients should read this policy alongside the Terms and Conditions of Engagement that we issue to you.
The Firm is the data controller of the personal data we process and therefore is responsible for ensuring our systems, processes, suppliers and staff comply with data protection laws in relation to the information we handle.
Principles of Data Protection
The Firm has adopted the principles below to govern our use, collection and disclosure of personal data. Data will be:
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (‘data minimisation’);
(d) accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data which is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay (‘accuracy’);
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; (‘storage limitation’);
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
Collection, Use and Disclosure
As a Firm we collect and process personal data obtained and created in relation to providing legal services. Personal data will only be processed where one of the following conditions is met:
- the processing is necessary for the purposes of the legitimate interests of the Firm (which are the provision of legal services to clients & the effective management of the Firm);
- the processing is necessary for compliance with any legal obligation to which the Firm is subject;
- the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- the data subject has consented; or
- the processing is necessary to protect the vital interests of the data subject or another person;
Where the provision of personal data is a statutory or contractual requirement or a requirement relating to entering into a contract, if you fail to provide that data it might affect our ability to enter into a contract with you or to continue to provide services to you.
The table below provides a summary of how we collect and use personal data:
Providing legal services
|Types of data||Collection||Use||Disclosure|
Information processed for relationship management and file opening procedures such as name, business information and identification documentation.
Additional personal data will be processed when individuals are named in matters on which we are advising
Relationship management and file opening information is collected from the client directly and further information (e.g. to verify identity) may be collected from third parties, such as publicly available sources.
All additional personal data is collected when supplied to us, or created by us in connection with a particular matter on which we are advising. eg through clients or other law Firms
Relationship management and file opening data is used for providing legal services, administration, commercial purposes (eg creditworthiness) and as required by law (eg anti money laundering).
All other personal data will be used for the purposes of providing legal services and to comply with our legal/ professional/statutory/ regulatory obligations/internal compliance/ security
– may be transferred to service providers;
– which is shared with service providers will be limited to that which is required for providing the service and will be adequately protected; -may be disclosed to Courts /Tribunals/legal representatives ; -may be disclosed to our clients in the course of providing legal services; – may be disclosed to regulatory bodies, such as the Law Society NI; -may be disclosed to other third parties including, but not limited to, National Crime Agency, professional indemnity insurers, brokers, auditors, ISO inspectors and other professional advisors.
Personal data must be processed in line with individuals’ rights, including the right to:
- request access to their Personal Data;
- receive certain information about the Firm’s processing activities;
- request that their inaccurate Personal Data is corrected;
- restrict processing in specific circumstances;
- object to processing;
- rectify inaccurate data;
- to withdraw consent to processing if that is the basis on which the data is processed;
- be notified of a Data Breach which is likely to result in high risk to their rights and freedoms; and
- complain to the Information Commissioners Office
Should you wish to make a request in line with your rights as an individual, please forward it to the Managing Partner of Tara WalshSolicitors. Further information on these rights is available at the Information Commissioners website https://ico.org.uk/.
The Firm operates the following data retention periods:
- Manual files are destroyed after 10 years save for property transaction files which are destroyed after 15 years (in exceptional circumstances, files may be kept indefinitely e.g at the client’s request) ;
- Electronic files are retained indefinitely;
- Anti- Money Laundering information is retained indefinitely.
How to Make a Complaint
You should direct all complaints relating to how the Firm has processed your personal data to the Principal.
Information security is a key element of data protection. The Firm takes appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage.