On the 25th of May 2018, the General Data Protection Regulation (GDPR) comes into effect. This new regulation is aimed at amalgamating and solidifying data protection for all individuals within the European Union and grants both new and enhanced rights for individuals in relation to their personal information.
Information about you:
We are obliged under current legislation and Codes of Practice to obtain and hold documents that contain your personal data, in relation to which the GDPR 2018 will apply. We will strongly endeavour to only collect and process personal data relating to your legal matters as per your instructions and with your informed consent. Said data may include the electronic storage of photographic identification (passport, driver’s licence, etc…) as provided by you. Please be aware that if you do not supply us with personal data upon our request, we may be unable to progress your case in line with your instruction, due to said action potentially breaching our new statutory requirements. We will require your consent to process your data where we do not have a legitimate interest under GDPR 2018. In the highly unlikely event that we are required to process your data outside this remit, we will seek your specific consent to do so. In such an event, you will have the right to withdraw such consent.
Receipt of personal data:
We will collect and process personal data during our service to our clients. We may require you to provide us with your personal information. This may occur during consultations, telephone conversations, e-mail correspondence or otherwise. Without said information, we may be unable to assist you in your matter. The information sought may include, but is not limited to, your name, your address, your telephone number, your e-mail address, your PPS number, your financial and employment information. Additionally, we may require access to your passport, your driver’s licence, your utility bills, your medical records, your tax and financial records and other documentation. You are not obliged to provide us with personal information, but you should be aware that if your data is not provided, it may impede our Firm in the provision of requested legal assistance.
We may also collect information from other sources such as business partners, regulatory authorities, the internet, public registers and / or government agencies. It is your responsibility to ensure that all private / personal data provided by you to us is correct, complete, accurate and up-to-date in all respects and is not misleading in any way. Our ability to provide legal advice and services, and the quality of same, may be negatively affected if you fail to undertake this responsibility. You may provide us with private / personal data about yourself, or about other people, during our interactions with you. Whenever you provide us with private / personal data about other people, you must ensure that you are entitled to disclose said data and that we may process said data in accordance with this Policy, without having to take further steps. It is your responsibility to ensure that any other person concerned is aware of the content of this document.
Use of personal data:
We collect and use data in order to provide the legal advices and services requested and required from us, review and augment the services we provide and comply with provisions such as anti-money laundering obligations and fraud prevention requirements. Where data is submitted, it is intended to be held and used for the stated purpose and incidental uses. It is not intended to be used for any other purpose or purposes. Our Firm will not distribute or sell your private / personal data to other parties for the purposes of allowing them to market products and / or services to you. By providing us with your private / personal data, you are consenting to the processing of same for the purposes of our business operations and we may use this data to provide you with information on our services.
Private / personal data held by our Firm may be accessible to agents in connection with the services they provide to us, such as but not limited to, accounts and database maintenance, website systems organisation and computer programming. Any such agent may have access to said data solely for the purpose of the provision of services to us and we request any such agent to strictly observe our Firm’s commitments to security and privacy obligations.
We aim to hold your private / personal data for as long as is required to provide legal advices and services to our clients and not to retain same for longer than is necessary. The Law Society of Ireland’s Rules dictate that we are to store client files for between 6 and 12 years, depending on the matter. When this period has expired, we are committed to destroying all data and files in line with the Society’s Rules. Generally, all data held by our Firm is stored in both a hard copy and electronic format.
We note that a client may withdraw consent to the processing of private / personal data at any time. This will not affect the lawfulness of any actions taken by our Firm before the withdrawal of consent is communicated to the Firm. We reserve the right to retain data to the extent required to meet our legal and regulatory obligations and to the extent reasonably required in order to protect our interests. If you wish to contact us in relation to your personal data, please e-mail said request to email@example.com.
Governing law & enforceability:
Physical files that are still in active usage are stored and maintained in our Firm’s office. We reserve the right to store archived physical files offsite. Before any transfer of physical files offsite for storage, we will endeavour to confirm with the storage service provider that required appropriate safeguards are in place. All electronic files are stored on our servers and we reserve the right to store electronic files on externals servers including the Cloud. Data contained within the Cloud may be stored outside of the European Union. Before any data transfer involving electronic files occurs, we will endeavour to confirm with the electronic data storage service provider that the required appropriate safeguards are in place.
Electronic communication by way of use of the internet automatically involves private / personal data passing through 3rd parties. We are committed to ensuring that your private / personal data is protected, however, we are unable to fully guarantee the total security of said data which is transmitted electronically, and it should be noted that any such transmission is made to, and from you, at your own risk.
Data protection rights:
Under the GDPR 2018, our clients have the right to restrict the processing of private / personal information, the right to data portability and erasure, the right to rectification of inaccurate data, the right to request copies of any private / personal data held by Barry O’Donnell Solicitors and the right to lodge a complaint with the office of the Data Protection Commissioner, should you feel your data is being processed illegally. Contact information for the office of the Data Protection Commissioner can be found on their website, viewable at https://www.dataprotection.ie .