General Data Protection Regulations (“GDPR”) Privacy Notice and Information for Clients
The GDPR are important European regulations, which have introduced amendments to data protection law including introducing additional rights for individuals in relation to their personal and sensitive personal data. GDPR applies to all EU Member States from 25 May 2018.
Abbey Blue Legal Ltd are committed to protecting and keeping confidential all the information you provide to us, subject to certain legal duties that are explained in our terms and conditions leaflet “Our Agreement With You”.
We ask that you read this privacy notice carefully as it contains important information about who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and how to contact us and supervisory authorities in the event you have a complaint.
Who we are
Abbey Blue Legal Ltd is a Limited Company registered in Ireland, company number 656847. The registered office is at Somerset House, Ballyhine Lane, Barntown, Wexford. When it does so it is also regulated under the GDPR by the Information Commissioner and is responsible as ‘controller’ of that personal information.
The personal information we collect, use and share
In the course of your legal transaction, we collect the following personal information when you provide it to us:
- Name, address, date of birth, contact information (telephone and email where appropriate) PPS number (where appropriate).
- Identity information and documentation.
- Additional information in relation to your legal transaction to enable us to advise you and progress your case. This will depend on the type of legal work you instruct the firm to undertake.
We use your personal information primarily to enable us to provide you with a legal service in accordance with your instructions. We also use your personal information for related purposes including identity verification, administration of files, updating existing records if you have instructed the firm previously, analysis to help improve the management of the firm, for statutory returns and legal and regulatory compliance. The information will be held in hard copy and/or electronic format.
You are responsible for ensuring the accuracy of all the personal data you supply to us, and we will not be held liable for any errors unless you have advised us previously of any changes in your personal data.
We will only take instructions from you or someone you authorise in writing.
Where you are acting as an agent or trustee, you agree to advise your principal or the beneficiary of the trust that their personal information will be dealt with on these terms.
If we are working on your matter in conjunction with other professionals who are advising you, including experts, barristers, banks, etc., we will assume, unless you notify us otherwise, that we may share and disclose relevant personal data and information about your matter to them, if we feel it is appropriate and necessary.
On occasions we ask other trusted companies to provide typing, costing, photocopying or other support work on our files to ensure that this work can be done promptly. We will always obtain a confidentiality agreement with these outsourced providers to ensure that they keep the information sent to them securely and confidentially. All routine typing, costing and photocopying is undertaken in-house.
We use a secure, computing system to assist us in processing and protecting your information and keeping it secure from the risks of cybercrime and fraud. All IT providers we use are subject to strict confidentiality agreements with this firm and we will ensure that they meet GDPR obligations in relation to the service they provide to us. All of the personal information you provide to us is kept in Ireland; we will not transfer any of your personal data to another country outside Ireland unless you specifically instruct us to do so.
There may be occasions when we are under a legal duty to share personal information with law enforcement or other authorities, including the Solicitors Regulation Authority or the Information Commissioner. If we are required to disclose information to the National Crime Agency, we may not be able to tell you that a disclosure has been made. We may have to stop working for you for a period and may not be able to tell you why. We cannot be held liable for any loss you suffer due to delay or our failure to provide information in these circumstances.
Occasionally some of our client files may be audited strictly confidentially, by external auditors or examiners to ensure we meet our legal, quality, and financial management standards.
Some information may be disclosed to our professional indemnity insurers and to our financial auditors if required. We may also provide basic details of your case to Legal 500 or Chambers and Partners legal directories, but this information is provided on a strictly confidential basis where this concerns individuals. Unless you tell us otherwise, we will assume you have no objection. You may object at any time and refusing your consent will not affect our work for you. We will not submit files for external audit or disclose personal information to directories where there is particularly sensitive material.
We will not share your personal information with any other third party and will not issue any publicity material or information to the media about our relationship and the work we are doing for you without your explicit consent.
How long your personal data will be kept
We will hold your personal data including your name, address and contact details plus your file of papers for a period, depending on the nature of your case. We will confirm this to you at the end of your case. After this period of time, your file of papers including the electronic file will be destroyed confidentially without further reference to you, unless we contact you to confirm other arrangements, or you contact us to request your file of papers at an earlier date.
In order to meet our regulatory requirements, we may be required to retain basic information about you to include your name, address and date of birth on our electronic database for a longer period of time.
Reasons we can collect and use your personal information
We intend to rely on the following lawful bases to collect and use your personal or sensitive personal data:
- Your consent
- Contractual obligations
- Legal Obligations
- Public task
- Legitimate interests
Marketing
In relation to future marketing, we would like to keep in touch with you and let you know periodically about information that we think may be of specific interest to you or to tell you about events or developments in the firm. We ask you to provide your email address and give specific confirmation that you want to “opt in” to us sending you such information in the future. If you provide your consent, you may withdraw it at any time by contacting us to confirm that you no longer want us to contact you. If you provide your consent, we may use third party software and services to assist us in relation to the processing of our marketing communications, but we will ensure we have confidentiality agreements in place and will never disclose your information to third parties for them to use for their own marketing purposes. If you are an existing client of the firm or we are holding documents for you such as Wills or Deeds, we may rely on legitimate interests as the reason for contacting you in future. We will only do this where we feel it would be of benefit to you or where we need to update you in relation to our terms and conditions.
Your Rights
Under GDPR you have a number of important rights, free of charge:
You are entitled to access your personal data (otherwise known as a ‘right to access’). If you wish to make a request, please do so in writing addressed to our Data Protection Officer; or contact the person dealing with your matter.
A request for access to your personal data means you are entitled to a copy of the data we hold on to you – such as your name, address, contact details, date of birth, etc.- but it does not mean you are entitled to the documents that contain this data.
Under certain circumstances, in addition to the entitlement to ‘access your data’, you have the following rights:
- The right to be informed: which is fulfilled by way of this privacy notice and our transparent explanation as to how we use your personal data
- The right to rectification: you are entitled to have personal data rectified if it is inaccurate or incomplete
- The right to erasure / ‘right to be forgotten’: you have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing. This right only applies in the following specific circumstances:
- Where the personal data is no longer necessary in regards to the purpose for which it was originally collected
- Where consent is relied upon as the lawful basis for holding your data and you withdraw your consent
- Where you object to the processing and there is no overriding legitimate interest for continuing the processing
- The personal data was unlawfully processed
- Where you object to the processing for direct marketing purposes
- The right to object: you have the right to object to processing based on legitimate interests; and direct marketing. This right only applies in the following circumstances:
- An objection to stop processing personal data for direct marketing purposes is absolute – there are no exemptions or grounds to refuse – we must stop processing in this context
- You must have an objection on grounds relating to your particular situation
- We must stop processing your personal data unless:
- We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
- The processing is for the establishment, exercise or defence of legal claims.
- The right to restrict processing: you have the right to request the restriction or suppression of your data. When processing is restricted, we can store the data but not use it. This right only applies in the following circumstances:
- Where you contest the accuracy of the personal data – we should restrict the processing until we have verified the accuracy of that data
- Where you object to the processing (where it was necessary for the performance of a public interest or purpose of legitimate interests), and we are considering whether our organisation’s legitimate grounds override your right
- Where processing is unlawful, and you request restriction
- If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim
If you would like to exercise any of these rights, please:
- email, call or write to our Data Protection Officer
- let us have enough information to identify you
- Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill)
- let us know the information to which your request relates, including any account or reference numbers, if you have them.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information..
Changes to this privacy notice
We may change this privacy notice from time to time. When we do we will inform you via our website or by a direct communication with you.
How to contact us
Please contact our Data Protection Officer if you have any questions about this privacy notice or the information, we hold about you.
If you would like this notice in another format please let us know.