Data Protection and Privacy Statement
Howell & Co. Solicitors Data Protection and Privacy Statement
This Data Protection and Privacy Statement has been prepared in accordance with EU Legislation including the General Data Protection Regulation 2016, the Privacy and Electronic Communication Regulations 2011 (SI336/2011) and Irish Legislation including the Data Protections Acts. This statement explains how we process your personal information. Please read carefully to understand your rights in relation to your information.
This Statement is effective as and from the 25th May 2018.
Glossary of Terms
Personal Data: means any information relating to an identified or identifiable natural living person “Data Subject”. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity.
Sensitive Personal Data: includes data concerning health, physical and mental health, trade union membership, criminal convictions/offences.
Data Processing: means any operation or set of operations which are performed on personal data or sets of personal data, such as collection, recording, organisation, storage, adaption, alteration.
Data Controller: means the individual or organisation who either alone or jointly with others determines the purpose and means of processing of personal data.
Data Processor: means an individual or organisation that processes personal data on behalf of the data controller.
Who we are?
Howell & Co. Solicitors is a private law firm located at 2 Tower Road, Clondalkin, Dublin 22. Treasa Howell is the Principal Solicitor. The firm is regulated by the Law Society of Ireland and the Legal Services Regulatory Authority.
We are the controllers responsible for your personal data. We promise to always respect and protect your data.
It is important that the personal data that we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
If you have any questions in relation to this statement please contact our Principal Solicitor Treasa Howell at email@example.com who is the data protection representative of the firm.
What is the purpose and legal basis for processing your data?
We collect your data for a number of different purposes and we rely on a number of different legal bases to use your personal data as follows:
Performance of Contract
When we are engaged by you to carry out legal services, it is necessary to collect personal data from you when we take instructions from you. It is also necessary in order for us to perform any legal services for you. We process your personal data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
To comply with our legal or regulatory obligations
We are sometimes required to process your personal data in order to comply with certain legal and regulatory obligations that we are subject to, for example:
To verify your personal information in compliance with anti-money laundering legislation and to prevent tax avoidance and financing terrorism.
In order to comply with certain legislation in providing your personal data to An Garda Siochana, the Revenue Commissioners and other law enforcement agencies.
For the establishment, exercise or defence of legal claims
We process your personal data, including sensitive personal data where it is necessary for the establishment, exercise or defence of legal claims.
In certain circumstances we will rely on your explicit consent to process your personal data including personal data. Your consent can be withdrawn at any time.
For our legitimate business interests
Legitimate business interest means the interest of our business in conducting and managing our business to enable us to give you a quality legal service and to allow us to be effective in the management of our day to day business. We make sure to consider and balance any potential impact on you and your rights before we process your personal data for our legitimate business interests. We may use your personal data to manage our everyday business needs including accounting, taxation, internal reporting needs, to maintain IT security and to prevent fraud. We may use your personal data to respond to legal claims.
We may use your personal data to update you on legal developments. We may use your personal data to update you on changes in our firm.
What personal data do we collect?
The personal data we collect depends on the nature of the legal services we are providing and what we are contracted/instructed to do for you. We collect, use, store and transfer the following personal data:
- Contact information such as your first name, maiden name, surname, address, email address and phone number/s.
Why? We use this collected data to carry out instructed legal work for you, to send you information about your case/matter and to respond to any queries raised by you.
- Name, Date of Birth, PPSN, marital status, family status, nationality, Photographic identification and proof of address documents.
Why? We use this data to carry out instructed legal work for you. We use this data to verify your identity and to comply with our obligations under anti-money laundering legislation.
- Professional Information: such as job title, occupation, previous positions, professional experience, educational history, employers details, your salary, other income and expenses.
Why? We use this data to carry out instructed legal work for you.
- Banking and Financial data including the activity and balances of your financial accounts.
Why? We use this data to carry out instructed legal work for you, to establish the source of funds where a transaction is involved, to use this data to transfer funds from our client account to your account where money is owing to you.
- Data in relation to your physical and mental health, previous offences/convictions and trade union membership.
Why? We use this data for the establishment, exercise or defence of legal claims or to provide you with legal advice.
- Copies of CCTV footage, CCTV Stills, video evidence or photographic evidence collected by us from others relating to you.
Why? We use this data for the establishment, exercise or defence of legal claims or to provide you with legal advice.
- Records of all correspondence, emails, phone calls and consultations between you and our solicitors and staff.
Why? We use this information to keep a record of your instructions and to provide you with legal services.
Disclosure of your Personal Data
We may have to share your personal data with third parties as follows:
Third Party Service Providers – We may share your personal data with third party service providers that perform services and functions at our direction and on our behalf as follows:
Our accountants, IT service providers, our professional indemnity insurers, business advisors, case management providers, law searchers, website providers, system administration and security providers.
External Third Parties – We may provide your personal data to external third parties to facilitate your instructions to us, including other solicitors, barristers, parties with whom you have a legal issue or complaint, third parties who you instruct us to communicate with on your behalf, parties to a legal claim, the Property Registration Authority, Company Registration Office, Courts Services.
Law Enforcement Bodies or Government Bodies or Officials – We may share your personal data with An Garda Siochana or Governments bodies or agencies including but not limited to the Revenue Commissioners, when required to do so by law.
The Law Society of Ireland and the Legal Services Regulatory Authority (LSRA) – We may share your personal data with the Law Society of Ireland and the LSRA where required to do so by law.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law and in accordance with our instructions.
Information we collect about you from others
We may obtain information from third parties about you in the course of providing you with legal services. It will be necessary for us to process this information in order to progress your legal matter and to act in your best interests. Typically we may request information from the following third parties: solicitors acting on the other side, doctors, hospitals, financial institutions, accountants, tax advisors, Government bodies, Law Searches.
Data Retention – How long will we retain your data for?
We will retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. Legally we have to retain basic information about our clients (including contact, identity and financial data) for six years from the date of completion of any contract with you. In other instances we have a legal obligation to retain your personal data in relation to work carried out by us on your behalf for different lengths of time depending on the nature of the work carried out, e.g. personal injury cases six years from closure of your file, conveyancing 12 years from the date of completion of any contract with you, wills and will instructions are retained indefinitely or up to a date 12 years prior to completion of probate.
We have in place appropriate security measures to prevent your personal data including sensitive personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to our employees and third parties who process your personal data on our instructions and all such employees and third parties are subject to strict duties of confidentiality.
We have in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We do not generally transfer your personal data outside of the European Economic Area unless required in connection with a legal matter which we are conducting on your behalf and only then with your express consent.
Your Legal Rights
You have several legal rights under data protection laws in relation to how we process your personal data. Your legal rights:
- Right to information about how we process your personal data
- Right to request a copy of the personal data we hold about you
- Right to request correction of your personal data
- Right to request erasure of your personal data
- Right to object to processing of your personal data
- Right to request restriction of processing of your personal data
- Right to request the transfer of your personal data to another data controller
- Right to withdraw consent
- Right to object specifically to the processing of your personal data for the purpose of direct marketing
- Right not to be subject to automated individual decision making; right not to be subject to profiling
- Right to make a complaint to the Data Protection Commissioner
If you wish to exercise any of your above rights, please email firstname.lastname@example.org and title your email Data Access Request or write to Treasa Howell at Howell & Co. Solicitors, 2 Tower Road, Clondalkin, Dublin 22. Please make sure to establish your identity and set out in as much detail as possible the nature of your data access request.
Please note we may require you to provide further proof of your identity for security reasons to ensure that your personal data is not disclosed to those not entitled. We may also contact you to seek further information in relation to the nature of your request.
We will make all efforts to respond within one month. If we require further time due to the complexity of your request we will notify you of this.
Thank you for reading this important Data Protection and Privacy Statement.