1.2 Our details are as follows:
Data controller: Young & Partners Business Lawyers Limited, 1 George Square, Castle Brae, Dunfermline KY11 8QF, a company registered in Scotland (registered number SC528615).
1.3 This Policy may change from time to time and, if it does, the up-to-date version will always be available on our website and becomes effective immediately.
1.4 This website is not intended for children and we do not knowingly collect data relating to children.
1.5 Please take the time to read this Policy, which contains important information about the way in which we process personal data. You should also read the terms and conditions of use of our website www.businesslaw.co.uk available here.
1.5 For the purposes of this Policy, “European Data Protection Legislation” is defined as, for the periods in which they are in force, the European Data Protection Directive 95/46/EC, all laws giving effect or purporting to give effect to the European Data Protection Directive 95/46/EC (such as the Data Protection Act 1998) or otherwise relating to data protection (to the extent the same apply) and, from 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/670) (“GDPR”) or any equivalent legislation amending, supplementing or replacing the GDPR.
2 Information we may collect about you
2.1 We may collect and process information about you and your personnel through various means, including:
- in the course of carrying out work for you (or your business)
- via our website (e.g. on our ‘Contact Us’ page or our “Knowledge” or other news and updates subscription form, submitting a job application etc.)
- by email or other electronic correspondence
- by telephone
- networking (e.g. client events and/or other meetings, seminars or events either hosted or attended by us)
- where you contact us to provide legal or other client related services or make an enquiry for our services or otherwise engage with our staff
- where you sign up to receive information from us
- where you or your organisation provide services to us
- otherwise through providing our legal services or operating our business.
We may also collect information from third party sources including publicly accessible sources such as Companies House, Registers of Scotland, or credit reference agencies.
2.2 The personal data you give to us or we may collect may include:
- your name and title
- contact information, including telephone numbers, postal address and email address
- information relating to your location, preferences and / or interests
- employment and job application details, e.g. date of birth, employment history, qualifications,
- photographic identification
- in certain circumstances, your and others’ signature(s), National Insurance number(s), financial details such as bank account details and details of any relevant sanctions or similar restrictions
- in certain circumstances, data relating to health (including disabilities), ethnicity, race, religious beliefs, trade union membership and other ‘special category personal data’
- the content of any enquiry submitted over our website
- any other personal data we collect (such as the client reference number which may be assigned to you) in the context of our work for our clients or in the course of operating our business
2.3 Each time you visit our website, we may automatically collect the following information:
- web usage information (e.g. IP address), your login information, browser type and version, browser plug in type and versions, time zone setting, operating system and platform.
- information about your visit, including the full Uniform Resource Locators (URLs) clickstream to, through and from our website (including date and time); time on page, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs).
- location, device and demographic information.
2.4 We may receive personal data about you from various third parties including analytics providers such as Google based outside the EU.
2.6 We may ask you for information when you report a problem with our website.
2.7 If you contact us, we may keep a record of that correspondence.
2.8 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
2.9 The personal data described above may relate to any of the following categories of person:
- our clients and clients’ personnel
- our prospective employees, work experience students or other job applicants
- those emergency contacts whose details have been provided to us by our staff
- third parties with whom we have contact by virtue of providing legal services (e.g. third party payers of invoices and counterparties on a client’s matter)
- referrers, professional advisers or others with whom we work in the context of our legal services
- our prospective target clients
- our contractors and suppliers
- those with whom we work in the context of our corporate responsibility initiatives
- those who submit enquiries through our website or whose details are otherwise entered into our client relationship management system
- any other visitor to our offices.
4 How we will use your information
4.1 We may use your information for the following purposes:
- a) to respond to any query that you may submit to us
- b) to manage our relationship with you (and/or your business), including by maintaining our database of clients and other third parties for administration, and accounting and relationship management purposes
- c) to complete our contractual obligations to you, or otherwise taking steps as described in our engagement terms and/or our Terms of Business
- d) to carry out any relevant conflict checks, anti-money laundering and sanctions checks and fulfilling our obligations under any relevant anti-money laundering law or regulation (including under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017)
- e) to send you any relevant information on our services and events that may be of interest to you using the email and/or postal address which you have provided, but only if you have given us your consent to do so or we are otherwise able to do so in accordance with applicable European Data Protection Legislation
- f) to process any job application you have submitted
- g) to ensure that our website’s content is presented in the most effective manner for you and your device
- h) to customise our website according to your interests
- i) to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey responses
- j) to allow you to participate in interactive features on our website when you choose to do so
- k) as part of our efforts to keep our website safe and secure
- l) to measure or understand the effectiveness of advertising we send to you and others, and to deliver relevant advertising to you
- m) to ensure we appropriately administer any attendance / visits to our offices
- n) to comply with any other professional, legal and regulatory obligations which apply to us or policies that we have in place
- o) to conduct checks to identify and clients and their identity
- p) to provide legal advice or other services to you
- q) to deal with any complaints received.
- r) as we feel is necessary to prevent illegal activity or to protect our interests.
4.2 We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5 Legal grounds for processing your information
5.1 We will only use your personal data when the law allows us to. We will rely on the following legal bases under European Data Protection Legislation for processing your personal data:
- a) Performance of, or entry into, a contract. The personal data that we are required to collect in order to comply with any professional, legal and regulatory obligations which apply to us must be provided to us in order for us to perform this contract – we would not be able to act for you without this personal data.
- b) Compliance with a legal obligation to which we are subject.
- c) We have a legitimate interest in doing so as a legal services provider (and where our legitimate interests are not overridden by your (or the relevant individual’s) own interests or fundamental rights or freedoms). These legitimate interests will include our interests in managing our relationship with our clients, administering visits to our offices and ascertaining achievement of proper standards/ compliance with policies, practices or procedures.
- d) Where processing of ‘special category data’ is necessary in the context of the establishment, exercise or defence of legal claims.
- e) in certain circumstances, such as those described in paragraph 4.1(e) above or where we need to process ‘special category data’ in the context of our legal work but outside the scope of paragraph 5.1(d) above, where we have obtained your express consent to do so. As we will explain at the time we collect your consent, you may withdraw it at any time in accordance with the information we provide to you at that time.
6 Sharing your information
6.1 We may share your details with carefully selected third parties. These may include service providers, support services and organisations that help us to market our services and third parties instructed to enable us to fulfil our contractual obligations to you and/or our clients in the course of business.
6.2 If we share your information with third parties they will process your information as either a data controller or as our data processor and this will depend on the purposes of our sharing your personal data. We will only share your personal data in compliance with the European Data Protection Legislation.
6.3 We may disclose your information to third parties when:
- you specifically request this or it is necessary to provide our legal services to you (e.g. when we need to instruct lawyers in another jurisdiction to provide advice which you have requested)
- we feel other companies’ products and services may interest you
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets
- if our website or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property or safety of our website, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
6.4 The third parties include:
- our bank (including as permitted by The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 which, for the purposes of preventing money laundering or terrorist financing, may require us to disclose your personal data on request to our bank from time to time where we hold monies in our pooled Client Account on your behalf)
- our insurers
- our auditors, including external accreditation bodies
- other professional advisors or third parties (including counsel, overseas lawyers, accountants, expert witnesses or costs draftsmen) with whom we engage as part of our work for our clients or who our clients separately engage in the same context
- our regulator, the Law Society of Scotland
- our data processors providing security, email security, data governance, archiving and other IT and business support services
- our email marketing platform provider and our website platform provider
- analytics and search engine providers that assist us in the improvement and optimisation of our website
- any third party you ask us to share your data with.
6.5 This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy statements of every website you visit. Please check these statements before you submit any personal data to these websites.
6.6 We will not rent or sell our users’ or other contacts’ details to any other organisation or individual.
7 Storage and retention of your personal data
7.1 We have put in place appropriate security measures to protect your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those people who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place appropriate procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Unfortunately, the transmission of information via the internet is not completely secure and although we do our best to protect your personal data, we cannot guarantee the security of your data.
7.3 The third parties we engage to provide services on our behalf will keep your data stored on their systems for as long as is necessary to provide the services to you.
8 Sending your information outside of the EEA
8.1 To deliver services to our clients it is sometimes necessary for us to share your personal data outside the European Economic Area. These transfers are subject to special rules under European Data Protection Legislation. We will, however, implement appropriate safeguards to ensure the transfer complies with European Data Protection Legislation and your personal data will be secure.
9 Withdrawal of consent
9.1 Where we process your personal data we do so on the basis that you have provided your consent for us to do so for the purposes set out in this Policy when you submitted your personal data to us. You may withdraw your consent to this processing at any time by contacting us, including by email to: firstname.lastname@example.org
9.2 If you do withdraw your consent, we may still be able to process your personal data on other grounds and will notify you of these at such time.
10 Your information rights
10.1 In certain circumstances European Data Protection Legislation gives you rights in relation to your personal data. This includes the right to:
request access to your personal data.
request correction of your personal data.
request erasure of your personal data.
object to processing of your personal data.
request restriction of processing your personal data.
request transfer of your personal data.
right to withdraw consent to processing of your personal data
For more information on your rights please visit the Information Commissioner Officer’s website (www.ico.org.uk).
If you wish to exercise any of the rights set out above, please contact us using the contact details in paragraph 12 below.
10.2 You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
10.3 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
10.4 We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
11.1 If you consent to us contacting you, we will always aim to be respectful, relevant and appropriate. If at any time you do not think that we have complied with this, please contact us straight away to let us know.
11.2 You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Questions, regarding this Policy or the information new hold should be addressed to:
Name: Malcolm Holmes
Address: Young & Partners Business Lawyers Limited, 1 George Square, Castle Brae, Dunfermline KY11 8QF.
Email address: email@example.com
Telephone number: +44 (0)1383 721 621
Last updated 25 May 2018