Legal and Privacy Notices

John Smith Business Park

1 Begg Road

Kirkcaldy

KY2 6HD

Email: info@mclco.co.uk

This Privacy Notice became effective on 25 May 2018.

This Privacy Notice explains your privacy rights and how we gather, use and share your personal information. How and when we use, store and erase your personal information will depend on the nature of the services we provide to you. This Privacy Notice updates any previous information we have given you about how we use your personal data. Your personal information includes data we already hold about you now and any further personal information we might collect about you, either from you or from a third party.  

We are the controller of your personal information under applicable data protection legislation, unless otherwise stated in this Privacy Notice or otherwise provided for in applicable data protection legislation.

If you have any queries regarding our use of your personal information or your details change, please contact us at datacontroller@mclco.co.uk or by post at Data Controller, McLaughlin & Solicitors and Notaries, Evans Business Centre, John Smith Business Park, 1 Begg Road, Kirkcaldy, KY2 6HD.

In this Privacy Notice, the terms "we", "us" and "our" refer to McLaughlin & Co, Solicitors and Notaries. 

You can exercise any of your rights by contacting us by email at datacontroller@mclco.co.uk or by post to Data Controller, McLaughlin & Solicitors and Notaries, Evans Business Centre, John Smith Business Park, 1 Begg Road, Kirkcaldy, KY2 6HD.

Any requests received by McLaughlin & Solicitors and Notaries will be considered under applicable data protection legislation. If you remain dissatisfied, you have a right to raise a complaint with the Information Commissioner's Office at ico.org.uk.

· Right to be informed

This Privacy Notice informs you about the collection and use of your personal information.   

· Right to access

You have a right to request access to the personal information that we hold about you by making a "subject access request".

· Right to rectification

If you believe any of the personal information we hold about you is inaccurate or incomplete, you have a right to request that we correct or complete it.

· Right to erasure

In certain circumstances you may request that we delete personal information we hold about you.

· Right to restrict processing

You have a right to request that we restrict the processing of the personal information that we hold about you for specific purposes.

· Right to object

You have a right to object to us processing your personal information in certain circumstances.

· Right to portability

You have a right to obtain and reuse the personal information that we hold about you for your own purposes in certain circumstances.

· Rights related to automated decision making

Where we undertake any automated decision-making and profiling, you have certain rights in relation to such processing.

McLaughlin & Co, Solicitors and Notaries offers legal services in a variety of practice areas, and therefore we use a variety of personal information depending on the services we deliver. In all cases, we need to use your name, address, date of birth, contact details and information to allow us to check your identity.

We may hold the following categories of information in the delivery of the services we offer:

· Contact and socio-demographic information

In all cases, we need to use your name and contact details, including your postal address, email address and phone number. We will use this data and your date of birth to allow us to check your identity to meet our legal obligations. 

· Race, ethnic origin, politics, religion, trade union membership, sex life, sexual orientation

This data is within the special categories of personal information. This type of information may be required in matrimonial cases, for example divorce, and other forms of dispute resolution and litigation. They may also be required in employment cases, for example if you are raising a claim for discrimination or unfair dismissal.

· Health and medical information

This personal information will be used in various cases, including, matrimonial cases, criminal cases, mental health tribunal cases, employment cases, cases where we are supporting individuals who have a vulnerability, including guardianships and powers of attorney, personal injury cases and other forms of dispute resolution.

· Criminal offence data

This personal information may be processed in relation to criminal cases, litigation cases, employment cases, matrimonial cases and other cases. 

· Information relating to financial status or position

This personal information will be used across the spectrum of legal practice areas, including matrimonial, debt recovery, litigation, wills, business creation/acquisition/disposal, and criminal cases.

This information may also be used to apply for Advice and Assistance funding and Legal Aid. In that instance the information will be shared with the Scottish Legal Aid Board.

· Information relating to payment, credit and debits

We do not store credit or debit card details, they will be used to process payments in line with PCI-DSS standards. We may share this information with our accounts manager to process payments using our online card payment system. Our online system uses a secure cloud-based server. Details of payments and accounts outstanding are stored within our online accounting system operated via a cloud-based server.

· Personal information contained in communications with individuals across different channels.

Copies of letters received by or sent to us, information relating to emails received by or sent by us, file notes, other information or logs about when communication has taken place, and/or information you supply when contacting us through one of our websites.

· Social relationships

Personal information relating to an individual's family and social relationships including status of spouse/partnerships, wider family including parental and caring status may be used in range of cases across our practice areas.

· Open data and public records

Personal information relating to individuals that are, or can be, collected from public or open sources. These do not necessarily have to be collected from public records. This may include information about an individual's bankruptcy, information about a public office held by an individual, information about inhibitions, information about ownership of land held by the Land Register, Register of Inhibitions, Companies House, information from courts or tribunals, information from credit agencies to verify an individual's identity, information from Royal Mail and/or other data sources which we use to verify the accuracy of our client postal addresses.

· Consents

Personal information relating to permissions, consents or preferences given to us by individuals, including marketing permissions, contact permission, marketing preferences, mandates to contact employers, other solicitors, and/or GPs and other medical specialists.

· National Identifiers

Unique identifiers attributed to an individual from a government department, such as Tax ID, National Insurance Number, and/or passport number. This information may be used as part of our customer due diligence measures for identifying individuals to meet our legal obligations.

· Technical

When you visit our websites and use other systems, we may collect personal information to monitor usage. This could include your IP address, operating system and browser type. This will be used to improve our websites, systems, and for research into service delivery.

We obtain personal information from a wide range of sources:

· Directly from you or your representative, for example when you submit details through our website, send a message via social media, contact us in writing, by email, in person, by telephone, or by any other method.

· From publicly available sources, including open data and public records

· From third parties, including family members, and people you are financially linked to, and their representatives.

· From other organisations which have referred you to us, for example, accountants, financial advisers, other solicitors and advocacy workers. 

· To respond and communicate

We use personal information to allow us to respond to you and communicate with you regarding your instructions, questions, comments, support needs, complaints or concerns.

· Using client information

When you become our client, we will collect, store and use the personal information that you provide to us in your instructions and during the course of our solicitor/client relationship. We need to collect personal information so that we can perform our obligations under our service agreement with clients. If clients do not provide us with all of the personal information that we need to collect in order to perform our obligations under our service agreement, then this may affect our ability to provide them with legal advice and/or represent them as their solicitors.

We will use such personal information to:

· provide clients with legal advice, including communicating with them by email, letter and/or telephone, etc. in connection with the services that we provide;

· represent clients as their solicitors in connection with such services;

· provide clients with legal advice in respect of the matter(s) upon which we are instructed to provide advice; and/or

· process and make payments in connection with such matter(s).

We may also process personal information for purposes relating to the provision of services we provide including updating, reviewing and enhancing client records and undertaking analysis for management purposes.

· Business clients and other stakeholders

For business clients (including bodies corporate, public bodies and/or charities) and other stakeholders including suppliers, we will use personal information about key individuals in the business, so that we can operate and administer the services which we provide.

We will give personal information to and receive personal information from third parties where that is necessary to meet our legal obligations, including credit reference agencies, fraud prevention agencies, the police and other law enforcement and government agencies, and regulators. 

· Other parties

We will process personal information of individuals who are not our client ,but have a relationship with our client. We will use this information to comply with our duty as a legal adviser to our client, which is a regulatory requirement on us as a firm of solicitors regulated by the Law Society of Scotland. We may have a duty to disclose information to our client where relevant to their case, for example information about earnings in a divorce matter.

· Financial management and debt recovery

We may give personal information to and receive personal information from third parties where that is necessary to recover debts due by you to us, for example, credit reference agencies and sheriff officer services.

· To market services to you

We may use contact details provided by our clients and information on the services clients have used to contact them regarding other services we provide which may be of benefit to them.

· Automated decision making and profiling

We do not use personal information to make decisions solely by automated means without any human involvement.

· Online payments

We have access to an online payment system. If you use this system to make debit or credit card payments to us, your card details will be handled exclusively by our payment provider. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.

· Online Activity

We may collect information about your computer, including where available your IP address, operating system and browser type, for system and business administration and for usage monitoring. 

We may be required to share personal information with statutory or regulatory authorities and organisations to comply with statutory obligations imposed both upon us and upon you in respect of the matter(s) upon which we advise. Such organisations include the Law Society of Scotland, Department of Work & Pensions, HMRC, Scottish and UK courts, Registers of Scotland and / or local authorities and the Scottish Legal Aid Board.

We may also share personal data with our or your other professional advisers for the purposes of taking advice and the event of any legal claims.

Where we employ third party suppliers to provide services on our behalf, including mail room, reception and accounting services, these suppliers may process personal data on our behalf as "processors" and are subject to written contractual conditions to only process that personal data under our instructions and protect it.

We may be required to share personal information with other organisations, which during the course of our providing services on a matter may be contracted to supply a service related to such matter, which we are not in a position to provide. Depending on the nature of your instruction to us, this may include sheriff officers, expert witnesses, translators, local agents, accountants and / or auditors.

In the event that we do share personal information with external third parties, we will only share such personal data strictly required for the specific purposes and take reasonable steps to ensure that recipients shall only process the disclosed personal data in accordance with those purposes.

We will protect your personal information in order to prevent unauthorised access to, or use or disclosure of, your personal information through a number of organisational and technical security measures. Your personal information is stored on our systems to which access is both physically and electronically controlled. 

For the purposes of IT hosting and maintenance, the personal information we hold is located on secure cloud-based servers. Our staff receive data protection training and we have detailed data protection and information security procedures in place.

We will retain your personal information for as long as is required to comply with our obligations set out above, unless you ask us to return any copies of it to you or send it to a third party.

We have a data retention policy that sets out the periods and rules for retaining and reviewing all information that we hold. This sets out different retention periods, which depend upon the nature of the information, and you can request details by contacting us at datacontroller@mclco.co.uk.Our Privacy Notice describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of applicable data protection legislation.