PRIVACY NOTICE
This privacy notice contains important information on who we are, how and why we collect, store, use and share personal information, and your rights in relation to your personal information.
Who we are
Thompson Mitchell Solicitors (“Thompson Mitchell”) are a partnership regulated by the Law Society of Northern Ireland.
Thompson Mitchell collect, use and are responsible for certain personal information about you, in respect of which we are regulated under the General Data Protection Regulation (“the GDPR”) which applies across the European Union (including in the United Kingdom). We are responsible as ‘controller’ of that personal information for the purposes of those laws.
Reasons we can collect and use your personal information
It is necessary for us to collect and use your personal information:
– To provide contracted legal services in the best way that we can and/or
– To comply with legal obligations imposed upon us.
Information collected by us
There are two types of personal data that may be provided to us:
– Personal data: This is general information such as your name, address, gender, date of birth, contact details, employment details, national insurance number and financial information.
– Special category data: This is, by its nature, more sensitive information and may include information about your race or ethnic origin, religion, sexual orientation, politics, health, trade union membership, genetics and biometrics.
The type of information we will request from you will depend upon what we are contracted to do for you.
In the majority of cases personal data will be restricted to basic information needed to complete identification checks. Typically, we will need your full name, address, date of birth, e-mail and contact telephone numbers. We may also request copies of passports, driving licences, utility bills, bank statements and similar information to assist in confirming your identity.
If a financial transaction is involved, we will need details to support the funding of the transaction in order to comply with our obligations under Anti-Money Laundering and Law Society Regulations.
Whilst we appreciate that such requests can be intrusive, we are prevented by law from proceeding with your work until these checks have been completed.
We may need to obtain and use special category data in order to carry out some work for you. If required, we will obtain your explicit consent before we do so. In certain cases, we may need to share this information with third parties, such as medical professionals, if for example you have had an accident and we are making a claim on your behalf. This is only done when there are safeguards in place to ensure that the information remains confidential and secure.
Information obtained from other sources
We may also obtain personal information from third parties in order that we can carry out legal work on your behalf. Typically, these organisations will include banks, building societies, other financial institutions or other firms such as accountants or independent financial advisors or government departments or agencies.
How we use your personal information
The primary reason for asking you to provide us with your personal data is to allow us to represent you and carry out your legal work.
The following are other examples, although not exhaustive, of what we may use your information for:-
– Communicating with you during the matter or transaction
– Providing you with advice, to carry out litigation on your behalf, to prepare documents or to complete transactions on your behalf
– Keeping financial records of your transactions and the transactions we make on your behalf
– Seeking advice from third parties in connection with your matter, such as legal and non-legal experts
– The detection of fraud
– Providing you with information about further legal work or services that could benefit you, whilst we are carrying out your work.
– Marketing our services to existing and former clients and those who have expressed an interest in our services.
Sharing of personal information
Generally, we will only use your information within our firm. However, there may be circumstances where we may need to disclose some information to third parties in carrying out your legal work. For example:
– Land & Property Services, including Land Registry, Registry of Deeds and the Rates Agency
– HM Revenue & Customs (e.g. for a Stamp Duty Land Tax liability)
– Companies House
– Courts or Tribunals
– Solicitors acting on the other side of a matter or transaction
– Asking a Barrister for advice or to represent you
– Non-legal experts to obtain advice or assistance
– External auditors or our Regulator
– Banks or Building Societies or other financial institutions, e.g., providing you with mortgage finance
– Estate agents, mortgage brokers, property developers, accountants and other professional services firms
– Insurance companies
– Any disclosure required by law
We will not share your personal information with any third party for marketing purposes.
How long your personal information will be kept
Your personal information will be retained for as long as may be necessary:-
– To comply with your instructions to either retain or to extend the retention period in relation to your documents
– To fulfil the purposes for which the information was collected or
– As is required to be kept by law
In addition:
– Wills and related documents may be kept indefinitely.
– Deeds may be kept indefinitely as they constitute evidence ownership.
– Personal injury matters which involve lifetime awards or Personal Injury Trusts may be kept indefinitely.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way.
We limit access to your personal information to those who have a genuine business need to know it.
Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Your rights
Under the GDPR you have a number of important rights including:
– the fair processing of your information and transparency over how we use your use personal information
– access to your personal information and to certain other supplementary information that this Privacy Notice is designed to address
– requiring us to rectify or correct any mistakes in your information which we hold
– requiring the erasure of personal information concerning you in certain situations
– receiving copies of your personal information
– objecting at any time to processing of personal information concerning you for direct marketing
– objecting to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
– objecting in certain other situations to our continued processing of your personal information
– otherwise restricting processing of your personal information in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the GDPR.
If you would like to exercise any of those rights, please:
– contact us;
– let us have enough information to identify you (e.g., name, address and contact details);
– let us have proof of your identity and address (e.g., a copy of your driving licence or passport and a recent utility bill or bank statement); and
– let us know the information to which your request relates, including any file reference or account numbers, if you have them.
If you wish to contact us write to Thompson Mitchell Solicitors at:
12-14 Mandeville Street
Portadown
Co. Armagh
BT62 3NZ
or
Trevor House
9 The Square
Hillsborough
Co. Down
BT26 6AG
or email reception@thompsonmitchell.co.uk
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The GDPR also gives you a right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or by telephone to: 0303 123 1113.
Changes to this Privacy Notice
We may change this Privacy Notice from time to time and the current notice will always be displayed on our website. Any material changes will be advised to you.
This Privacy Notice was issued in May 2018.