This Data Privacy Notice explains how G M McGill & Co. Limited (referred to as ‘we’ or ‘us’ in this Notice) protect and process personal data on behalf of clients and others using other our services and website.
Please read this Data Privacy Notice carefully to understand why data is collected and what we do with that data once it is in our possession.
Clients of the firm should also refer to our Terms of Business which provide further information on confidentiality, data privacy and disclosure.
The website covered by this Notice is ‘www.mcgillandco.co.uk’. The Notice does not apply to any websites that may have a link to ours.
Data is collected, processed and stored by G M McGill & Co. Limited, 34 Lochrin Buildings, Edinburgh, EH3 9ND who is the data controller. G M McGill & Co. Limited is a private limited company registered in Scotland under company number SC503508. We trade as McGill & Co Solicitors.
Our website and services are not aimed specifically at children because in legal work children are generally represented by their parents or guardians. If you are a child and need further advice or explanation about how we would or do use your data, please contact our Data Protection Officer, who may be able to assist.
The exact information we will request from you will depend on what you have asked us to do or what we are contracted to do for you. This Data Privacy Notice is intended for clients and prospective clients only.
Typically we will need your full name, address, date of birth, e-mail and telephone numbers and if a transaction is involved, your banking details may be needed too. In other cases we may need to ask you about medical or other information of a sensitive nature if this is required to carry out your work.
To comply with our legal obligations to verify your identity we are likely to require you to provide copies of certain documents and to respond to any queries we may have. If a transaction is involved we will be asking about the source of funds and requesting supporting documents. Once your matter has been concluded the file will be archived for at least six years.
Use of your personal data
The primary reason for asking you to provide personal data is to allow us to carry out your requests, for example, to provide a quote or to carry out your legal work.
Your information may be used for:
- Verifying your identity and to establish the funding of any transaction you have asked us to carry out on your behalf. In a limited number of cases, where funding is being provided by a family member or third party, we may need to ask you to obtain information from them and personal information provided us will also be subject to the terms of this Data Privacy Notice;
- The detection of fraud;
- Communicating with you during the matter;
- Providing you with advice, to carry out litigation on your behalf or on behalf of any organisation you represent, prepare documents or to complete transactions on yours or your organisation’s behalf;
- Keeping financial records of your transaction and the transactions we make on your behalf. We do not store payment card information.
- Seeking advice from third parties in connection with your matter;
- Assisting you with the funding of your matter if it involves Legal Aid;
- Responding to any complaint or allegation of negligence against us;
- Internal management and planning, which includes:
- Resource management;
- Planning of tasks or meetings;
- Keeping records of sources of work and new enquiries; and
- Storage and archiving or files and documents.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you may modify your browser setting to decline cookies if you prefer. This may, however, prevent you from taking full advantage of the website.
Disclosure of data
During the course of carrying out your legal work we are likely to need to disclose some information to parties outside G M McGill & Co. Limited, but these disclosures are only made when required by your work. Examples might include, but are not limited to, providing your information to:
- The Home Office
- A court or tribunal
- Family, associates or representatives of the person whose personal data we are processing;
- Healthcare professionals, social and welfare organisations;
- Business associates;
- Accountants and other financial bodies
- Translation companies
How long we keep your information for
Information may be held in computers or manual files. We only retain the information for as long as is necessary to:
- Carry out your work;
- As is required to be kept by law;
- Until the period that you could make a claim against us has elapsed, which is usually seven years after the matter is concluded or, if we acted for a child under 18, when they reach their 25th birthday;
- If we have acted in a matter in which you had suffered mental impairment or a provisional award has been made, then the file can be kept for up to 100 years from the date of birth;
- For the duration of the length of your visa (if applicable) and until any relevant immigration timescales have concluded.
- Comply with any client instructions to extend the retention period in relation to their documents.
Information obtained from prospective clients is kept for up to six months for the purpose of providing quotations and any subsequent follow up.
Sharing of data
We do not share personal information with third parties unless we need to do so. Data may be shared to complete client’s legal work and as required by law. As your information will be stored on computer, it could be shared with our system maintainers for fault diagnostics but we will take steps to protect your data should third party access be required. We will never sell your personal information to third parties.
Data protection and security
We have technological and operational security policies and procedures in place to protect your data from loss, misuse, alteration or unintentional destruction. Our personnel who have access to the information have been trained to respect your confidentiality and to look after the data in our possession.
If you think any information we hold about you is incorrect or incomplete or has been changed since you first told us, please let us know as soon as possible so that we can update our records. We do not routinely carry out a data retention review.
Access to your personal information
The General Data Protection Regulations replace the Data Protection Act 1998 on 25th May 2018. Under both sets of regulations you are entitled to request a copy of your personal data, but if your request is received prior to 25th May, then a fee of £10 is payable. If you wish to make a subject access request, then please contact our Data Protection Officer, Grace McGill.
A subject access request entitled you to a copy of the personal data we hold on you. The focus of the information we have to provide is you and will include such things as records of your name, address, contact details, date of birth etc. This means that a subject access request will not normally result in you getting a copy of a file because the focus of the documents it contains are likely to be the transaction or legal matter rather than your personal information.
What happens if I don’t want you to use my personal data?
The General Data Protection Regulations provide you with three rights, the right to object to specific types of processing, the rights to be forgotten and the right to restrict processing.
Depending on the nature of the request, we will comply with it to the fullest extent possible, but in some cases, this could mean that we are unable to continue with your matter, in which case work would cease at the earliest opportunity, but you would remain liable for the fees and disbursements incurred to date.
If you have opted in to marketing but subsequently withdraw your consent we will act on your request immediately once it is received.
In certain situations you may be able to ask for restrictions to be placed on the processing of your data of to exercise your right to be forgotten.
A restriction has the effect of freezing data so we would continue to store your personal information but could not do anything with it. This might be relevant to you if you had any query or concern over the way your data was handled. A right to be forgotten would usually apply if data is processed unlawfully or otherwise fails to satisfy the requirement of the general Data Protection Regulations.
Complaints about the use of your personal data
Please contact our Data Protection Officer if you have any complaint or concern over how your data will be used. They will acknowledge your complaint and reply to your concerns. If you are not satisfied with the response, the UK regulator on data protection issues is the Information Commissioner’s Office. Their telephone number is 0303 123 1113 and website which is www.ico.org.uk.
Changes to this notice
The current data privacy notice will always be available on our websites.
Jurisdiction and applicable law
The Scottish courts will have exclusive jurisdiction over any claim arising from or related to a visit to our website or a data breach.