Introduction
Miller, Beckett & Jackson (MBJ) (‘we’, ‘our’, ‘us’, ‘the Firm’) is committed to protecting the privacy and security of personal information. This policy describes how we collect and use personal information about you. This policy does not form part of any contract that you may have with the Firm. It is provided for information purposes only.
MBJ is a ” data controller” of the personal information that you provide to us when you instruct us to act on your behalf or with regard to any other matters you may contact us for. We take the security of your personal information very seriously and only use the information you provide us for the purposes of providing us providing you our services as Solicitors and/or estate agents.
The Data Protection Principles
We will comply with data protection law. The law says that the personal information that we hold must be:
- Used in a lawful, fair and transparent way.
- Collected only for valid purposes that we have clearly explained and not used in any way that is
- incompatible with those purposes.
- Relevant to the purposes for which it was collected and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes for which it was collected.
- Kept securely.
Information that you provide
When you become a client of MBJ we will collect, store and use the personal information that you provide to us in your instructions and during the course of our solicitor / client contractual relationship. We may ask you for additional personal information during the course of our client / solicitor contractual relationship, which shall be collected, stored and used in accordance with this privacy notice.
There are two types of personal data or personal information that you may provide to us:
- Personal data: is the general information that you supply about yourself – such as your name, address, gender, date of birth, contact details, financial information etc.
- Sensitive personal data: is, by its nature, more sensitive information and may include your racial or ethnic origin, religion, sexual orientation, political opinions, health data, trade union membership, philosophical views, biometric and genetic data.
In the majority of cases personal data will be restricted to basic information and information needed to complete ID checks. However, some of the work we do may require us to ask for more sensitive information.
What data we collect?
We are under a legal obligation to process certain personal information relating to our clients and may collect, store or use some or all of the following information:
- Client engagement information: name, title, job title, address, telephone number, email address, photographic identification, date of birth, credit check, copies of council tax and utility bills.
- Client file information: name, title, job title, address, telephone number, email address, bank account details.
- Matter file information: The categories of personal information that we hold about you for the purposes of specific matters that we are providing advice on will vary according to the type of matter. By way of example this category may include, amongst other things: tax details, marriage details, employment details, directorships, shareholding details or personal correspondence.
- Relationship information: name, title, job title, address, telephone number, email address, client relationship details.
- Monitoring: PC login details, use of our IT and communications systems.
- We may also collect, store and use the following ‘special categories’ of more sensitive personal information about our clients;
- Relationship information (sensitive): special access requirements.
- Matter information (sensitive): The categories of personal information that we hold about you for the purposes of specific matters that we are providing advice on will vary according to the type of matter. By way of example this category may include, amongst other things: race or ethnicity, political opinions, religious beliefs, trade union membership, biometric data, medical conditions, disabilities and sexual orientation.
- Criminal records: criminal convictions and offences.
Why we need your personal information
We will only use personal information lawfully. The law says that we must identify a lawful basis for the use of personal data. We rely on a number of lawful bases; the following list provides some examples of what we may use your information for, but is not exhaustive:
- Verifying your identity.
- Verifying source of funds.
- Communicating with you.
- To establish funding of your matter or transaction.
- Processing your legal transaction.
- Keeping financial records of your transactions and the transactions we make on your behalf.
- Seeking advice from third parties; legal and non-legal experts such as Advocates or Accountants
- Responding to any complaint or allegation against us
If you fail to provide personal information
If you do not provide certain personal information to us, we may not be able to perform the contract we have or are trying to enter into with you or carry out the legal or other services you have requested. In this case, we may be unable to continue to provide you with our services.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the lawful basis which allows us to do so.
How we keep your personal information secure
We maintain robust and secure systems and controls to protect the safety of your personal information. We have firewalls in place and use the latest ant-viral software to protect your information. Your personal information is stored on our electronic filing system and our servers based in the UK and is accessed by our staff for the purposes set out above. Please note we utilise the Microsoft office 365 system so all e-mails are stored on the cloud within Microsoft’s servers out with the UK; Microsoft complies with UK data protection law by being a compliant member of Privacy Shield.
We on occasion may require to transfer your personal information out with the EU for the purposes of carrying out work in terms of the solicitor/client contract with you. Where your personal information is transferred out with the EU, we will provide you with information regarding the safeguards that we have put in place with the recipient country to protect your personal information.
We will not pass on your personal information to any third party for marketing or promotional purposes.
How long we keep your personal information
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
In relation to matters in which we act for clients, we follow the guidelines issued by the Law Society of Scotland concerning the retention of client files. This means that we will retain those files (and your personal information within them) for a minimum period of 10 years from the date on which the matter on which you have instructed us has completed. In some areas of practice, such as wills, trusts and executries, the nature of the matters on which we are instructed, may require us to hold client files (and your personal information) for longer periods because the time periods for which legal claims can arise are much longer than 10 years. The rules that apply to determine how long it is appropriate to hold records for particular matters can be complex and varied. If you wish to know how long we may hold your particular personal information as a record of a particular matter then please contact us.
Automated decision-making
We do not envisage taking any decisions about you based solely on automated processing (i.e. without human involvement), which have a legal or similarly significant effect on you.
Third-party links
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Your rights
Your rights in relation to your personal information are:
- you have a right to request access to the personal information that we hold about you;
- if you believe that any of your personal information is inaccurate or incomplete, you can request that we correct or complete your personal information;
- you have a right to request that we restrict the processing of your personal information for specific purposes; and
- if you wish us to delete your personal information, you may request that we do so, but this will be subject to our professional duties as stated by the Law Society of Scotland in relation to holding personal information and files.
You can exercise any of the above rights by writing to us at Miller, Beckett & Jackson, 190 St. Vincent Street, Glasgow, G2 5SP or e-mailing us at mail@mbjsolicitors.co.uk
We retain the right to update this policy at any time and we will provide you with a new policy when we make substantial updates.
Any requests received by MBJ will be considered under applicable data protection legislation and will be responded to within one month of the request being made. MBJ are registered as a Data Controller with the Information Commissioner.
If you have any concerns over how we use your data, please contact us in the first instance. If you are not satisfied that we have addressed your concerns adequately, you have the right to lodge a complaint with the ICO. Their contact details are, The Information Commissioner’s Office – Scotland, 45 Melville Street, Edinburgh EH3 7HL, t- 0303 123 1115, e-Scotland@ico.org.uk.