The General Data Protection Regulation (GDPR) will apply from 25 May 2018. The GDPR makes changes to previous data protection legislation – The Data Protection Act 1998 (DPA)
AM Strachan & Co is a data controller for the purposes of the GDPR and is registered with the Information Commissioner’s Office (ICO). Our Data Manager is Mr A. Strachan who can be contacted by email at email@example.com.
This policy applies to personal information collected by us, or provided by you, through use of our website, your utilising our professional services and/or during any communications with you.
Your personal information such as name, address, email address and phone numbers, may be collected by us through:
- Your attending meetings with us and/or during telephone calls to us, corresponding with us by letter or email, in which case we may retain the content of your letters and emails together with your email address and our responses
- Your supplying us with your personal information when engaging our services or by signing up to receive promotional information from us.
We do not share your personal information with any third parties other than external agents engaged to further your legal matter.
We do not collect sensitive personal information from visitors to our website or from our clients, except where required by the terms of our engagement. If we do seek to collect sensitive information we will ask for your explicit consent to our proposed use of that information at the time of collection. “Sensitive personal information” means information about such topics as personal preferences, racial or ethnic origin, membership of political parties or movements, or other such sensitive topics as prescribed by the GDPR.
How we use your personal information
When you instruct this firm to act on your behalf on a matter your consent to our processing your personal data will be required. Processing your data may also be necessary as part of the contract you have with us (your instructions) and/or necessary for compliance with legal obligations to which we are subject (i.e. anti-money laundering legislation).
Where you provide us with or we obtain your personal information, we will normally keep your details on our server. In relation to certain uses, the server may be accessed by our staff and/or agents including those that may be located outside the European Economic Area (EEA) where the level of legal protection may not be as comprehensive. In such circumstances we shall ensure compliance with the data protection standards set out above as far as we are able.
We may use your personal information for the following purposes:
- To provide and/or administer legal services in accordance with your instructions
- To confirm identity and trace whereabouts where necessary
- To comply with legal and regulatory requirements including verifying the identity of new clients and existing clients to comply with applicable anti-money laundering regulations.
- To update our client records
- To notify you about important legal developments and services which we think you may find valuable, for sending you newsletters and/or similar marketing. We may contact you by post, fax, email, telephone or text message, (you may opt out/unsubscribe from such communications at any time by emailing us.
- To process any application for employment you may make to us (including any sensitive personal information you provide such as relating to your state of health or racial background)
As described in this policy, personal information will be retained by us and will not be sold, transferred or otherwise disclosed to any third party, unless required to continue your matter or such disclosure is required by law or court order.
If your personal information changes or you no longer wish to receive promotional information from us please let us know and we will correct, update or remove your details. This can be done by emailing us.
In providing services to you, we may process personal data on your behalf as a data processor for the purposes of the GDPR. Where we act as your data processor, we shall process personal data solely for the purposes as outlined above or otherwise in accordance with your instructions
We shall have in place technical and organisational security measures which shall be of a standard generally observed in the legal profession, including measures which guard against unauthorised or unlawful access to, alteration, disclosure or destruction of personal data and against accidental loss or destruction of or damage to personal data.
You confirm that you are authorised to provide to us the personal data which we shall process on your behalf.
We use up to date data storage and security techniques to protect your personal information from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss. All employees and third parties or agents we engage to process your personal information are obliged to respect the confidentiality of your information.
We may disclose your personal information to our agents and/or service providers (some of which may be situated outside the EEA) for any of the purposes set out in this policy. For example, our information technology systems are operated by the firm but some data processing in relation to our IT services are carried out on our behalf by third parties. We endeavour to ensure appropriate security measures are in place to prevent unauthorised disclosure of personal information.
We will not sell your information to a third party, except in the unlikely event that we sell our business, or a substantial part of it; in which case we may sell your information as part of the sale to allow the purchaser to carry on providing some or all of our services to you.
The GDPR entitles you to access the information we hold about you and, if the details are inaccurate, you may request rectification, erasure or restriction of processing. You should do so by writing to or emailing us. We will usually respond to requests free of charge but reserve the right to charge a fee in certain circumstances (i.e. excessive or repeated requests).
A cookie is a small file which asks permission to be placed upon your computer. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
The only cookie currently in use on this website is used to support analysis and understanding of how people use the website (what they like most, when is the busiest time of day on the site, has new content been found when it is published, etc).
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
If we change our privacy policies and procedures, these changes will be posted on our Website to notify what information we collect, how we use it and under what circumstances we may disclose it.