GDPR – CLIENT PRIVACY NOTICE
WHO WE ARE
Neil Risk Solicitor is a private law firm with an office based in Lerwick, Shetland.
Our address is Nordhus, North Ness Business Park, Lerwick, Shetland, ZE1 0LZ.
Neil Risk Solicitor can be contacted by telephone on 01595 695262.
The Neil Risk Solicitor Data Protection Officer is Neil Risk.
INFORMATION WE COLLECT
We obtain personal information about you, directly from yourself, in order to be able to comply with your instructions in carrying out work on your behalf and to satisfy regulatory requirements which are imposed on us to allow us to provide legal services to our clients. The data that we will obtain and hold about you, is your name, your address, your date of birth and your contact telephone numbers and email. We may also hold information concerning your identity, bank details and source of funds used for transactions undertaken on your behalf, property and National Insurance Number.
HOW WE USE YOUR PERSONAL DATA
- We collect your personal data to enable you to be a client of the firm and to comply with both the GDPR and Law Society Anti Money Laundering and Accounts Rules.
- We collect and store your personal data as part of our legal obligation for Law Society Regulation purposes, business purposes, business accounting, Local Authority Business Rating purposes, opening and maintaining firm ledgers, Insurance purposes and tax purposes.
DATA SUBJECT’S RIGHTS
You have legal rights under the General Data Protection Regulation in relation to your personal data. These are set out under the headings below:-
- To access personal data.
- To correct / erase personal data.
- To restrict how we use personal data.
- To object to how we use personal data.
- To ask us to transfer personal data to another organisation.
- To object to automated decisions.
- To find out more about how we use personal data.
We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information or change your details where we know we are dealing with the right individual.
We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before proceeding with your request.
We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We will always let you know if we think a response will take longer than one month. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.
SHARING AND DISCLOSING YOUR PERSONAL INFORMATION
We may share your personal data with Government bodies like HMRC, Local Authority bodies like the Orkney & Shetland Joint Valuation Committee, Insurers for production of Title Indemnity Policies and Bonds of Caution, Companies House, the Royal Bank of Scotland, other firms of solicitors. We need to do this in order to comply with our business and financial regulatory requirements.
TRANSFERS OUTSIDE OF THE EU
We do not store any personal data outside of the EU.
Your data will be kept on paper records and will be stored on computer records. We have procedures and technology in place to protect your data and ensure secure processing.
CONSEQUENCES OF NOT PROVIDING YOUR DATA
If you do not provide the required personal data, then we will be unable to provide the services that you require.
We do process some data on the basis of legitimate interests.
HOW LONG DO WE KEEP YOUR DATA
We will retain your data for the period recommended by the Law Society of Scotland in compliance with the principles of GDPR.
We do not engage in any marketing activities using your personal data other than as set out in our Marketing Privacy Notice.
AUTOMATED DECISION MAKING
We do not utilise any automated decision-making programmes, procedures or processes.
ADDITIONAL INFORMATION ABOUT YOUR RIGHTS
TO ACCESS PERSONAL DATA
You can ask us to confirm whether or not we have and are using your personal data. You can also ask to get a copy of your personal data from us and for information on how we process it.
TO RECTIFY / ERASE PERSONAL DATA
You can ask that we rectify any information about you which is incorrect. We will be happy to rectify such information but would need to verify the accuracy of the information first. You can ask that we erase your personal data if you think we no longer need to use it for the purpose we collected it from you. You can also ask that we erase your personal data if you have either withdrawn your consent to us using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, or where we have used it unlawfully or where we are subject to a legal obligation to erase your personal data. We may not always be able to comply with your request, for example where we need to keep using your personal data in order to comply with our legal obligation or where we need to use your personal data to establish, exercise or defend legal claims.
TO RESTRICT OUR USE OF PERSONAL DATA
You can ask that we restrict our use of your personal data in certain circumstances, for example:-
- Where you think the information is inaccurate and we need to verify it;
- Where our use of your personal data is not lawful but you do not want us to erase it;
- Where the information is no longer required for the purposes for which it was collected but we need it to establish, exercise or defend legal claims; or
- Where you have objected to our use of your personal data but we still need to verify if we have overriding grounds to use it.
We can continue to use your personal data following a request for restriction where we have your consent to use it; or we need to use it to establish, exercise or defend legal claims, or we need to use it to protect the rights of another person.
TO OBJECT TO USE OF PERSONAL DATA
You can object to any use of your personal data which we have justified on the basis of our legitimate interest, if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information. If you raise an objection, we may continue to use the personal data if we can demonstrate that we have compelling legitimate interests to use the information.
TO REQUEST A TRANSFER OF PERSONAL DATA
You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another firm of law practice). You may only exercise this right where we use your personal data in order to perform a contract with you, or where we asked for your consent to use your personal data. This right does not apply to any personal data which we hold or process outside automated means.
TO CONTEST DECISIONS BASED ON AUTOMATIC DECISION MAKING
If we made a decision about you based solely by automated means (i.e. with no human intervention), and the decision made by us produces a legal effect concerning you, or significantly affects you, you may have the right to contest that decision, express your point of view and ask for a human review. These rights do not apply where we are authorised by law to make such decisions and have adopted suitable safeguards in our decision-making processes to protect your rights and freedoms.
YOU CAN CONTACT US FOR MORE INFORMATION
If you are not satisfied with the level of information provided in this privacy notice, you can ask us about what personal data we have about you, what we use your information for, who we disclose your information to, whether we transfer it abroad, how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any automated decision making using your personal data.
If you would like to exercise any of the above rights, please:-
- Email or write to our Data Protection Officer at Neil Risk Solicitor, North Ness Business Park, Lerwick, Shetland, ZE1 0LZ;
- Let us have enough information to identify you, e.g. name, address, date of birth;
- Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- Let us know the information to which your request relates.
OUR SUPERVISORY AUTHORITY
If you are not happy with the way we are handling your information, you have a right to lodge a complaint with the Information Commissioners Office. It has enforcement powers and can investigate compliance with the General Data Protection Regulation (www.ico.org.uk). We ask that you please attempt to resolve any issues with us before the ICO.