knowledge | 1 May 2018 |
McCann FitzGerald Privacy Notice for Clients and Business Contacts
McCann FitzGerald, as a law firm with its principal place of business at Riverside One, Sir John Rogerson’s Quay, Dublin 2, Ireland, including its affiliates1, takes its responsibilities under applicable data protection law, including the General Data Protection Regulation (EU) 2016/679 and implementing legislation (“Data Protection Law”) very seriously. The purpose of this notice is to inform you of the data relating to you that we may collect and use and the uses (including disclosures to third parties) we may make of your data, which includes the provision of legal advice and business services and sending you briefings and invitations to events, training programmes and lectures.
McCann FitzGerald is the controller in respect of the data we collect and we take all reasonable steps to ensure the safety and privacy of all information and, where appropriate, enter into contracts with any third party processors to protect the privacy of any personal data processed by us.
1. What information do we collect
We collect personal data that you voluntarily provide to us, for example when you communicate with us via email, when you sign up for or ask us to send you newsletters, briefings, or other materials and when you sign up for an event. Such data may include:
1.1 your name, job title and name of employer and any personal data you send to us to provide you with legal services;
1.2 your contact details, including your home address (where you have provided this to us), business address, email address and telephone number;
1.3 records of invitations and briefings sent to you and of your attendance at McCann FitzGerald events;
1.4 special dietary requirements and the name of your spouse or partner (in limited circumstances); and
1.5 information relating to particular areas that may be of interest to you.
If we are in regular contact with you we may collect more information about our relationship with you. If you are an alumnus of McCann FitzGerald we also process certain data about your previous employment with us, including your start and finish date, the departments you worked in and your next place of employment (if any or known to us).
2. Purpose of processing and legal bases
Your personal data is used by us and by third party service providers acting on our behalf for the following purposes:
2.1 providing you with legal advice and business services;
2.2 for administration and billing purposes and for other purposes which are reasonably incidental to the services being provided;
2.3 sending or providing you with access to legal and regulatory information, and invitations to events, training programmes and lectures; and
2.4 maintaining our list of contacts.
The legal bases on which we collect, process and transfer your information in the manner described above are:
(a) For 2.1 and 2.2
(i) your consent (where we have sought it and you have provided it to us), and in which case, you can withdraw your consent at any time;
(ii) where any such processing is necessary for the performance of a contract with us; and
(iii) our legitimate interests in conducting our business in a responsible and commercially prudent manner.
(b) For 2.3 and 2.4
(i) Our legitimate interest in maintaining a business relationship and communicating with you, as a business contact, about our events and providing you with information about new legal developments.
We may process special categories of data, such as accommodating any special dietary requirements you may have for any events that you register to attend. Any use of such information is based on your consent.
3. Sources of data
As well as collecting information from you or other professional services advisors, in some cases your personal data has been supplemented by information obtained from publicly available sources, including LinkedIn and your employer’s website, for the purpose of confirming your current professional position.
4. Sharing your data
We may disclose your personal data to third party recipients acting on your or our behalf, for the purposes of providing legal advice and business services to you and for providing you with information which we believe you may be interested in.
We will retain your personal data for as long as it is reasonably necessary for us to provide you with legal advice and business services. If you are a business contact, we will retain your personal data for as long as we consider you to be a business contact and we will give you the opportunity to unsubscribe if you no longer wish to receive communications and invitations from us.
6. Security measures to keep your personal data safe
We employ appropriate technical and organisational security measures to help protect your personal data against loss and to guard against access by unauthorised persons. We carry out risk assessments on all third party service providers to make sure the personal data they hold is secure. We regularly review our security policies and procedures to ensure our systems are secure and protected.
7. Necessity of provision of certain information and consequences
You may be required to provide us with certain information in order for us to verify your identify and carry out anti-money laundering or other checks which are required by law. This information consists of identification and verification documentation for individuals. If you do not provide us with such information, we will be unable to provide you with legal services.
Apart from the details mentioned above, you are not under a statutory or contractual duty to provide us with any personal data. However, there are some pieces of information that you must provide to us so that we can provide you with our legal services. We will notify you of any such required information. If you do not provide us with this information, we may not be in a position to provide our legal services to you.
8. Transfers abroad
Where relevant and necessary for the firm’s business including our representation of you, we may transfer your personal data outside the European Economic Area, including to a jurisdiction which is not recognised by the European Commission as providing for an equivalent level of protection for personal data as is provided for in the European Union. If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include (i) entering into a contract governing the transfer which contains the ‘standard contractual clauses’ approved for this purpose by the European Commission or (ii) seeking and obtaining your explicit consent to the transfer or (iii) where the transfer is necessary for the establishment, exercise or defence of legal claims.
9. Your rights and how to update your information
You have the following rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:
9.1 the right to be provided with a copy of your personal data;
9.2 the right to request the rectification and/or erasure of your personal data;
9.3 the right to restrict the use of your personal data;
9.4 the right to object to the processing of your personal data, where we are processing it based on this being necessary for the purposes of our or of a third party’s, legitimate interests; and
9.5 the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to require us to transmit that data to another controller, where we are processing the data based on your consent or that this is necessary for the performance of a contract with you.
In order to exercise any of the rights set out above, or if you have any questions about how we process your personal data, you can email us at firstname.lastname@example.org or write to us at Risk & Compliance, McCann FitzGerald, Riverside One, Sir John Rogerson’s Quay, Dublin 2. Please note that the limitation or deletion of your personal data may mean that we will be unable to provide you with the communications and/or invitations described above.
We are required to keep all personal data accurate and up to date. To assist us in doing so, we ask you to contact your usual business contact at McCann FitzGerald or email email@example.com with any relevant changes, such as change of address or contact telephone numbers.
We take a high level of care in how your personal data is handled to ensure that it is safeguarded and our legal obligations are met. If you are not happy with the way we have used your information or addressed your rights, you may contact us at firstname.lastname@example.org. You also have the right to make a complaint to the Irish Data Protection Commission by emailing email@example.com.
If you no longer wish to receive further marketing communications and/or invitations from us, you can unsubscribe at any time by emailing us at firstname.lastname@example.org.