The purpose of this document is to provide a concise policy statement regarding the Data Protection obligations of Collier Law Solicitors. This includes obligations in dealing with personal data in order to ensure that Collier Law Solicitors complies with the requirements of the relevant European and Irish legislation, namely the General Data Protection Regulation (GDPR) 2016/679 and the Irish Data Protection Acts 1988 – 2018.
Collier Law Solicitors as a data controller is committed to safeguarding the privacy of all individuals who they interact with. Collier Law Solicitors must comply with the Data Protection principles as set out in the applicable Data Protection Legislation. This Policy applies to all Personal Data collected, processed and stored by Collier Law Solicitors in relation to its staff, service providers, service users and clients in the course of its activities. All are treated equally under this Policy.
The policy covers both personal and sensitive personal data held in relation to data subjects by Collier Law Solicitors. The policy applies equally to personal data held in manual and automated form. All Personal and Sensitive Personal Data will be treated with equal care by Collier Law Solicitors. Both categories will be equally referred-to as Personal Data in this policy, unless specifically stated otherwise.
Means the natural or legal person, public authority or other body which, alone or jointly with others, determines the purpose and means of the processing of personal data.
GDPR and the Irish Data Protection Acts 1988 – 2018
Means the General Data Protection Regulation (GDPR) 2016/679 and the Data Protection Acts 1988 -2018.
Data Protection Officer
Anthony Collier (hereinafter called ‘the Data Protection Officer’ and/or where the context so admits or requires ‘the Responsible Person’)
This includes both automated and manual data. Automated data means data that is processed by means of equipment/computer operating automatically in response to instructions given for that purpose or stored with the intention that it is processed on computer. Manual data means data that is processed as part of a relevant filing system, or which is stored with the intention that it forms part of a relevant filing system.
A particular category of Personal data, relating to: Racial or Ethnic Origin, Political Opinions, Religious, Ideological or Philosophical beliefs, Trade Union membership, Information relating to mental or physical health, information in relation to one’s Sexual Orientation, data relating to the commission or alleged commission of any offence by the data subject, or any proceedings for an offence committed or alleged to have been committed by the data subject, the disposal of such proceedings or the sentence of any court in such proceedings.
Automated Decision Making
Means where a decision is made using technological means, without human interaction
Means a natural of legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Relevant Filing System
Means any set of information relating to and identifying living individuals to the extent that although the information is not processed by means of equipment operating automatically/computers in response to instructions given for that purpose, the data is structured, either by reference to individuals, or by reference to criteria relating to individuals, in such a manner that specific information relating to an individual is readily retrievable.
Means an identifiable living natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1. General Provisions
- This policy applies to all personal data processed by Collier Law Solicitors.
- The Responsible Person shall take responsibility for the Collier Law Solicitors ongoing compliance with this policy.
- This policy may be updated occasionally. Please periodically review this policy for the latest information on the privacy practices applied at Collier Law Solicitors.
2. Data protection principles
Collier Law Solicitors is committed to processing data in accordance with its responsibilities under the General Data Protection Regulation (GDPR) 2016/679 and the Data Protection Acts 1988 – 2018. Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay; If your personal data changes at any time, please keep us informed so we can continue to ensure that your data is accurate, complete and current.
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
3. Lawful, fair and transparent processing
- To ensure its processing of data is lawful, fair and transparent.
- Individuals have the right to access their personal data and any such requests made to the Collier Law Solicitors shall be dealt with in a timely manner.
4. Lawful purposes
- All data processed by the Collier Law Solicitors must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests
- Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
- Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent will be made clearly available and systems should be in place to ensure such revocation is reflected accurately in the relevant filing system maintained by Collier Law Solicitors.
- For data to be obtained fairly, the data subject will, at the time the data is being collected, be made aware of:
- The identity of the Data Controller (Collier Law Solicitors)
- The purpose(s) for which the data is being collected
- The person(s) to whom the data may be disclosed by the Data Controller
- Where possible, the informed consent of the Data Subject will be sought before their data is processed
- Whether data is transferred outside the EU and the appropriate safeguards in place.
- Where data is used for automated decision making
- Where it is not possible to seek consent, Collier Law Solicitors will ensure that collection of the data is justified under one of the other lawful processing conditions – legal obligation, contractual necessity,
- The Data Subject’s data will not be disclosed to a third party other than to a party contracted to Collier Law Solicitors and operating on its behalf.
5. Data minimisation
- Collier Law Solicitors shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Collier Law Solicitors shall take reasonable steps to ensure personal data is accurate.
- Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
- To ensure that personal data is kept for no longer than necessary, Collier Law Solicitors shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
- The archiving policy shall consider what data should/must be retained, for how long, and why. Collier Law Solicitors will not hold data for longer than is necessary. We will keep your data in accordance with our internal retention procedures, or to comply with our obligations under the applicable data protection laws and in accordance with good practice.
- Collier Law Solicitors shall ensure that personal data is stored securely using modern software that is kept up-to-date.
- Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorized sharing of information.
- When personal data is deleted this should be done safely such that the data is irrecoverable.
- Appropriate backup and disaster recovery solutions shall be in place.
- In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, Collier Law Solicitors shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the Data Protection Commission.
10. How Collier Law Solicitors Obtains Your Personal Data
Collier Law Solicitors collects personal data from you in the course of our relationship with you. This can include but is not limited to following circumstances:
- When you make an enquiry with us for legal services
- Through Email Correspondence/Exchanges
- Through job applications
- Attending at Court or Tribunals in the course of providing legal services
- Through Letters written and post received
- Through phone calls and/or video calls
- When you provide us with your details either online or offline
- Any other personal data relating to you that you provide to us or that we generate about you in connection with your use of our legal services.
11. How do we use your personal data?
a .Dealing with your request to make contact with Collier Law Solicitors.
b.Processing and addressing enquiries made with Collier Law Solicitors legal services
c. Providing you with access to our legal services
In addition to consent as an established basis to process your data, we will also process your data in the following circumstances
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
- Processing is necessary for compliance with a legal obligation to which the controller is subject to
- Processing is necessary to protect the vital interests of the data subject or of another natural person
- Processing is necessary for the performance of a task carried out in the public interest
- Processing is necessary for the purposes of the legitimate interests of Collier Law Solicitors
- Processing is necessary for us to comply with a legal obligation, or to establish, exercise or defend legal claims
12.Recipients of Personal Data
We may disclose your personal data to other organisations in connection with the purposes outlined, including
- Our professional advisers including but not limited to auditors, accountants, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and Risk management auditors and quality control companies, the Revenue Commissioners, the Incorporated Law Society of Ireland
- IT Service providers to Collier Law Solicitors, such as outsources service providers
- To competent regulatory authorities and bodies as requested or required by law
- While providing the Services, we share information with various third parties, including, barristers, the Land Registry, Solicitors representing a party or parties who you are transacting or involved in litigation with.
- Information with courts, regulatory, public and statutory bodies, including where necessary to provide legal services to our clients and where required in order to comply with a legal or regulatory obligation.
- The Revenue Commissioners, the Incorporated Law Society of Ireland, the Data Protection Commission, the Legal Services Regulation Authority and other regulators and authorities based in Ireland and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
13. Transfer of Data Outside the European Economic Area
No such transfer is envisaged. However, should circumstances arise which require that your personal data is to be transferred outside the European Economic Area (EEA) it is important to note that these countries do not always afford an equivalent level of privacy protection and in such circumstances, we will always ensure that such a transfer is safe and secure by ensuring that adequate measures are put in place to protect your personal data in accordance with data protection law. For transfers of personal data outside the EEA we will rely on an adequacy decision by the European Commission. Appropriate safeguards will be put in place regardless of whether a transfer is to a country that is the subject of an adequacy decision or where it is a non-adequate country.
14.Access Your Personal Data and Your Rights
- Right to access the data – You have a right to request a copy of your personal data that we hold about you and information about our processing of that personal data.
- Rectification- We take reasonable steps to ensure that the personal information we hold about you is accurate. If you do not believe that the data we hold about you is accurate, please contact us and we will update the data accordingly
- Right to erasure – You have a right to request us to delete personal data that we hold about you.
- Right to restricting of processing – In certain circumstances, you are entitled to ask us to stop using your personal information.
- Right to data portability- You have a right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine format.
Where you have provided your consent, either for processing of personal and/or sensitive data, you have an absolute right to withdraw consent at any time. If you would like to exercise any of these rights, please contact [email protected]
If we choose not to action your request, we will explain to you the reasons for a refusal. If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made regarding the use of your personal data, you have the right to lodge a complaint with the Irish Data Protection Commission.
Cookies, in general, make your browsing experience better. However, you may prefer to disable cookies on this site and on other sites. The most effective way to do this is to disable cookies in your browser. Please consult the Help section of your browser or look at the About Cookies website which offers guidance for all modern browsers.