Cumiskey Solicitors is committed to protecting and respecting your privacy.
This Privacy Statement will let you know how we look after your personal data with regard to your use of this website and in the context of receiving marketing communications from us. It also informs you as to our obligations and your rights under data protection law.
1. Who is responsible for your personal data?
Cumiskey Solicitors is the data controller with regard to the personal data described in this Privacy Statement.
“Data controllers” are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed, who/which make independent decisions in relation to the personal data and/or who/which otherwise control that personal data.
If you have any questions about this Privacy Statement or about our data protection compliance please contact us.
2. What personal data do we collect?
Personal data means any information relating to an identified or identifiable natural person. Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions and/or behavior.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
• Identity Data includes first name, last name, job title, copies of passport and date of birth. • Contact Data includes billing address, delivery address, email address and telephone numbers. • Client Data includes information you provide to us which is relevant to the advice/service which we are providing you with. • Financial Data includes bank account and payment card details. • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us. • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website. • Usage Data includes information about how you use our website, products and services. • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
3. How do we collect your personal data?
We collect your personal data as follows:
• We collect information from you when we are setting you up as a new client of the firm which can include anti-money laundering documentation, identifying information and financial data. • We collect certain personal data through our website through use of contact forms, cookies etc. Our cookies policy can be found here. • We collect personal data and other information from you during the course of providing you with legal services. • We may also receive your personal data from other sources such as from our client in the course of providing them with legal services or from publicly available sources such as the Company Registration Office. • We may collect your personal data at client events or seminars.
4. For what purposes do we process your personal data? ◦ Providing legal advice and any other service which you have requested ◦ Administering billing, processing payments etc. in connection with the services we provide; ◦ To comply with our legal and compliance obligations including with regard to record-keeping, anti-money laundering and tax laws; ◦ To provide you with information on events we are running, firm updates and general legal news which we think you may be interested in; ◦ For any purpose which may arise as necessary during the course of our providing services to you.
5. What are our legal bases for processing?
6. Do we share your personal data with anyone else?
We may share your personal data with the following parties in connection with our processing of your personal data. These will include email service providers, barristers, experts or as may otherwise arise in the course of our providing our services to you. We require all third parties to enter into a data processing agreement with us which complies with our obligations under the GDPR. This agreement requires third parties to have appropriate security systems in place and only to use your personal data on our instructions and in accordance with data protection law.
7. Keeping your personal data secure
We take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. We limit access to your personal data to those employees, agents and other third parties who are required to have access to your personal data and where they have agreed that they are subject to a duty of confidentiality. We have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We have procedures in place to deal with actual and suspected data breaches which include an obligation on us to notify the supervisory authority and/or you, the data subject, where legally required to do so.
8. Transferring personal data abroad
There are circumstances in which we will have to transfer your personal data out of the European Economic Area for the purposes of carrying out the services we provide to you. Where the need for such a transfer arises we will always ensure that there are appropriate safeguards in place to protect your personal data such as: • the European Commission has issued a decision confirming that the country to which we transfer the personal data ensures an adequate level of protection for the data subjects’ rights and freedoms; • appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from the Data Protection Team; • you have provided explicit consent to the proposed transfer after being informed of any potential risks; or • the personal data is being transferred to a company in the US which has self-certified its compliance with the EU-US Privacy Shield which has been found by the European Commission to provide an adequate level of protection to the personal data of EU citizens.
9. For how long do we keep your personal data?
Your personal data will be deleted when it is no longer reasonably required for the purposes described above or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data. Where you ask to be unsubscribed from marketing communications we may keep a record of your email address and the fact that you have unsubscribed to ensure that you are not sent any further emails in the future.
10. Your data protection rights
Under certain circumstances, by law you have the right to: • Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it. • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. • Object to automated decision-making including profiling, that is not to be the subject of any automated decision-making by us using your personal information or profiling of you. • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it. • Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format. In the event that you wish to make a complaint about how your personal data is being processed by Cumiskey Solicitors, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority who can be contacted as follows:
11. Contact us You can contact us with any queries, complaints or requests to exercise your data protection rights.
12. Updates to this Privacy Statement
Our Privacy Statement may change from time to time, and any changes to this Privacy Statement will be posted on the website and will be effective when posted. As your use of the Cumiskey Solicitors website is subject to your acceptance of this Privacy Statement, and any amendments thereto, please check back regularly.