Client Privacy Statement/Data Protection Rights of Clients
The purpose of this client privacy statement is to tell you how we collect, use, process and disclose information about you whilst you are a client, former or prospective client of Porter Morris.
We are required by law to provide you with information about us, about why and how we use your data and about the rights you have over your data.
For the purposes of this policy we are Porter Morris Solicitors and our address is 10 Clare Street, Dublin 2. You can contact us by post at this address, by email at email@example.com or by telephone on (01) 6761185
This privacy statement applies to clients, former clients, prospective clients and/or those with whom we deal on behalf of clients in the course of our business.
This privacy statement sets out the basis on which any personal data is collected from you and the basis on which that personal data which is collected or that you provide to us, will be processed by us and your rights in relation to your personal data. Porter Morris is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
Any enquires about our use of your personal data should be addressed to the GDPR Partner, Porter Morris Solicitors.
What Personal Data do we process?
When you make enquiries as a prospective client and when you are our client we collect the following personal data:
- Identity data such as first name, surname, gender, date of birth, PPS number and
- Contact details such as address, email address, telephone number and emergency contact details.
- Identity documentation to comply with Anti-Money Laundering Legislation.
- Personal data necessary to assess each prospective instruction before accepting engagement and to providing legal services in accordance with your instructions. Such personal data may include employment details, car registration details and mortgage account details. It may also be necessary to process special categories of personal data including medical and health records.
Sometimes it is necessary for us to collect personal data about you from other sources to enable us to provide the legal services required. Examples of such other sources include Government Agencies, Banks, Insurance providers, Legal Searchers, Medical Professionals etc.
How do we use your personal data?
We use and process your data in accordance with Article 6 of GDPR i.e.
- You have given your consent to the processing of personal data for one or more specific purposes or
- Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract or
- Processing is necessary for compliance with a legal obligation or processing is necessary to protect your vital interests or another person or
- Processing is necessary for the purposes of our legitimate interests or a third party to whom the data is disclosed except where such interests are overwritten by your fundamental rights and freedoms.
Where your consent is being relied on as the basis for processing your personal data, that consent must be an unambiguous indication of your wishes and you may withdraw your consent at any time.
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for a non related purpose we will notify you and we will explain the legal basis which allows us to do so.
Disclosure of personal data to third parties
We may disclose your personal data to third parties where we are legally obliged to do so or where our terms of engagement with you requires or permits us to do so. For example, we may pass on personal data to the Revenue Commissioners, pension providers and health insurance providers.
We may also disclose your personal data to third parties to the extent reasonably required which may include third party experts, such as Accountants, Financial Advisors, Health Care Professionals, Medical Consultants and Barristers.
Will your personal data be transferred abroad?
Your personal data will generally not be transferred abroad. We will advise you if this becomes necessary.
Updating your personal data
The personal data we keep about you must be accurate and up to date. Therefore, we would ask you to notify us of any change to your personal data.
We retain personal data in accordance with Data Protection Laws, Statute of Limitations, Employment Legislation and any other relevant Laws in place at the relevant time and in accordance with our file retention and destruction policy.
Your Legal Rights
Under GDPR, you have the following rights in respect of your personal data:-
- The right to access the personal data we hold about you. (commonly known as a “Data Subject Access Request”).
- The right to require us to rectify any inaccurate personal data about you without undue delay.
- The right to have us erase any personal data we hold about you in circumstances where the processing is no longer necessary or where you withdraw your consent or where there is no overriding lawful basis for the processing.
- The right to request a restriction of the processing of your personal data.
- The right to data portability only in circumstances where the processing is carried out by automated means, is based on consent, or for the performance of a contract with the Data Controller and to the extent that it does not affect the rights and freedoms of others.
- Where processing is based on consent, the right to withdraw consent at any time, without effecting the lawfulness of processing based on consent before its withdrawal.
- The right to lodge a complaint with the office of the Data Protection Commissioner (dataprotection.ie).
If you have any questions about this privacy statement, including any requests to exercise your legal rights, please contact one of the partners Liam Lynch or Nicole Dillon.