This Privacy Statement (our Statement) sets out the basis on which any personal data within the meaning of the General Data Protection Regulation (GDPR) (EU) 2016/679 is collected and used by Rennick Solicitors.
Who we are
We are Rennick Solicitors, providing legal services and advice primarily from our premises at Main Street, Dunboyne, County Meath. References to ‘we’, ‘us’ and ‘our’ shall be construed accordingly.
What we do
We provide legal advice and services to both private individuals and corporate entities.
What is personal data?
Personal data is information which relates to an identifiable natural person.
Who is the Data Controller
The Principal of our firm (Mr Brian Rennick) is our Data controller and is responsible for how your data is controlled. Employees (solicitors and support staff) of the firm process your data on his behalf in order to provide the legal services you and/or your business require. We are not required to have a Data Protection Officer but have taken the step to appoint a Data Champion. This data champion can be contacted at email@example.com.
Do we collect personal data?
- a file is opened and we are required (by law) to take certain personal data from you;
- you provide details of your case/legal matter so that we can progress that matter;
- you opt in and provide consent to us to contact you via our website or through social media/email;
- you use your credit or debit card to pay for your legal services;
- you make an enquiry with us;
- you communicate with us via post and other correspondence.
What types of personal data do we obtain?
The data that we obtain includes but is not limited to the following - name, telephone number, email address, home address, next of kin, PPS number, bank details. For clarity we do not collect or process any sensitive personal data, other than when those details are required explicitly for the provision of a particular legal advice or service.
Categories of data that we collect
We process personal data relating to the following categories of data subject: our employees, our clients, employees of our business clients (in relation to particular legal services or matters), our opposing clients (in legal matters), our social media followers and third party employees and contractors who we do business with or who provide services to us.
How do we use your data?
We use it in order to:
- comply with our legal and regulatory requirements, including Anti Money Laundering;
- provide legal services to you;
- provide client services to you in addition to the legal service;
- process your payment for your legal service/advice;
- protect both our interests;
- verify credit or other charge card details;
- identify ways that we can improve our service;
- provide you with marketing content that you have consented to receive;
- answer your queries;
- provide you with news updates and information that you have consented to receive.
Are we allowed use your data?
Yes, provided we can identify a legitimate basis for doing so. To use your information lawfully, we rely on one or more of the following basis:
- It is necessary for the performance of a contract to which you are party to with us;
- it is necessary for purposes of the legitimate interests of third parties (except where those interests are overridden by your interests or fundamental rights and freedoms);
- in compliance with legal obligations;
- in protecting the vital interest of you or others;
- on consent that you have given to us to use that personal data.
Do we collect sensitive personal data?
As mentioned above, not in the normal course of our processing. Sensitive personal data includes certain categories of personal information, such as that about race, ethnicity, religion or health. There may be occasion whereby a particular legal matter require you to provide us with sensitive personal data.
Our Security measures
When you give us personal information, we take steps to make sure that it’s treated securely. We use strict procedures and technical security measures to safeguard your information in our offices and across all of our computer systems, networks, website and social media platforms. Our security measures include the following:
- maintaining ongoing confidentiality, integrity, availability, access, and resilience of processing systems and services;
- restoring the availability of and access to personal data, in the event of a physical or technical security breach;
- maintaining robust security measures (both IT and physical)
- ensuring our staff are fully data security and GDPR trained;
- that our internal processes and procedures are reviewed and fit for purpose;
- that we conduct ongoing Data Risk Impact Assessments;
- that we test and evaluate the effectiveness of our technical and organisation measures;
- that we ensure our third party service providers and/or contractors are GDPR compliant.
Do we share personal data with third parties?
Yes, we share personal data with:
- third parties who provide essential and necessary services to us in the course of our business subject that we disclose only the personal information that is necessary for the purpose of the performance of their services and we have contracts in place that guarantee the security of your data and the integrity of our service providers’ systems. These parties include,:
- software management services providers;
- payment processor service providers (credit payment services/banks);
- IT service providers;
- data security consultants in the context of auditing our data security systems, policies and protocols.
- The Courts Service whom we are required to engage with and provide certain information to through formal legal documents;
- To Opposing Solicitors who we are required to share certain information on a formal and legal basis is order for the matter to be progressed through the Justice system;
- To Barristers who we instruct, with consent from our clients to assist us in the progression of our clients legal matter.
- To Engaged Consultants which would include Engineers, Medical Professionals, Accountants, etc who we engage on our clients behalf to assist us in the progression of the legal matter for our client;
- Colleagues within our Firm with whom we work with on a collegiate basis to provide the best legal service possible to our clients.
We have sought certification from all our third party service providers that they adhere to information security best practice and are compliant with GDPR obligations. We only do business with reputable and verifiable third parties.
International transfers of data
We do not transfer your data outside of the European Economic Area (EU members and Iceland, Liechtenstein and Norway) (EEA).
We do NOT conduct direct marketing. We would require your express consent if we wished to contact you for direct marketing purposes (by post, email or social media). You are entitled to withdraw your consent at any time at any time. To withdraw your consent you simply contact firstname.lastname@example.org
You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. Please note that we're not responsible for the content of external websites.
Visitors are advised that each time they visit a Website, two general levels of information about their visit can be retained. The first level comprises statistical and other analytical information collected on an aggregate and non-individual specific basis of all browsers who visit the site. The second is information which is personal or particular to a specific visitor who knowingly chooses to provide that information.The statistical and analytical information provides general and not individually specific information about the number of people who visit this Website; the number of people who return to this site; the pages that they visit; where they were before they came to this site and the page in the site at which they exited. This information helps us monitor traffic on our Website so that we can manage the site’s capacity and efficiency. It also helps us to understand which parts of this site are most popular and generally to assess user behaviour and characteristics in order to measure interest in and use of the various areas of the site.
Through this Website you may have an opportunity to send us information, such as through the "registration" pages or any other area where you may send e-mails, provide feedback, etc. By choosing to participate in these, you will be providing us with some level of personal information relating to you. This information will only be used by this site for:
- the purposes for which it was provided by you;and
- verification purposes and statistical analysis;
This site Website does not collect any personal data about you on this Website, apart from information which you volunteer (for example, by emailing us, or registering with us). Any information which you provide in this way is not made available to any third parties, and is used by this site only in line with the purpose for which you provided it.
How long will we hold your data for?
We will hold your data while you are a customer and for the minimum period thereafter that we are required pursuant to our legal and regulatory obligations. We will keep your data for no longer than is necessary and then securely delete your data or anonymise it so that it cannot be linked to you.
As a Solicitors practice we are required and mandated to maintain certain records for defined periods of time and we confirm that we have a retention policy that is compliant with those requirements. Further we also have a robust and verifiable deletion policy in place.
You have the right to:
- request a copy of the information that we hold about you. If you would like a copy of some or all your personal information, please contact us using the contact details mentioned below. We will respond to your request within one month;
- ensure that your personal information held by us is accurate and up to date. If you would like us to correct or remove information you think is inaccurate please contact us using the contact details mentioned below;
- object to the processing of your personal data on grounds relating your particular situation if we claim that the processing is carried out on the basis that it is necessary for the purposes of our legitimate interests or those of your employer or a third party. We can only deny your request if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claims;
- receive the personal data which you have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller if:
- the processing is based on consent or on a contract, and
- the processing is carried out by automated means.
- require that we no longer contact you for marketing purposes (if in fact we begin that process) by means of an ‘unsubscribe’ link or ‘Stop’ text message;
- be forgotten. Should you wish for us to completely delete all information that we hold about you please contact us using the contact details mentioned below. We will do this in compliance with our obligated retention requirements;
- lodge a complaint (concerning the manner and means of our processing of your personal data) with the Office of the Data Protection Commissioner (www.dataprotection.ie).
Our contact details
Changes to our Privacy Statement
Finally, please note that we may revise or update our Privavcy Statement at any time subject that we will at all times comply with our obligations under the General Data Protection Regulation (GDPR) (EU) 2016/679.
This Privacy Statement was updated 24 May 2018.