Data Privacy Notice
Introduction
This Notice applies to Branigan Cosgrove Finnegan Solicitors LLP (the Firm), a law firm, located at 31 Pembroke Road, Dublin 4 D04V8N9, Ireland which is the data controller for the purposes of this Notice.
When we say “the Firm”, “we”, “us” or “our”, we mean the controller of your information.
At the Firm, we know that your privacy is important to you. This privacy notice (Notice) describes the types of information we collect and use, who that information relates to, how and why we use such information, who we share it with and your legal rights.
Unless indicated otherwise, this Notice applies to all our provision of legal services and assistance (the Services).
The data we collect about you
We collect and process information which relates to a variety of categories of individuals. These include individuals who may not have a direct relationship with the Firm. The types of individuals include:
Clients: We collect and use information relating to our prospective, current and former clients.
Individuals related to clients: We also collect and use information relating to individuals related to clients to include their employees, partners, directors, company secretaries, shareholders or beneficial owners, beneficiaries dependents and next of kin.
Individuals whose information is relevant to the legal advice and assistance we provide: We also collect, use and otherwise process information relating to individuals where their information is considered by us or our clients to be relevant to the legal advice we are providing to our clients. For example, in, a conveyancing matter we collect or receive information relating to vendors, buyers, auctioneers, banks, surveyors, architects and engineers.
Where we receive data from
We receive your data from a variety of sources, including from third parties. For example, in the course of providing legal services, we may receive data from you directly, from other solicitors, insurance companies, medical experts, auctioneers, the Property Registration Authority, the Companies Registration Office and government departments.
How we use the information we collect
We use this information for a number of purposes including the following:
- Providing legal services:
- If you are a client of the Firm, we will collect and use information relating to you. We will use information in relation to the legal services provided to you and as part of our administrative, financial and operational processes. This information may include your contact details, payment and financial information. The legal basis for carrying out this processing is compliance with our legal obligations and legitimate interests.
- If you are not a client of the Firm, we may also collect, use and otherwise process your information in the course of providing legal advice and assistance to our clients where your information is considered by us or our clients to be relevant to the legal advice and assistance we provide to our clients. The precise information in this regard will depend on what legal advice and assistance we are giving. The legal basis for carrying out this processing is compliance with our legal obligations and legitimate interests.
- Anti-money laundering (AML) compliance: We may collect and use your information in the context of compliance with anti-money laundering laws and our regulatory obligations. This includes your ID and proof-of-address information. Shareholders with more than 25% interest in a company, who live outside of Ireland, are required to complete a Politically Exposed Persons (PEP) questionnaire. AML information may be sent to other solicitors and law firms that rely on our AML collection practices. Equally, we may receive AML information from other law firms. The legal basis for carrying out this processing is compliance with our legal obligations.
The legal bases for processing data
In order to collect, use, share, and otherwise process your information we rely on a number of legal bases, including where:
- it is necessary to perform a contract we have with you and to provide the Services;
- it is necessary for us to comply with a legal obligation, or to establish, exercise or defend legal claims;
- you have consented to the processing (in which case you may revoke your consent at any time);
- it is necessary to protect your vital interests or those of others;
- it is necessary in the public interest; and
- it is necessary for the purposes of the Firm’s or a third party’s legitimate interests, such as those of clients, partners, staff or others, provided that those interests are not overridden by your interests or fundamental rights and freedoms.
Where we collect, use, disclose and otherwise process your information based on legitimate interests, we may rely on the following interests:
- Provision of legal services: We use your information to pursue our clients and other impacted individuals’ legitimate interests in obtaining and/or benefitting from legal advice and assistance, as well as our interests in providing legal advice and assistance to our clients.
- Keeping our services safe and secure: We use your information in certain instances as necessary to pursue our and your legitimate interests of keeping some of our Services, such as our domains, safe and secure. For example, we collect IP addresses and process log files to ensure our website is not subject to fraudulent access.
Special categories of data
In the course of providing the Services, we may process certain information that attracts special protection under EU law. For example, in the context of litigation or, we might process information relating to health (e.g. your medical history), race, religious beliefs, sex life, genetics, trade union membership or sexual orientation. This information could be in respect of you as a client or another individual involved in the matter.
We rely on exceptions contained in Article 9 of the GDPR and in the Data Protection Act 2018 to process this information.
The Irish Data Protection Act 2018 contemplates that the processing of special categories of personal data and Article 10 data (broadly speaking, data relating to criminal convictions) shall be lawful where the processing:
- is necessary for the purposes of providing or obtaining legal advice or for the purposes of, or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings, or
- is otherwise necessary for the purposes of establishing, exercising or defending legal rights.
Information and data you give us relating to other persons
If you provide information to us about any person you should ensure that you have a legal basis for doing so and that you have complied with your transparency obligations under data protection law. The Irish Data Protection Act 2018 contemplates that the processing of special categories of personal data is lawful where the processing is:
- necessary to establish exercise or defend legal rights; or
- is necessary for the purposes of providing or obtaining legal advice or for the purposes of or in connection with legal proceedings or prospective legal proceedings
You should also try to limit the personal information you give us to what you think is necessary for us to provide you with legal advice and assistance.
Who we share your information with
In the course of providing the Services, we share information with various third parties, including, your authorised representatives, barristers, insurance companies, experts, private investigators, summons servers, solicitors representing the party with whom you are transacting or against whom you are litigating.
We also share your information with courts, regulatory, public and statutory bodies such as the Property Registration Authority for a variety of reasons, including where necessary to provide legal services to our clients and where required in order to comply with a legal or regulatory obligation.
We may share your personal information to help us provide our services and communicate with you. The categories of service providers include IT software and hosting providers and records-storage companies. Where such third parties are processors, these third parties are contractually required to use it only to provide their service to us and are contractually barred from using it for their own purposes.
We may also retain, preserve, or share your information if we believe that it is reasonably necessary for legal and safety reasons. These include:
- to respond to a legal request based on legitimate law (e.g., a subpoena, court order, or other request from government or law enforcement);
- to detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues;
- to protect our rights, property, or safety;
- to enforce our contract with you; and
- to prevent physical injury or other harm to any person or entity,
Data Transfers
In certain cases, we need to transfer your information to recipients outside the European Economic Area (EEA), such as where it is necessary to provide legal services to our client and to perform our terms of engagement. For example, we might transfer your information to other law firms, experts or the Firm affiliates located outside the EEA.
Where we transfer your information, we will do so in accordance with EU data protection law. We only transfer personal information to these countries when it is necessary for the services with which we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your information. These are contracts which contain standard commitments approved by the EU Commission protecting the privacy and security of the information transferred. For recipients in the United States, we may alternatively rely on the EU-US Privacy Shield if such recipients are certified to receive your information under the Privacy Shield Program. We may rely on different legal mechanisms to ensure the transfer is lawful. If the recipient is in a country that is not deemed ‘adequate’ by the European Commission, we may enter into the ‘standard contractual clauses’ with the recipient.
Please note that the privacy protections and the rights of authorities to access your information in some of these countries may not be the same as in your home country. We will only transfer information as permitted by law.
Retention
We may retain your information for as long as necessary in light of the purposes set out in this Notice, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for the Firm to assert or defend legal claims, until the end of the relevant retention period or until the claims in question have been settled.
To determine the appropriate retention period for personal data, we refer to regulatory and The Law Society of Ireland guidelines. We also consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.
Your rights
If you wish to exercise any of your data rights, you can contact our Data Protection Representative at 01-6682477
If we are unable to deal with your request fully within a calendar month we may extend this period by a further two calendar months and shall clearly communicate the reason why to you.
While some of your rights apply generally, certain rights apply only in specific circumstances. Your rights are:
- Object: If we process your information based on our legitimate interests explained above, or in the public interest, you can object in certain circumstances. In such cases, where legally required to do so, will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
- Access: You have the right to request access to your information that we control.
- Data portability: You have the right to request that some of your personal information with which you initially provided to us is returned to you or another controller in a commonly used machine readable format.
- Rectify, restrict and delete: You have the right to ask us to restrict the processing of your information or to rectify or delete your information. Please note that despite a deletion request, we may continue to process your information if we have a legal basis to do so.
- Revoke consent: Where you have previously provided your consent, you have the right to withdraw your consent to our processing of your information at any time. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
- Complain: You also have the right to complain to the Data Protection Commissioner or any other supervisory authority. You can contact the office of the Data Protection Commissioner at:
Telephone: +353 (0)761 104 800 or Lo Call Number 1890 252 231
Fax: +353 57 868 4757
E-mail: info@dataprotection.ie
Postal Address: Data Protection Commissioner, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois.
These rights are subject to a number of exceptions under law. For instance, the Irish Data Protection Act 2018 provides that certain of your rights under the GDPR and Data Protection Act 2018 (such as the right of access and objection) may not apply:
to personal data processed for the purpose of seeking, receiving or giving legal advice;
to personal data in respect of which a claim of privilege could be made for the purpose of or in the course of legal proceedings, including personal data consisting of communications between a client and his or her legal advisers or between those advisers; or
where the exercise of such rights or performance of such obligations would constitute a contempt of court.
Amending the Privacy Notice
From time to time, we may amend this Notice. This could occur where we make changes to the Services. If we make material changes to the Notice, we will take steps to notify you, such as by posting a notice on our website. The Notice was last updated at the date indicated below.
Contact us
If you have questions about how we use your information, you can contact us on 01-6682477 or by email at info@bcf.ie