WHO ARE WE?
Davidson Chalmers Stewart LLP is a firm of solicitors providing legal services to natural and legal persons. In order to do this, we process the personal data of our clients and other individuals including the employees of our clients, those who use our website and those who sign up to hear more about our services.
As a law firm, much of the personal data that we process is subject to an obligation we have to our clients to maintain confidentiality in relation to that information. This means that sometimes we will not require to tell individuals that we are processing their data so that we can provide legal advice.
This obligation of confidentiality does not apply to the personal data of our individual clients, and other third parties who we use to assist us to provide legal services. This notice is to provide fair processing information when the processing we carry out is not subject to an obligation of confidentiality.
This Online Privacy Notice is to provide information to anyone whose data we process. We also have a more detailed privacy notice for clients and a separate notice for our staff.
We have appointed a Data Security Officer who is responsible for overseeing questions in relation to this privacy notice.
If you have any queries about this notice, the way we process personal data or if you wish to exercise any rights under data protection law then please contact our Data Security Officer using the following contact details:
m: Davidson Chalmers Stewart, 12 Hope Street, Edinburgh EH2 4DB
t: 0131 625 9191
It is important that this privacy notice is read together with any other privacy information we provide in relation to specific processing so that you are fully aware of how and why we are using your data.
WHAT TYPES OF DATA DO WE PROCESS?
Because of the nature of the services we provide, the types of data we process can be quite varied, but will usually include full names, contact details, and associated client information. Depending on the nature of our relationship with you, we may also process information about your business and company affiliations; identification (including copies of your passport or driving licence); financial affairs; family, lifestyle and social circumstances; education and employment background; the services we provide you or your company; your preferences (including when visiting our offices); your relationship with our staff; the goods or service you or your company provide us; and your use of our website.
In some circumstances we will process special categories of personal data about you, in which case we take particular care to only process such data in accordance with the strict legal parameters. This type of data can include information about your health (including information you provide about your dietary requirements when attending meetings); racial or ethnic origin; religious or political beliefs; trade union membership; sex life or sexual orientation; genetic or biometric data; or philosophical beliefs. It can also include information about criminal offences and convictions.
We will obtain personal data from you directly, from our clients, from third parties involved in matters we act on for our clients, and from other third parties (including publicly available information).
HOW DO WE COLLECT YOUR DATA?
We collect information directly from you or your organisation:
- When you or your organisation use or contact us to provide legal or any other related client services;
- When you provide information through our website;
- When you or your organisation make an enquiry for our services or otherwise engage with our staff for business related purposes;
- When you attend a seminar or other event (including training) organised by Davidson Chalmers Stewart or where you are a guest of Davidson Chalmers Stewart;
- Where you sign up to receive information from us;
- Where you or your organisation provide services to us.
We may also collect information from third party sources including:
- Publicly accessible sources such as Companies House or Registers of Scotland;
- Credit reference agencies or government agencies;
- Third party organisations that you have or have had dealings with.
WHAT DO WE DO WITH YOUR DATA?
We process personal data for the purpose of providing legal services to our clients and also for our own general business purposes including (without limitation):
- Providing legal advice or other services to you, including technology solutions as requested by you or your organisation.
- Operating and managing our business, assessing client satisfaction (such as by asking client representatives to participate in surveys), enhancing the client experience, conducting specific tests on our existing or new systems, networks, applications or software, and general improvement of our services;
- Fraud prevention, anti-money laundering, anti-bribery and for the prevention or detection of crime;
- Disclosures to our auditors, our own legal and other professional advisors, our insurers and insurance brokers;
- Administering our clients’ accounts with us, including providing billing services and tracing and collecting any debts;
- Ensuring the safety and security of our people and premises;
- Advertising, marketing and public relations, including sending you direct marketing communications (insofar as we are permitted by law).
WHAT BASIS DO WE HAVE FOR PROCESSING YOUR DATA?
We will only process your personal data where we have a lawful basis for doing so. In general, our lawful basis will be one or more of the following:
- For individual clients, to provide you with legal service under the contract we have with you or in order to take steps to enter into such a contract (contract);
- To comply with the legal obligations we have as a regulated body to carry out anti-money laundering checks on clients, including those in control of our corporate clients (legal obligation); and
- As it is in our legitimate interest to process personal data to provide our legal services, where the individual is not a client (legitimate interests).
In relation to special category data (data revealing racial or ethnic origin; political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic or biometric information used to uniquely identify an individual, data concerning health or a person’s sex life or sexual orientation) and criminal conviction data we will process that information only as is necessary for the establishment, exercise or defence of legal claims.
In addition, in some circumstances we may process personal data because you have provided us with your express consent, for example, sending you updates and newsletters about the firm’s activities. You have the right to withdraw any such consent, which you can do by getting in touch with us using the contact details below.
WHO DO WE SHARE YOUR DATA WITH?
In providing services to our clients and in complying with our legal obligations, we share personal data, insofar as we are permitted by law to do so, with the following third parties:
- Third parties involved in any matter, including (without limitation) courts, tribunals, counterparties, experts, private investigators, and other third parties involved in a matter;
- Suppliers and service providers used by us in providing services, details of which can be made available on request, including (without limitation) delivery services, document storage facilities, and IT service providers such as cloud providers of software as a service, data room providers and providers of our IT servers;
- Financial organisations, debt collection, credit reference and tracing agencies;
- Our auditors, our own legal and other professional advisors, our insurers and insurance brokers;
- Government agencies, regulators and other authorities including (without limitation) the Information Commissioner and Ombudsmen); and
- Our and your trade associations, professional bodies and business associates.
HOW LONG DO WE KEEP YOUR DATA?
We keep personal data in accordance with our internal retention procedures, which are determined in accordance with our regulatory obligations and good practice, mainly provided here by the Law Society of Scotland. Other personal information will only be processed if we have an ongoing relationship with you and this will be re-assessed from time to time. If you have any questions in this regard, or any concerns about how long we keep your information for, please contact us using the details below.
We use appropriate standards of security to protect personal data from being accidentally lost, used or accessed in an unauthorised way, or altered or disclosed. Our processes are aligned with Cyber Essentials accreditation which we are in the process of applying for.
In addition, as solicitors we maintain confidentiality in relation to our clients’ information including personal data. Access to information is restricted to authorised personnel who are under a duty to maintain the confidentiality and security of such information.
As a data subject, you have a number of rights in relation to your personal data. A fee will not generally be charged for exercising any of these rights unless your requests are manifestly unfounded or manifestly excessive.
- Provide a copy of your personal data and information about how it is being processed;
- Correct any mistakes in your personal data;
- Delete your personal data – in certain situations; and
- Restrict processing of your personal data – in certain circumstances, e.g. if you contest the accuracy of the data.
You can object:
- At any time to your personal data being processed for providing you with information and updates about our services; and
- In certain other situations to our continued processing of your personal data, e.g. processing we are carrying out where we claim it is for the purpose of our legitimate interests and your rights outweigh our interests.
If you would like to exercise any of those rights, please email us using the contact information above. If you have any concerns about how your personal data is being processed, please contact us and we will do our best to explain our processing and to provide reassurance to you.
However, if you are still unhappy with the way that we have dealt with your personal data then you can contact the Information Commissioner. Contact details are available at www.ico.org.uk/concerns
This Privacy Notice was last updated on 1 May 2019.