WHO ARE WE?
Wilson and Fish Solicitors is a trading style of Wilson McKendrick Solicitors Limited a firm of solicitors providing legal services to natural and legal persons. In order to do this, we process the personal data of our clients and other individuals including the employees of our clients, those who use our website and those who sign up to hear more about our services.
As a law firm, much of the personal data that we process is subject to an obligation we have to our clients to maintain confidentiality in relation to that data. This means that sometimes we will not require to tell individuals that we are processing their data so that we can provide legal advice.
This notice is to provide fair processing data when the processing we carry out is not subject to an obligation of confidentiality.
This Data Privacy Notice is to provide information to anyone whose data we process.
We have appointed a Data Security Officer who is responsible for overseeing questions in relation to this privacy notice.
If you have any queries about this notice, the way we process personal data or if you wish to exercise any rights under data protection law then please contact our Data Protection Officer using the following contact details:
m: Wilson McKendrick Solicitors Limited 29 St. Vincent Place, Glasgow G1 2DT
t: 0141 222 7950
This notice describes:
- The personal data that we collect;
- How we obtain personal data;
- How we use personal data;
- The basis upon which we use personal data;
- How long we keep personal data;
- Who we share personal data with;
- Which countries we transfer personal data to;
- How we protect personal data;
- The legal rights of individuals whose personal data we process; and
The personal data that we collect
Personal data means any data relating to an identified or identifiable natural person.
Because of the wide ranging nature of our work, and the different reasons why we need to use personal data, what we collect is very varied and includes:
- Identity and contact data – including name, date of birth, email address, postal address, telephone numbers, passport details and information provided or collected as part of our client take on or employee recruitment processes;
- Financial and transaction data – including bank account details, payment card details and details of payments from and to individuals;
- Technical and usage data – including information about how individuals use our website;
- Marketing data – including individuals’ preferences in receiving marketing from us and information provided to us for the purpose of attending events such as dietary information and accessibility requirements;
- Information used to provide our services – including information provided to us by or on behalf of our clients or otherwise provided to us or generated by us in the course of providing services to our clients
In particular in order to provide our services, we may collect special category data and personal data relating to criminal convictions and offences. Special category data includes personal data which reveals racial or ethnic origin, religious or philosophical beliefs, trade union membership, data concerning health and data concerning a person’s sex life or sexual orientation.
How we obtain personal data
We obtain personal data in different ways, including through:
- Direct contact – individuals may give us their personal data by corresponding with us by post, email or telephone or otherwise;
- Clients – our clients may give us personal data of individuals (for example a client’s employees) to enable us to provide our services;
- Third parties or publicly available sources in connection with the provision of services by us to our clients. We may also receive data from publicly available sources such as Companies House and Registers of Scotland; and
How we use personal data
We process personal data for the purpose of providing legal services to our clients and also for our own general business purposes including (without limitation):
- Providing legal advice or other services to clients;
- Operating and managing our business, assessing client satisfaction (such as by asking client representatives to participate in surveys), enhancing the client experience, conducting specific tests on our existing or new systems, networks, applications or software, and general improvement of our services;
- To recruit manage and supervise our employees;
- Fraud prevention, anti-money laundering, anti-bribery and for the prevention or detection of crime;
- Disclosures to our auditors, our own legal and other professional advisors, our insurers and insurance brokers;
- Administering our clients' accounts with us, including providing billing services and tracing and collecting any debts;
- Ensuring the safety and security of our people and premises; and
- Advertising, marketing and public relations, including sending you direct marketing communications (insofar as we are permitted by law)
The basis upon which we use personal data
We will only use personal data (including special category data and data relating to criminal convictions and offences) when the law allows us to. Most commonly, we will use personal data in the following circumstances:
- Where we need to do so to perform a contract we are about to enter into or have entered into – for example a contract for the provision of legal services or a contract of employment;
- Where it is necessary for our legitimate interests (or those of a third party such as one of our clients) and the interests and fundamental rights of the individual whose personal data we are using do not override those interests – for example where we act for a client in bringing court proceedings; and
- Where it is necessary to comply with a legal or regulatory obligation
In addition, in some circumstances we may process personal data because you have provided us with your express consent, for example, sending you updates and newsletters about the firm’s activities. You have the right to withdraw any such consent, which you can do by getting in touch with us using the contact details below.
How long we keep personal data
We will keep personal data in accordance with our data retention practices, which apply appropriate retention periods for each category of personal data. In setting retention periods we take account of the purposes for which the personal data was collected, legal and regulatory obligations on us to retain data, limitation periods for legal action and our business purposes.
Who we share personal data with
We may share personal data with third parties including:
- Third parties involved in any matter, including (without limitation) courts, tribunals, counterparties, sheriff officers, experts, private investigators, and other third parties involved in a matter;
- Suppliers and service providers used by us in providing services, details of which can be made available on request, including (without limitation) delivery services, document storage facilities, and IT service providers such as cloud providers of software as a service, data room providers and providers of our IT servers;
- Financial organisations, debt collection, credit reference and tracing agencies;
- Our auditors, our own legal and other professional advisors, our insurers and insurance brokers;
- Government agencies, regulators and other authorities including (without limitation) the Information Commissioner and Ombudsmen); and
- Our and your trade associations, professional bodies and business associates.
Which countries we transfer personal data to
As a law firm, we hold all personal data concerning our clients and their affairs within the United Kingdom.
We will only send your personal data outside the European Economic Area:
- where you ask us to;
- where we are being instructed on your behalf by someone outside the European Economic Area (for example, another law firm);
- where that is required to provide the legal services that you have instructed us to provide – for example, in instructing/dealing with foreign solicitors or other advisors on your behalf;
- where we need to do so in order to comply with a legal duty incumbent on us or you;
- where the transfer is necessary for important reasons of public interest; and
- the transfer is necessary for the establishment, exercise or defence of legal claims.
If your data is to be processed outside the EEA, then we will ensure that it is protected to the same standards as if it were being processed within the EEA by using appropriate safeguards, which may include:
- ensuring that your data is only transferred to countries that have been recognised by the EU as adequate protecting personal data to the same standards as the EU; and
- putting in place a contract with the recipient of your data which requires them to protect that data to the same standards as if the data were being processed within the EEA.
The safeguards we use will depend on the location of the recipient, the function they are performing and the personal data being transferred.
How we protect personal data
We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place appropriate measures to inform our staff about how we collect, handle and keep data secure.
In addition, as solicitors we maintain confidentiality in relation to our clients’ information including personal data. Access to information is restricted to authorised personnel who are under a duty to maintain the confidentiality and security of such information.
We have put in place measures to deal with any suspected personal data breach and will notify relevant individuals and the Information Commissioner of a breach when we are legally required to do so.
The legal rights of individuals whose personal data we process
Individuals have the rights set out below. If you wish to exercise any of these rights please contact our Data Protection Officer using the contact details given above.
Request access to their personal data (commonly known as a "data subject access request"). This enables individuals to receive a copy of the personal data we hold about them and to check that we are lawfully processing it.
Request correction of the personal data that we hold about them. This enables individuals to have any incomplete or inaccurate data we hold, though we will need to verify the accuracy of the new data provided to us.
Request erasure of their personal data. This enables individuals to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Individuals also have the right to ask us to delete or remove their personal data where they have successfully exercised their right to object to processing (see below), where we may have processed their data unlawfully or where we are required to erase their personal data to comply with local law. Note, however, that we may not always be able to comply with a request of erasure for specific legal reasons which will be notified to the individual, if applicable, at the time of their request.
Object to processing of personal data where we are relying on a legitimate interest (or that of a third party) and there is something about the individual’s particular situation which makes her/him want to object to processing on this ground as she/he feels it impacts on her/his fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process the data which overrides those rights and freedoms. Individuals also have the right to object where we are processing their personal data for direct marketing purposes.
Request restriction of processing of their personal data. This enables individuals to ask us to suspend the processing of their personal data in the following scenarios: (a) if the individual wants us to establish the data's accuracy; (b) where our use of the data is unlawful but an individual does not want us to erase it; (c) where the individual needs us to hold the data even if we no longer require it as she/he needs it to establish, exercise or defend legal claims; or (d) the individual has objected to our use of their data but we need to verify whether we have overriding legitimate grounds to use it
Withdraw consent at any time where we are relying on consent to process the personal data. However, this will not affect the lawfulness of any processing carried out before consent is withdrawn.
Individuals have a right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.co.uk). We would, however, appreciate the chance to deal with any concerns before the ICO is approached so please contact our Data Protection Officer, using the contact details given above, in the first instance.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated 13 February 2020.