Seamus Maguire & Co respects your data privacy rights. Accordingly, we have updated our Privacy Notice to coincide with the new General Data Protection Regulation (GDPR) which came into force on 25 May 2018.
1. Introduction and Scope
At Seamus Maguire & Co we know that your privacy is important to you. This privacy notice (“Notice”) describes the types of information we collect and use, who that information relates to, how and why we use such information, who we share it with and your legal rights.
When we talk about information in this Notice, we mean any information relating to you, either directly or indirectly.
Unless indicated otherwise, this Notice applies to all our website, domains, apps, and to our provision of legal services and assistance (the “Services”).
2. Who Is Responsible For Your Information?
Seamus Maguire & Co is responsible for your information.
This Notice applies to Seamus Maguire & Co which is the data controller for the purposes of this Notice.
When we say “Seamus Maguire & Co”, “we”, “us” or “our”, we mean the controller of your information.
3. Who This Notice Applies To
We collect and process information which relates to a variety of categories of individuals. These include individuals who may not have a direct relationship with Seamus Maguire & Co. We have described below the main types of individuals whose information we collect, use and otherwise process:
- Clients and related individuals: We collect and use information relating to our prospective, current and former clients. We also collect and use information relating to individuals connected with clients, such as their employees, partners, directors, company secretaries, shareholders or beneficial owners and, in the case of private clients, their beneficiaries and dependents and next of kin.
- Individuals whose information is relevant to the legal advice and assistance we provide: We also collect, use and otherwise process information relating to individuals where their information is considered by us or our clients to be relevant to the legal advice and assistance we provide to our clients. For example, in the course of litigation, we collect or receive information relating to plaintiffs, claimants, defendants, notice parties, third parties, solicitors, barristers, witnesses, expert witnesses, summons servers and service providers such as stenographers and private investigators.
- Business and marketing contacts: In the course of providing and marketing our Services, we also collect and use information relating to visitors to our websites and domains, users of our apps, visitors to our offices, event invitees or attendees, blog, ezine or other email recipients, and other business and marketing contacts.
4. Who We Receive Information From
We receive your information from a variety of sources, including from third parties. For example, in the course of providing legal services, we may receive your information from our clients, other solicitors and law firms, barristers, insurance companies, experts, doctors, actuaries, witnesses, summons servers, private investigators, discovery processes, government departments, public and semi-state bodies, public registries and databases (such as the Companies Registration Office and Land Registry), publicly available information and internet searches, such as from professional media profiles.
5. Information We Collect and How We Use It
In the course of providing the Services, we collect or receive information in different ways and relating to various groups of individuals (described above). We use this information for a number of purposes, including those described further below.
Providing legal services: If you are a client of Seamus Maguire & Co, we will collect and use information relating to you. While much of this information will relate specifically to the type(s) of legal services we provide to you, we will also use information as part of our administrative, financial and operational processes. This information may include your contact details, payment and financial information, marketing profiles, including what events and communications we think you might be interested in, and client relationship management and feedback information, in addition to the information you give us so we can provide legal services to you. We will also collect and process AML information (described below). In carrying out this processing we rely on the following legal bases: contractual necessity, compliance with our legal obligations and legitimate interests (described below).
If you are not a client of Seamus Maguire & Co, we may also collect, use and otherwise process your information in the course of providing legal advice and assistance to our clients where your information is considered by us or our clients to be relevant to the legal advice and assistance we provide to our clients. The precise information in this regard will depend on what legal advice and assistance we are giving. For instance, if we are advising on a claim or dispute that involves you, the information will include any information about you that is relevant to that claim. In carrying out this processing we rely on the following legal bases: compliance with our legal obligations and legitimate interests (described below).
- AML compliance: We may collect and use your information in the context of compliance with anti-money laundering (AML) laws and our regulatory obligations. This includes your ID and proof-of-address information. Shareholders with more than 25% interest in a company, who live outside of Ireland, are required to complete a Politically Exposed Persons (PEP) questionnaire. AML information may be sent to other solicitors and law firms that rely on our AML collection practices. Equally, we may receive AML information from other law firms. In carrying out this processing we rely on the following legal bases: compliance with our legal obligations.
- Website and apps: If you visit our website or use our apps, we will collect certain information relating to you. Generally, unless you submit information to us, such as via an online form, we only collect technical and device-related information from your use of our website and apps. We do so to secure our website and apps, understand how you use them, and analyse how we can improve them. See the Cookies Policy on our website for more details. With your consent such as your subscription to ezines or blogs or your registration for our events, materials or event notifications, we may send you updates, invites and marketing materials. We may also do this if you are a client or a former client and you will always have the right to unsubscribe from such communications. If we do so, we will also collect information on your interaction with such communications. In carrying out this processing we rely on the following legal bases: legitimate interests.
- Building visitors: If you visit our offices, your image might be captured on CCTV. CCTV is deployed in our offices for safety, security and administrative purposes. In carrying out this processing we may rely on the following legal bases: contractual necessity, legitimate interests and compliance with our legal obligations.
6. Sensitive Information
In the course of providing the Services, particularly legal services, we may process certain information that attracts special protection under EU law. For example, in the context of litigation or disputes, particularly healthcare cases, we might process information relating to health (e.g. your medical condition), genetics, race, religious beliefs, sex life, sexual orientation, or trade union membership. This information could be in respect of a client, a claimant, witness or an individual otherwise connected with a case or other legal matter. Similarly, if we represent you in a criminal case, we will collect information about the alleged offences and any related criminal history. In the context of our AML obligations, we might process information relating to political opinions or criminal convictions. We rely on exceptions contained in Article 9 of the GDPR and in the Data Protection Act 2018 to process this information.
7. Information You Give Us About Other People
If you provide information to us about any person other than yourself, you should ensure that you have a legal basis for doing so and that you have complied with your transparency obligations under data protection law. For instance, the Irish Data Protection Act 2018 contemplates that the processing of special categories of personal data shall be lawful where the processing:
- is necessary for the purposes of providing or obtaining legal advice or for the purposes of, or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings, or
- is otherwise necessary for the purposes of establishing, exercising or defending legal rights.
You should also try to limit the personal information you give us to what you think is necessary for us to provide you with legal advice and assistance.
8. Our Legal Bases
In order to collect, use, share, and otherwise process your information for the purposes described in this Notice, we rely on a number of legal bases, some of which are mentioned above, including where:
- necessary to perform a contract we have with you, such as our Terms of Business, and to provide the Services (we refer to this as contractual necessity above);
- you have consented to the processing (in which case you may revoke your consent at any time);
- necessary for us to comply with a legal obligation, or to establish, exercise or defend legal claims;
- necessary to protect your vital interests or those of others;
- necessary in the public interest;
- necessary for the purposes of Seamus Maguire & Co or a third party’s legitimate interests, such as those of clients, partners, staff or others, provided that those interests are not overridden by your interests or fundamental rights and freedoms; and
The Irish Data Protection Act 2018 contemplates that the processing of special categories of personal data and Article 10 data (broadly speaking, data relating to criminal convictions) shall be lawful where the processing:
is necessary for the purposes of providing or obtaining legal advice or for the purposes of, or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings, or
is otherwise necessary for the purposes of establishing, exercising or defending legal rights.
We will rely on these exceptions in the 2018 Act and other exceptions in Article 9 of the GDPR when processing special categories of personal data.
9. Legitimate Interests
Where we collect, use, disclose and otherwise process your information based on legitimate interests, we may rely on the following interests:
- Provision of legal services: We use your information to pursue our clients and other impacted individuals’ legitimate interests in obtaining and/or benefitting from legal advice and assistance, as well as our interests in providing legal advice and assistance to our clients.
- Keeping our Services Safe and Secure: We use your information in certain instances as necessary to pursue our and your legitimate interests of keeping some of our Services, such as our domains, websites, apps, offices and events, safe and secure. For example, we collect IP addresses and process log files to ensure our website and apps are not subject to fraudulent access.
- Marketing our Services: We use your information as necessary to pursue our legitimate interests in marketing our Services. For example, where permitted by digital marketing law we may contact you by email to let you know of future events you might be interested in.
- Providing, improving and developing the Services: We use your information as necessary to pursue our legitimate interests in tailoring and improving our Services. For example, if you are a client, we may send you a survey or questionnaire to understand your experience in obtaining legal services from Seamus Maguire & Co.
10. Sharing Your Information
In the course of providing the Services, we share information with various third parties, including service providers, clients, mediators, arbitrators, translators, couriers, barristers, other solicitors and law firms, independent experts, witnesses, insurance companies doctors, actuaries, summons servers, private investigators, government departments, regulators, and statutory and public bodies.
We do this based upon the legal bases and exceptions mentioned in section 8 of this Notice.
- Experts, advisors, lawyers and others connected to the provision of legal services: We share your information with a variety of third parties so we can provide legal services to our clients. This may include sharing your information with clients, other solicitors and law firms, barristers, insurance companies, experts, doctors, actuaries, witnesses, mediators, summons servers and private investigators, including recipients located outside of the EEA.
- Courts, regulators and statutory bodies: We share your information with Courts, regulatory, public and statutory bodies for a variety of reasons, including where necessary to provide legal services to our clients and where required in order to comply with a legal or regulatory obligation.
- Legal and safety reasons: We may retain, preserve, or share your information if we have a good-faith belief that it is reasonably necessary to (a) respond, based on applicable law, to a legal request (e.g., a subpoena, search warrant, court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce our Terms of Engagement or any other contracts we have with you; (e) prevent physical injury or other harm to any person or entity, including you and members of the public.
- Service providers: We may share your personal information to help us provide our services and communicate with you. Categories of service providers include IT software and hosting providers and records-storage companies. Where such third parties are processors, these third parties are contractually required to use it only to provide their service to us and are contractually barred from using it for their own purposes.
- Business re-organisation: In instances where our business is subject to a re-organization, such as a merger or acquisition of some or all of its assets, we may, in accordance with our legitimate interests, need to share information in the course of the transaction. In such circumstances, your information may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status of MHC.
We may retain your information for as long as necessary in light of the purposes set out in this Notice, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for Seamus Maguire & Co to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled. We take account of guidance issued by the Law Society of Ireland in determining how long to store client files. We also have certain legal obligations to retain certain information for specific periods such as AML information. We retain CCTV footage for 30 days, unless there is a reason to keep it for longer in a specific case.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We also consider regulatory and Law Society guidance, as appropriate.
12. Your Rights
You have a number of rights in relation to your information that we process. To exercise these rights, please contact us at firstname.lastname@example.org and /or check out the Rights of Individuals under the General Data Protection Regulation http://gdprandyou.ie/wp-content/uploads/2018/04/Rights-of-Individuals-under-the-General-Data-Protection-RegulationAmendedApril-1.pdf
While some of these rights apply generally, certain rights apply only in specific circumstances. We describe these rights below.
- Access: You have the right to request access to your information that we control.
- Data Portability: You have the right to request that some of your personal information that you initially provided to us is returned to you or another controller in a commonly used machine readable format.
- Rectify, Restrict and Delete: You have the right to ask us to restrict the processing of your information or to rectify or delete your information. Please note that despite a deletion request, we may continue to process your information if we have a legal basis to do so.
- Object: If we process your information based on our legitimate interests explained above, or in the public interest, you can object in certain circumstances. In such cases, where legally required to do so, will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
- Complain: You have the right to submit a complaint about our use of your information with your local supervisory authority or Seamus Maguire & Co, and the Irish Data Protection Commission
To contact the DPC’s Data Protection Officer in respect of the processing of your personal data by the DPC please email email@example.com.
These rights are subject to a number of exceptions under law. For instance, the Irish Data Protection Act 2018 provides that certain of your rights under the GDPR and Data Protection Act 2018 (such as the right of access and objection) may not apply:
- to personal data processed for the purpose of seeking, receiving or giving legal advice,
- to personal data in respect of which a claim of privilege could be made for the purpose of or in the course of legal proceedings, including personal data consisting of communications between a client and his or her legal advisers or between those advisers, or
- where the exercise of such rights or performance of such obligations would constitute a contempt of court.
13. Third Party Services
Our websites, domains and apps may contain links to other websites and services, which are managed and controlled by third parties. Please note that this Notice does not apply in those cases and we are not responsible for the privacy practices of such third parties.
14. Amending the Notice
From time to time, we may amend this Notice. This might happen, for example, where we make changes to the Services. If we make material changes to the Notice, we will take steps to notify you, such as by posting a notice on our website.