Data Protection Policy and Privacy Policy

Data Protection Policy

Our website address is: https://www.munronoble.com

How Does Munro & Noble Process Data

1. Introduction

1.1 Munro & Noble, (the Firm), is a law firm and provides legal advice and assistance to its clients. It is regulated by the Law Society of Scotland.

1.2 The personal data that the Firm processes to provide these services relates to its clients and other individuals as necessary, including staff and suppliers’ staff.

1.3 European Directive 95/46/EC, General Data Protection Regulations, (“GDPR”), effective from 25 May 2018 states: ‘The protection of natural persons in relation to the processing of personal data is a fundamental right’.

1.4 The Firm is committed to protecting your personal information and other data provided to the Firm via letter, electronic format or verbally and whether recorded electronically or on hard copy, or via this site (“Website”). Please read this Data Protection Policy, both General and Website sections carefully as it contains important information regarding data provided to the Firm about you and/or your matter.

2. Scope

2.1 This policy applies to all personal data processed by the Firm and is part of Firm’s approach to compliance with data protection law. All Munro & Noble staff are expected to comply with this policy and failure to comply may lead to disciplinary action for misconduct, including dismissal.

3. Data Protection Principles

Munro & Noble complies with the data protection principles set out below. When processing personal data, it ensures that:

3.1 It is processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’).

3.2 It is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’).

3.3 It is all adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).

3.4 It is all accurate and, where necessary, kept up to date and that reasonable steps will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are
processed, are erased or rectified without undue delay (‘accuracy’).

3.5 It is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’).

3.6 It is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or
damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

4. On What Legal Basis Will My Data be Processed?

4.1 Within GDPR, there are six legitimate and lawful reasons for the processing of personal data.

4.2 These are: with consent; under contract; further to a legal obligation; to protect vital interests; in the public interest or in the legitimate interest of the data controller.

4.3 For all client matters, where you as the client instruct us to act on your behalf, you will be entering into a contract governed by the Firm’s Terms of Business. The Firm’s Terms of Business is updated regularly with the latest version posted onto the Firm’s Website. Accordingly, the principal legal basis on which the Firm will process your data is under contract.

4.4 The Firm also has a legal obligation to process and retain certain data in relation to legislation such as Anti-Money laundering, the Proceeds of Crime and financial accounting, (this list is not exhaustive).

4.5 Where the Firm is appointed by a Public Body, such as a Court, data will be processed in the public interest and /or to protect vital interests.

4.6 As an individual you have the right to ‘portability’. If requested by signed mandate the Firm will facilitate any request from a data subject who wishes to exercise their rights under data protection law as appropriate, always communicating in a concise, transparent, intelligible and easily accessible form and without undue delay, (see Section 8: Data Subject Rights).

4.7 Newsletters, (see Section 5)

5. Newsletters

5.1 From time to time the Firm will issue an electronic Newsletter. In compliance with GDPR, the Firm will require your explicit consent to send this to you.

5.2 If you opt-in the Firm will send you the Newsletter. This consent can be withdrawn at any time by ‘Unsubscribing’ to the Newsletter, or by contacting the Data Compliance Manager at
legal@munronoble.com and enter ‘Unsubscribe from Newsletter’ in the subject line.

5.3 If you withdraw your consent to receiving an electronic Newsletter, we will erase your data from all databases relating specifically to the Newsletter, (see 8.5).

6. Data Retention Periods

6.1 Client Matters: From completion of your matter, the Firm will retain your data, both hard copy file and your electronic file, (where applicable), in accordance with the Document Destruction dates as recommended by the Law Society of Scotland, or if different by other statue law.

6.2 Financial Matters: Financial information will be retained for the remainder of the financial year following completion of a matter and for a further six financial years, unless longer in terms of 6.1.

7. Sharing of Information with Third Parties

7.1 The Firm will not disclose your personal information to third parties other than as described in the Website Privacy Statement noted below, or unless the Firm is legally required to do so.

7.2 The Firm reserves the right to access and disclose personal data or information to comply with applicable laws and lawful government requests.

8. Data Subject Rights

8.1 Munro & Noble has processes in place to ensure that it can facilitate any request made by an individual to exercise their rights under data protection law. All staff have received training and are
aware of the rights of data subjects. Staff can identify such a request and know who to send it to.

8.2 All requests will be considered without undue delay and within one month of receipt as far as possible.

8.3 Subject access: the right to request information about how personal data is being processed, including whether personal data is being processed and the right to be allowed access to that data and to be provided with a copy of that data along with the right to obtain the following information:

8.3.1 The purpose of the processing

8.3.2 the categories of personal data

8.3.3 The recipients to whom data has been disclosed or which will be disclosed, provided the Firm is authorised by law to give that information

8.3.4 The retention period

8.3.5 The right to lodge a complaint with the Information Commissioner’s Office

8.3.6 The source of the information if not collected direct from the subject, and

8.3.7 The existence of any automated decision making

8.4 Rectification: the right to allow a data subject to rectify inaccurate personal data concerning them.

8.5 Erasure: the right to have data erased and to have confirmation of erasure, but only where:

8.5.1 The data is no longer necessary in relation to the purpose for which it was collected,
or

8.5.2 Where consent is withdrawn, (see Section 5: Newsletter), or

8.5.3 Where there is no legal basis for the processing, or

8.5.4 There is a legal obligation to delete data

8.6 Restriction of processing: the right to ask for certain processing to be restricted in the following circumstances:

8.6.1 If the accuracy of the personal data is being contested, or

8.6.2 If our processing is unlawful but the data subject does not want it erased, or

8.6.3 If the data is no longer needed for the purpose of the processing but it is required by the data subject for the establishment, exercise or defence of legal claims, or

8.6.4 If the data subject has objected to the processing, pending verification of that objection

8.7 Data portability: the right to receive a copy of personal data which has been provided by the data subject and which is processed by automated means in a format which will allow the individual to transfer the data to another data controller. This will only apply if the Firm was processing the data using consent or on the basis of a contract.

8.8 Object to processing: the right to object to the processing of personal data relying on the legitimate interests processing condition unless the Firm can demonstrate compelling legitimate
grounds for the processing which override the interests of the data subject or for the establishment, exercise or defence of legal claims.

9. Special category personal data

9.1 This includes the following personal data revealing:

9.1.1 Racial or ethnic origin

9.1.2 Political opinions

9.1.3 Religious or philosophical beliefs

9.1.4 Trade union membership

9.1.5 The processing of genetic data, biometric data for the purpose of uniquely identifying a natural person

9.1.6 An individual’s health

9.1.7 A natural person’s sex life or sexual orientation

9.1.8 Criminal convictions or offences

9.2 The Firm processes special category data of clients and third parties as is necessary to provide legal services for the establishment, exercise or defence of legal claims.

9.3 The Firm processes special category data of employees as is necessary to comply with employment and social security law. This policy sets out the safeguards we believe are appropriate to ensure that we comply with the data protection principles set out above. Munro & Noble also has a data retention policy which sets out how long special category data will be held onto.

10. Responsibility for the Processing of Personal Data / Right to Lodge a Complaint

10.1 The partners of Munro & Noble take ultimate responsibility for data protection.

10.2 If you have any queries or problems with regard to this Privacy Policy or the uses to which the Firm puts your information, please contact the Data Compliance Manager by:

10.2.1 Email at: legal@munronoble.com

10.2.2 Telephone 01463 221727.

10.2.3 Post to: Munro & Noble, 26 Church Street, Inverness IV1 1HX.

11. Monitoring and Review / Changes to Privacy Policy

11.1 The Firm reserves the right to add to or change the terms of this Privacy Policy in its sole discretion, without prior notice to you. If The Firm changes this Privacy Policy, the Firm will post the
new Privacy Policy on the Website, and it will become effective from the time of posting to the Website. Please visit this Privacy Policy on a regular basis to make sure you have read the latest version and you understand what the Firm does with your information.

11.2 This policy was last updated on 8 May 2018 and the intention is that it shall be regularly monitored and reviewed, at least every two years.

Website Privacy Policy

1. This Website’s Privacy Policy

1.1 Munro & Noble, (the ‘Firm’) is committed to protecting your personal information and other data provided to the Firm via this site (“Website”). Please read this Privacy Policy carefully as it contains important information about the use of any information you provide to the Firm via this Website. This Privacy Policy explains what information the Firm collects about you, and how the Firm collects and uses your information, including setting out the circumstances where the Firm could provide it to third parties. We respect your privacy and will not pass on your details to any third party unless required to do so by law, or with your express written permission.

1.2 You should also read the separate User Terms that are applicable to this Website. To view the User Terms click on the link noted within the Cookie statement.

1.3 Because of the nature of the Firm’s business, Munro & Noble’s services are not designed to appeal to, or be applicable to persons under the age of 16. Therefore, the Firm does not knowingly attempt to solicit or receive any information from minors.

2. What information does the Firm collect and what does it do with it

2.1 To take advantage of some of the services offered via this Website you may be required to interact with the Website. The Firm and any third parties who hosts or maintains this Website may need to collect information about you and your computer to enable you to do so. This will include your Internet Protocol (IP) address. The information will be collected when you choose to use one of the services available via the Website. See Website Usage and Cookies.

2.2 The Firm may use the information which it collects to personalise your experience on the Website, to help you to log-in in future, to continue to use the Website, and to help the Firm select services or materials for inclusion on the Website. By inputting your details within the ‘Send a Message’ or ‘Book a Free Appraisal’ section of the website, you give your express consent for the Firm to contact you by letter, telephone or e-mail. To exercise your right to “opt out” of this service you should contact the Compliance Office to have your name removed.

2.3 The Firm or third parties hosting servers on Firm’s behalf may also monitor traffic patterns and usage of the Website to help it to improve the Website design and layout.

2.4 Please note that the Firm is not responsible for what any third party content provider or other third party offering goods and services via Websites linked to this Website may propose to do with information about you. So please ensure you read their terms and conditions carefully.

3. Your Consent in Using this Website

3.1 You acknowledge and agree that:

3.1.1 in the course of using this Website and any services offered via this Website, certain information about you will be captured electronically (including sensitive personal data where
required, but this will be subject to you giving your explicit consent in such cases) or otherwise and transmitted to the Firm or and, potentially, to any third parties as set out above, or to
third parties who host the Firm’s web servers or assist the Firm in maintaining this Website.

3.1.2 the Firm will not send your information outside of the European Economic Area for processing or use in accordance with this Privacy Policy.

3.2 By using this Website, you expressly agree to the collection and use of your information for the purposes set out in this Privacy Policy.

4. What are ‘Cookies’ and how do we use them?

4.1 A cookie is a piece of information that is stored on your computer’s hard drive by your Web browser. On visiting the Website, your computer server will use the cookie to guarantee a secure
connection. Most browsers accept cookies automatically, but usually you can alter the settings of your browser to prevent automatic acceptance. If you choose not to receive cookies, you may not be able to use certain features of this Website.

4.2 The Firm may conduct analyses of user traffic. These analyses will be performed through the use of IP addresses and cookies which are required to ensure a secure server connection. The Firm does not use cookies to store any personal data or browsing habits.

4.3 Third parties such as advertising agencies and content providers may use cookies on this Website to collect personal information about you. The Firm recommends that you read the privacy statement of any third party before using their Website. The Firm is not responsible for the use of such cookies or any other ways in which your personal data may be collected or used by such third parties.

5. Website General

This Website contains links to other Websites. Please be aware that The Firm cannot be held responsible for the privacy policies of such other sites. The Firm encourages its users to be aware when they leave the Website and to read the privacy statements of each and every Website that collects personally identifiable information. This privacy statement applies solely to information collected by this Website.