Data protection principles
- used lawfully, fairly and in a transparent way;
- collected only for valid purposes that we have clearly explained to you, and not used in any way that is incompatible with those purposes;
- relevant to the purposes we have told you about and limited only to those purposes;
- accurate and kept up to date;
- kept only as long as necessary for the purposes we have told you about; and
- kept securely.
Information we collect and use
- personal contact details such as name, title, address, telephone number, email address, job title and name of employer;
- information relating to the matter in respect of which you are seeking our legal advice or in which you are involved;
- information to enable us to carry legal and regulatory checks, such as anti money laundering checks;
- business information necessary for our business relationship with you, including financial, banking and payment details;
- information collected from publicly available sources such as Companies House, Registers of Scotland, the Land Registry, Linkedin and professional directories as well as from credit agencies;
- information in respect of any relevant investigations or proceedings;
- information provided by you for the purpose of attending meetings and events, including records of your attendance at our offices held for security purposes;
- when you subscribe on our website, information on your preferences; and
- where you or your organisation is a supplier to Burness Paull, contact and other information relative to those services.
- information such as dietary, disability or similar requirements relevant to your attendance at meetings and events; and
- information about criminal convictions and offences where it is appropriate to do so and permitted by law.
How is your personal information collected?
- during the provision of legal services to you or where you are involved in a legal matter;
- during our business relationship with you;
- when you sign up for information via our website; and
- when you attend meetings and events at our offices or hosted by us.
How we use your personal data
- to provide you with the legal advice and services you require;
- to manage the legal matter in which you may be involved;
- to manage our business relationship with you, including keeping business records about services, payments and business contacts and ensuring our records are kept up to date;
- to comply with our professional, legal and regulatory obligations as a law firm;
- to send emails, newsletters and other messages to keep you informed of legal developments, market insights and of our services, where you have opted to receive these from us;
- to invite you to events;
- to seek your feedback, to help us improve our services and relationship with you and to address any concerns which may arise;
- to monitor the use of our website and our other technology services for malware and other security threats and also to ensure that they are being used appropriately and are not being targeted for unauthorised access or usage; and
- to provide security to our offices and other premises and ensure our compliance with health and safety requirements.
The basis on which we use your personal data
- the performance of our contract with you;
- it is necessary to comply with our legal or regulatory obligations;
- it is necessary to deal with legal claims;
- where you have given consent for us to do so; or
- processing is necessary for our legitimate business or commercial interests or those of a third party, provided that these interests do not override your own personal interests and rights
- you have given your express consent for the particular processing;
- it is necessary to protect your vital interests or those of another person:
- it is necessary to deal with legal claims, for example, involving court proceedings; or
- it is necessary for substantial public interest, for example to prevent or detect unlawful acts;
Our legitimate interests
- providing legal services;
- managing and developing our business relationship with you and your organisation, including understanding our client demands, responding to requests and feedback and improving our services and offerings:
- understanding how our clients and contacts use our services and website;
- for credit control purposes and to enforce our terms of engagement and contracts;
- ensuring our systems and premises are safe and secure;
- managing our supply chain;
- developing relationships with business partners and contacts; and
- sharing data in connection with any acquisition or disposal of our business.
With whom do we share your data?
- our subsidiaries, as required in order to provide you with the legal services you require;
- other professional advisors instructed on your behalf, or in respect of the legal matter in which you may be involved, including solicitors, accountants, law accountants, tax advisors, experts, insolvency practitioners, arbitrators, adjudicators and mediators, local agent solicitors, foreign law firms and barristers (https://www.barcouncil.org.uk) and advocates (http://www.advocates.org.uk/);
- third parties where necessary in respect of the legal services being provided to you, including your lender, Companies House, Registers of Scotland, the Land Registry and Sheriff Officers;
- our clients, where you are providing information in respect of a client matter;
- our suppliers who provide us with their services, including IT and communication suppliers, screening service providers, outsourced business support, marketing and advertising agencies;
- law enforcement bodies, the courts, our regulators and other competent authorities in accordance with legal or regulatory requirements or good practice;
- our insurers, brokers, external auditors, banks and other third parties who provide services to us;
- third parties involved in the hosting or arranging of events to which you have been invited; and
- third parties in the context of the acquisition or transfer of any part of our business or a business reorganisation.
To deliver services to our clients, it is sometimes necessary for us to share your personal data outside the EEA e.g:
- Where we instruct foreign lawyers in connection with the services we are providing to clients;
- Where your, or our, service providers are located outside the EEA;
- If you are based outside the EEA.
Transfers outside the EEA are subject to special rules under European and UK data protection law.
We will, however, implement appropriate safeguards to ensure the transfer complies with European and UK data protection law and all personal data will be secure.
Personal data about others
If you fail to provide personal information
Your rights of access, correction, erasure, and restriction
- request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
- request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing;
- object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;
- withdraw your consent to processing, where we are processing on this basis of your prior consent;
- request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it; and
- request the transfer of your personal information to another party.