Privacy Policy
MMW Privacy Policy
What is the purpose of this document?
MMW Legal Ltd (Company Number NI671181) whose registered office is at Eastleigh House , 396 Upper Newtownards Road , Belfast , BT4 3EY is committed to protecting the privacy and security of your personal information. We are what is known as a ‘data controller’.
This notice explains how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves and by others.
Note if you are providing us with information you must ensure you have the authority to disclose personal data and have provided the necessary information to the data subjects regarding its use; you may use relevant sections of this privacy notice or refer data subjects to this privacy statement if you consider it appropriate to do so.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes or where you provide us with an individual’s personal data you should ensure it is kept complete accurate and up to date.
Data protection manager
We are not obliged to have a data protection officer and accordingly have not appointed one. However, if you have any questions about this privacy notice or how we handle your personal information, please contact Abbie Long who is our point of contact for all data protection matters (abbie.long@mmwlegal.com) (“Data Protection Manager”). You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
If you have any questions about this privacy notice, please contact the Data Protection Manager (abbie.long@mmwlegal.com).
Changes to this privacy notice
We reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.
The kind of information we hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
There are “special categories” of more sensitive personal data which require a higher level of protection, such as information about a person’s health or sexual orientation.
The exact information we collect will depend on what we have been asked/contracted to do. Our policy is only to collect the personal data necessary for agreed purposes and we ask our clients only to share personal data where it is strictly needed for those purposes.
Where we need to process personal data to provide our services we ask those providing this to us to provide the necessary information to the relevant data subjects concerned regarding its use. We process many different categories of personal data given the broad range of services we provide, including, where appropriate:
- Contact details such as name, title, addresses, telephone numbers, and email addresses.
- Date of birth.
- Gender and nationality.
- Marital status, dependants and family details.
- National Insurance number.
- Bank/building society account details.
- Salary, pension and benefits information.
- Information to verify identity e.g. copy of driving licence or passport and a recent utility bill.
- Tax details (in particular tax reference code).
- Insurance details.
- Information to evidence source of funds.
- Photographs.
- CCTV footage and other information obtained through electronic means such as swipe card
- records.
- Where relevant, details relating to work, employment or education history and records.
We may also collect, store and use the following “special categories” of more sensitive personal information:
- Information about your race or ethnicity, religious beliefs, sexual orientation, disabilities and
- political opinions.
- Trade union membership.
- Information about your health, including any medical condition, health and sickness records
- and/or medical records.
- Information about criminal convictions and offences.
- Genetic information and biometric data.
How is your personal information collected?
We may obtain information about you from a number of sources:-
- Generally we collect personal data from our clients or from third parties acting on the instructions of the relevant client.
- Information may be passed to us by third parties in order that we can carry out legal work on behalf of our clients including:
- Banks or building societies or other financial organisations
- Current, past or prospective employers
- Educators and examining bodies
- Healthcare professionals, social and welfare organisations
- Trade associations and professional bodies
- Suppliers and service providers
- Ombudsmen and regulatory authorities
- Employment and recruitment agencies
- Debt collection and tracing agencies
- Credit reference agencies
- Panel providers who allocate legal work to law firms
- Organisations who have referred work to us
- Other professional services firms such as accountants, independent financial advisors, auditors, estate agents, insurance companies
- Third party organisations that otherwise assist us in providing goods, services or information
- Reports or records obtained from experts or medical practitioners
- HMRC
- Land Registry or Registry of Deeds
- Companies House
- Law Searchers
- Courts and tribunals
- Law enforcement, local council and departmental and non-departmental government bodies
- On websites non-identifiable information on you may be collected – see Cookies policy
- Other publically available sources
How we will use information about you
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where necessary to perform the contract we have entered into with you.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal information in the following situations, which are likely to be rare:
- Where we need to protect your interests (or someone else’s interests).
2. Where it is needed in the public interest or for official purposes.
Some examples of situations in which we will process your personal information are listed below:-
- Verifying your identity and to establish the funding of any transaction you have asked us to carry out on your behalf. In a limited number of cases, where funding is being provided by a third party (or family member) we may need to ask you to obtain information from them. Note that information provided for these purposes will be processed only for the purposes of preventing money laundering or terrorist financing, as otherwise permitted by law or where consent has been provided.
- Detection of fraud.
- Updating and enhancing client records.
- Keeping financial records of transactions and the transactions we make on our client’s behalf.
- Complying with any requirement of law, regulation or a professional body of which we are a member.
- Communicating with you during the matter and managing our relationship.
- Providing our client with advice or services, carrying out litigation, preparing documents , or completing transactions, on its or its organisation’s behalf.
- Seeking advice (or fee quotes) from third parties in connection with a matter.
- Providing professional services or fee quotes.
- Filing statutory returns.
- Responding to any complaint or allegation against us.
- Internal management and planning, which includes:
-
- Resource management;
- Planning;
- Keeping records of sources of work and new enquiries;
- Storage and archiving of files and documents
-
- Providing you with information about further legal work or services that could benefit you.
- Accounting and auditing.
- Quality and risk management activities.
- Developing and improving our businesses and services.
- Maintaining and using IT systems.
- Hosting events.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
Direct Marketing
We may contact you in relation to direct marketing, that is, we may provide you with information about our services, events, updates (including our newsletter) which we feel may interest you. We are relying on legitimate interests as a legal basis for processing your personal data in order to provide these, unless you are not a client, in which case we will rely on your consent. Whether or not you are a client, you have the right to withdraw your consent and/or to exclude yourself from such marketing at any time by emailing the Data Protection Manager (abbie.long@mmwlegal.com) or by clicking the unsubscribe link in the footer of the newsletter. Please note that if you decide that you don’t want to receive direct marketing any longer we may still be required to process your personal data for other purposes as set out in this notice.
If you fail to provide personal information
If you are our client, and we request information from you and you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying money to you), or we may be prevented from complying with our legal obligations.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How we use particularly sensitive personal information
“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We may process special categories of personal information in the following circumstances:
- In limited circumstances, with your explicit written consent.
- Where we need to carry out our legal obligations or exercise rights in connection with employment.
- Where it is needed in the public interest, such as for equal opportunities monitoring.
- Where it is needed in relation to legal claims.
- Where you have already made the information public.
- Where necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent.
Do we need your consent?
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise rights in the field of employment law, where it is in the public interest, needed in relation to legal claims, has already been made public, or is necessary to protect your interests. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
Information about criminal convictions
We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
Automated decision-making
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
Data sharing
Why might you share my personal information with third parties?
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you, to provide our services or to provide/obtain a fee quote, or where we have another legitimate interest in doing so.
Which third-party service providers process my personal information?
“Third parties” includes third-party service providers (including contractors and designated agents). The following are examples of third-party service providers we may use: IT services, Law searchers, storage companies, confidential waste disposal, legal counsel or non-legal experts including medical experts to obtain advice or assistance on a matter, auditors, professional advisors, those carrying out independent quality checks on our files including, the Law Society, the Home Charter Scheme, Lexcel and our accountants, translators, and ID verification providers, insurers (including title indemnity and underwriters).
How secure is my information with third-party service providers?
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
What about other third parties?
We may share your personal information with other third parties, for example in the context of the possible sale, merger or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes.
We may also need to share your personal information with a regulator or to otherwise comply with the law.
During the course of carrying out our work we are likely to need to disclose some information to parties outside our business but these disclosures are only made when required in connection with our work, providing/obtaining fee quotes, or otherwise to comply with the law. Examples might include providing information to:-
- HMRC (e.g. in connection with stamp duty land tax or stamp duty)
- Land Registry or Registry of Deeds (e.g. in connection with registration)
- Courts and tribunals
- Companies House
- Professional advisers (including solicitors) acting on the other side of a matter or representing others involved in a transaction
- Bank or building society or other lender providing finance
- Insurance company (including those funding a matter)
- Those carrying out independent quality checks on our files including, the Law Society, the Home Charter Scheme, Lexcel and our accountants.
- Solicitors representing our interests in the event of a claim against us by you
- Any disclosure required by law in particular in relation to the prevention of financial crime and terrorism
- Equality commission
- Current, past or prospective employers
- Educators and examining bodies
- Healthcare professionals, social and welfare organisations
- Trade associations and professional bodies
- Ombudsmen and regulatory authorities
- Employment and recruitment agencies
- Debt collection and tracing agencies
- Credit reference agencies
- Other professional services firms such as accountants, independent financial advisors, auditors, estate agents, insurance companies
- Law enforcement, local council and departmental and non-departmental government bodies
Transferring information outside the EU
In processing the data as set out above, we may transfer the personal information we collect about you outside the EU in order to perform our contract with our client. We will only do so in the following circumstances:-
- Where you have provided prior written consent.
- Where there is an adequacy decision by the European Commission in respect of the relevant country. This means that the country to which we transfer your data are deemed to provide an adequate level of protection for your personal information.
- Where the transfer is pursuant to a valid cross-border transfer mechanism so that we can ensure that appropriate safeguards are in place to ensure an adequate level of protection with respect to the privacy rights of individuals as required by Article 46 of the General Data Protection Regulation e.g. the European Commission approved standard contractual clauses.
- Where the transfer otherwise complies with the law.
Note however, that where we send personal data to others as set out above, they may access such data in other countries. If you or others access the data whilst outside the EU, your information may be transferred outside the EU. These countries may not have similar data protection laws to the UK and may not have adequate levels of protection or safeguards.
Data security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those agents, contractors and other third parties who have a need to know. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Data retention
How long will you use my information for?
We will retain your personal information for:-
- as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements,
- as long as necessary for the purpose of defending any potential complaints or claims against us
- in the case of trusts (or PI trusts), for the duration of the trust,
- wills, deeds and important papers (such as judgments, decrees etc) may be kept indefinitely, as may personal injury matters which involve lifetime awards
Rights of access, correction, erasure, and restriction
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information or personal information relating to others which you have provided to us changes.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Manager (abbie.long@mmwlegal.com) in writing.
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Manager (abbie.long@mmwlegal.com). Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Children
Our services are not aimed specifically at children as children are generally represented by parents or guardians. If you are a child and need further advice or explanation about how we would or do use your data please contact the Data Protection Manager (abbie.long@mmwlegal.com).
Applicable Law
Please note that this privacy notice is governed by the law of Northern Ireland and the Courts of Northern Ireland will have exclusive jurisdiction in relation to same.