Here is a brief summary of our privacy statement. We encourage you to read it in full.
We are RACHEL O’TOOLE SOLICITORS. You can find us at Parliament Building, 1 Sullivan’s Quay, Cork Ireland. Our website is https://www.rachelotoole.ie/
“Personal Data” means data which identifies a person or could identify a person, such as their name, contact details and financial data. It applies to Personal Data that we process in connection with your relationship with us as a client, supplier, partner, investor, visitor to our website or prospective employee.
Every individual has a right to understand how their Personal Data is being used and to exercise control over it using data protection rights which are set out in the General Data Protection Regulation (“GDPR”). This Privacy Statement seeks to ensure that you know:
• what Personal Data we collect from you
• what we are doing with your Personal Data
• that we will only use your Personal Data for the purposes set out in our Privacy Statement
• your rights, and can exercise control over your Personal Data
We make the following commitments. We will:
• not send you marketing emails if you do not want to receive them
• always ensure that we only share your Personal Data with third parties where absolutely necessary and only after thorough third party due diligence
• ensure appropriate technical and organisational measure are in place to protect your Personal Data and keep it secure
You can access our full Privacy Statement here. In it we provide further information about what Personal Data we collect, what we use it for, why we collect your Personal Data and what our legal basis is, who we share it with and how long we retain it. We also provide detailed information about your rights in relation to your Personal Data. If you have further questions, please get in touch with us at info@rachelotoole.ie.
If you wish to make a complaint in relation to the use of your Personal Data, you may contact the Irish Data Protection Commission at info@dataprotection.ie.
You will be notified of any material changes to our Privacy Statement.
1. ABOUT US
Terms used to refer to the Firm include “we”, “us” and “our”
Firm: Rachel O’Toole Solicitors
Address: Parliament Building, 1 Sullivan’s Quay, Cork Ireland
Website: https://www.rachelotoole.ie/
Email: info@rachelotoole.ie
Phone: 021-4905500
Rachel O’Toole Solicitors is a Cork based litigation firm offering a comprehensive range of legal services. We specialise in Litigation & Dispute resolution, Employment Law, Criminal Defence and Family Law & Childcare. In order to provide our services we need to process Personal Data. We are committed to protecting the rights and privacy of individual in accordance with data protection legislation including the General Data Protection Regulation in Europe (the “GDPR”).
2. THE PURPOSE OF THIS PRIVACY NOTICE
This Privacy Statement sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be used by us. Please read this Privacy Statement carefully to understand our views and practices regarding the Personal Data we collect and how we will treat it.
3. WHO THIS APPLIES TO
This Privacy Statement provides specific information relating to the following data subjects who’s Personal Data we process:
(i) Clients of the Firm;
(ii) Individuals how are party to or connected with any claim made our client;
(iii) business contacts details including those of our partners, customers and suppliers and business prospects;
(iv) users/visitors of our Website; and
(v) those applying for jobs at the Firm.
Personal Data of employees of the Firm is dealt with in a separate internal privacy notice.
4. CATEGORIES OF PERSONAL DATA
We process the following categories of Personal Data:
Contact Data
This includes email address, phone number, postal address, billing address.
Financial Data
This includes payment related information or bank account details and financial data received as part of the legal services we provide
Identification Data
This includes name, marital status, title, data of birth, gender, job title and employer. It also includes background and verification data such as a copy of passports or utility bills as well as other information we require to comply with our obligations under anti-money laundering legislation.
Communications Data
If you interact with us we will record details of those interactions. For example, we will process details of phone calls, email correspondence and hard copy correspondence.
Marketing Data
This includes your preferences in receiving marketing from us and your communication preferences.
Recruitment Data
If we interact with you for the purposes of any job with the Firm we will collect recruitment related data such as identity data, CV data and application data as part of the recruitment process.
Web Data
When you interact with us online we will automatically collect data about your use of our services, including data on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. This information is collected at an aggregate level and your identity data is not stored as part of this technical data.
Special Categories of Personal Data
When we provide our services we may process special categories of Personal Data including Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
5. OUR LEGAL BASIS
All processing of Personal Data must be lawful. Processing will only be lawful if we have a legal basis for processing.
We have set out here the legal basis we use to process Personal Data:
• Contract – we will process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract (e.g. our client services agreement);
• Consent – you have provided clear consent to us processing your Personal Data for a particular purpose.
• Legitimate Interest – At times we will need to process your Personal Data to pursue our legitimate business interests, for example for administrative purposes, to collect debts owing to us, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights. We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests and rights outweigh our legitimate interests. If do not want us to process your Personal Data on the basis of our legitimate interests, contact us at info@rachelotoole.ie and we will review our processing activities.
• Legal Obligation – we will need to process certain Personal Data in order to comply with any legal or regulatory obligations imposed on us, such as to comply with legal obligations connected with “know your customer” requirements under anti-money laundering laws, or under anti-money counter terrorist financing law;
• Legal Services – the processing is necessary for the establishment, exercise or defence of legal claims or for the purposes of providing legal advice or for the purposes of, or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings;
6. OUR PROCESSING ACTIVITIES
We use your Personal Data to provide you with our services and to assist us in the operation of our Firm. Under data protection law, we must ensure that the purpose of processing is clear.
We have set out below the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing.
We use your Personal Data to provide you with our services and to assist us in the operation of our Firm. Under data protection law, we must ensure that the purpose of processing is clear.
We have set out below the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing.
Purpose | Categories of Personal Data | Lawful Basis |
Registration of client and complete conflict checks | · Contact Data
· Communications Data · Identity Data · Financial Data |
· Contract
· Legal Obligation |
Managing payments and administration of the contract | · Contact Data
· Communications Data · Financial Data |
· Contract
· Legitimate Interests |
Provision of Legal Services including:
· defence and litigation of legal claims · settlement and negotiation of claims · drafting agreements, advice and opinions · management and administration of legal claims
|
· Contact Data
· Communications Data · Identity Data · Financial Data · Special Categories of Personal Data |
· Contract
· Legitimate Interests · Legal Obligation · Legal Services · Consent
|
Recruiting staff to the Firm including:
· to contact you in connection with any job position we may have open; and · to check your suitability for the role · to fulfil the recruitment needs of the business.
|
· Recruitment Data
· Contact Data |
· Legitimate Interests
· Consent |
To deliver our website including:
· to promote our products and services; and · to administer the Website · to ensure the safety and security of our website and our services. |
· Web Data | · Legitimate Interests
· Consent |
Marketing and promotion of our business including:
· to send newsletters and other information that may be of interest · to contact you as part of our business relationship or for lead generation and general administration · to inform you of events or webinars that might be of interest
|
· Contact Data
· Communications Data · Identity Data |
· Legitimate Interests
· Consent |
Administration of our relationship including:
· to manage/respond to a complaint/appeal · to notify you of updates to this Privacy Statement;
|
· Contact Data
· Communications Data · Identity Data |
· Legitimate Interests |
7. SOURCES OF PERSONAL DATA
We may obtain personal data from you directly, from a third party, from our website or from publicly available sources.
You may provide your personal data to us when you:
• make an enquiry or seek information about our legal services;
• give us information necessary for a specific client service that we are performing for you; for example, in the context of our background checks;
• meet with us at an event or a meeting;
• participate in our seminars and similar events;
• participate in our marketing, recruitment or other promotional events; or
• market or provide your services to us.
A third party may provide your personal data to us, when we:
• provide our services;
• conduct background checks, including “know your customer” checks; or
• are recruiting and you have provided your personal data to a recruitment agency for the purpose of sharing it with us.
We process certain personal data from information that is publicly available on the internet or other directories and registers.
In addition our servers, logs and other technologies automatically collect certain information to help us administer, protect and improve our services, analyse usage and improve user experiences.
8. DISCLOSURE OF PERSONAL DATA
In certain circumstances, we may disclose Personal Data to third parties as follows:
● business partners and sub-contractors including, payment processors, data aggregators and hosting service providers;
● our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes;
● analytics and search engine providers that assist us in the improvement and optimisation of the Website. This consists of aggregated anonymous information only and relates to the web pages visited on the Website and not the information included on those web pages;
● if we or substantially all of our Firm is merged with another Firm or acquired by a third party, in which case Personal Data held by us will be one of the transferred assets;
● if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply the terms of any agreement;
● to protect our rights, property, or safety, or that of you or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection;
● as required by law, in order to respond to a court order or request from law enforcement or other public authority and in order to meet national security or law enforcement requirements. We will disclose your Personal Data if this is necessary to:
o comply with a legal obligation;
o protect or defend our rights, interests or property or that of a third party;
o prevent or investigate possible wrongdoing in connection with our services;
o act in urgent circumstances to protect the personal safety of one or more individuals; and
o to protect against legal liability.
When we engage another organisation to perform services for us, we may provide them with information including Personal Data, in connection with their performance of those functions. We do not allow third parties to use Personal Data except for the purpose of providing these services.
9. SECURITY MEASURES
We will take all steps reasonably necessary to ensure that Personal Data is treated securely in accordance with this Privacy Statement and the relevant law including the GDPR.
In particular, we have put in place appropriate physical, technical, and organisational procedures to safeguard and secure the Personal Data we process.
10. TRANSFERS OUTSIDE THE EEA
We will only transfer Personal Data outside the EEA if necessary and with appropriate safeguards in place.
Personal Data collected or received in the European Economic Area will only be transferred outside the area using legally approved transfer mechanisms such as the Standard Contractual Clauses or the Privacy Shield in the case of transfers to the USA.
11. COOKIES
Cookies help us improve the products and services that we offer you. Cookies are optional and you do not have to accept them. Further information on cookies can be found here
You can adjust your browser settings to decline cookies or alert you when a website is attempting to places a cookie on your computer. Generally, your browser will offer you the choice to accept, refuse or delete cookies at all times, or those from providers that website owners use (“third party cookies”), or those from specific websites.
Further information on the cookies we use are set out below:
Cookie | Cookie Name | Description |
---|---|---|
Universal Analytics (Google) | _ga _gid _gat |
These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited. |
12. THIRD PARTY WEBSITES
Our Website may contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy settings and these are not endorsed by us. We do not accept any responsibility or liability for these third party websites. Please undertake the appropriate due diligence before submitting any Personal Data to these websites.
13. RIGHTS UNDER THE GDPR
You can ask for access to the information we hold on you
You have the right to ask for all the information we have about you . When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.
We will provide the first copy of your Personal Data free of charge but we may charge you a reasonable fee for any additional copies.
We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.
You can ask to change information you think is inaccurate
You should let us know if you disagree with something included in your Personal Data.
We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
You can ask to delete information (right to be forgotten)
In some circumstances you can ask for your Personal Data to be deleted, for example, where:
● your Personal Data is no longer needed for the reason that it was collected in the first place
● you have removed your consent for us to use your information (where there is no other lawful basis for us to use it)
● there is no lawful basis for the use of your information
● deleting the information is a legal requirement
Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.
Please note that we can’t delete your information where:
● we are required to have it by law
● it is used for freedom of expression
● it is used for public health purposes
● it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing
● it is necessary for legal claims.
You can ask us to limit what we use your Personal Data for
You have the right to ask us to restrict what we use your Personal Data for where:
● you have identified inaccurate information, and have told us of it
● where we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether
When Personal Data is restricted it can’t be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it’s for important public interests.
You can ask to have your Personal Data moved to another provider (data portability)
You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
This right only applies if we’re using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.
You can make a complaint
You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.
14. RETENTION
We only keep your Personal Data as long as it is necessary for the purposes of processing it or to comply with legal or regulatory requirements.
In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate business interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.
Our retention policy is as follows:
Processing Activity | Retention Period |
Registration of client and complete conflict checks | · AML – 5 years
· Other information 6 years. |
Managing payments and administration of the contract | · 7 years |
Provision of Legal Services | · 7 years and 6 months
· Wills and Probate – indefinitely |
Recruiting staff to the Firm | · 12 months for unsuccessful candidates |
Delivering our website | · 12 months or less |
Marketing and promotion of our business | · 12 months in the case where no meaningful engagement or earlier in the case you unsubscribe |
In certain cases we may retain Personal Data for longer than specified here if required under relevant laws.
15. AMENDMENTS TO THIS PRIVACY NOTICE
We will post any changes on the Website and when doing so will change the effective date at the top of this Privacy Statement. Please make sure to check the date when you use our services to see if there have been any changes since you last used those services. If you are not happy with any changes that we have made you should cease using our services.
In some cases we may provide you with additional notice of changes to this Privacy Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.
16. OUR CONTACT INFORMATION
Please contact us if you have any questions about this Privacy Statement or Personal Data we hold about you:
● by email at: info@rachelotoole.ie
● or write to us at:
The Compliance Officer, Parliament Building, 1 Sullivan’s Quay, Cork Ireland
17. SUPERVISORY AUTHORITY
The Supervisory Authority in Ireland may be contacted at info@dataprotection.ie if you have any concerns or questions about the processing of your Personal Data.