
Privacy Notice
“Being transparent and providing accessible information to individuals about how you will use their personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR). The most common way to provide this information is in a Privacy Notice.”
Information Commissioner’s Office Website
This Privacy Notice applies to different people in different ways. Some of the information applies equally to all individuals. Other information will be more relevant to a specific category. Please use the following links to view the parts of the Privacy Notice that apply to your situation.
Contacts, Visitors and Service Providers
Third Parties in a legal transaction or Dispute
Employees and people who want to work for us
Who are we?
We are Macleod & MacCallum Limited, a law firm based at 28 Queensgate, Inverness IV1 1DJ. We are a data controller, which means we determine the purposes, conditions and means of the processing of personal data. You can contact us with any questions about this policy or to exercise any of your rights described in the policy by
- telephoning 01463 23 93 93 and asking to speak to the Data Protection Manager or
- emailing data@macandmac.co.uk or
- letter to Data Protection Manager, Macleod & MacCallum, 28 Queensgate, Inverness IV1 1DJ
What is personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. This Privacy Notice is intended to be read by Data Subjects who are interested to know how we will use their personal data. For convenience, we may refer to Data Subjects as “you”.
Children
There is another version of this Privacy Notice intended for Children. You can ask us for this by emailing data@macandmac.co.uk.
Sources of your data
Most of the time, if we have your personal data, it will have been collected directly from you. Sometimes, however, we are entitled to collect your personal data from other sources such as:
- Our clients, such as if our client is involved in a transaction, dispute or other matter with you
- People who are connected to you in some way, such as your family members, employers, representatives, professional advisers, colleagues or connections
- Details that are available publicly
Purposes of processing
The purpose(s) of processing will normally be agreed with you depending on the nature of our business with you. In most cases, the purpose will be one or more of:
- to produce, consider, prepare or revise documentation, including plans, records, deeds, written pleadings, contracts, agreements, statements, affidavits, correspondence, and other papers;
- to register, lodge and retrieve deeds or other documents;
- to conduct a court or other hearing, including carrying out written or oral advocacy;
- to prepare accounts of expenses, business accounts and other forms of account;
- to carry out diligence for our benefit and for the benefit of our clients;
- to trace persons and collate information about their financial means;
- to express opinion on matters within our fields of work or practice, including the preparation of reports, analyses, opinions and notes of advice;
- to produce and/or destroy digital or hard copy material, including stationery, marketing material, publicity material, news stories and informative literature
- to verify a person’s identity and carry out any due diligence or other checks, such as a credit report, or verification of academic or other qualifications that we reasonably consider necessary to enable us to carry out our work or progress any matter;
- to assess your needs in terms of gaining access to our buildings and services or to assess any risk involved in meeting with you (such as a health and safety risk arising from an epidemic, pandemic or other public health situation);
- to make and receive payments, to recover payment of fees and other debts or carry out transactions or calculations; and
- to monitor persons entering and leaving our premises and for the security of our staff, clients and other visitors to our premises
- to inform you about news, events and promotions.
We will sometimes appoint another person or business to carry out processing on our behalf. If we do so, we shall procure their agreement to adhere to the same or similar standards that we adhere to in relation to your personal data.
If we think you would benefit from financial advice, we will pass your details to our colleagues at Macleod & MacCallum Wealth Management Limited.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation, as to how the processing for any new purpose is considered compatible with the original purpose, please contact our data protection manager.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which we believe allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with this notice, where this is required or permitted by law.
Your rights
If the basis on which we are processing your personal data is that you have consented to us processing it, you have the right to withdraw your consent at any time.
You may have the following rights in respect of data about you that we hold:
- You may have the following rights in respect of data about you that we hold
- Request us to give you access to it;
- Request us to rectify it, update it, or erase it;
- Request us to restrict our using it, in certain circumstances;
- Object to our using it, in certain circumstances;
- The right to move your data to another service provider, in certain circumstances;
- Opt out from our using it for direct marketing; and
- Lodge a complaint with the Information Commissioner’s Office.
You are able to exercise these rights by contacting us using the details set out above however, if the dominant purpose of the personal data is that it forms part of a communication
- for use in actual, pending or reasonably contemplated litigation or
- between solicitor and client where the client seeks and the solicitor gives legal advice,
there may be no requirement for us to provide some or all of the information to you.
If you make a relevant access request we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under such circumstances.
We may also need to request specific information from you to help us confirm your identity and ensure your right to access data (or to exercise any of your other rights).
Prospective Clients
If you are not our client but have provided us with personal data to enable us to
- quote or estimate a fee for working for you and/or
- take a view on whether we are able to assist you
you may be entitled to benefit from Solicitor-Client confidentiality in relation to the information you have given, in addition to the rights and other information contained in this Privacy Notice.
It is up to you what information you give us but, generally, we will record the following information either directly from you or from someone whom we reasonably believe you have appointed to communicate with us:
- Your name, address, telephone number and email address
- The name, address, telephone number and email address of other parties involved in the transaction, dispute or matter that you wish to discuss with us
- Identification data, including photographic ID, such as your passport or driving license and identification proving your address, such as a bank statement or utility bill
- Information necessary for us to secure payment of fees, VAT and outlays that we may incur on your behalf
- Any details about the transaction, dispute or matter, which may include (depending on the type of case you are asking us about) financial information, data about racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health, data concerning sex life or sexual orientation or data relating to criminal convictions and offences.
If we confirm that we are able to act for you and you accept our terms of business, which will be communicated to you in a meeting or in writing (or both), those terms of business will supersede this section of our privacy notice. At this point, you will become a client.
If you do not become a client, we will hold on to your personal data for a short period after you have contacted us. This will normally be up to one year following the date on which we last discussed the matter with you. If you wish us to destroy your personal data sooner than that, please refer to the “your rights” section above. Sometimes we will retain your personal data in these circumstances for longer, if we have a legal obligation to do so or a legitimate interest in doing so.
Generally, we do not require your consent to use your personal data because processing it is necessary
- for us to take steps, at your request, prior to entering a contract with you
- for us to comply with a contract we have with you
- for us to comply with a legal obligation that we have
- for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity or
- for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child.
Your personal data will only be made available to
- our staff,
- the staff of a company within our group where we consider there is likely to be a benefit to you in supplying your personal data to that company
- a third party, where we consider that there is likely to be a benefit to you in supplying your personal data to that third party that is not overridden by your interests or fundamental rights and freedoms
We take our responsibilities to keep your personal data secure very seriously and have policies and procedures in place to ensure that it is not lost or disclosed in a way that is contrary to this policy. We would not, normally, transfer your personal data outside of the EU but if we required to do so for any reason we would ensure a similar level of security.
Contacts, Visitors and Service Providers
Even if you are not a client or have no contract with us, we may still process your personal data. If we do, the way we do so is set out in this privacy notice. If you are an employee or a job candidate who wants to work for us, please see the section headed “Employees and people who want to work for us” below. If you are a Client or a Prospective/New Client, please see the relevant section. If you are (or believe you are) a third party to a transaction or dispute with our Client, please see “Third Parties in a legal transaction or Dispute”.
Generally speaking, we would expect to process at least
- Your name, address, telephone number and email address to enable us to communicate with you
Depending on the nature of the work we are doing for or with you, we might also process your financial information, proof of your identification or data relating to criminal convictions and offences.
Generally, we do not require your consent to use your personal data because processing it is necessary
- for us to comply with a contract we have with you
- for us to take steps, at your request, prior to entering a contract with you
- for us to comply with a legal obligation that we have
- for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity or
- for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child.
Your personal data will only be made available to
- our staff,
- the staff of a company within our group where we consider there is likely to be a benefit to you in supplying your personal data to that company
- a third party, where we consider that there is likely to be a benefit to you in supplying your personal data to that third party that is not overridden by your interests or fundamental rights and freedoms
We store personal data according to good practice and to standards set by our regulators, the Law Society of Scotland, HMRC and any guidance that may be issued by the Information Commissioners Office. Once our relationship with you ends or the purposes for which we process your personal data have come to an end, we shall delete or destroy the personal data in accordance with those standards. If you wish us to destroy your personal data sooner than that, please refer to the “your rights” section above.
We take our responsibilities to keep your personal data secure very seriously and have policies and procedures in place to ensure that it is not lost or disclosed in a way that is contrary to this policy. We would not, normally, transfer your personal data outside of the EU but if we required to do so for any reason we would ensure a similar level of security.
Third Parties in a legal transaction or Dispute
We carry out legal work including buying and selling land and property, advising on legal rights and obligations and negotiating and litigating legal disputes. As a law firm providing a wide range of legal services, it is difficult to list all of the different purposes to which we put the different types of personal data that we could require to process. Generally speaking, we would expect to process at least
- Your name, address, telephone number and email address to enable us to communicate with you
Depending on the nature of the work we are doing, we might also process your personal data, including:
- financial information, data about racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health, data concerning sex life or sexual orientation or data relating to criminal convictions and offences.
Generally, we do not require your consent to use your personal data because it is necessary
- for us to comply with a legal obligation that we have
- for us to perform a task carried out in the public interest or in the exercise of official authority vested in us or in a member of our staff
- for us to carry out the obligations and exercise specific rights in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for your fundamental rights and interests
- for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity or
- for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child.
Your personal data will only be made available to
- our staff,
- the staff of a company within our group where we consider there is likely to be a benefit to you in supplying your personal data to that company,
- any third party whom our client has authorised us to contact.
We store personal data according to good practice and to standards set by our regulators, the Law Society of Scotland, HMRC and any guidance that may be issued by the Information Commissioners Office. Once our relationship with you ends or the purposes for which we process your personal data have come to an end, we shall delete or destroy the personal data in accordance with those standards. If you wish us to destroy your personal data sooner than that, please refer to the “your rights” section above.
We take our responsibilities to keep your personal data secure very seriously and have policies and procedures in place to ensure that it is not lost or disclosed in a way that is contrary to this policy. We would not, normally, transfer your personal data outside of the EU but if we required to do so for any reason we would ensure a similar level of security.
Clients
If you are a client or an officer or employee of a client, in addition to the rights and other information contained in this Privacy Notice, you will also have rights to Solicitor-Client confidentiality. You should refer to the Client Guide which we issue to all of our clients for more details about these rights.
It is up to you what information you give us but, generally, we will record the following information either directly from you or from someone whom we reasonably believe you have appointed to communicate with us:
- Your name, address, telephone number and email address
- The name, address, telephone number and email address of other parties involved in the transaction, dispute or matter that you wish to discuss with us
- Identification data, including photographic ID, such as your passport or driving license and identification proving your address, such as a bank statement or utility bill
- Information necessary for us to secure payment of fees, VAT and outlays that we may incur on your behalf
- Any details about the transaction, dispute or matter, which may include (depending on the type of case you are asking us about) financial information, data about racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health, data concerning sex life or sexual orientation or data relating to criminal convictions and offences.
Generally, we do not require your consent to use your personal data because processing it is necessary
- for us to comply with a contract we have with you
- for us to take steps, at your request, prior to entering a contract with you
- for us to comply with a legal obligation that we have
- for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
- for us to carry out the obligations and exercise specific rights in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for your fundamental rights and interests or
- for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child.
Your personal data will only be made available to
- our staff,
- the staff of a company within our group where we consider there is likely to be a benefit to you in supplying your personal data to that company,
- any third party whom you have authorised us to contact for this purpose.
We store personal data according to good practice and to standards set by our regulators, the Law Society of Scotland, HMRC and any guidance that may be issued by the Information Commissioners Office. Once our relationship with you ends or the purposes for which we process your personal data have come to an end, we shall delete or destroy the personal data in accordance with those standards. If you wish us to destroy your personal data sooner than that, please refer to the “your rights” section above.
We take our responsibilities to keep your personal data secure very seriously and have policies and procedures in place to ensure that it is not lost or disclosed in a way that is contrary to this policy. We would not, normally, transfer your personal data outside of the EU but if we required to do so for any reason we would ensure a similar level of security.
We contact our clients about news, events and promotions, unless you opt out. You will be able to opt out at any time by emailing us or contacting us in the usual way.
Employees and people who want to work for us
We have a separate Privacy Notice (called an Employee Fair Processing Notice) for our staff.
For people who want to work for us, we will ask you to submit your CV. It is up to you what information you put in your CV but, generally, we will record the following information either directly from you (or from a Recruitment Consultant you have appointed) or from your previous employers:
- Your name, address, telephone number and email address
- Your academic and professional qualifications
- Your employment history and earnings information
- Any information about disabilities relevant to the role you are applying for
- Information about your entitlement to work in the UK and about any criminal records check that we consider to be relevant to the role you are applying for
If you are offered a job and you become our employee, you will be given a copy of our Employee Fair Processing Notice, which supersedes this section of our privacy notice.
Generally, we do not require your consent to use your personal data because processing it is necessary
- for us to take steps, at your request, prior to entering a contract with you
- for us to comply with a legal obligation that we have
- for us to carry out the obligations and exercise specific rights in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for your fundamental rights and interests or
- for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child.
During the recruitment process, your personal data will only be made available to our Directors and senior administrative staff. If you are offered a job, we will only contact your referees if you have confirmed that you are happy for us to do so.
We will hold on to your personal data for a short period after the recruitment process has ended. This will be up to one year following the date of the job advertisement. If you wish us to destroy your personal data sooner than that, please refer to the “your rights” section above.
We take our responsibilities to keep your personal data secure very seriously and have policies and procedures in place to ensure that it is not lost or disclosed in a way that is contrary to this policy. We would not, normally, transfer your personal data outside of the EU but if we required to do so for any reason we would ensure a similar level of security.