Purpose of policy
This policy describes how Morisons LLP collect and process your personal data in the provision of services to Morisons LLP’s clients (“our clients”).
We understand that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of our clients and will only collect and use personal data in ways that are described here and in a way that is consistent with our obligations under the law.
We may change the terms of this policy from time to time. This version is dated May 2018.
Information about us
Morisons LLP is a limited liability partnership incorporated in Scotland (SO300995) and has its registered office at 1 Exchange Crescent, Conference Square, Edinburgh, EH3 8AN (Morisons).
Morisons is the legal entity which is the data controller collecting and processing the personal data provided by clients in connection with the provision of our services.
We are regulated by the Law Society of Scotland.
Data Protection Lead
The data we collect
Personal Data is defined by the General Data Protection Regulation ((EU Regulation 2016/679)) (GDPR) as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.”
We may collect, use, store and transfer different kinds of personal data about you as follows:
Identity Data includes, in relation to you or a family member, first name, maiden name, last name, username or similar identifier; marital status; title; date of birth; gender; data contained on a passport, photocard driving licence or other identity card; and data contained in photographs, videos and CCTV images.
Contact Data includes home address and billing address (if different), email address and telephone numbers.
Financial Data includes income, personal expenditure, charitable donations, taxation and other financial-related details; investments and other financial interests; bank account details; and pension details.
Transaction Data includes details about payments to and from you.
Marketing and Communications Data includes your preferences in receiving marketing material from us and your communication preferences.
We may collect special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). We may also collect information about criminal convictions and offences.
How is your Personal Data collected?
You may give us your Identity, Contact and Financial Data by filling in forms on our website (www.morisonsllp.com) or by corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you:
- engage us to provide services;
- request marketing material to be sent to you; and
- provide us with feedback.
Other data controllers may also provide your Personal Data to us.
How we use your Personal Data
We will only use your Personal Data where the law allows us to, including in the following circumstances:
- To provide and improve our services to you and our clients.
- To fulfil our legal and regulatory obligations.
- To manage our relationship with you and our clients.
- To market our services.
- For the purposes of recruitment.
- For other legitimate business purposes.
Change of purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how processing for the new purpose is compatible with the original purpose, please contact our Data Protection Lead at:
Please note that we may process your Personal Data without your knowledge or consent where this is required or permitted by law.
Your legal rights
We assume responsibility for keeping an accurate record of Personal Data once you have submitted the information. Please inform us of any changes to your information.
You are entitled to:
- Request access to your Personal Data.
- Request the correction or erasure of your Personal Data.
- Object to the processing of your Personal Data.
- Request a restriction of processing of your Personal Data.
- Request the transfer of your Personal Data to you or to a third party.
- Withdraw consent at any time, where we are relying on consent to process your Personal Data.
We may need to request specific information from you to help us to confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Disclosure of your Personal Data
We do not sell, distribute or otherwise make personal data commercially available to any party, except as described in this policy or with your prior permission.
We may have to share your Personal Data with:
- Our auditors, insurers or a competent governmental or regulatory body.
- Third party service providers.
Protection of your Personal Data
We take the security of the Personal Data we hold seriously. Policies and procedures are in place to safeguard it from loss, misuse and improper disclosure.
We also have procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.
How and where do we store your Personal Data?
We will only store or transfer your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the GDPR or to equivalent standards by law.
For how long will we use your Personal Data?
At the end of any client transaction or client litigation we will keep our files (except for any of your files which you ask to be returned to you) for no more than 10 years. We keep the file on the understanding that we have the authority to destroy them 10 years after the date of the final invoice we send for any client matter.
We shall not destroy documents you ask us to deposit in safe custody. We shall, however, pass on the relevant costs to you.
In respect of any or all other Personal Data, we will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory or reporting requirements. To determine the appropriate retention period for Personal Data, we consider:
- the amount, nature, and sensitivity of the data;
- the potential risk of harm from unauthorised use or disclosure of the data;
- the purposes for which we process the data; and
- the applicable legal requirements.
- If you have opted out of receiving future publications from us, your contact details will remain on our opt-out list to prevent you from receiving any further publications from us.
How can you access your Personal Data?
If you want to know what Personal Data We have about you, you can ask us for details of that Personal Data and for a copy of it (where any such Personal Data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown below.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your Personal Data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use standard cookies used by Google Analytics. They allow us to recognise and count the number of visitors and to see how visitors move around Our Site when they are using it. This helps us to improve the way Our Site works, for example, by ensuring that users find what they are looking for easily.
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of Our Site.
Third party websites and social media platforms
You may wish to participate in the various social media platforms hosted by us. However, we do not accept any responsibility for any personal information that you share on such platforms that is subsequently used, misused or otherwise appropriated by another user.
If you are concerned about an alleged breach of privacy law or any other regulation by us please contact our Data Protection Lead who will ensure that your complaint is investigated.
You also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.
How to contact us
To contact us about anything to do with your Personal Data and data protection, including to make a subject access request, please use following contact details:< Back