Privacy & Cookie Notice
This privacy & cookie notice (the “Notice”) describes how Albany Fraser Limited (“we”, “us”, “our”) collect, use and share the information you provide to us and the information we collect in the course of operating our business and our website www.albanyfraser.com. We may revise this Notice at any time by amending this page. We encourage you to visit this page from time to time to note any changes we make, as they will affect you.
Please take the time to read this Notice and, if you have any questions please email: enquiries@albanyfraser.com.
Who are we?
Albany Fraser Solicitors is a law firm regulated by the Law Society of Scotland. We are the controller of any personal data that you share with us or that third parties share with us to provide you with legal services, and our marketing materials, where requested.
What is personal data?
Personal data, or personal information, means any information about a living individual from which that person can be identified and which we have in our possession or under our control. It does not include data where the identity of an individual has been removed (i.e. anonymised data).
What personal data do we collect from you?
We may collect, use, store and transfer different kinds of personal data about you including:
Identity Data - title, first name, last name, the company you work for (where relevant), your job title or position, date of birth and other information to enable us to check and verify your identity.
Contact Data - billing address, residential and/or business address, email address and telephone numbers (business and/or personal).
Matter Data - details relating to the matter(s) you have instructed us on including personal data in communications and documents that we receiv;
Financial Data - bank and building society accounts; payment(s) made to us; credit reference checks; and other payment data to enable us to carry out fraud checks and verify source of funds.
Technical Data - internet protocol (IP) address, how you use our website, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
How do we collect personal data?
We will receive most of the personal data we collect from you or from the company you represent. This will include where you make an enquiry, seek an estimate of costs for legal work, sign up to our blog/newsletter, are provided with free initial advice or where we are acting for you as client. We may also receive personal data about you from third parties to enable us to better provide our legal services to our client or to you. These third parties may include other law firms, franchise consultants, banks, regulatory bodies, accountants or other professional advisors who may refer your matter to us. Where you are not a client we may collect or receive personal data about you because you are involved in a matter in relation to which which we are advising our client or have advised our client.
How do we use Cookies?
A cookie is a small text file which is placed onto your device (for example, your computer, smartphone or other electronic device) when you use our website. Our website is hosted by www.wix.com.
We may use cookies on our website to:
-
Recognise you whenever you visit our website (this speeds up your access to the website);
-
Obtain information about your preference and use of our website;
-
Carry out research and statistical analysis to help improve our content and services, and to help us better understand our users’ requirements; and
-
Make your online experience more efficient and enjoyable.
For further information on cookies generally visit: www.aboutcookies.org or www.allaboutcookies.org.
The cookies on our site fall into the following categories:
-
Session Cookies: these allow our website to link your actions during a particular browser session. These expire each time you close your browser and do not remain on your device afterwards; and
-
Persistent Cookies: these are stored on your device in between browser sessions. These allow your preferences or actions across our website to be remembered. These will remain on your device until they expire, or you delete them from your cache.
The following cookies are in use on our website:
-
hs - a Session Cookie used for security purposes;
-
XSRF-TOKEN - a Session Cookie used for security purposes;
-
svSession - a Persistent Cookie (Two years) which identifies unique visitors and tracks a visitor’s sessions on a site,
-
SSR-caching - a Session Cookie used for security purposes; and
-
TSxxxxxxxx (where x is replaced with a random series of numbers and letters) - a Session Cookie used for security purposes.
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of our website. For further information about cookies and how to disable them please go the Information Commissioner’s webpage on cookies: http://ico.org.uk/for-the-public/online/cookies/
How will we use your personal data?
We will use your personal data to:
-
Provide you with the legal services you have instructed us to provide or have enquired about;
-
Provide you with marketing materials about our various legal services;
-
Promote our business through advertising, marketing, promotional, and tender activities;
-
Engage with you in business development and networking opportunities;
-
Comply with the legal and regulatory obligations that we as solicitors must comply with;
-
To carry out money laundering checks, credit checks and for other fraud and crime prevention activities;
-
Investigate any concerns you have raised about our services;
-
To establish, exercise or defend our legal rights or for the purpose of legal proceedings;
-
Monitor use of our website so that we may better understand its use and inform our services;
-
Monitor the quality of our services;
-
To collect and review your feedback of our service provision; and
-
Review and process any enquiry you have made.
What is our lawful basis for using your personal data?
We must have a lawful basis for processing your personal data. This will vary depending on the circumstances of how and why we have your personal data. The following lawful bases will apply:
-
Where we are carrying out the necessary steps in relation to a contract to which you are a party or prior to you entering into a contract with us – usually because you wish to instruct us to carry out legal services for you. This may include where we process your personal data for the purposes of supplying you with our legal services and where we have instructed a third party to supply services related to the legal services to be provided to you (for example, another firm);
-
Where the activities are within our legitimate interests as a firm of solicitors seeking to engage with and provide services to prospective and current clients and their personnel.
-
Where you have provided your consent to us to process your personal data. This may include where you have given your consent in relation to certain marketing activities;
-
Where the processing is necessary for compliance with a legal obligation to which we are subject. This may include:
-
where we carry out checks to establish your identity under our anti-money laundering requirements including carrying out electronic/online ID checks;
-
where we process your personal data for the purposes of complying with our obligations under the Bribery Act 2010; or
-
to comply with the Law Society of Scotland rules.
-
-
Where the processing is in the vital interests of an individual.
How long do we keep your personal data?
We will in many circumstances retain the personal data that we collect. Where we do, the length of time we shall retain it for shall be determined by a number of factors, including the type of personal data, the purpose for which we use that personal data including our legal and regulatory obligations, which we must comply with when we collect and process personal data. We will also take into account the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data.
We will not retain personal data for longer than is necessary and shall retain personal data in accordance with our retention policies.
In some circumstances you can ask us to delete your personal data, please see the section headed 'Your rights in relation to your information'below.
Third parties with whom we may share your data
We may have to share your personal data with third parties. Such third parties may include:
-
Third parties relevant to the legal services that we provide. This may include, but is not limited to, counterparties (including their lawyers and clients) to transactions or litigation, other professional service providers such as lawyers, franchise consultants, accountants, counsel, barristers, arbiters, arbitrators, mediators, clerks, expert witnesses, witnesses, tax advisors or valuers, regulators, authorities, and governmental institutions;
-
We may also require to share your personal data with parties such as Companies House, lenders and HMRC and other tax authorities;
-
Professional indemnity or other relevant insurers, the Law Society of Scotland and the Scottish Legal Complaints Commission;
-
Third party agents/suppliers or contractors to allow us to run our business such as providers of identity verification services and software/telecoms providers.
Please note this list is non-exhaustive and there may be other examples where we need to share personal data with other parties in order to provide our legal services. Also, such third parties may not always be in the United Kingdom and or the European Economic Area.
How we protect your personal data
We have in place administrative, technical and physical measures designed to guard against and minimise the risk of loss, misuse or unauthorised processing or disclosure of the personal data that we hold.
Your rights in relation to your personal data
You may request access to your personal data (a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
You may request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
You may request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with a legal obligation. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
You may object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
You may request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the personal data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
You may withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You can exercise you rights by contacting us at enquiries@albanyfraser.com or 0141 354 1611 or by writing to us at Albany Fraser Limited, 272 Bath Street, Glasgow G2 4JR. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK Supervisory Authority for data protection issues (www.ico.gov.uk). We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Transferring your personal data outside the European Economic Area
In providing our legal services it may be necessary for us to share your personal data outside the European Economic Area (EEA). We will only do so where:
-
We need to share your details to instruct lawyers or other professionals in foreign jurisdictions;
-
Where you are based outwith the EEA and we are required to process your personal data;
-
Where your service providers are based outwith the EEA; and
-
Where our service providers are based outwith the EEA.
We use MailChimp, a US-based service provider to issue our marketing emails. MailChimp is registered under the EU-US Privacy Shield and their privacy policy can be accessed here.
Where we do share your personal data in the above situations we shall endeavor to ensure that appropriate safeguards are put in place to ensure that the transfer of your personal information complies with the current applicable data protection legislation.