Terms and Conditions
Thorntons Law LLP Privacy Notice
Thorntons Law LLP (“we”, “us, “our”) respects your privacy and are committed to protecting your personal data. This Privacy notice sets out the ways in which we collect, use and store your personal data. It also explains the legal rights you have in relation to your personal data.
About us
Thorntons Law LLP is a limited liability partnership, registered in Scotland (No. SO300381), whose registered office is Whitehall House, 33 Yeaman Shore, Dundee, DD1 4BJ.
You can contact us at the above address, addressing any request to the Data Protection Officer. You can also contact us by email at privacy@thorntons-law.co.uk
Our commitment to you
We process your personal data in accordance with the overarching principles and requirements set out in the UK General Data Protection Regulation and the Data Protection Act 2018 (‘Data Protection Law’). What this means is that Thorntons processes your data in a way that is:
- Lawful, fair and transparent;
- Compatible with the purposes that we have told you about;
- Adequate and necessary, we only use the data we need to use for the reason we told you;
- Accurate and up to date;
- Not excessive, we only keep your data for as long as we need it; and
- Secure and protected.
Why we process your personal data
We are a full service law firm and we need to process personal data for a number of reasons to deliver legal services. We are also an Estate Agency and you can access our Estate Agency privacy notice here. This privacy notice explains how we process your personal data if you are a client or prospective client of the firm, a professional contact, website and office visitors, or if you receive marketing materials from us. This privacy notice also applies if you are a non-client, whose personal data we capture in the course of our work, including but not limited to a client’s relative, the other side of the transaction, beneficiaries in executries, trustees, etc.
Ways we collect your personal data
There are a number of ways in which we may collect personal data about our clients, prospective clients, professional contacts, visitors and non-clients, these include:
- From you or your representatives directly where you contact us in writing, by e-mail, when you meet with our team in person or by video call, by telephone, contact us via our online portal, website or social media platforms. You may contact us to seek legal advice, to register to attend our events or subscribe to publications issued by us or to express an interest to work with us.
- For clients and non-clients, we may receive information about you from relatives, agents or third parties where you may be involved in a matter we are instructed in for example as a beneficiary, trustee, buyer, seller, debtor, defender, pursuer, witness, employee or employer.
- Organisations with whom we have a professional relationship may share your information with us when they refer you to us. These organisations may be other professional advisers such as solicitors, accountants, financial advisers, insurance companies, financial institutions.
- Your doctor or other health service providers.
- Online public sources or registers such as Companies House.
- Where you apply for a position with us, we may receive information about you from a recruitment agent, your current and/ or former employers and/ or referees. See our applicant privacy notice for more details.
- Providers of identity verification services and compliance services.
- CCTV operating in any of our office sites or buildings.
- The devices you use when you access our website and use our online chat service.
What personal data do we process?
|
Data Type
|
Information Collected
|
|
Client/Prospective Client Contact Personal Data
|
Name
Postal address
Email address (personal and/or business)
Phone Numbers
Occupation
Your relationship to other persons
|
|
Identity Verification Data
|
Date of birth
Photograph/Video
Passport Number
Driving Licence Number
Other identity evidence as required to meet our regulatory obligations.
|
|
Special Category Data (race, ethnic origin, politics, religion, trade union membership, genetic, biometric, sex life, sexual orientation)
|
This information is not routinely collected but may be needed for certain types of legal work (immigration, employment, family, litigation).
We use this information in relation to our own employees to ensure meaningful equal opportunity monitoring and reporting.
|
|
Health and Medical Data (also special category data)
|
This information may be needed for certain types of legal work (personal injury claims, employment, immigration, matrimonial, eldercare, vulnerable clients (for those arranging powers of attorney) and other forms of dispute resolution.
If you visit our offices, we may collect information about your health in order to make adjustments to support your visit.
|
|
Criminal Convictions Data
|
This type of personal information may be processed in relation to litigation cases, employment, matrimonial, other cases.
We also undertake criminal record checking as part of our recruitment processes.
|
|
Financial Data
|
Information about your financial affairs, assets and liabilities may be required if it is relevant to matters upon which you wish us to advise you or to enable us to comply with our regulatory obligations relating to anti-money laundering.
Information about third-parties’ financial affairs, assets and liabilities may be required if it is relevant to matters upon which you wish us to represent you
|
|
CCTV Data
|
Our office locations may operate CCTV and where they do this is clearly signposted. If you visit our offices your images may be captured on CCTV for security purposes.
|
|
Call Recording Data
|
Your call to our main line may be recorded after being redirected to the relevant department.
Our Lenders Team within our Dispute Resolution & Claims Department are currently recording calls with the customers of our lender clients who are authorised and regulated by the FCA in order to comply with their regulatory obligations and for monitoring purposes. Information about your contact details, identification details and financial data may be discussed.
The departments who will be recording calls are: Personal Injury for training and quality monitoring purposes. Information about your contact and identification details and health/ medical data may be discussed.
Estate Agency for complaints and quality monitoring purposes. Information about your contacts and identification details may be discussed.
Credit/debit card details will be not be recorded.
|
|
Personal Data within correspondence
|
Copies of letters, e-mails received or sent by us, and information you have provided us in letters, e-mails, texts and audio recordings taken in relation to personal injury matters. We may also keep notes and records of matters we discuss or advise upon.
|
|
Payment Data
|
In order to pay and transmit funds in the course of client transactions or collection of our own fees.
We adhere to PCI–DSS standards and do not store credit or debit card details.
|
|
Marketing Data
|
Includes your communication preferences for receiving marketing from us.
|
|
Website Data
|
Includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Our website uses cookies and we may collect information about how you use our website.
|
|
Enquiry Data
|
Personal data you provide when you make an enquiry to us via our website or via social media.
|
|
Professional Adviser Personal Data
|
Name
Business Postal address
Business Email address
Business Phone Numbers
Occupation
Professional Credentials
Information to verify identity
|
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may not be able to perform our obligations but we will notify you if this is the case at the time.
Why we use your personal data
We will use your personal data where it is necessary for us to:
- enter into and perform contract with you;
- comply with our legal obligations; or
- fulfil our legitimate interests.
We may ask for your consent to process your personal data under certain circumstances and where we do we ensure that it is freely given, specific, informed and unambiguous. You may withdraw your consent at any time by emailing privacy@thorntons-law.co.uk.
Purposes of Processing
|
Purpose
|
Lawful Basis of Processing
|
|
To communicate with our clients or their representatives regarding instructions, questions, concerns or complaints and to provide legal advice and other information.
|
Performance of a Contract
Legitimate Interests – to contact you to respond to communications from you.
|
|
Sharing information with other professionals (advocates, expert witnesses, accountants, medical professionals, other solicitors acting as local agents, insurers etc.)
|
Performance of Contract – where necessary to ensure appropriate representation or information-gathering.
Legitimate Interests – where appropriate to provide clients with the best service.
|
|
To collect third-party information directly/indirectly from the third-party (i.e. non-clients) to assist with a client’s legal claim or proceedings
|
Legitimate Interests – where the information is essential to provide clients with the best service; or
Your consent – where the information is desirable to assist clients with a legal claim; or Your consent - where you disagree with our use of Legitimate Interests at the point we collect your information; or
Legal obligation – to ensure our business is carried out in compliance with Anti Money Laundering and Terrorist Financing Regulations.
|
|
To prevent financial crime – to comply with our legal obligations to prevent financial crime including money laundering under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017.
|
Legal Obligation – to ensuring our business is carried out in compliance with the law
|
|
Record-keeping
|
Legal obligation – we are required to retain certain information about you to comply with legal requirements.
|
|
If you are not a client of the firm but you complete the “make an enquiry” form or speak to us via “live chat” or contact us via social media, then we capture personal data that you supply, such as your name, address, business name, e-mail address, home telephone number and work telephone number. We will use this personal data to respond to your enquiry.
|
Legitimate interests – it is necessary for us to process your personal data to respond to your request for information or assistance.
|
|
To record calls with our clients in specific teams for the purpose of training and quality monitoring.
To record calls with the customers of our lender clients for the purpose of fulfilling the FCA regulatory obligations of our lender clients and for monitoring.
|
Consent
Legal obligation
|
|
Client Marketing – if you have engaged us to provide a legal service to you, we may use your personal data to send you information about our legal services that we feel may be of interest or benefit to you. In doing so we will add you to our marketing database and will send you marketing materials from time to time.
We will also seek your feedback upon completion of the legal work we carry out for you to help us improve our services.
|
Legitimate Interests. You have the right to object to use of your data for marketing at any time by clicking here.
|
|
Non-Client Marketing – if you have consented to receiving marketing communications via our website or other communications, we may use your personal data for this purpose. In doing so we will add you to our marketing database and will send you marketing materials from time to time.
|
Consent. You may withdraw your consent at any time by clicking here.
|
|
Events – if you sign up to attend one of our events at our offices or online, we will process personal data about you to register you for the event and we may contact you after the event to gather feedback from you.
|
Legitimate Interest – it is necessary for us to process your personal data in order for you to attend our events as a guest and for use to evaluate our events.
|
|
Online payments – we offer an online payment system at https://www.thorntons-law.co.uk/payments
If you choose to use this system to make debit or credit card payments to us your card details will be handled exclusively by our payment provider, Opayo. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will not store card details.
|
Performance of Contract
|
|
Debt Recovery – we may give your personal data to and receive personal information from third parties where necessary to recover debts due by you to us, for example sheriff officers.
|
Legitimate Interests – we have a legitimate interest to pursue unpaid fees and charges.
|
|
Cookies – we use cookies that are essential for the functionality of our website and we also use non-essential cookie which help us to understand how our website is used by visitors. Both essential and non-essential cookies use personal data. More information on our use of Cookies can be found in our Cookies policy.
|
Legitimate Interests – functional cookies which are necessary for the operation of our website.
Consent – cookies which track how you interact with our website.
|
|
IT and Security – we may use personal data to administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data
|
Legitimate Interests – to ensure our website is secure and functioning.
|
|
Professional Services – if you provide professional services to the Firm, or to our clients on our behalf, we will process personal information about you in order to receive professional services from you.
|
Performance of a Contract
Legitimate Interest – to develop our professional relationship with you
|
Where we store your personal data and information security
We take appropriate technical and organisational measures to secure your personal information and protect it against unauthorised or unlawful processing as well as against its accidental loss or destruction or damage. Some of these measures include:
- Using secure cloud-based servers to store your personal data, based in the UK.
- Verifying the identity of individuals that access your personal data.
- Regular review of our Information Security Management System.
- Utilising a number of anti-virus and anti-malware systems at the gateway, on email and on endpoints to protect against cyber threats and encryption technologies to protect personal data where appropriate.
- We have deployed data loss prevention software from Egress to help detect and mitigate the risk of data loss.
- Restricting access only to those employees who need to know the information in order to deliver the service to you.
- Providing regular data protection and information security training to all our employees.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted.
Once we have received your personal data, we will use strict procedures and security features as outlined above to try to prevent unauthorised access to your personal data. As above, we cannot be held responsible for the security of your personal data collected by websites that our site may link to. Such third parties shall have their own privacy notices and you should read these carefully.
Sharing personal data
If we share personal information with external third parties, we shall keep this to a minimum and take reasonable steps to ensure that recipients shall only process the disclosed personal data for those purposes and in accordance with our instructions.
In the course of certain types of work, we may be required to share your personal data with advocates, other solicitors, expert witnesses and other professional persons who may be controllers of that data. We may also be required to instruct local agents to handle certain court-based activities from time to time for reasons of cost-effectiveness and efficiency.
We will not transfer your personal data to anyone else without your permission, except:
- Where we are obliged by law or regulatory obligations.
- Where we share your information with third party service providers.
- Where we share your information with third parties who provide essential services.
- Where some or all of our assets are purchased by a third party.
- Where we share your information with data controllers, when we are instructed as a data processor.
We will never sell your information or disclose it for direct marketing purposes.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.
The types of organisations/groups that we may share personal data with are set out below:
- service providers
- financial organisations
- suppliers
- government departments
- the courts
- other professional advisers and consultants
- regulatory authorities
A full list is available on request.
International transfers
We do not transfer your personal data outside the United Kingdom unless we have appropriate safeguards in place to afford your personal data with an adequate level of protection.
How long we will keep your personal data for
We do not hold information for longer than is necessary. We have a Records Management and Retention Policy which sets out the periods and rules for retaining and reviewing all data that we hold. This sets out different retention periods depending upon the nature of the information. In some cases, the Law Society of Scotland, which regulates us, recommends minimum periods of record retention and we comply with those. This can be made available on request by contacting privacy@thorntons-law.co.uk
Changes in personal information
It is important that the personal data we hold about you is accurate and up-to-date. Please keep us informed if your personal information changes during your working relationship with us.
Questions and concerns
If you have any questions or concerns on how we collect, handle, store or secure your personal data, please contact our Data Protection Officer by email at dpo@thorntons-law.co.uk or by post to the Data Protection Officer, Thorntons Law LLP, Whitehall House, 33 Yeaman Shore, Dundee, DD1 4BJ.
You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you think we have infringed your rights. The ICO’s contact details are as follows:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
www.ico.org.uk
Your rights
You have various rights under data protection law. As an individual you have the following rights:
|
Right to be informed
|
This Privacy Notice provides you with details as to how we collect and use your personal data
|
|
Right to access
|
You have a right to request access to the personal data we hold about you by making a “subject access request”. You will be provided with a copy of all personal information that we hold about you. There will be no charge for providing you with this information
|
|
Right of rectification
|
You have a right to request that we correct or complete any inaccurate or incomplete personal data we hold about you
|
|
Right of erasure
|
You have the right to ask us to delete your personal data where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for retaining it. If we are required to keep your personal data to comply with our legal or regulatory obligations or legitimate interests in legal proceedings or claims, then we may have to decline your request
|
|
Right to restrict processing
|
You have the right to request that we restrict the processing of your personal data that we hold about you for specific reasons. If we are required to keep your personal data to comply with our legitimate interests in legal proceedings or claims, or the protection of the rights of another person, or for an important public interest, then we may have to decline your request
|
|
Right to data portability
|
You have a right to obtain and reuse the personal data that we hold about you for your own purposes in certain circumstances
|
|
Right to object
|
You have a right to object to us processing your personal data. If we are required to keep your personal data to comply with our legitimate interests in legal proceedings or claims, or can demonstrate our compelling legitimate interests or our appropriate safeguards in place for the specific purpose of scientific, historic research or statistics necessary for the performance of a task carried out in the public interest, then we may have to decline your request
|
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time Limit to respond
We try to respond to all legitimate requests within one month from the date we receive it. Occasionally we may extend the time for response by up to two months if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Changes to our privacy notice
We may be required to update this Privacy Notice from time to time. The up-to-date version will always be on our website and we will communicate material updates to our clients from time to time. We will not process your personal data for purposes other than those set out in this document or which may be prejudicial to your interests without letting you know and giving you the opportunity to review and object to any such amended processing.
Contact us
If you have any questions regarding this Privacy Notice, please contact our Data Protection Officer, Whitehall House, 33 Yeaman Shore, Dundee, DD1 4BJ, Tel No. 01382 229111 or by e-mail – dpo@thorntons-law.co.uk
