Skip to main content

Privacy Statement

Thorntons Law LLP Privacy Notice

Thorntons Law LLP (“we”, “us, “our”) respects your privacy and are committed to protecting your personal data.  This Privacy notice sets out the ways in which we collect and use your personal data.  It also explains what rights you have to access or change your personal data. 

About us 

Thorntons Law LLP is a limited liability partnership, registered in Scotland (No. SO300381), whose registered office is Whitehall House, 33 Yeaman Shore, Dundee, DD1 4BJ.

You can contact us at the above address, addressing any request to the Data Protection Officer.  You can also contact us by email at privacy@thorntons-law.co.uk.

How we collect your personal data

We are a full service law firm and collect data from a wide range of sources. 

We may collect data from you directly.  Where you are a client or prospective client, we may also collect data from representatives or people who are providing you with other services. 

We collect data from the following sources:

  • From you or your representatives directly where you contact us in writing, by e-mail, in person, by telephone, through our online portal, at meetings with us or by any other method, we will collect data directly from you.  This may be where you are seeking legal advice from us or where you are registering to attend events or subscribe to publications issued by us. 
  • From relatives, agents or third parties where you may be involved in a matter we are instructed in for example as a beneficiary, trustee, buyer, seller, debtor, defender, pursuer, witness, employee or employer.
  • From other organisations which have referred you to us, for example, other solicitors, accountants, financial advisers, insurance companies, financial institutions.
  • From your doctor or other health service provider.
  • Online public sources or registers such as Companies House.
  • Where you apply for a position with us, we may receive information about you from a recruitment agent, your current and/ or former employers and/ or referees.
  • Providers of identity verification and compliance services.
  • CCTV operating in any of our offices.
  • Devices you use when you use our service via Cookies. 

What personal data do we collect

Data Type

Information Collected

Contact Data

Name
Postal address
Email address
Phone Numbers
Occupation
Your relationship to other persons

Identity Data

Date of birth
Photograph
Passport Number
Driving Licence Number
Other identity evidence as required to meet our regulatory obligations. 

Special Category Data (race, ethnic origin, politics, religion, trade union membership, genetic, biometric, sex life, sexual orientation)

This information is not routinely collected but may be needed for certain types of legal work (immigration, employment, family, litigation). 

We use this information in relation to our own employees to ensure meaningful equal opportunity monitoring and reporting. 

Health and medical information (special category data)

This information will be needed for certain types of legal work (personal injury claims, employment, immigration, matrimonial, eldercare, vulnerable clients (for those arranging powers of attorney) and other forms of dispute resolution.

Criminal history data

This type of personal information may be processed in relation to litigation cases, employment, matrimonial,  other cases. 

We also undertake criminal record checking as part of our recruitment processes.   

Financial data

Information about your financial affairs, assets and liabilities may be required if it is relevant to matters upon which you wish us to advise you or to enable us to comply with our regulatory obligations relating to anti-money laundering. 

Personal information contained in correspondence

Copies of letters, e-mails received or sent by us, and information you have provided us in letters, e-mails, texts and audio recordings taken in relation to personal injury matters.  We may also keep notes and records of matters we discuss or advise upon.

Payment details

In order to pay and transmit funds in the course of client transactions or collection of our own fees. 

We adhere to PCI–DSS standards and do not store credit or debit card details.

Recruitment information (including special category data)

CVs and covering letters

Completed application forms which may include contact details, career history, qualifications and skills. 

Information communicated in job interviews or through our recruitment processes. 

We may also collect, store and use the following "special categories" of more sensitive personal information:

  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions to ensure meaningful equal opportunity monitoring and reporting.
  • Information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process.
  • Information about criminal convictions and offences. As the nature of our work requires a high degree of trust and integrity we will likely require a basic disclosure of your criminal records.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may not be able to perform our obligations but we will notify you if this is the case at the time.
 

How we use your personal data

We will use your information for the purposes listed below on the basis of:

  • your consent (where we request it);
  • where we need to comply with our legal obligations or to perform a contract with you; or
  • our legitimate interests.

Purpose

Basis of Processing

To communicate with you regarding your instructions, questions, concerns or complaints and to provide you with legal advice and other information.

Performance of Contract/ Legitimate Interests

Sharing information with other professionals (advocates, expert witnesses, accountants, medical professionals, other solicitors acting as local agents etc)

Performance of Contract (where necessary to ensure appropriate representation or information-gathering)

Legitimate Interests (where appropriate to provide the most cost-effective service)

To prevent financial crime – to comply with our legal obligations to prevent financial crime including money laundering under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017.

Compliance with Law

Legitimate Interests in ensuring our business is run in compliance with the law

Record-keeping

Legitimate interests

To respond to enquiries from non-clients.  If you fill out a “make an enquiry” form then we capture personal data that you supply, such as your name, address, business name, e-mail address, home telephone number and work telephone number. We will use this personal data to respond to your enquiry.

Consent.  You may withdraw your consent at any time by clicking here.  However please note that if you withdraw your consent, we will not be able to respond to you or communicate with you further. 

Client Marketing - if you have engaged us to provide a legal service to you, we may use your personal data to send you information about our legal services that we feel may be of interest or benefit to you.  In doing so we will add you to our marketing database and will send you marketing materials from time to time. 

Legitimate Interests.  You have the right to object to use of your data for marketing at any time by clicking here.

Non-Client Marketing - if you have consented to receiving marketing communications from us we may use your personal data for this purpose.  In doing so we will add you to our marketing database and will send you marketing materials from time to time. 

Consent.  You may withdraw your consent at any time by clicking here. 

Online payments – we offer an online payment system at www.thorntons-law.co.uk/payments. If you choose to use this system to make debit or credit card payments to us your card details will be handled exclusively by our payment provider, Sagepay. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will not store card details.

Performance of Contract

Debt Recovery – we may give your personal data to and receive personal information from third parties where necessary to recover debts due by you to us, for example sheriff officers

Legitimate Interests

Cookies – we use cookies on our website and collect certain personal data in doing so. More information on our use of Cookies can be found in our Cookies policy.

Legitimate Interests

IT and Security - we may use personal data to administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data

Legitimate Interests

Recruitment - we will use the personal information we collect about you to: assess your skills, qualifications, and suitability for the role; carry out background and reference checks where applicable; communicate with you about the recruitment process; keep records related to our hiring processes; comply with legal or regulatory requirements, make decisions on your suitability for shortlisting for interview, interview and offer of the role. If we decide to offer you the role, we will then take up references and carry out a criminal record check before confirming your appointment.

Consent

Where we store your personal data and information security

We take appropriate technical and organisational measures to secure your personal information and protect it against unauthorised or unlawful processing as well as against its accidental loss or destruction or damage. Some of these measures include:

  • Using secure servers to store your personal data.
  • Verifying the identity of individuals that access your personal data.
  • Regular review of our Information Security Management System.
  • Utilising a number of anti-virus and anti-malware systems at the gateway, on email and on endpoints to protect against cyber threats and encryption technologies to protect personal data where appropriate.
  • Restricting access only to those employees who need to know the information in order to deliver the service to you.
  • Providing regular training to all our employees.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, the Firm cannot guarantee the security of your personal information transmitted.  

Once we have received your personal data, we will use strict procedures and security features as outlined above to try to prevent unauthorised access to your personal data.  As above, we cannot be held responsible for the security of your personal data collected by websites that our site may link to.  Such third parties shall have their own privacy notices and you should read these carefully.

Sharing personal data

If we share personal information with external third parties, we shall keep this to a minimum and take reasonable steps to ensure that recipients shall only process the disclosed personal data for those purposes and in accordance with our instructions.

In the course of certain types of work, we may be required to share your personal with advocates, other solicitors, expert witnesses and other professional persons who may be controllers of that data.  We may also require to instruct local agents to handle certain court-based activities from time to time for reasons of cost-effectiveness and efficiency.

We will not transfer your personal data to anyone else without your permission, except:

  • Where we are obliged by law or regulatory obligations.
  • Where we are required to share your information with any external third parties who provide services to us.
  • Where some or all of our assets are purchased by a third party.

We will never sell your information or disclose it for direct marketing purposes.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

The types of organisations/groups that we may share personal data with are set out below:

  • service providers
  • financial organisations
  • suppliers
  • government departments
  • the courts
  • other professional advisers and consultants
  • regulatory authorities

A full list is available on request.

International transfers

We do not transfer your personal data outside the European Economic Area (EEA) unless you provide us with specific consent to do so.

How long we will keep your personal data for

We do not hold information for longer than is necessary.  We have a Records Management and Retention Policy which sets out the periods and rules for retaining and reviewing all data that we hold. This sets out different retention periods depending upon the nature of the information.  In some cases the Law Society, which regulates us, recommends minimum periods of record retention and we comply with those.  This can be made available on request by contacting privacy@thorntons-law.co.uk

Changes in personal information

It is important that the personal data we hold about you is accurate and up-to-date. Please keep us informed if your personal information changes during your working relationship with us.

Questions and concerns

If you have any questions or concerns on how we collect, handle, store or secure your personal data, please contact our Data Protection Officer by email at  dpo@thorntons-law.co.uk or by post to the  Data Protection Officer, Thorntons Law LLP, Whitehall House, 33 Yeaman Shore, Dundee, DD1 4BJ.

You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you think we have infringed your rights. The ICO’s contact details are as follows:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel. 0303 123 1113
www.ico.org.uk/

Your rights

You have various rights under data protection law. As an individual you have the following rights:

Right to be informed

This Privacy Notice provides you with details as to how we collect and use your personal data

Right to access

You have a right to request access to the personal data we hold about you by making a “subject access request”. You will be provided with a copy of all personal information that we hold about you. There will be no charge for providing you with this information

Right of rectification

You have a right to request that we correct or complete any inaccurate or incomplete personal data we hold about you

Right of erasure

You have the right to ask us to delete your personal data where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for retaining it. If we are required to keep your personal data to comply with our legal or regulatory obligations or legitimate interests in legal proceedings or claims, then we may have to decline your request

Right to restrict processing

You have the right to request that we restrict the processing of your personal data that we hold about you for specific reasons

Right to data portability

You have a right to obtain and reuse the personal data that we hold about you for your own purposes in certain circumstances

Right to object

You have a right to object to us processing your personal data

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time Limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Changes to our privacy notice

We may require to update this Privacy Notice from time to time.  The up-to-date version will always be on our website and we will communicate material updates to our clients from time to time.  We will not process your personal data for purposes other than those set out in this document or which may be prejudicial to your interests without letting you know giving you the opportunity to review and object to any such amended processing. 

Contact us

If you have any questions regarding this Privacy Notice, please contact our Data Protection Officer, Whitehall House, 33 Yeaman Shore, Dundee, DD1 4BJ, Tel No. 01382 229111 or by e-mail – dpo@thorntons-law.co.uk

Top