BTO Solicitors LLP (“BTO”) is a Scottish law firm. We provide legal advice and services to individual and corporate clients and this privacy notice sets out how we process personal data in order to provide those services.
As a law firm, much of the personal data that we process is subject to an obligation we have to our clients to maintain confidentiality in relation to that information. This means that we may be exempt from the obligation to provide fair processing information to some of the data subjects whose personal data is contained in the information.
This notice is to provide fair processing information when the processing we carry out is not subject to an obligation of confidentiality.
This privacy notice will also provide details about the rights that individuals have in relation to the personal data that BTO holds about them.
WHO ARE WE?
BTO is a data controller where we determine how we collect the data and why. We can be contacted in relation to the data that we process about you using the following details:
Address: Data Protection Manager, One Edinburgh Quay, 133 Fountainbridge, Edinburgh EH3 9QG
Tel: 0131 222 2939
BTO’s data protection officer is RGDP LLP.
Address: Data Protection Officer, RGDP, One Edinburgh Quay, 133 Fountainbridge, Edinburgh EH3 9QG
Tel: 0131 222 3239
We may need to amend this Privacy Notice and we will notify you of any significant changes that we make.
WHAT PERSONAL DATA DO WE PROCESS?
As a full service law firm, BTO will have to collect, store, use and transfer information including personal data and, sometimes, special category data. We have divided this up into different departments so that you can check the section that is relevant to you.
WHEN WE ARE PROVIDING YOU WITH LEGAL SERVICES
Anti-money laundering obligations
We store copies of identification documents (copies of passports, driving licence photographic evidence and home address), for verifying your identification and your home address to comply with anti-money laundering obligations with which BTO must comply as part of a regulated profession. We will store these in a secure part of our IT system. We use a third party, CallML, to check the identity of the individuals we require to carry out checks on. The documentation will be stored for five years once the verification has been completed and then they will be disposed of securely.
The provision of legal services
We will obtain your contact details (name, telephone numbers, email, address) and such other information as you provide to us prior to you becoming a client and thereafter, they will be stored in our system to allow us to contact you about your case, or the case we are dealing with on behalf of a third party.
We will also process the personal data that is required to provide you with advice and this will depend on the type of case we are dealing with. This could be financial information; special category personal data (please see below for details) or any other personal data as necessary for your legal matter.
Credit Card Payments
On occasion we may take payments via credit card or debit card either online or over the phone. Our processes are compliant with the Payment Card Industry Data Security Standard (PCI DSS) and no card details are stored by us. We do store bank details if required for the matter we are dealing with.
Basis for Processing Data
In general we will rely on the following legal bases to process the personal data:
- For individual clients, to provide you with legal services under the contract we have with you or in order to take steps to ensure into such a contract (contract);
- To comply with the legal obligations we have as a regulated body, for example carrying out anti-money laundering checks on clients, including those in control of our corporate clients (legal obligation); and
- Where we have a legitimate interest to process personal data to provide our legal services, such as processing financial details, or where the individual is not a BTO client (legitimate interests).
- In relation to special category data (data revealing racial or ethnic origin; political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic or biometric information used to uniquely identify an individual, data concerning health or a person’s sex life or sexual orientation) we will process that as is necessary for the establishment, exercise or defence of legal claims.
In relation to criminal conviction or offence data, including information about the alleged commission of offences or proceedings for an offence including disposal and sentencing, we will process that as is necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings), or is necessary for the purpose of obtaining legal advice, or is necessary for the purposes of establishing, exercising or defending legal rights.
Once the case is complete and our legal services have ended, we will retain the personal data in your file for at least twenty years in line with the long prescriptive period. We will also comply with the Law Society of Scotland’s Guidance on the Destruction of Files. BTO has a data retention policy which reflects this approach.
IF YOU APPLY FOR A JOB WITH US
We have a separate recruitment Privacy Notice which is available on request.
WHEN YOU WORK WITH BTO
We have a separate Privacy Notice for our employees which is available on request.
IF YOU ARE ONE OF OUR SUPPLIERS
We will hold contact details of third parties and employees of third parties who provide services to assist us to provide legal services. We have a legitimate interest to process these contact details for the purposes of providing legal services. This data will generally consist of corporate contact details.
IF YOU VISIT OUR PREMISES
We may collect your image from our CCTV cameras which are located in some of our premises for security of our staff and customers and to assist with the prevention and detection of crime. Signs are in place where CCTV is in operation.
WHEN YOU VISIT OUR WEBSITE
Links to other websites
Our website may contain links to other websites run by other organisations. This privacy notice applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other websites even if you access those using links from our website.
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the privacy notice of that third party site.
When you interact with us on social media platforms such as LinkedIn and Twitter we may obtain information about you (for example, when you like or post on our Twitter page). The information we receive will depend on the privacy preferences you have set on those types of platforms.
KEEPING IN TOUCH
When you become a client of BTO, or show an interest in our services by attending one of our events or making an enquiry about our services, we may use your email address to keep in touch and to send you information about our services, legal updates and information about our events. You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us then you can opt-out by ticking the box situated on the form first used to collect your information. You will always be given the option to unsubscribe from receiving any future emails by clicking the unsubscribe link at the bottom of the e-mail, or by emailing email@example.com
You may also have requested us to keep you informed about BTO’s services, legal updates and information about our events. You can withdraw your consent at any time by emailing firstname.lastname@example.org
We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted and will retain your details on a suppression list to help ensure that we do not continue to contact you. However, we may still need to contact you for administrative purposes connected with the services we are providing to you.
COLLECTING YOUR DATA
We may collect data in a variety of ways including directly from you, when you use our online contact us tool or from third parties, including Settify Pty Ltd and any other individual or organisation involved the legal matter in which you have instructed us, other solicitors or organisations who have referred you to us, your GP or other medical professional consulted by you, your employer, HMRC, your insurance company, from any representative appointed to act on your behalf and from solicitors acting on behalf of any other party to your claim.
Where you have entered into a contract with us for provision of legal services, failing to provide data may mean that we are unable to properly implement the contract and that you are unable to exercise certain contractual rights.
SHARING YOUR DATA
BTO uses a number of third parties to provide the following services: IT support; case and document management services; provision of “cloud” computing services; payment services, credit checks, email marketing assistance and document storage and shredding services. We have appropriate contractual arrangements in place to ensure that these third parties do not use our data for their own purposes, will treat it with confidence and that they keep the data secure.
We will also share your personal data with third parties where it is necessary for the purposes of providing our services:- to other solicitors instructed by another party in any dispute or claim in which you are involved, your GP or other medical professional or expert witness instructed, your employer, advocates instructed on your behalf, your insurer, Motor Insurers’ Bureau, translators, sheriff officers any representative appointed to act on your behalf and to solicitors instructed to act as local agents on our behalf.
We do not share your data with other companies or organisations for their own purposes or for sending their own marketing communications to you.
Other third parties we may work with
HOW DO WE PROTECT YOUR PERSONAL DATA?
BTO uses appropriate standards of technology and operational security to protect personal data from being accidentally lost, used or accessed in an unauthorised way, or altered or disclosed.
We maintain confidentiality in relation to our clients. Operationally, access to personal information is restricted to trained, authorised personnel who are under a duty to maintain the confidentiality and security of such information.
If personal data is transferred outwith the EU we will ensure that adequate safeguards are in place, relying on an adequacy agreement or other contractual terms as appropriate.
As a data subject, you have a number of rights in relation to your personal data. These are listed in brief below and are set out in more detail in BTO’s Data Protection Policy/Data Subject Rights Policies. A fee will not generally be charged for exercising any of these rights unless your requests are manifestly excessive.
- The right to access information about the personal data BTO is processing and to obtain a copy of it;
- The right to require BTO to change incorrect or incomplete data;
- The right to request that BTO erases or stops processing your data in certain circumstances; and
- The right to object to the processing of your data where BTO is relying on its legitimate interests as the legal ground for processing.
- If you would like to exercise any of these rights, or if you have any concerns about how your personal data is being processed, please contact the Data Protection Manager at One Edinburgh Quay, 133 Fountainbridge, Edinburgh EH3 9QG
Tel: 0131 222 2939.
If you are still unhappy with the way that BTO has dealt with your personal data then you can contact the Information Commissioner. Contact details are available at www.ico.org.uk/concerns.
Policy last updated June 2020.