At Gibson and Associates we are committed to safeguarding the privacy of all individuals who interact with us and we respect the privacy choices you make.
This privacy statement sets out how we, as a data controller, collect and process personal data about you, and your rights in relation to that.
HOW WE OBTAIN YOUR PERSONAL DATA
We can collect personal data from you in the course of our relationship with you. This can include the following circumstances: • When you visit our website. Our “website” includes this website, all our associated sites (such as our blogs) and our social media pages. • When you subscribe to or use our online services. • When you apply for a job vacancy with us. • individuals who we communicate or interact with in the course of our business. • individuals whose personal data is provided to us in connection with the provision of our services. • When you are an opposing party in a transaction we are involved with.
WHAT PERSONAL DATA WE COLLECT
There are instances where we invite or request individuals to provide us with their personal data, including through our websites. In addition, individuals may volunteer their personal data to us by various means of communication, e.g. by telephone, email or via our website. This Personal data can include the following:
• basic data such as your name, address, telephone number. Email address, date of birth, the company you work for and your job title. • your financial data including payment details; • recruitment data including your C.V. and your employment history; • website usage data including your usernames and passwords, your interests, feedback and survey responses; • data you submit to our website to enable us to send marketing communications that could be of interest to you; and/or • any other data relating to you which you provide to us.
If you are a client, depending upon the nature of your instruction to us, personal data submitted by you, on your behalf or which we generate in the course of providing our services to you can also include sensitive personal data. This can include personal data revealing your racial or ethnic origin, political opinions, religious or philosophical
August 2019 Ver 0.1
beliefs, race and/or trade union membership, genetic data and biometric data processed for the purpose of uniquely identifying a natural person, data concerning health and/or data concerning your sex life or sexual orientation.
In providing our services, we may also receive personal data indirectly that is relevant to the provision of our services.
Data communicated in connection with the provision of our services is subject to client confidentiality obligations and may be protected by legal professional privilege.
We will always store your personal data securely and we will never ask you for any information that we do not need.
Whilst you are not required to provide any personal data to access the public areas of our website, please note that we may store your IP addresses, which may be considered as personal data.
How we use your Personal Data
We only use your data for the purposes for which we collected it subject to limited exceptions, such as where we reasonably consider that we can use your data for another reason which is compatible with the original purpose for which it was collected.
We may use your data in different ways depending upon the circumstances, these can include the following:
If you are a client:
When you engage Gibson and Associates for services and at points throughout our relationship, we are sometimes required to process your data to comply with our legal, regulatory and risk management obligations. This can include, for example, the completion of anti-money laundering checks, conflict of interest checks and fraudrelated background checks.
Whilst you are a client of Gibson and Associates, we can collect, maintain and process your personal data whilst we supply our services to you. We can also use your contact data for the purposes of collecting payment from you and to inform you of any changes to the terms of our arrangements.
If you are a website user:
We may use the data you submit to our website, for example contact details, to respond to your enquiries or complaints.
You can manage cookies by changing your browser settings to disable or delete cookies. Please note that if you disable cookies, this can affect the functionality of our website on your device and you might not be able to access certain parts of our website.
When you visit our website our server will also temporarily record your IP address. If you are accessing our website from a business IP address, we also capture details of which organisations have visited our website.
Additionally, for the purpose of detecting and blocking attacks (such as hacking) on our website and its technical infrastructure , we process your IP address, access time, accessed subpage(s), and transmitted data volume. This processing is necessary to fulfil our legal obligation to take protective measures against such attacks. The data is deleted seven (7) days after the end of your visit to our website, unless an attempted attack is detected. In the event of a detected attempted attack from your point of access, the data will be further processed for technical and, if necessary, legal processing.
Our website contains links to other websites. Please note that we are not responsible for the privacy practices of other websites. When you leave our website please be sure to read the privacy notices and policies of those other websites. We do not endorse the content on any other websites that can be accessed via our website.
If you receive marketing communications:
We may use your data so that you can receive marketing communications from us. We will use any data you submit relating to your preferences to develop relevant material to send to you. You will also be able to receive communications such as our newsletters, event invitations and details of our competitions and prize draws.
Please note that you have a right to withdraw your consent at any time. If you currently receive marketing communications from us and you would prefer not to receive them in the future or if you would like to your change your marketing preferences, you can do this at any time by clicking the “unsubscribe” link at the bottom of all our marketing emails.
If you are applying for a job with us:
We are committed to safeguarding the privacy of the individuals that apply for positions at Gibson and Associates. This section explains how we use the data you submit as part of your application.
If you apply for a position with us, we can use your personal data to allow us to process your job application, including those submitted to us via the Careers section of our website. We can also use your personal data to assess your suitability for a position you have applied for at Gibson and Associates, to review our equal opportunities legal requirements and for other human resource administration purposes.
As well as the personal data referred to in the ‘What personal data we collect’ section of this privacy notice, we can collect additional data if you apply for a job with us. This can include nationality and immigration/right to work data.
Unless required in order to comply with any legal or regulatory requirements, or where we have a legitimate interest to do so, we will only use the personal data you provide to us for the purposes of processing and managing your application for a position at Gibson and Associates and the associated recruitment process.
We will not process any category of sensitive personal data about you without your explicit consent, which is not mandatory.
If you are an opposing party to a transaction we are involved with:
We may use your personal data in order to perform our services for our clients.
If you attend one of our events or seminars:
We may use your personal data to cater for any dietary or accessibility requirements and to analyse any feedback you provide.
Where you also sign up to receive marketing communications from us at an event or seminar, please refer to the ‘If you receive marketing communications’ section of this privacy notice for further details.
If you connect with us on social media:
We collect personal data whilst responding to enquiries directed to our social media networks such as Facebook, Twitter or LinkedIn or during the course of promotional campaigns on our social media platforms. In the course of our recruitment, we are sometimes directed to individuals’ LinkedIn profiles by recruitment agencies. We sometimes process personal data that is published on social networks.
Depending on the content of the request, processing will be restricted to the specific purpose of the enquiry. After the fulfilment of the enquiry and any legal obligations related to it, the personal data is deleted.
BASIS OF THE PROCESSING OF YOUR PERSONAL DATA
We will only use and process your personal data where we have a lawful basis for doing so. This can include:
• providing you, or an entity with which you are connected, with our services; • accounting, billing and other internal administrative purposes; • developing and facilitating a business relationship with you or an entity with which you are connected; • determining your eligibility and suitability for employment with Gibson and Associates; • inviting you to events or functions and providing you with updates and publications; and/or • identifying and informing you of services that might be of interest to you.
With regard to the data we collect from you on our website, we will process this on the basis that you have provided your consent or where we have a legitimate interest in processing it.
In addition to you providing your consent to our processing of your personal data, there are other lawful bases for our processing which include processing that:
• is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering a contract; • is necessary for compliance with our legal, regulatory and/or professional obligations; • is necessary for the purposes of pursuing our legitimate interests; or • is necessary for the establishment, exercise or defence of legal claims.
WHO WE SHARE YOUR PERSONAL DATA WITH
We sometimes share your data with our third party service providers who perform functions on our behalf. These third parties service providers can include:
• our professional advisers including auditors; • suppliers who provide certain support services for example, delivery of our marketing communications, document production, translation and recruitment management; • IT service providers to Gibson and Associates, such as those who administer and maintain our website for us; • third parties we engage to enable us to perform our services to our clients such as, barristers, case management providers, and other specialist consultants; • third parties involved in organising our events; and/or • third parties who verify recruitment data provided by applicants for example, Referees (where given), and application screening service providers we engage as part of our graduate recruitment.
We will ensure that such transfers of your personal data to third parties are safe and secure, confidential and that all third party suppliers to Gibson and Associates are subject to a written contract in respect of any processing of your personal data.
Further data and details of the third party suppliers Gibson and Associates uses for the above-mentioned purposes are available upon request, where relevant to you.
Where you are a client of Gibson and Associates or an opposing party to a transaction we are involved with (such as litigation matters), we can also disclose your personal data to:
• courts, tribunals, regulatory authorities; • the other side to a transaction or litigation; and/or • third party experts such as medical experts;
for the purposes of carrying out that work and only to the extent necessary, We will not disclose your personal data to any other third parties for any reason unless:
• we are required to do so by law; • disclosure is necessary for the purpose of, or in connection with, legal proceedings; • it is to exercise or defend legal rights; or • we have your consent to disclose it to them.
Where we transfer your personal data as described above, whether such transfer is within or outside the European Economic Area, we will always ensure that such transfer is safe and secure by ensuring that adequate safeguards are put in place to
August 2019 Ver 0.1
protect your personal data. As such, appropriate safeguards will be in place regardless of whether the transfer is to a country that is subject to an adequacy decision or where it is a non-adequate country.
If our business undergoes any re-organisation, we sometimes need to transfer your personal data to a re-organised entity for the same purposes as set out in this privacy notice. Additionally, we are sometimes required to transfer some or all of your personal data to a relevant third party in the re-organisation as part of any due diligence process, for example, or for the purpose of evaluating the proposed reorganisation.
HOW LONG WE KEEP YOUR PERSONAL DATA FOR
We keep your personal data in accordance with our internal retention procedures, which are determined by our legal, regulatory and professional obligations including applicable data protection laws and accord with good practice. The retention periods differ depending upon the nature of the data we hold and the reasons why we are holding it. These are subject to change. We only keep your personal data for as long as we need to. When your data is no longer required, we will delete it securely.
Please contact us if you require more details regarding our retention periods.
HOW WE PROTECT YOUR PERSONAL DATA
We are committed to ensuring that your personal data is kept secure. In order to protect the data you input to our website from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss, we have put in place appropriate technical, physical and managerial procedures. All our employees and any third parties we engage to process your data are obliged to respect the confidentiality of your personal data.
We take data security seriously and work with our technology partners to ensure that are systems and infrastructure are managed in line with best practice.
However, the internet is not a secure environment and we cannot therefore guarantee total security of any data transmitted to our website. Whilst we utilise the latest virus protection software, we cannot guarantee our website is free of computer viruses or other harmful applications so such transmission is at your own risk.
Further data about the measures Gibson and Associates takes to protect your personal data can be provided upon request.
CHANGES TO YOUR PERSONAL DATA
If your personal data changes at any time, please keep us informed so we can ensure your data is accurate, complete and current. If you wish to update your personal data, you can inform us of this via the following means:
• If you receive marketing communications, you can do this at any time via our marketing preference centre, which you can access by clicking on the link within all our marketing emails; • If you are a client then please get in touch with your Solicitor in the usual way or alternatively submit a request as outlined in the Data controllers and how to contact us’ section of this privacy notice; • If you are a website user, job applicant, or event attendee and you are allowing us to use your details, you can submit a request as outlined in the Data controllers and how to Contact us’ section of this privacy notice.
ACCESS YOUR PERSONAL DATA AND YOUR RIGHTS
You are entitled to view the personal data we hold about you and request that we amend it or delete it, subject to some exceptions. You also have the right to request that we restrict our processing of your data or to object to that processing as well as the right to request data portability where we process personal data based on your consent or for the purpose to contract with you. Please email your request to our Data Protection Officer, whose contact details are in the ‘Data controllers and how to contact us’ section of this privacy notice.
Where you have provided consent, either for the processing of personal and/or Sensitive categories of personal data, you have an absolute right to withdraw consent at any time, free of charge. Advice on how to do so is contained with the ‘Data controllers and how to contact us’ section of this privacy notice.
Please note we sometimes require further data from you in order to verify your identity before disclosing, amending or deleting any of your personal data.
In most cases, we will deal with your requests free of charge and within one month of receipt of your request. However, there are exceptions that can allow us to charge a reasonable fee to cover our administration costs and/or extended the time period for dealing with your request to two months from receipt of your request, such as where your request is complex or repetitive. If an exception applies, we will keep you informed.
We will never charge you to change your marketing preferences or unsubscribe to our marketing communications.
DATA CONTROLLERS AND HOW TO CONTACT US
Our website, and Gibson and Associates primary IT systems, are located in the EU and controlled by Gibson & Associates.
Should you have any concerns regarding this privacy notice, please contact our Data Protection Officer.
Controller: Gibson and Associates
Address: Port Road, Letterkenny, Co Donegal
Data Protection Officer: Reza Nezam
Telephone: +353 (0)74 916 8888
Email: You can get in touch with us in relation to any data protection queries, by either writing to us at the above address or emailing firstname.lastname@example.org.
Please note that emails sent to and from Gibson and Associates can be monitored to ensure compliance with internal policies and procedures and to protect our business.
Last Updated: 5th July 2019