Morton Fraser MacRoberts LLP ('MFMac') is committed to protecting your personal data and your privacy.
We will comply with Data Protection law and Principles, which require us to:
• Use your personal data in a lawful, fair and transparent way
• Collect only what we require for valid purposes that we have clearly explained to you
• Keep the information accurate and up to date
• Retain data securely and only for as long as necessary for the purposes we have explained.
This Privacy Notice ('Notice') describes why and how we and our subsidiaries collect, use and share your personal data in the course of operating our business.
This Notice explains:
- What personal data we collect and use
- How we might use your personal data & the legal basis for processing the data
- Who might share your data with
- How we protect your personal data
- Your rights in relation to your data
- If you choose not to give your personal data
- How long we keep your personal data
- International data transfers
- Cookies
- Marketing
- About us
- How you can contact us
1. What personal data we collect and use
Personal Data
Personal data, or information, means any information about an individual from which that person can be identified. Anonymised data is not included.
MFMac as Data Controller:
MFMac is the Controller of your personal data. What this means is that we make decisions about how we should process it. MFMac exercises overall control and is ultimately in charge of and responsible for the data processing.
Generally, MFMac collect and use your personal data in the following ways:
- Directly from you, via the MFMac website or otherwise when you are in contact with us for legal services, marketing events, surveys or feedback.
- From third parties, who have shared your personal data with MFMac.
- From publicly available sources, such as fraud prevention or credit reference agencies, social media sites, Companies House, the Electoral Register, Registers of Scotland etc.
- If you have applied for opportunities posted on MFMac's Vacancies page.
- If you provide us with goods and services.
- By referral from any of MFMac's subsidiary companies or affiliates.
The kinds of personal data we collect:
MFMac may collect, use, store and transfer different kinds of personal data about you. Some of this information may fall into one of the "special categories", which means is data of a more sensitive and personal nature:
|
Types of personal data
|
Detail |
|
Additional Data |
includes personal information about you that we receive from third parties to enable us better to provide our services and/or to conduct Customer Due Diligence and/or recruitment. Such third parties will include (but not limited to) other parties in a transaction (including their law firm, counsel, accountants and other professional advisors), law firms, accountants and other professional advisors who may refer your matter to us and/or who may be acting for you in relation to other aspects of a particular matter, banks, building societies, insurers and other financial institutions, courts and court agents (including sheriffs’ officers), regulatory bodies, surveyors and estate agents, personal representatives, attorneys, trustees and executors, credit reference agencies, employers, education providers, the providers of electronic identity verification services and regulatory bodies such as the Scottish Legal Complaints Commission, the Law Society of Scotland, the Solicitors Regulation Authority, Legal Ombudsman or other similar bodies. |
|
Aggregated Data |
includes statistical or demographic data which may be derived from your personal data, but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Notice. |
|
Children's Data |
We obtain data relating to children both directly from such children and from persons with parental responsibility or educational responsibility for such children. Where we process children's data, we take additional care to ensure the security of such data and to ensure that the rights and freedoms of the child are taken into consideration and we process such personal data only where necessary and appropriate for the services for which we have been appointed. |
|
Consents Data |
Any permissions, consents or preferences that you give us. |
|
Contact Data |
includes billing address, residential and/or business address, email address and telephone numbers and social media account names. |
|
Contractual Data |
Information obtained by providing legal services to you. |
|
Criminal Convictions / Offences Data |
this data may need to be collected from time-to-time in order to enable us to provide you with our services and/or to conduct Customer Due Diligence. |
|
Financial Data |
includes bank and building society accounts, payment card details and other billing information, payments made to us and payments made on your behalf and/or in connection with your transactions, credit reference checks and other payment and/or financial data to enable us to carry out fraud, identity checks to verify the source of funds and/or the source of wealth, as well as information collected from publicly available resources and/or credit agencies or any other information needed to enable us to undertake credit or financial checks on you. |
|
Health Data |
includes data provided to us or we may need to know about where you are visiting any of our premises such as accessibility or mobility concerns that you have, dietary requirements, other health matters which could affect your use of our services or the way we need to provide our services. We will only do so to the extent that processing relates to personal data which are manifestly made public by you or otherwise with your consent. |
|
Identity Data |
includes title, first name, middle name, last name, username or similar identifier, the organisation you work for, your job title or position, date of birth, geographic location, photograph or image and other information to enable us to check and verify your identity, e.g. your passport or driving licence and utility bills or bank statements and photographs or video recordings where you attend our meetings or events or via electronic identity verification services. |
|
Marketing and Communications Data |
includes your preferences in receiving marketing from us and our third parties and your communication preferences. |
|
Other's Data |
where you are not a MFMac client, we may collect or receive personal information about you because you are involved in a matter on which we are advising our client or have advised our client. For example, if you are providing funding to our client we may require to satisfy ourselves of your identity and obtain information about the source of funds and/or your wealth. This will allow us to comply with our policy, the law and/or guidance relating to AML and countering the financing of terrorism, and to conduct Sanctions checks. If you are a Beneficial Owner of our client, we may need to collect personal data about you for similar purposes. |
|
Profile Data |
includes purchases or orders made by you, your interests, preferences, feedback and survey responses. |
|
Publicly Available Data |
Includes details that are publicly available, such as on Companies House, Registers of Scotland etc |
|
Social Relationships Data |
includes details about your family, friends and other relationships. |
|
Special Categories of Personal Data |
includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, membership of a professional body or trade association, information about your health and genetic and biometric data may also need to be collected in limited circumstances in order to provide you with our legal services. We may also do so when conducting Customer Due Diligence, notably where we obtain photographic images or video recordings of you as part of the process of verifying your identity. |
|
Technical Data |
includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites. |
|
Transactional Data |
includes details about the legal services relating to the matter on which you or your organisation have instructed; the information we will process about you to open our files and administer the client relationship and any credit checks we may have carried out. |
|
Usage Data |
includes information about how you use our website(s), products and services |
|
Voice Recordings |
includes any information that you provide to us when you leave a voicemail message or when you telephone. |
|
Video Recordings |
including still images and sounds captured during a video recording, any information that you provide to us during a video recording when used to carry out Customer Due Diligence (notably verification of identity) as referred to in our Terms of Business (with you or your organisation), and/or as required by law and/or guidance relating to Anti-Money Laundering ('AML') and countering the financing of terrorism, for the purposes of Sanctions checks, or otherwise where you have agreed to the recording for the purposes of carrying out our legal services. |
Any personal data obtained by MFMac for the purposes of our compliance with The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”) will be processed only:
(a) for the purposes of preventing money laundering or terrorist financing,
(b) as permitted by or under any legislation other than the MLR 2017 or the GDPR (as defined in the MLR 2017), or
(c) where we have obtained the consent of the individual.
2. How we use your personal data & the legal basis for processing the data
Generally, we collect and use your personal data to:
- Deliver our legal services.
- Recruit staff.
- Meet our legal and professional responsibilities.
- Engage services and suppliers.
- Communicate with you or on your behalf, by post, electronically or by telephone.
- Maintain our records.
- Process financial transactions.
- Prevent and detect crime, fraud or corruption.
- Send emails or newsletters to keep you informed, or invite you to events.
- Respond to complaints or claims.
- To monitor for cyber threats and to provide security to our offices.
We do not envisage using your data to make automated decisions about you.
In the table below we have provided more detail about:
(a) the types of personal data we collect,
(b) how we use it,
(c) the lawful basis, and
(d) any legitimate interests for the data processing, depending on your relationship with us:
| 1. Client Individuals (acting in their own capacity or jointly with other individuals, as a sole trader, trustee, partner, member of unincorporated club or association) | |||
|
Type of data |
Purpose |
Lawful basis |
Legitimate Interests |
|
To provide you with legal services and fulfil contractual obligations |
Contractual performance Legitimate Interests
|
To exercise our contractual rights to provide services |
| To provide you with other products or services, including Company Secretarial or wealth management services |
To exercise our contractual rights to provide services and products |
||
| To provide advice or guidance about our services or products |
To keep our record keeping up to date |
||
| To carry out Customer Due Diligence, including identity and address verification, background checks and Anti-Money Laundering procedures |
Legal obligation Legitimate interests
|
To engage you as a client and allow us to provide legal services |
|
|
To prevent fraud, criminal activity or money laundering |
|||
|
To protect our business and reputation |
|||
| To carry out credit checks | Legitimate interests |
To assess the financial risk associated with those who receive our services and assess their ability to pay sums due |
|
| To run MFMac in an efficient manner, including our relationship with you, financial management, business planning, business continuity, communications, corporate governance and audit |
Legal obligation Contractual performance Legitimate interests |
To manage credit control and debt recovery To bill for the services we provide and deal with funds transfers For financial reporting To manage complaints or potential claims To manage our relationship with you and fulfil our responsibilities generally To improve our efficiency and provide clients with new or improved products and services |
|
| To comply with reporting obligations to regulatory / supervisory bodies |
Legal Obligation Legitimate Interests |
To manage our compliance with our legal responsibilities and obligations | |
| To protect the rights, property or safety of MFMac staff, clients or third parties |
Legal Obligation Legitimate Interests |
||
| To establish, exercise or defend our legal rights |
Legitimate Interests |
To enforce our legal rights | |
| To improve our products and services and develop new ones |
Legitimate Interests |
To improve our efficiency and provide new and improved products and services | |
| To promote our services in tenders or submissions to legal directories |
Legitimate Interests |
To promote our firm and the work we do to prospective new clients | |
| 2. Individuals in Client Organisations (directors, officers, partners, shareholders, other owners or beneficial owners of an organisation, as well as employees, consultants, workers) | |||
|
Type of data |
Purpose |
Lawful basis |
Legitimate Interests |
|
To contact you in the provision of our legal services to the organisation, including Company Secretarial, debt collection, trustee services etc |
Contractual performance Legitimate Interests |
To provide you with legal services and fulfil contractual obligations To keep our records up to date |
|
To use information about you where relevant to the products or services provided |
Legitimate Interests |
To provide the organisation with legal services To fulfil our contractual obligations To keep our files and records up to date |
|
|
To provide advice or guidance about our products or services |
Legitimate Interests |
To provide the organisation with legal services To fulfil our contractual obligations To keep our files and records up to date |
|
|
To carry out Customer Due Diligence, including identity and address verification, background checks and Anti-Money Laundering procedures (directors, shareholders, officers, partners, owners, trustees etc) |
Legal obligation Legitimate interests |
To engage you as a client and allow us to provide legal services To prevent fraud, criminal activity or money laundering To protect our business and reputation |
|
|
To carry out credit checks (directors, shareholders, officers, partners, owners, trustees etc) |
Legitimate interests |
To assess the financial risk associated with those who receive our services and assess their ability to pay sums due |
|
|
To manage our relationship with the organisation, including:
|
Contractual performance Legitimate Interests |
To exercise our rights under a contact with you To manage credit control and debt recovery To manage complaints or potential claims To fulfil our responsibilities to our clients |
|
|
To run MFMac in an efficient manner, including our relationship with you, financial management, business planning, business continuity, communications, corporate governance and audit |
Legal obligation Contractual performance Legitimate interests |
To manage credit control and debt recovery To bill for the services we provide and deal with funds transfers For financial reporting To manage complaints or potential claims To manage our relationship with you and fulfil our responsibilities generally To improve our efficiency and provide clients with new or improved products and services |
|
|
To comply with reporting obligations to regulatory / supervisory bodies |
Legal Obligation Legitimate Interests |
To manage our compliance with our legal responsibilities and obligations |
|
|
To protect the rights, property or safety of MFMac staff, clients or third parties |
Legal Obligation Legitimate Interests |
To manage the safety of our staff, clients and others |
|
|
To establish, exercise or defend our legal rights |
Legal claims |
To enforce our legal rights |
|
|
To improve our products and services and develop new ones |
Legitimate Interests |
To improve our efficiency and provide new and improved products and services |
|
|
For marketing and business development activities, including seeking new business, promoting our business and events management |
Consent (where required) Legitimate Interests |
To develop our relationship with you and the organisation To attract new business and promote our business To hold events, seminars and hospitality to promote our services and products |
|
| 3. Suppliers & Professional Contacts (individuals and organisations who supply goods or services, including professional services, or have any other business or professional relationship with us) | |||
|
Type of data |
Purpose |
Lawful basis |
Legitimate Interests |
|
To communicate with you in the course of our business of professional relationship |
Contractual performance Legitimate Interests |
To provide our clients with legal and other services. To obtain goods or services from you or your organisation for our benefit. To obtain services from you or your organisation for the benefit of our clients |
|
To manage our professional relationship with professional advisors, authorities etc |
Legitimate Interests |
To maintain good working relationships with other professionals.
To fulfil our responsibilities to our clients, suppliers and other third parties |
|
|
To manage our business relationships with third party suppliers, which will include:
(a) assessing the suitability of any existing or potential supplier of goods and services to us (b) negotiating and entering into appropriate contracts for the supply of goods or services to us, carrying out any obligations under such contracts (including obligations of payment) and if necessary enforcing any such contracts (c) undertaking on-going monitoring and management of our relationship with suppliers (d) investigating any complaints or enquiries |
Contractual performance Legitimate Interests |
To perform a contract with your organisation or business
To manage third party relationships
To run our business efficiently and profitably
To enhance, modify and improve our services and products
To pursue our commercial objectives where this does not override your rights and freedoms as a data subject |
|
|
To improve and develop our services |
Legitimate Interests |
To improve our services and our efficiency |
|
|
To manage our business as a whole, including: · financial management and administration; · business planning; · corporate governance; · audits |
Legal obligation |
To improve our services and our efficiency |
|
|
To comply with relevant legal obligations To comply with reporting obligations to regulatory bodies |
Legal obligation |
|
|
|
To protect the rights, property, or safety of our staff, our clients, or others |
Legal obligation Legitimate interests |
To manage the safety of our staff, clients and others |
|
|
To establish, exercise or defend our legal rights |
Legal claims |
To enforce our legal rights |
|
| 4. Job Applicants (individuals involved in our recruitment process, directly or via an agency) | |||
|
Type of data |
Purpose |
Lawful basis |
Legitimate Interests |
|
To gather data from you where you are interested in any of our vacancies, traineeships or placements |
Contractual performance |
To engage with you prior to or during entering into a contract (of employment) with us |
|
To review and process any application submitted for a vacancy, placement or work experience |
Consent Legal obligation |
To allow us to review your application, including any special category data provided. |
|
|
To consider any reasonable adjustments to the recruitment process for disabled applicants |
Contractual performance Legitimate interests |
To select suitable employees and workers |
|
|
To carry out screening including Disclosure Scotland, credit, right to work and identity checks, as required by law, in accordance with our policies and procedures and the Money Laundering Regulations and sanctions checks |
Consent Legal obligation Contractual performance |
To allow us to process your application, including any special category data provided. |
|
|
Take up references (from referees for whom you have provided details and permission for us to contact) |
Consent Contractual performance Legitimate interests |
To select suitable employees and workers |
|
|
Confirm professional memberships, registrations and qualifications |
Consent Contractual performance Legitimate interests |
To select suitable employees and workers |
|
|
Carry out equal opportunities monitoring |
Legitimate interests |
To review equality of opportunity or treatment To exercise or perform employment law rights or obligations |
|
| 5. Website Users & Marketing (individuals who visit our website or receive marketing material from us) | |||
|
Type of data |
Purpose |
Lawful basis |
Legitimate Interests |
|
To manage our online relationship with you, including: (a) notifying you about changes to our terms and conditions or our privacy policy (b) communicating with you in response to any online enquiries, requests or other contact (c) provide you with our newsletters or blogs |
Legal obligation
Legitimate interests
· Consent
· Soft opt-ins |
To develop our relationship with you and promote our goods and services To keep you up to date with news and developments |
|
To process any registrations for events including: (a) manage payments, fees and charges (b) collect and recover money owed to us |
Legitimate Interests |
To hold events, such as seminars and networking events, to promote our business and attract new business |
|
|
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
Legal obligation
Legitimate interests |
To run our business properly and efficiently To ensure the provision of administration and IT services To ensure network security To prevent fraud |
|
|
To use data analytics to improve our website, services, marketing, customer relationships and experiences |
Legitimate Interests
Consent (where required) |
To keep our website updated and relevant
To develop and improve our business
To inform our marketing strategy
To understand how our communications are used and what content is accessed, when and by whom
To assess which of our services may be of interest to you
To seek feedback and consent when we require consent to contact you |
|
|
To record or live stream seminars or events to be watched online |
Legitimate Interests |
To enable clients / contacts to view and participate in events or seminars remotely. We will always advise prior to the event that it is being recorded and/or live streamed. |
|
|
To engage with you in business development and networking opportunities, including events, briefings and seminars |
Legal obligation
Legitimate interests |
To ensure compliance with health and safety obligations, e.g. where we need to know about accessibility or mobility concerns, dietary requirements, other health matters which could affect your use of our services or how we provide you with services |
|
| 6. If you are a complainant (individuals who wish to complain about the legal services provided by us or any of our staff members) | |||
|
Type of data |
Purpose |
Lawful basis |
Legitimate Interests |
|
To communicate with you in relation to your complaint or legal claim |
Contractual performance
Legitimate Interests |
To deal with and respond to your complaint / claim |
|
To communicate with third parties who may be involved or have relevant information relating to the complaint or claim |
Legitimate Interests |
To investigate and gather information relating to the complaint / claim |
|
|
To notify our insurers and communicate with them regarding a claim |
Legitimate Interests
Legal obligation |
To comply with legal requirements and the terms of our insurance cover |
|
|
To notify our regulators and communicate with them regarding a complaint or claim |
Legitimate Interests Legal obligation |
To comply with legal requirements and the terms of our insurance cover |
|
|
To notify our legal advisors and communicate with them regarding a complaint or claim |
Legitimate Interests |
To take legal or other professional advice |
|
|
To establish, bring or defend legal claims |
Legitimate Interests Legal claims |
To enforce our legal rights |
|
| 7. Anyone else (individuals who do not fall into the categories above) | ||||
|
Type of data |
Type of Individual |
Purpose |
Lawful basis |
Legitimate Interests |
|
Third party (claimant / litigant) |
To give legal advice to our clients |
Contractual performance
Legitimate interests Legal claims |
To provide legal services to our clients To support the administration of justice To assist clients to establish, exercise and defend legal claims
|
|
To communicate with you or your advisors for our clients |
||||
|
To conduct pre-action discovery and evidence gathering |
||||
|
To bring or defend legal claims for our clients |
||||
|
To enforce judgements or awards for our clients |
||||
| Third party (transactional) |
To give legal advice to our clients |
Contractual performance Legitimate interests |
To provide legal services to our clients | |
|
To communicate with you or your advisors for our clients |
||||
|
To carry our due diligence for our clients |
To carry out pre-contract due diligence | |||
|
To negotiate and conclude commercial, sale / purchase or other transactions for our clients |
To assist our clients to comply with legal obligations generally | |||
| Witnesses |
To contact you to establish whether you have evidence relevant to our client's case |
Legitimate interests Legal claims |
To support the administration of justice To provide legal services to our clients |
|
|
To take evidence from you in connection with claims involving our client |
||||
|
To seek to compel you to give evidence in court or elsewhere involving our client |
||||
| Executors, administrators or trustees (non clients) |
To contact and communicate with you for our client regarding wills, trusts or executries where you are an executor, administrator or trustee |
Legitimate Interests Legal obligation Contractual performance |
To provide legal services / advice to our clients To assist clients to properly administer trusts and estates in accordance with their legal duties and responsibilities |
|
| Beneficiaries (non clients) |
To verify your identity and entitlement to legacies from an estate or administration
|
Legitimate Interests Legal obligation Contractual performance |
To provide legal services to our clients To provide legal services to our clients To assist clients to properly administer trusts and estates in accordance with their legal duties and responsibilities |
|
|
To verify your identity and entitlement to benefit from a trust |
||||
|
To distribute any entitlement to assets from an estate on our client's instructions |
||||
3. Who we might share your data with
To provide you with our services and for administrative and billing purposes, your personal data may be shared on a confidential basis with MFMac's subsidiaries and affiliates.
We may also have to share your personal information with various third parties, who will usually be bound by obligations of confidentiality. These third parties may include, but is not limited to:
• Counterparties to transactions or litigation (including their lawyers), other professional service providers such as lawyers and accountants, counsel, advocates, barristers, arbiters, arbitrators, mediators, clerks, trade mark and patent agents, medical professionals, expert witnesses, witnesses, tax advisors or valuers, authorities and governmental institutions.
• Identity verification service providers used to carry out identity checks for the purposes of customer due diligence, including but not limited to, Amiqus and Creditsafe.
• Confidential waste management, suite of IT and communications service providers and other technology providers, including but not limited to security software providers, door access management providers, document processing and translation services, document and information storage providers some of whom may store personal data in cloud based data centres.
• Marketing platform providers, e.g. Concep.
• Regulators, government departments, the police and other law enforcement authorities, professional advisors, financial institutions and insurance companies, such as the Law Society of Scotland, Solicitors Regulation Authority, Legal Ombudsman, the Scottish Legal Complaints Commission, Land Registry, Registers of Scotland, Companies House, Office of the Public Guardian, National Crime Agency, lenders, Revenue Scotland, HMRC and other tax authorities.
• Any other person who is authorised to act on your behalf.
• Professional indemnity or other relevant insurers.
• Foreign law firms (and associated regulators) should you need advice for outside the Scottish jurisdiction.
• Third party agents/suppliers or contractors to allow us to organise and run the business of MFMac, including:
o Legal directories, e.g. Legal 500, Chambers and Partners, Who’s Who Legal and IP Stars, WTR100.
o Our general insurers, auditor and accountants, pension providers, banks and other financial institutions, providers of electronic verification services, credit reference agencies and regulatory bodies.
o General advertising, marketing, promotional, tendering activities, e.g. organising assisting us with our events, issuing of client updates/bulletins, seminars, training, business development and networking opportunities.
o Persons in connection with any sale, merger, acquisition, disposal, reorganisation or similar change in MFMac.
We may be legally required, and entitled, to share your FATCA (Foreign Account Tax Compliance Act) status and registration details with financial institutions and / or to submit reports to HMRC.
We typically undertake a search with a credit reference agency and/or other electronic verification service provider to verify an individual's identity. This includes persons such as directors, officers, instructing individuals, beneficial owners of corporate entities, trustees and/or beneficiaries of trusts, and any agent acting on the client’s behalf.
The credit reference agency and/or service provider may check the information supplied against any particulars on any database (public or otherwise) to which it has access. The credit reference agency and/or service provider may also use such information in future, and the fact that a search was made, to assist other persons or entities for the purposes of verification, assessing the risk of giving credit, tracing debtors, tracing other individuals for the purposes of returning monies, credit balances, intestate estates and family matters, or to provide necessary information in relation to such similar matters, and/or to prevent fraud and/or money laundering.
The privacy notice issued by the credit reference agency TransUnion Information Group at https://www.transunion.co.uk/legal-information/bureau-privacy-notice applies where we undertake electronic verification checks via the Amiqus ID system.
4. How we protect your personal data
We have in place administrative, technical and physical measures designed to guard against and minimise the risk of loss, misuse or unauthorised processing or disclosure of the personal data that we hold.
In addition to the above, MFMac complies with leading UK and global information security standards governing the confidentiality, integrity and availability of data. MFMac is certified against Cyber Essentials Plus and ISO27001.
5. Your rights in relation to your data
You have the following legal rights in respect of how we process your personal data, as follows:
Access to your information – You have the right to request a copy of the personal information about you that we hold.
Correcting your information – We should make sure that your personal data is accurate, complete and up to date. If this is not the case, you can ask us to correct any personal information that we hold about you that you believe does not meet these standards.
Deletion of your information – You have the right to ask us to delete personal data about you where:
• You consider that we no longer require the information for the purposes for which it was obtained.
• We are using that information with your consent and you have withdrawn your consent (see Withdrawing Consent below).
• You have validly objected to our use of your personal information (see Objecting to how we use your personal data below).
• Our use of your personal information is contrary to law or our other legal obligations.
We may not always be able to comply with your deletion request for specific legal reasons which will be notified to you if they apply, e.g. we must retain Client Due Diligence information for 5 years from the date of completion of the transaction, or conclusion of a business relationship.
Objecting to how we use your personal data – You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest or for our legitimate interests or those of a third party then, if you ask us to, we will stop using that personal information unless there are legitimate grounds to continue, which override your fundamental rights and freedoms.
Restricting how we use your information – you may ask us to restrict how we use your personal data, e.g. where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your data. The right might also apply where this is no longer a basis for using your personal data but you don't want us to delete it. Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Transfer – if we process your personal data on the basis of consent or because it is necessary for the performance of a contract, and in either case that processing is carried out by automated means, then you have the right to have that personal information transmitted to you in a machine readable format. Where technically feasible, you also have the right to have that personal information transmitted directly to another controller.
Withdrawing consent using your information – Where we use your personal data with your consent, you may withdraw that consent at any time. We will stop using your personal data for the purpose(s) for which consent was given. If you withdraw your consent, we may not be able to provide certain services or products to you. We will advise you if this is the case at the time you withdraw your consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to ensure that we respond appropriately and to speed up our response.
6. If you choose not to give your personal data
Where we need to collect personal data from you to meet our legal obligations, e.g. to carry out Customer Due Diligence, or under our contractual Terms of Business and you fail to provide the data requested, it may delay or prevent us from being able to perform our contract with you and/or comply with our legal duties. In some cases, we may be unable to act for you or may have to withdraw from acting.
7. How long we will keep your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
We follow the guidelines issued by the Law Society of Scotland regarding file retention. Generally, this means that we will retain files (and your personal data within them) for a minimum period of 10 years from the date on which the transaction has completed.
In some areas of our practice, e.g. real estate, wills, trusts or executries, we may require to hold files for longer, because the time periods for which legal claims can arise are much longer than 10 years.
If you have contacted us regarding recruitment, we will only hold your CV, applications, interview notes and other information for 12 months after the completion of the end of the recruitment process, if unsuccessful.
The rules that apply to determine how long it is appropriate to hold records for particular matters can be complex and varied. If you wish to know how long we may hold your particular personal data, please email dataprotectionofficer@mfmac.com. In some cases you can ask us to delete your data (see section 5 above).
8. International data transfers
The personal data we collect from you will usually be stored inside the United Kingdom ('UK') or the EEA. This means our document management system, our email servers and our practice management system are all hosted in the UK.
MFMac will only send your personal data outside the UK or EEA:
• where you ask us to, e.g. where you are based outside the UK or EEA and we need to process your personal data to provide our services.
• where we are being instructed on your behalf by someone outside the UK, e.g. another law firm).
• where that is required to provide the legal services that you have instructed us to provide, e.g. in instructing / dealing with foreign solicitors or other advisors on your behalf.
• where we need to do so in order to comply with a legal duty incumbent on us or you.
• where the transfer is necessary for important reasons of public interest.
• the transfer is necessary for the establishment, exercise or defence of legal claims.
We may also use ancillary IT systems hosted outside the UK, or where data is backed up in a data centre outside the UK.
If your information is to be processed outside the UK, we will seek to ensure that it is protected to the same standards as if it were being processed within the UK by using appropriate safeguards, which may include:
• ensuring that your data is only transferred to countries that have been recognised under Data Protection law as "adequate", protecting personal data to the same standards as the UK.
• putting in place a contract with the recipient of your data, requiring them to protect that data to the same standards as if the information were being processed within the UK.
The safeguards we use will depend on the location of the recipient, the function they are performing and the personal data being transferred.
9. Cookies
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.
Our website (www.mfmac.com, or any other domain name registered in our name) uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive. We use the following cookies:
• Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
• Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
• Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
• Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
|
Cookie |
Name |
Purpose |
|
Google Analytics |
_utma _utmb _utmc _utmz _ga _utm* |
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. |
|
Drupal has_js |
has_js |
Used by Drupal, the content management system which powers this website. It helps the website understand if the browser javascript functionality is enabled or not. This allows Drupal to generate different markup depending on whether the user agent is capable of executing JavaScript or not. |
|
Hotjar |
_hs*,hubspotut k,hsPagesView edThisSession, hsfirstvisit mp_*
_hjMinimizedTe stersWidgets _hjDoneTester sWidgets
_hjIncludedInS ample
|
These cookies are used by Hotjar to analyse the online behaviour of visitors to our website. We use the information to improve the end user's experience and to improve the performance of our website. The cookies collect information including standard internet log information and details of your behavioural patterns upon visiting our website. |
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
We also use analytic services to help us understand how effective our content is, what interests our users have, and to improve how this website works. In addition, we use web beacons or tracking pixels to count visitor number and performance cookies to track how many individual users access this website and how often.
This information is used for statistical purposes only and we do not use such information to personally identify any user.
10. Marketing
Our direct marketing communications generally consist of delivering regular newsletters (on various subjects) and informing you of upcoming events hosted or organised by us, usually by email or other electronic means.
We will provide you with direct marketing communications where you have consented to receive such communications. We may rely on our legitimate interests to market our business to provide direct marketing communications to other businesses (business-to-business marketing).
You can subscribe to such marketing communications, and you can adjust your marketing preferences at any time via the “Preference Centre” or by contacting us on marketing@mfmac.com or 0131 247 1000.
You can also opt-out or unsubscribe from all or some of these marketing communications at any time via the “Preference Centre”, by contacting us on marketing@mfmac.com or 0131 247 1011 or by clicking “unsubscribe” at the bottom of any marketing email.
Where you opt out of receiving these marketing communications, this opt-out will not apply to personal data provided to us for any other purpose
11. About us
Morton Fraser MacRoberts LLP ('MFMac') is a limited liability partnership with registration number SO300472. MFMac's registered office address is 9 Haymarket Square (Level 5), Edinburgh, EH3 8RY.
This Notice also applies to our subsidiary companies and affiliates. In this Notice, references to “we”, "our" or “us” mean MFMac and its subsidiary companies.
We are registered with the Information Commissioner's Office ('ICO'); our registration number is Z8122652.
We keep this Notice under regular review. Changes are made online periodically. A PDF version can also be downloaded from our website, or you can email us for a paper copy at: dataprotectionofficer@mfmac.com.
This Notice was last updated on: 01 November 2023
12. How to contact us
We have appointed a Data Protection Officer ('DPO') who is responsible for answering questions regarding this Notice. If you have any questions or wish to exercise any of your legal rights, you can contact 'The DPO':
• By post at: Morton Fraser MacRoberts LLP, 9 Haymarket Square (Level 5), Edinburgh, EH3 8RY.
• By email at: dataprotectionofficer@mfmac.com
• By phone at: 0131 247 1000
If you are unhappy with our DPO's response or handling of your request, you have the right to complain at any time to the ICO, which is the UK Supervisory Authority for data protection issues (www.ico.gov.uk). We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO.