1.1 This policy guidance ensures BUCHANAN MACLEOD complies with the requirement to inform clients how it uses their information, the lawful basis for processing their information, the information retention periods and the client’s right to complain to the information commissioner’s office if they believe there to be a problem.
A. The name and contact details of BUCHANAN MACLEOD.
B. The purposes of the processing.
C. The lawful basis for the processing:
(a)is necessary for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings),
(b)is necessary for the purpose of obtaining legal advice, or
(c)is otherwise necessary for the purposes of establishing, exercising or defending legal rights.”
D. The categories of personal data obtained (if the personal data is not obtained from the individual it relates to).
E. The recipients or categories of recipients of the personal data.
F. The retention periods for the personal data.
G. The rights available to individuals in respect of the processing.
H. The right to lodge a complaint with the information commissioner’s office.
I. The source of the personal data (if the personal data is not obtained from the individual it relates to).
J. ‘personal data’ or ‘personal client information’ means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
A. We provide individuals with privacy information at the time we collect their personal data from them alongside the terms of engagement letter.
B. We obtain personal data from a source other than the individual it relates to, we provide them with privacy information within a reasonable of period of obtaining the personal data and no later than one month.
C. We plan to communicate with the individual, at the latest, when the first communication takes place.
1.4 BUCHANAN MACLEOD’s GDPR policy is provided in a way that is:
D. easily accessible; and
E. uses clear and plain language.
1.5 Changes to the information
A. We regularly review and, where necessary, update our privacy information.
B. If we plan to use personal data for a new purpose, we update our privacy information and communicate the changes to individuals before starting any new processing.
1.6 Best practice – drafting the information
A. We undertake an information audit to find out what personal data we hold and what we do with it.
B. We put ourselves in the position of the people we’re collecting information about.
C. We carry out user testing to evaluate how effective our privacy information is.
1.7 Best practice – delivering the information
A. When providing our privacy information to individuals, we communicate this via letter.
1.8 Individual’s rights – there are a number of rights included under GDPR, most of which are already covered by the Data Protection Act:
A. right to be informed;
B. right to access;
C. right to rectification;
D. right to erasure;
E. right to restrict processing;
F. right to data portability;
G. right to object; and
H. the right not to be subject to automated decision making, including profiling.
1.9 There is legal justification to retain files for full retention period – as practice, documentation shall be retained for the full retention period to ensure all information is available in the event legal action is taken.
1.10 Subject access requests – GDPR provides that, should an individual request their information, the following should be adhered to:
A. BUCHANAN MACLEOD cannot charge for reasonable requests.
B. BUCHANAN MACLEOD has one month to comply with the request.
C. BUCHANAN MACLEOD can refuse a request or charge if its manifestly unfounded or excessive.
D. If a request is refused then BUCHANAN MACLEOD shall inform the individual that they can complain to Information Commissioner’s Office, this should be transmitted to the client(s) in question within one month.
Any queries should be addressed in writing to -
Karen E Buchanan
180 West Regent Street, Glasgow