Gleeson McGrath Baldwin LLP respects your right to privacy. We will handle your Personal Data in accordance with Data Protection Legislation, including the Data Protections Acts 1988 to 2018, The General Data Protection Regulation EU 2016/679 and any other applicable law or regulation.
We are the data controller in respect of information which we collect through the Website and in most circumstances in the provision of the Services. In certain circumstances, we may also act as data processor in relation to data which is processed on your behalf as data controller.
Gleeson McGrath Baldwin LLP’s registered address is 29 Anglesea Street, Dublin 2.
Our Data Protection representative is Denise Fitzgerald email@example.com
How we Process your Data
We process data on behalf of our clients in order to:
Where you have formally engaged us to act on your behalf or provide the Services, the basis for the processing of your data is necessity in the performance of our contract with you. Where you have not yet formally engaged us to act on your behalf, the basis for the processing of data is our legitimate interest in the administration and operation of the Services. In circumstances where you have consented to the processing of your data, the legal basis for such processing is consent. You may withdraw your consent at any time.
Circumstances in which we may share your data
We may share this data with various parties as necessary in the course of providing the Services to you including: barristers, experts (doctors, engineers, actuaries), counterpart solicitors in the course of a transaction or dispute, our IT services providers, our case management system provider, our insurer and such other parties as required by law.
We require all such third parties to enter into a data processing agreement with us which complies with our obligations under the GDPR. Such third parties may only process your data according to our instruction as data controller and for the purpose of providing us with their services.
Third Party Sources of data
We may also from time to time acquire your personal data from third parties, whether from your other professional advisors, publicly available resources and registers or such other parties which are involved or have a role in the Services we undertake on your behalf.
Duration of Processing/ Data Retention
We will retain your data for the duration of the provision of the Services and for a further period of six years or for such further period as is required by law in the circumstances.
We take appropriate security measures against the unlawful and unauthorised processing of your personal data and safeguard against accidental damage, loss or disclosure of personal data. Access to your data is limited to those employees, agents and third parties who have a necessity or legitimate interest in processing your data and who are subject to a duty of confidentiality in respect of same.
We have procedures for dealing with actual or suspected data breaches, including where necessary, notification to the Data Protection Commission and/or you as the Data Subject, where legally required to do so.
Requirement to provide Personal Data
You may browse our website without providing us with any personal data and this will not affect your ability to view our website.
If you do not provide us with your information for the purposes of the provision of the Services, we cannot provide you such advice and services or represent you in legal proceedings.
Automated decision-making and profiling
We do not use any personal data for the purpose of automated decision-making or profiling.
Your rights relating to personal data
You have the following rights under the GDPR, in certain circumstances and subject to certain exemptions, in relation to your personal data:
In order to exercise any of the rights set out above, please contact our Data Protection representative at the contact details at the start of this privacy notice.
If we are processing personal data based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing which took place prior to its withdrawal.
If you are unhappy with how we process personal data, we ask you to contact us so that we can rectify the situation.
You may lodge a complaint with a supervisory authority. The Irish supervisory authority is the Data Protection Commission.
Jointly Controlled Data
We may from time to time be required to jointly control and process personal data of third parties which you have collected and provided to us in relation to the provision of the Services. We confirm that in such circumstances, we shall only process same in accordance with and for the purpose of the provision of the Services or in accordance with our statutory and legal obligations.
In respect of any such data subjects, you shall remain the primary processor and retain responsibility for meeting their rights in respect of their data. Our responsibility as joint controller shall be limited to the extent to which we control such data for the purpose of the provision of the Services. We shall notify you of any contact made to us by the data subject in respect of their data. We shall treat any such data in a like manner to personal data which we collect in accordance with this Data Protection Statement.
In the event that such a third party requests from us access to, or the exercise of any other right in respect of their personal data, we shall notify you and keep a record of any such request. We shall be entitled to seek your reasonable and prompt assistance in complying with such requests. We confirm that in circumstances where a like request is made of you in respect of their personal data, we shall endeavour to provide reasonable and prompt assistance in order to enable you to comply with any such request.