Data Protection Statement

Gleeson McGrath Baldwin LLP respects your right to privacy. We will handle your Personal Data in accordance with Data Protection Legislation, including the Data Protections Acts 1988 to 2018, The General Data Protection Regulation EU 2016/679 and any other applicable law or regulation.

This Data Protection and Privacy Policy describes the terms on which any information is collected from you and how that information is then processed, whether online on our website (“the Website”)or provided by you in the course of instructing us for the provision of legal advice and services or indeed in any other context including at events which we facilitate or support(“the Services”). It further serves to inform you as to our obligations and your rights under data protection law.

We are the data controller in respect of information which we collect through the Website and in most circumstances in the provision of the Services. In certain circumstances, we may also act as data processor in relation to data which is processed on your behalf as data controller.

Gleeson McGrath Baldwin LLP’s registered address is 29 Anglesea Street, Dublin 2.

Our Data Protection representative is Denise Fitzgerald


How we Process your Data

We process data on behalf of our clients in order to:

  • provide you with the Services
  • assist you with legal claims or proceedings
  • advise you of your legal rights
  • enable us to respond to your queries
  • enable the functioning of our website
  • market the Services of the firm
  • provide you with information on events we are running, firm updates and relevant legal updates from time to time
  • administer billing, process payments etc. in connection with the services we provide
  • comply with our legal and compliance obligations including with regard to record keeping, anti-money laundering and tax laws

Where you have formally engaged us to act on your behalf or provide the Services, the basis for the processing of your data is necessity in the performance of our contract with you. Where you have not yet formally engaged us to act on your behalf, the basis for the processing of data is our legitimate interest in the administration and operation of the Services. In circumstances where you have consented to the processing of your data, the legal basis for such processing is consent. You may withdraw your consent at any time.


Circumstances in which we may share your data

We may share this data with various parties as necessary in the course of providing the Services to you including: barristers, experts (doctors, engineers, actuaries), counterpart solicitors in the course of a transaction or dispute, our IT services providers, our case management system provider, our insurer and such other parties as required by law.

We require all such third parties to enter into a data processing agreement with us which complies with our obligations under the GDPR. Such third parties may only process your data according to our instruction as data controller and for the purpose of providing us with their services.


Third Party Sources of data

We may also from time to time acquire your personal data from third parties, whether from your other professional advisors, publicly available resources and registers or such other parties which are involved or have a role in the Services we undertake on your behalf.


Duration of Processing/ Data Retention

We will retain your data for the duration of the provision of the Services and for a further period of six years or for such further period as is required by law in the circumstances.


Data Security

We take appropriate security measures against the unlawful and unauthorised processing of your personal data and safeguard against accidental damage, loss or disclosure of personal data. Access to your data is limited to those employees, agents and third parties who have a necessity or legitimate interest in processing your data and who are subject to a duty of confidentiality in respect of same.

We have procedures for dealing with actual or suspected data breaches, including where necessary, notification to the Data Protection Commission and/or you as the Data Subject, where legally required to do so.

Requirement to provide Personal Data

You may browse our website without providing us with any personal data and this will not affect your ability to view our website.

If you do not provide us with your information for the purposes of the provision of the Services, we cannot provide you such advice and services or represent you in legal proceedings.


Automated decision-making and profiling

We do not use any personal data for the purpose of automated decision-making or profiling.


Your rights relating to personal data

You have the following rights under the GDPR, in certain circumstances and subject to certain exemptions, in relation to your personal data:


  • Right to access the data – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
  • Right to rectification- you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
  • Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
  • Right to restriction of processing or to object to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
  • Right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.


In order to exercise any of the rights set out above, please contact our Data Protection representative at the contact details at the start of this privacy notice.

If we are processing personal data based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing which took place prior to its withdrawal.

If you are unhappy with how we process personal data, we ask you to contact us so that we can rectify the situation.

You may lodge a complaint with a supervisory authority. The Irish supervisory authority is the Data Protection Commission.



Jointly Controlled Data

We may from time to time be required to jointly control and process personal data of third parties which you have collected and provided to us in relation to the provision of the Services. We confirm that in such circumstances, we shall only process same in accordance with and for the purpose of the provision of the Services or in accordance with our statutory and legal obligations.

In respect of any such data subjects, you shall remain the primary processor and retain responsibility for meeting their rights in respect of their data. Our responsibility as joint controller shall be limited to the extent to which we control such data for the purpose of the provision of the Services. We shall notify you of any contact made to us by the data subject in respect of their data. We shall treat any such data in a like manner to personal data which we collect in accordance with this Data Protection Statement.

In the event that such a third party requests from us access to, or the exercise of any other right in respect of their personal data, we shall notify you and keep a record of any such request. We shall be entitled to seek your reasonable and prompt assistance in complying with such requests.  We confirm that in circumstances where a like request is made of you in respect of their personal data, we shall endeavour to provide reasonable and prompt assistance in order to enable you to comply with any such request.