Who we are
Scott Bailey LLP is a Limited Liability Partnership registered at Companies House under number OC333422 and is a controller under the General Data Protection Regulations.
Scott Bailey LLP collects, uses and is responsible for personal information about you. When we do this we are the ‘controller’ of this information for the purposes of the General Data Protection Regulation and other applicable data protection laws.
Our Data Protection Officer is Bruce Mcgrotty.
What do we do with your information
Information collected by us
You may choose to provide personal information to us when you register with the website e.g. to register for an event, sign up for a newsletter or ask us to contact you. You may be asked to provide certain information about yourself including your name, title, postal address, telephone number and/or email address. If you are attending an event, you may also be asked to provide information about any dietary or access requirements you may have which may reveal information about your health or religious beliefs.
If you seek an estimate of costs for legal work, are provided with initial advice or become a client of the firm, we will also need information to confirm the details of your identity e.g. your date of birth, your circumstances as well as contact information for you and other parties to the matter. The information that we need will be explained to you by our lawyers and/or set out in our letter of engagement depending on the nature of your matter.
Information collected from other sources
We may receive information about you from third parties such as estate agents, accountants, banks, surveyors, medical professionals, courts, regulatory bodies and other advisors and specialists related to your matter. Our clients and matter contacts may also provide us with information about you if you are involved in a transaction or dispute with one of our clients or have a connection with them such as being a tenant or employee of a client.
How we use your personal information
We will use your information for the specific purpose(s) for which it has been provided to or collected by us e.g.:
- to provide information that you may request regarding the services that we offer e.g. whether we can assist with certain legal advice
- to contact you to introduce you to our expert lawyers
- to provide you with legal services including referring them to other specialist advisers both in the UK and overseas
- to comply with our statutory and regulatory obligations
- to verify your identity for anti-money laundering purposes
- to book you onto a course or event
- to administer your application for a vacancy
- to deal with your feedback, query or complaint
- to contact you for your views on our services
We also use your information to administer, support, improve and develop our business generally and to enforce our legal rights.
We may also use the information that we collect about you for marketing and hospitality purposes e.g.:
- to provide communications about us and other services we provide that may be of interest to you e.g. sending you newsletters
- to provide you with updates on relevant areas of law and practice
- to contact you about other activities and events that we may undertake
- to invite you for a meal or drinks
Information gathered through cookies and similar technologies is used to measure and analyse visits to our websites, to tailor the websites to make them better for visitors and to improve technical performance. We will not use the data to identify you personally or to make any decisions about you.
Whether information has to be provided by you, and why
Personal information must be provided by you to us to enable us to verify your identity and ensure we are taking instructions’ from correct parties. When we collect information from you we will inform you whether you are required to provide this to us.
Legal reasons we collect and use your personal information
We must have a lawful basis for processing your information; this will vary depending on the circumstances of how and why we have your information but typical examples include:
- the activities are within our legitimate interests as a law firm seeking to engage with and provide services to prospective and current clients and personnel
- you have given consent for us to process your information e.g. in relation to certain marketing activities
- we are carrying out necessary steps in relation to a contract to which you are party or prior to you entering into a contract e.g. because you wish to instruct us to carry out legal services for you
- the processing is necessary for compliance with a legal obligation to which we are subject e.g. for us to certify your identity under our anti-money laundering requirements including carrying out electronic ID checks
- to protect your vital interests e.g. if you were unfortunate enough to fall ill or suffer an injury on our premises
If we process any special categories of information i.e. information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, processing of genetic or biometric data for the purpose of uniquely identifying individuals, health data, or data concerning your sex life or sexual orientation, we must have a further lawful basis for the processing. This may include:
- where you have given us your explicit consent to do so e.g. to cater for your medical or dietary needs at an event
- where the processing is necessary to protect your vital interests or someone else’s vital interests
- you have made the information public
- the processing being necessary for the establishment, exercise or defence of legal claims
- the processing being necessary for reasons of substantial public interest
Who will we share your personal information with
Some of the information you provide to Scott Bailey will be held on our computers in the UK and will only be accessed by or given to our staff (or staff of Scott Bailey related entities) working in the UK. Some of the information you provide to Scott Bailey may be transferred to, and/or stored and processed by third party organisations which process data for us and on our behalf. These third parties may be based (or store or process information) in the UK or elsewhere including outside of the EEA. These third parties may include IT platforms (including cloud based platforms), suppliers of administrative and support services and suppliers of other specialist products.
We may also transfer your information to other organisations or professional advisers with whom we are working on client matters or to whom we are referring you for additional or separate advice. If you agree to act as a referee for us in relation to other legal work for which we are tendering, we will only do this with your prior permission.
We may also be obliged to disclose data under certain laws or by order of court or other competent regulatory body or may be permitted to disclose it under applicable data protection laws.
Finally, if Scott Bailey merges with another business entity or divests a part of its business or carries out internal corporate restructuring, your information may be disclosed to Scott Bailey’s new business partners or owners or the new corporate entities.
Protection of your information
We have in place administrative, technical and physical measures on our website and internally designed to guard against and minimise the risk of loss, misuse or unauthorised processing or disclosure of the personal information that we hold.
Where we transfer information to third parties to enable them to process it on our behalf, we ensure that the providers meet or exceed the relevant legal or regulatory requirements for transferring data to them and keeping it secure.
We will also ensure that where information is transferred to a country or international organisation outside of the UK / EEA, we will comply with the relevant legal rules governing such transfers.
How long will we store your personal data
We keep your personal information no longer than is necessary for the purpose for which it was collected. Information for clients is provided in our engagement letter and terms of business including details on how we keep secure personal data received from clients about their tenants, employees, third parties or similar individuals.
We are relying on your explicit consent to act for you. You provide this consent when you sign our terms of business.
You have the right to withdraw this consent at any time, but this will not affect the lawfulness of any processing activity we have carried out prior to you withdrawing your consent. You can opt-out by contacting our Data Protection Officer.
You have certain rights in relation to your personal information, although those rights will not apply in all cases or to all information that we hold about you. For example, we may need to continue to hold and process information to establish, exercise or defend our legal rights. Alternatively, the rights may not be enforceable until the General Data Protection Regulation comes into force on 25 May 2018. We will tell you if this is the case when you contact us. You have the right to request that we:
- Provide you with a copy of your personal information that we hold
- Update your personal information where it is out-of-date or incorrect
- Delete personal information that we hold
- Restrict the way in which we process your information
- Consider any valid objections to our processing of your personal information
- Provide information you have given to us to a third party provider of services (where our lawful basis for processing is consent and where processing is automated)
We will respond to your request (including providing information on whether the rights apply in the particular circumstances) within the applicable statutory time period. If we are not sure of your identity, we may require you to provide further information in order for us to confirm who you are.
How to make a complaint
We hope that you are happy with our service and that we or our Data Protection Officer can resolve any issues or complaints that arise. Please get in touch if you have any concerns (see ‘Get in touch’ below).
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority is the Information Commissioner’s Office who can be contacted at https://ico.org.uk/concerns/.
Automated Decision Making
We tailor our marketing and hospitality communications to the interests of particular clients and contacts to ensure we provide information and invitations of interest and relevance to them.
We do not intend to process your personal information for any reason other than stated within this privacy notice.
Changes to this privacy notice
We may make changes to this policy from time to time as our business and internal practices and/or applicable laws change. We will not make any use of your personal information that is inconsistent with the original purpose(s) for which it was collected or obtained (if we intend to do so, we will notify you in advance wherever possible) or otherwise than is permitted by applicable law.
If it would be helpful to have this notice provided in another format (for example: in another language, audio, braille) please contact us and we will use reasonable steps to make this accessible to you.