Raeburn Christie Clark & Wallace (the Firm) is committed to respecting your personal data rights and complying with our obligations under the General Data Protection Regulation ((EU) 2016/679) (GDPR) and the Data Protection Act 2018 (DPA) and our general obligation to protect confidential information we receive from clients or others.
Who We Are
Raeburn Christie Clark & Wallace is a partnership established under the Law of Scotland with a principal place of business at 12 – 16 Albyn Place, Aberdeen, AB10 1PS. We also have branch offices in Ellon, Inverurie, Stonehaven and Banchory and on Union Street, Aberdeen.
A list of the Partners of the Firm is available on request. A list of the Partners of the Firm is also displayed at each office.
What we do
We provide legal and financial services which may include a variety of advice and assistance to clients. In relation to personal data we collect while providing that service, we are a ‘data controller’ and we are responsible for deciding how personal data we obtain or receive is dealt with.
Who we are regulated by
We are members of and authorised by the Law Society of Scotland. We are governed by the professional practice standards set out in the Standards of Conduct of Practice Rules for Solicitors laid down by the Law Society of Scotland. The standard of Conduct Practice Rules may be inspected by accessing the Law Society of Scotland website - www.lawscot.org.uk
We are also authorised and regulated by the Financial Conduct Authority (FCA), 12 Endeavour Square, Stratford, London, E20 1JN. Our Financial Services Registers number is 112958. Our permitted business is advising on and arranging pensions, savings and investment products, non-investment insurance contracts and mortgages. You can check this on the Financial Services Register by visiting the FCA's website www.fca.org.uk/firms/systems- reporting/register or by contacting the FCA on 0800 111 6768.
Purpose of the Privacy Notice
This privacy notice applies to personal data in emails or other written communication received or stored at the Firm’s offices. It also applies to personal data collected by our anti-money laundering procedures and from our website.
The personal data we collect
Personal data is data or information from which an individual can be identified. Individuals including individual clients, contacts at corporate clients or corporate parties to transactions and other professionals are treated in accordance with this privacy notice.
When you communicate with the Firm or visit our website, we may collect and use a variety of information. If you request our advice and assistance and become a client or if you are a contact either at a company or similar body or at another professional adviser we may, depending upon the circumstances, collect some of the following kinds of information:
How we obtain personal data about you?
We may obtain personal data by:
Direct interaction. If you are a client or contact you may give us your identity, contact and financial data in the course of becoming a client or instructing us for a corporate client or potential client or by virtue of being a person known to a partner or employee of the Firm. This includes personal data you provide when you:
From our website. When you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and similar technologies.
Publicly available sources. We may, for example, use such sources to help us keep the contact details we already hold for you accurate and up to date or for professional networking purposes, for example, social media such as LinkedIn.
Third parties. We may receive personal data about you from various third parties including data from parties to financial and corporate transactions and from banks and accounting services.
We do not collect personal data using automated technologies.
The use of the data we collect
We will only use your personal data when the law allows it. The legitimate purposes which justify our use of your personal data are:
The purposes relate to:
We will not normally rely on your consent as a basis for storing or processing your personal data. If we consider it necessary to obtain your consent in relation to the use of your personal data we will contact you specifically to request this consent. In such circumstances we will provide you with full details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. In the unlikely event we have asked for your consent for a particular matter you have the right to withdraw your consent at any time.
We will only use your personal data for one of the purposes listed above. If we reasonably consider that there is a need to use your data for another purpose, the alternative will be a purpose which is compatible with the purpose relied upon when we first collected the personal data. Before we use the personal data for an alternative purpose we will also take into account the link between the purpose for which the data was originally collected and the alternative purpose; and the context in which we collected the data and in particular, the extent of the relationship we have with you; the nature of the data concerned and particularly whether there is any special category data or data concerning criminal convictions or offences; the consequences of using the data for an alternative purpose; and the existence of appropriate safeguards including encryption and pseudonymisation.
Special category data
Who we share your personal data with
We may have to share your personal data with other professionals, with courts or tribunals and with the authorities as may be required by law or regulatory requirements. We will not share personal information you provide without first obtaining your express instruction or in certain other circumstances including:
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
We may also process your personal data to comply with legal and regulatory requirements or in the course of dialogue with regulators, which may mean disclosing your personal data to government, regulatory or law enforcement agencies in connection with investigations by them or when we are compelled to disclose information. Where we are permitted to we will direct any request by the authorities to you or will notify you before responding.
Some of the external service providers we use are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever your personal data is transferred by us out of the EEA, unless it is to a country that has been deemed to provide an adequate level of protection for personal data by the European Commission, we will take reasonable steps to identify whether the data protection rights and obligations available in the receiving jurisdiction provide an adequate level of protection.
We use third party companies including Credit Reference Agency TransUnion, to carry out anti-money laundering checks, client identification checks and certain other checks that we are obliged to enquire into depending on the nature of the client or the transaction. We would direct you to the TransUnion Bureau Privacy Notice for further details about how such checks are carried out. https://www.callcredit.co.uk/legal-information/bureau-privacy-notice
How we protect your personal data
We store all personal data responsibly on secure servers and we will take all reasonable precautions to prevent personal data from being lost, used or accessed in an unauthorised way, altered or disclosed but we cannot guarantee the security of any data we collect and store.
We limit access to your personal data to solicitors, members of staff, agents, contractors and other third parties who have a business need to know. Your personal data will be used only on our instructions and subject to strict obligations of confidentiality. We will not sell, distribute or lease to a third party any of the personal data we collect.
In the unlikely event that we suffer a data breach, we will notify you and any applicable supervisory authority, when we are required to do so.
How long we keep your personal data
We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for and for no longer, particularly after the purpose(s) are completed.
To determine the appropriate retention period for personal data, we take into account the extent, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we acquired your personal data, whether we can achieve those purposes by other means, and any applicable legal requirements. Where we wish to retain personal data after the purpose is complete, whenever possible the data will be encrypted or otherwise anonymised. We also take into account the guidance of the Law Society of Scotland concerning the retention of records. Our retention periods also take into account our business needs and good practice.
Any information we use for marketing purposes will be stored and used until you notify us that you no longer agree to us holding your personal data or, where our only contact is sending you a newsletter, you “unsubscribe” from our newsletter.
What rights you have in relation to your personal data
You have certain rights concerning personal data we hold or use. If you wish to exercise any of the rights described below, please submit a request in writing to our data protection manager, details of whom are provided below. You have the following rights:
If you wish to make any of the above requests please contact the Client Relations Partner. Please be aware that we will need to confirm your identity on every occasion that you make a request. That is for your protection. To that end we may request specific information from you to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights) is secure. To expedite our response, we may contact you to ask you for further information in relation to your request.
In general, you will not have to pay a fee to access your personal data or to exercise any of your rights. However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. In those circumstances, we may also refuse to comply with your request.
We try to respond to all requests within one month. Some complex requests may take us longer. In that event, we will notify you and keep you updated.
Third party links
Our website may from time to time include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control third-party websites and cannot be responsible for their privacy arrangements. If you follow a third party link you will leave our website. We encourage you to read the privacy notice of every website you visit.
How you can contact us
If you have any questions about this privacy notice, including any requests to exercise your legal rights, or any complaints, please contact our Client Relations Partner using the details below.
Name: Raeburn Christie Clark & Wallace
Address: 12 – 16 Albyn Place, Aberdeen, AB10 1PS
Client Relations Manager: Keith Allan
Email Address: email@example.com
Telephone Number: +44 (0) 1224 332400
You also have the right to make a complaint at any time to the Information Commissioner's Office (the ICO), the UK supervisory authority for data protection issues (https://ico.org.uk).
We would, however, appreciate the chance to address any of your concerns before you approach the ICO so please contact us in the first instance.
How we will update this privacy notice
We may, from time to time, update or amend this privacy notice. To that end, we will ensure that the latest version of the policy is held on our website at all times. If you have any concerns regarding the privacy notice please get in touch with our Client Relations Partner.
This Privacy Notice was updated on 15 April 2019