Raeburn Christie Clark & Wallace LLP (the Firm) is committed to respecting your personal data rights and complying with our obligations under the general the Data Protection Act 2018 (the UK General Data Protection Regulation) and our general obligation to protect confidential information we receive from clients or others.
Who We Are
Raeburn Christie Clark & Wallace LLP is a limited liability partnership incorporated in Scotland with partnership number SO306741 and its registered office at 12 – 16 Albyn Place, Aberdeen, AB10 1PS, Scotland, U.K.
Our principal place of business is at 12 – 16 Albyn Place, Aberdeen, AB10 1PS. We also have branch offices in Ellon, Inverurie, Stonehaven and Banchory and on Union Street, Aberdeen.
The Firm’s activities were previously carried out by Raeburn Christie Clark & Wallace (a partnership established under the Law of Scotland). That partnership was incorporated into Raeburn Christie Clark & Wallace LLP on 1st August 2019.
A list of the Partners of the Firm is available on request. A list of the Partners of the Firm is also displayed at each office.
What we do
We provide legal and financial services which may include a variety of advice and assistance to clients. In relation to personal data we collect while providing that service, we are a ‘data controller’ and we are responsible for deciding how personal data we obtain or receive is dealt with.
Who we are regulated by
We are members of and authorised by the Law Society of Scotland. We are governed by the professional practice standards set out in the Standards of Conduct of Practice Rules for Solicitors laid down by the Law Society of Scotland. The standard of Conduct Practice Rules may be inspected by accessing the Law Society of Scotland website – www.lawscot.org.uk
We are also authorised and regulated by the Financial Conduct Authority (FCA), 12 Endeavour Square, Stratford, London, E20 1JN. Our Financial Services Registers number is 844011. Our permitted business is advising on and arranging pensions, savings and investment products, non-investment insurance contracts and mortgages. You can check this on the Financial Services Register by visiting the FCA’s website www.fca.org.uk/firms/systems- reporting/register or by contacting the FCA on 0800 111 6768.
Purpose of the Privacy Notice
This privacy notice applies to personal data in emails or other written communication received or stored at the Firm’s offices. It also applies to personal data collected by our anti-money laundering procedures and from our website.
The personal data we collect
Personal data is data or information from which an individual can be identified. Individuals including individual clients, contacts at corporate clients or corporate parties to transactions and other professionals are treated in accordance with this privacy notice.
When you communicate with the Firm or visit our website, we may collect and use a variety of information. If you request our advice and assistance and become a client or if you are a contact either at a company or similar body or at another professional adviser we may, depending upon the circumstances, collect some of the following kinds of information:
- Identity Data. This can include your name, address, e-mail address, username or similar identifiers and title, copies of your passport, driving licence, utility bills, bank account details, employment history and qualifications.
- Contact Data. This can include personal information on billing addresses, email addresses and telephone numbers.
- Transaction Data. The categories of personal information that we may obtain and may require to hold will depend on our instructions and the advice we have been engaged to provide. This can include names and addresses of family members (if we are engaged to provide a Will or Power of Attorney for example). It can also include details of prospective purchasers if we have provided sales particulars to interested parties. This kind of data can be very wide but examples include, tax details, employment details, directorships, shareholding details, banking details or personal correspondence.
- AML Data. We are required by a variety of legislation including The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, the Terrorism Act 2000 and the Proceeds of Crime Act 2002 and amending legislation and various EU Directives (all together AML Legislation) to make enquiries of or concerning potential clients, parties to transactions and other contacts to obtain information on the ownership of companies and the source of funds. That requires that we obtain and confirm identification from client contacts, directors, shareholders, trustees and others. It will also require that we identify and establish the ultimate ownership of corporations, the source of any funds, whether as consideration in a transaction or for payment of our fees.
- Background Check Data. Includes credit references or reports from the disclosure and barring services (namely unspent criminal convictions).
- Technical Data. Includes your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use when accessing our website and usage data (including information about how you use our website).
- Instruction Data. Includes past instructions to the Firm or to other solicitors and professionals, advice provided in the past, or information obtained in the course of transactions.
- Marketing and Communications Data. Includes your preferences regarding receiving marketing material from us and your communication preferences.
- Special Category Data. We will not usually collect any special categories of personal data except where this is relevant to any legal services that we are providing or is used as part of our anti-money laundering checks. Occasionally we will obtain for the purposes of corporate or banking transactions and litigation data which is particularly sensitive and which is referred to as Special Category Data. That may include information concerning race or ethnicity, political opinions, philosophical or religious beliefs, trade union membership, biometric data, medical conditions, prescriptions, surgeries, therapies, medical history, disabilities and sexual orientation. Rarely, we may also obtain data concerning criminal records, convictions and offences.
- Recruitment Related Data. This could include your curriculum vitae, your education and employment history, details of professional memberships and other information relevant to potential recruitment by the Firm.
- Public Source Information. This could include the information held at Companies House, in title searches, in law reports and social media.
How we obtain personal data about you?
We may obtain personal data by:
- Direct interaction. If you are a client or contact you may give us your identity, contact and financial data in the course of becoming a client or instructing us for a corporate client or potential client or by virtue of being a person known to a partner or employee of the Firm. This includes personal data you provide when you:
- visit our office or otherwise contact us;
- instruct us or request our advice or services, correspond with us by email, or via other direct interactions with the Firm;
- provide bank details in relation to the transfer of funds as part of a transaction;
- provide a business card to, or correspond with, a partner or employee of the Firm;
- attend a Firm event;
- request marketing such as our Employment Newsletter; or
- provide feedback on our advice or service provision.
- From our website. When you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and similar technologies.
- Publicly available sources. We may, for example, use such sources to help us keep the contact details we already hold for you accurate and up to date or for professional networking purposes, for example, social media such as LinkedIn.
- Third parties. We may receive personal data about you from various third parties including data from parties to financial and corporate transactions and from banks and accounting services.
- We do not collect personal data using automated technologies.
The use of the data we collect
We will only use your personal data when the law allows it. The legitimate purposes which justify our use of your personal data are:
- you have freely given specific, informed and unambiguous consent to use your personal information for particular purposes;
- processing your data is necessary for the performance of our contract with you to provide legal services;
- your data is required to comply with a legal obligation to which the Firm is subject; and
- your data is necessary to pursue the Firm’s legitimate interests (or those of a third party) including pursuing and developing our business and we believe that using personal information in that way is not overridden by your interests or fundamental rights which require protection of your personal data.
The purposes relate to:
- use of your information to satisfy AML Legislation and to conduct conflict and other compliance checks that the law or the Law Society of Scotland Rules require us to conduct when we take instruction or are engaged to provide legal services and any other legal or regulatory requirements;
- maintaining our records, including our client files or to protect the good standing and reputation of the Firm;
- use of your information to provide legal advice to you or to a corporate client you represent; for individual clients, our lawful basis for this is that it is necessary in order to perform the contract for legal services that we have with you; for business clients, our lawful basis for this is that it is necessary in order to pursue the legitimate interest of the entity you represent in seeking legal advice;
- administering and managing our relationship or potential relationship with you;
- use of your information to instruct bank transfers and other payments required as part of the transactions upon which we have provided legal advice;
- use of your information to manage and strengthen our relationship with you or the corporate body you represent and to pursue and develop our business; it is a legitimate interest of the Firm to create close and enduring relationships with our clients;
- use of your personal information for correspondence and communication with you to obtain instruction, to provide legal advice and to invoice fees and disbursements; the information is necessary for the contract to provide our services to you or the corporate body you represent;
- monitoring emails sent to us (including attachments) for viruses or malicious software;
- generally to manage the activities of the Firm, including monitoring and recording electronic communications (including telephone calls and emails);
- use of your personal information to invite you to events hosted by the Firm to assist us in pursuing and developing the business of the Firm; and
- the information is necessary to progress litigation or corporate or banking transactions where communication with other professionals and advisers will often require that we hold data concerning contacts at other solicitor firms, investors, companies, banks, accountants and experts witnesses.
We will not normally rely on your consent as a basis for storing or processing your personal data. If we consider it necessary to obtain your consent in relation to the use of your personal data we will contact you specifically to request this consent. In such circumstances we will provide you with full details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. In the unlikely event we have asked for your consent for a particular matter you have the right to withdraw your consent at any time.
We will only use your personal data for one of the purposes listed above. If we reasonably consider that there is a need to use your data for another purpose, the alternative will be a purpose which is compatible with the purpose relied upon when we first collected the personal data. Before we use the personal data for an alternative purpose we will also take into account the link between the purpose for which the data was originally collected and the alternative purpose; and the context in which we collected the data and in particular, the extent of the relationship we have with you; the nature of the data concerned and particularly whether there is any special category data or data concerning criminal convictions or offences; the consequences of using the data for an alternative purpose; and the existence of appropriate safeguards including encryption and pseudonymisation.
Special category data
- Sensitive personal information requires higher levels of protection and we will ensure that we have additional justification for processing (storing or using) this type of personal information.
- We may use special category data to provide legal advice to you. In that case it is necessary for the performance of our instructions and the contract to provide legal advice that we have with you or with the corporate body you represent.
- We may hold special category data when engaged on corporate transactions or in connection with litigation. Often transactions require that we carry out diligence involving the review of special category data concerning employees, contractors and other service providers to one or other of the parties to the transaction. Similarly, in litigious matters, special category data may be required to establish a defence or pursue a claim. In those cases, the additional purpose is that the personal data is necessary to pursue the legitimate interest of the company you represent or, in litigation it is necessary for defence or pursuit of the claim.
- Very occasionally, we will hold information concerning criminal records in order to provide legal advice. For individual clients, the information is necessary in order to perform the agreement to provide legal advice. If you represent a corporate client that kind of information is necessary to pursue the legitimate interest of the entity you represent. Furthermore, the information is necessary for to obtain legal advice.
Who we share your personal data with
We may have to share your personal data with other professionals, with courts or tribunals and with the authorities as may be required by law or regulatory requirements. We will not share personal information you provide without first obtaining your express instruction or in certain other circumstances including:
- external third parties – we may need to share your information with a third party where it is necessary for the provision of legal services to progress a transaction or litigation or to arrange transfers of funds and we may need to share your information with other third parties such as other solicitors, accountants, banks, investors and expert witnesses;
- service providers – we may share information with providers of document analysis tools, data rooms and extranets used by us in the course of providing legal services, IT service providers, event management businesses, PR and marketing service providers, background and/or credit reference services, printers, telephone service providers and backup and disaster recovery service providers;
- professional agents and service providers – we may share information with other agents we use in the provision of legal services, including solicitors, counsel, intermediaries, expert witnesses, courts, law accountants, sheriff officers (or similar), third party payees, search agents and insurance brokers;
- professional advisors – we may share information with the Firm’s professional advisers (e.g., legal, financial, business, risk management or other advisors), bankers and auditors;
- insurers – we may share information with the Firm’s insurers and insurance brokers; and
- mergers – we may share information with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets; alternatively, we may seek to acquire other businesses or merge with them; if a change happens to our business, then the new owners will be required to use your personal data in accordance with this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
We may also process your personal data to comply with legal and regulatory requirements or in the course of dialogue with regulators, which may mean disclosing your personal data to government, regulatory or law enforcement agencies in connection with investigations by them or when we are compelled to disclose information. Where we are permitted to we will direct any request by the authorities to you or will notify you before responding.
Some of the external service providers we use are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever your personal data is transferred by us out of the EEA, unless it is to a country that has been deemed to provide an adequate level of protection for personal data by the European Commission, we will take reasonable steps to identify whether the data protection rights and obligations available in the receiving jurisdiction provide an adequate level of protection.
We use third party companies including Credit Reference Agency TransUnion, to carry out anti-money laundering checks, client identification checks and certain other checks that we are obliged to enquire into depending on the nature of the client or the transaction. We would direct you to the TransUnion Bureau Privacy Notice for further details about how such checks are carried out. https://www.callcredit.co.uk/legal-information/bureau-privacy-notice
How we protect your personal data
We store all personal data responsibly on secure servers and we will take all reasonable precautions to prevent personal data from being lost, used or accessed in an unauthorised way, altered or disclosed but we cannot guarantee the security of any data we collect and store.
We limit access to your personal data to solicitors, members of staff, agents, contractors and other third parties who have a business need to know. Your personal data will be used only on our instructions and subject to strict obligations of confidentiality. We will not sell, distribute or lease to a third party any of the personal data we collect.
In the unlikely event that we suffer a data breach, we will notify you and any applicable supervisory authority, when we are required to do so.
How long we keep your personal data
We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for and for no longer, particularly after the purpose(s) are completed.
To determine the appropriate retention period for personal data, we take into account the extent, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we acquired your personal data, whether we can achieve those purposes by other means, and any applicable legal requirements. Where we wish to retain personal data after the purpose is complete, whenever possible the data will be encrypted or otherwise anonymised. We also take into account the guidance of the Law Society of Scotland concerning the retention of records. Our retention periods also take into account our business needs and good practice.
Any information we use for marketing purposes will be stored and used until you notify us that you no longer agree to us holding your personal data or, where our only contact is sending you a newsletter, you “unsubscribe” from our newsletter.
What rights you have in relation to your personal data
You have certain rights concerning personal data we hold or use. If you wish to exercise any of the rights described below, please submit a request in writing to our Client Relations Partner, details of whom are provided below. You have the following rights:
- You may request access to your personal information (commonly known as a “data subject access request”). You can request a copy of the personal data held about you to check that it is accurate and is being used for the appropriate purpose.
- You may request correction of your personal data. You can have any incomplete or inaccurate information held about you corrected.
- You may request erasure of your personal data. You may request that we delete or remove your personal data from storage where there is no good reason for continuing to hold it. You also have the right to ask us to delete or remove your personal data if you have exercised your right to object to processing (see below).
- You may object to processing of your personal data. Where we rely on a legitimate interest (or that of a third party) as the basis for processing your personal data and there is something about your particular situation which raises a concern or objection to processing on that basis you may object to our continuing to process on that basis. You also have the right to object if we use your personal data for direct marketing purposes. Direct marketing occurs if we send (by whatever means) any advertising or marketing material directed to particular individuals.
- You may request the restriction of processing of your personal data. This enables you to ask us to suspend processing of personal data about you. This would allow you to suspend processing, for example, to allow you to establish the accuracy of the data or the reason for processing it.
- You may request the transfer of your personal data to another party.
- You may withdraw consent at any time where we are relying on consent to process your personal data. We will not normally use consent as the basis for processing but if we do, you may withdraw that consent at any time by notifying the data protection manager. Please note that this will not affect any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. For the avoidance of doubt, the Firm does not rely on consent to process your personal data.
If you wish to make any of the above requests please contact the Client Relations Partner. Please be aware that we will need to confirm your identity on every occasion that you make a request. That is for your protection. To that end we may request specific information from you to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights) is secure. To expedite our response, we may contact you to ask you for further information in relation to your request.
In general, you will not have to pay a fee to access your personal data or to exercise any of your rights. However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. In those circumstances, we may also refuse to comply with your request.
We try to respond to all requests within one month. Some complex requests may take us longer. In that event, we will notify you and keep you updated.
Third party links
Our website may from time to time include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control third-party websites and cannot be responsible for their privacy arrangements. If you follow a third party link you will leave our website. We encourage you to read the privacy notice of every website you visit.
How you can contact us
If you have any questions about this privacy notice, including any requests to exercise your legal rights, or any complaints, please contact our Client Relations Partner using the details below.
Name: Raeburn Christie Clark & Wallace LLP
Address: 12 – 16 Albyn Place, Aberdeen, AB10 1PS
Client Relations Manager: Callum McDonald
Email Address: Callum.McDonald@raeburns.co.uk
Telephone Number: +44 (0) 1224 332400
You also have the right to make a complaint at any time to the Information Commissioner’s Office (the ICO), the UK supervisory authority for data protection issues (https://ico.org.uk).
We would, however, appreciate the chance to address any of your concerns before you approach the ICO so please contact us in the first instance.
How we will update this privacy notice
We may, from time to time, update or amend this privacy notice. To that end, we will ensure that the latest version of the policy is held on our website at all times. If you have any concerns regarding the privacy notice please get in touch with our Client Relations Partner.