Privacy Notice

1.   Our contact details

We are Flemings Legal Services Limited, a limited company with registered number SC680986 and having its registered office at 8 Albany Street, Edinburgh, Scotland, EH1 3QB. We are a firm of solicitors providing legal services to individual clients and business clients, including those instructing us on behalf of public, private and third sector bodies. We are regulated by the Law Society of Scotland and are registered with the ICO as a controller and our registration number is ZB052015.

We provide legal services in the following areas:

·      Commercial and Civil litigation

·      Property litigation

·      Dispute resolution

In order to do this, we collect and use information, including personal data, relating to: our individual clients and employees of our business clients; potential clients; those who ask for information about our services; and the personal data of other individuals when this is necessary to provide our legal services.

For the purposes of this privacy notice:

  • an "individual client" is someone acting in their own capacity or jointly with another individual or acting as a sole trader, trustee, partner in a partnership or member of an unincorporated club or association.

  • a "business client" or "corporate client" is a corporate legal entity such as a limited company. 

In relation to the provision of legal services, much of the personal data that we process is subject to an obligation we have to our clients to maintain their confidentiality. This means that sometimes we are exempt from the requirement to tell individuals that we are processing their data or to provide them with a copy of it.

This obligation of confidentiality does not apply to all of the personal data that we collect and use and so this notice provides information about how we process the personal data which is not subject to an obligation of confidentiality and the information relating to our clients. 

We have a separate privacy notice for our staff and prospective staff.

We have appointed a data protection manager who can be contacted in the following ways:

Mr Christopher Fleming, Partner
Flemings
8 Albany Street,
Edinburgh EH1 3QB

0131 473 2343
Christopher.fleming@flemingslegal.co.uk

2.   Types of personal information we have

Because of the nature of the services we provide, the types of data we process can be quite varied, but will include the contact details you provide to us.

We will ask our individual clients and those representing our corporate clients for copies of identification documentation in order to comply with our obligations under anti-money laundering laws.  We may also be required to carry out the same identity and anti-money laundering checks if, for example, you are providing funds to our clients in order to purchase property.

Depending on the nature of our relationship with you or your relevance to the legal advice we have been asked to provide, we will process information about:

  • your identity

  • financial affairs;

  • family, lifestyle and social circumstances;

  • education and employment background;

  • medical conditions

In some circumstances, again depending on the nature of relationship with our client, we will process special categories of personal data, in which case we take particular care to process such data in accordance with the stricter legal requirements set out in the law, particularly in relation to security and confidentiality.

Special category data includes:

  • information revealing your racial or ethnic origin;

  • revealing your political opinions;

  • information revealing your religious or philosophical beliefs;

  • information revealing your trade union membership;

  • genetic or biometric data for the purpose of uniquely identifying natural persons;

  • information concerning your health; and

  • information concerning your sex life or sexual orientation.

If we process information about criminal offences and convictions, the same considerations will be taken into account. 

We also have an appropriate data protection policy for our staff which takes into account the additional safeguards required.

3.   How we get the information, why we have it and our legal basis for processing

We obtain personal data directly from our clients and from third parties involved in the provision of legal services to our clients; professional representatives; other professionals; witnesses and potential witness in court matters; and from publicly available information.

Potential clients may provide us with personal data (such as name and email address) when completing the "Contact us" section on our website or where they contact us by other means. When we correspondent with potential clients our lawful basis for processing personal data is our legitimate interest in responding to an enquiry.

In relation to our individual clients, we have a contract to provide them with legal services and we process their data as it is necessary to do, to fulfil that obligation.

In relation to our business clients, our contract is not with an individual but we have a legitimate business interest in processing the data of their employees as a point of contact and as is necessary to provide legal services.

We have a legal obligation to process identification information from our individual and business clients and to carry out the necessary checks to comply with anti-money laundering legislation.

We process the data of third parties because we have a legitimate business interest to do so, and it is necessary for us to do so, in order to provide our legal services.

"Legitimate Interest" means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Where we process special category personal data, we will generally do so on the basis that (1) it is necessary for the establishment, exercise or defence of legal claims or (2) it is necessary for reasons of substantial public interest (as permitted by Schedule 1 of the Data Protection Act 2018, for example for the purposes of fraud prevention). In exceptional circumstances, we may process special category personal data on the basis of your explicit consent or where it is necessary to protect your vital interests or those of another individual. Other lawful bases for processing special categories personal data may apply from time to time, but we would inform you of this at the relevant time. This applies to personal data processed in connection with litigation and for the purpose of providing legal advice.

Where we process criminal offence data, we only do so where authorised by law, in particular Schedule 1 of the Data Protection Act 2018.

 4.   What we do with the information we have (including who we share it with)

The data that we collect, and use is to assist us in providing legal services to our clients, to comply with the legislation that regulates our profession and to keep our clients informed about our services.

In order to do this, we share this information with third parties on a regular basis.  There will be occasions when we share data with other third parties, but clients and other third parties will be aware of this as necessary.  

For all individual clients and individuals representing business clients:

  • We use a third party to assist us to check our clients’ identity and to ensure that there are no money laundering concerns that we need to be aware of. 

  • We have a written contract with this organisation who will only do what we instruct them to do with the data provided to them; they will keep the data secure and will only use it on our instructions to carry out these checks.

Below is an example of the types of third parties we are likely to share data with depending on the area of work.

  • Surveyors

  • Registers of Scotland

  • Solicitor for the other party

  • Advocates

  • Party litigant

  • Court

  • Expert witnesses and advisers

  • Court appointed reporters

  • Financial advisers

  • DWP

  • HMRC

  • Privacy pension funds

  • Financial institutions

  • Financial advisers

If you are a client, you will usually know in advance when we share your data and who we share it with.

The personal data we process will also be shared with third party service providers who provide specialist assistance to us so that we can concentrate on providing you with legal advice. These include: IT support, practice management systems, document management systems, case management systems, printing and reprographics support, document destruction and storage and email marketing management.

We are confident that these providers parties have adequate security in place and we have written contracts with these providers setting out our requirements in relation to security and only permitting them to access the data for specific circumstances and in in accordance with our instructions. They are not permitted to use this data for their own purposes.

5.   How we store your information

We store information about you in paper form and electronically and we have put in place appropriate security measures to protect your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

Paper files

We secure our paper files in the office environment and outside the office to minimise the risk of them being accessed by anyone who does not have a legitimate business reason to do so.

Electronical information

Information held electronically is securely stored on our IT systems. We use the services of third parties, as above, to store our information securely and to help us use it effectively.

If the data is stored outwith the UK, we will ensure that there is adequate protection in place to ensure the same data protection standards are maintained.

We have procedures to deal with any suspected data security breach and will notify you and the ICO of a suspected breach where we are required to do so.

We will retain your personal data for as long as necessary to fulfil the purposes for which the personal data was obtained and to comply with any legal, accounting or reporting requirements. 

Generally speaking, we will keep your client files (and any personal data contained therein) for a minimum period of ten years following completion of the matters, so that we are able to respond to a question, complaint or claim. We will keep the information used to verify your identity, and other related client due diligence information, for five years after you cease to be our client.

Retention periods for records are determined on the basis of the type of record, the nature of the service or advice that we have provided, and any applicable legal or regulatory requirements. We follow the guidelines issued by the Law Society of Scotland concerning the retention of client files (including personal data contained therein), but the rules that apply to determine how long it is appropriate to hold client files can be complex and varied.

If you wish further information about our retention policy then please contact us using the details above.

6.   Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.

Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

You can find more information about the individual cookies we use and the purposes for which we use them by contacting us at info@flemingslegal.co.uk.

7.   Marketing

Our direct marketing communications generally consist of delivering regular newsletters (on various subjects) and informing you of upcoming events hosted or organised by us, usually by email or other electronic means.

Generally speaking, we will only provide you with direct marketing communications where you have consented to receive such communications.

You can subscribe to such marketing communications, and you can adjust your marketing preferences at any time by contacting us at info@flemingslegal.co.uk

In limited circumstances, we may rely on our legitimate interests to market our business to provide direct marketing communications to other businesses (business-to-business marketing).

You can also opt-out or unsubscribe from all or some of these marketing communications at any time by contacting us at info@flemingslegal.co.uk or by clicking “unsubscribe” at the bottom of any marketing email.

Where you opt out of receiving these marketing communications, this opt-out will not apply to personal data provided to us for any other purpose.

8.   Your data protection rights

Your personal data is protected by legal rights, which include your rights to:

  • Right of access - You have the right to ask us for a copy of your personal information. Unless you are a client, we will have to consider whether the personal data about you is subject to a duty of confidentiality we owe to our client or whether other exemptions may apply. You also have the right to information about how we use your data. This notice should answer most of your questions but you should contact us if you have further queries.

  • Right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

  • Right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

  • Right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.

  • Right to object to processing - You have the right to object to the processing of your personal data in certain circumstances. You have an absolute right to ask us to stop sending you marketing material and updates about our services. 

  • Request the transfer of your personal data to you or to a third party (data portability) - We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

  • Withdraw consent at any time where we are relying on consent to process your personal data - However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

There is no charge for exercising these rights unless your request is manifestly unfounded or excessive. If it is, we will charge a reasonable fee or refuse to comply with your request. 

Once a request is made, it will be acknowledged and we may ask for confirmation of identification from the requester and seek clarification of this request.

We will do our best to respond without undue delay and within one month of receiving your request. However, if the request is complex we can extend that by another two months but if we do need more time, we will let you know why.

Please make any requests using the contact details above.

9.   Consequences of failing to provide data

If you are a client and you do not provide us with the information we require to provide you with legal services, or if you ask us to cease processing your data or to erase your data, then we may not be able to provide you with the all of the legal services that you have asked for.

10.        How to complain

If you have any concerns about the way that we collect and use your data then please contact us using the details above and we will do our best to address these concerns.

However you can also complain to the ICO if you are unhappy with how we have used your data and their contact details can be found here.

11.        Changes to our privacy notice

We keep our privacy notice under review and will require to make changes from time to time. We will highlight any substantial updates on our website.

This privacy notice was last updated on 7 June 2021.

Version Control

Date: 27/04/2021
Change : Original version agreed
Name: Christopher Fleming