Data Protection and GDPR Statement
Who we are
Oracle Solicitors Ireland, WeWork, Charlemont Exchange, Charlemont Street, Saint Kevin’s Dublin 2, D02 VN88 is a law firm regulated by the Law Society of Ireland. You can contact us at this address by post or by email at email@example.com.
Our data protection representative is Sajjad Shan, firstname.lastname@example.org.
The EU General Data Protection Regulation (“GDPR”) came into force across the European Union on 25th May 2018 and brought with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation standardised data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
Oracle Solicitors (‘we’ or ‘us’ or ‘our’) are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have a robust and effective data protection program in place which complies with the law and abides by the data protection principles.
Oracle Solicitors are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. Our objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
Why we process your data, the lawful basis for processing your data and who we share it with
For people who view and interact with our website, we process data:
- to respond to your query when sent through our ‘contact us’ form
- to sign up to our newsletter when you request subscription through our website
The legal basis for this processing is our legitimate interest in the administration and operation of our legal services as well as our legitimate interest in marketing and promoting our firm’s legal services. We always include an unsubscribe button in our communications, so you can opt out of receiving such communications at any time.
We share this data with our client relationship management system provider. They may only process this data for the purpose of providing us with their services, and no other purpose.
For our potential clients, we process data:
- in order to market the services of our firm
- to provide you with legal updates and newsletters to which you have subscribed
The legal basis for the processing of this data is processing necessary for the purpose of the legitimate interests of our firm in promoting our services. We always include an unsubscribe button in our communications, so you can opt out of receiving such communications at any time.
We share information such as your name and email address with our newsletter services provider who sends out our newsletters. This provider is not permitted to use this data other than on our behalf.
For solicitors and barristers that we liaise with on client matters, we process data:
- In order to liaise with you about our client matters
The legal basis for the processing of this data is processing necessary for the purposes of the legitimate interests pursued by our firm in representing our clients.
We share the information you provide with our practice management system in order to store your contact information with our client file. We may also send you emails through our email service provider.
For job applicants to the firm, we process data:
- to recruit new employees
- to ascertain your suitability for a specific role
The legal basis for this processing is processing necessary for the purpose of the legitimate interests of our firm in recruiting new staff. Please see the privacy notice in the job advertisement for further information about how we process applicant data.
We share the information you provide in your application with our contracted recruiter in order to make a shortlist of candidates. This recruiter is not permitted to use this data other than on our behalf. We may also send you emails about your application through our email service provider.
The time period for retaining data depends on the purpose for which it is processed. An example is seven years from completion of any legal work.
Your rights relating to personal data
You have the following rights under the GDPR, in certain circumstances and subject to certain exemptions, in relation to your personal data:
- right to access the data – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
- right to rectification- you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
- right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
- right to restriction of processing or to object to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
- Right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
In order to exercise any of the rights set out above, please contact us at the contact details at the start of this privacy notice.
If we are processing personal data based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing which took place prior to its withdrawal.
If you are unhappy with how we process personal data, we ask you to contact us so that we can rectify the situation.
You may lodge a complaint with a supervisory authority. The Irish supervisory authority is the Data Protection Commission.
Requirement to process personal data
You may browse our website without providing us with any personal data and this will not affect your ability to view our website.
If you do not provide us with your information for the purposes described above, we cannot send your our newsletter, respond to your queries sent through our contact us form, liaise with you on client matters or assess your suitability for a role within our firm.
Automated decision-making and profiling
We do not use any personal data for the purpose of automated decision-making or profiling.
Data Subject Rights
In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via our website of an individual’s right to access any personal information that Oracle Solicitors processes about them and to request information about:
- What personal data we hold about them
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from them, information about the source
- The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
The right to lodge a complaint or seek judicial remedy and who to contact in such instances.
Information Security & Technical and Organisational Measures
Oracle Solicitors takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including:
- Access Controls
- Password Policy
GDPR Roles and Employees
Oracle Solicitors have designated Sajjah Shan as our Data Protection Officer and have appointed a data privacy team to develop and implement our roadmap for complying with the new data protection Regulation. The team are responsible for promoting awareness of the GDPR across the organisation, assessing our GDPR readiness, identifying any gap areas and implementing the new policies, procedures and measures.
Oracle Solicitors understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our plans. We have an employee training program specific to GDPR.
If you have any questions about our preparation for the GDPR, please contact email@example.com.