Connelly & Yeoman Solicitors and Estate Agents is a Partnership with its main operating office being 78 High Street, Arbroath, Scotland, DD11 1HL (“we”, “us, “our”). We respect your privacy and are committed to protecting your personal data. This privacy notice sets out the ways in which we collect and use your personal data. It also explains what rights you have to access or change your personal data.
You can contact us at the above address or for further contact details, please see our “Contact Us” page and/or the footer of this website.
We may update this Privacy Notice from time to time. The latest version will always be on our website and we will communicate material updates to our clients. We will not process your personal data for purposes other than those set out in this Privacy Notice or which may be prejudicial to your interests without letting you know and giving you the opportunity to review and object to any such amended processing.
What is personal data?
Personal Data: means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special Category Data: means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
When we refer to “personal data”, we mean both personal and special category of data.
How do we collect your personal data?
We are a solicitor and estate agency firm. We collect personal data from a wide range of sources. We may collect personal data from you directly. Where you are a client or prospective client, we may also collect personal data from representatives or people who are providing you with other services such as your accountant.
We collect personal data from the following sources:
- You or your representatives directly when contacting us in writing, by e-mail, in person, by telephone or at meetings with us.
- Relatives, agents or third parties if you are involved in a matter we are instructed in (for example, as a beneficiary, trustee, buyer, seller.
- Other organisations which have referred you to us (for example, other accountants, solicitors, financial advisers, insurance companies or financial institutions).
- Online public sources or registers (such as Companies House).
- Providers of identity verification and compliance services, such as anti-money laundering.
- Cookies when you use our website.
What happens if you fail to provide personal data?
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel the service you have with us but we will notify you if this is the case.
What type of personal data do we collect?
|Data Type||Information Collected|
|Identity data||Occupation/Business Name
VAT Registration Number
Unique Tax Reference
Date of birth
Driving Licence Number
Other identity evidence as required to meet our regulatory obligations
|Financial data||Information about your financial affairs, assets and liabilities may be required if it is relevant to matters upon which you wish us to advise you or to enable us to comply with our regulatory obligations relating to anti-money laundering.|
|Medical data||GP reports related to capacity and required for Power of Attorneys or Wills.|
|Personal data contained in correspondence||Copies of letters, e-mails received or sent by us, and information you have provided to us in letters, e-mails, texts, at meetings and any audio recordings taken in relation to such information. We may also keep notes and records of matters we discuss or advise upon.|
How do we use your personal data?
We will use your information for the purposes listed below on the basis of:
- your consent (where we request it);
- where we need to comply with our legal obligations;
- to perform a contract with you; or
- our legitimate interests.
|Purpose||Basis of Processing|
|To communicate with you regarding your instructions, questions, concerns or complaints and to provide you with advice and other information where you are a client.||Performance of contract and/or legitimate interests (our legitimate interest being to deliver our services in accordance with your instructions and deal with any enquiry you may have).|
|To share information with other professionals (for example, other accountants or solicitors)||Performance of contract (where necessary to ensure appropriate representation or information-gathering).|
|To prevent financial crime (for example, to comply with our legal obligations to prevent financial crime including money laundering under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017).||Compliance with law and/or legitimate interests (for example, in ensuring our business is run in compliance with the law).|
|As part of our record-keeping requirements||Compliance with law and/or Legitimate interests (our legitimate interest being to retain information for a certain period of time in relation to your client relationship with us).|
|To respond to enquiries from potential clients. If you fill out a “make an enquiry” form, we capture any personal data supplied (such as, your name, address, business name, e-mail address, home telephone number and work telephone number). We will use this personal data to respond to your enquiry.||Legitimate Interests (it is in our interest to respond to enquiries to provide a responsive service and grow business).|
|To recover debts due by you to us (including for example, by sharing your personal data with third party including sheriff officers).||Legitimate interests (our legitimate interest being to enforce performance of the contract between us and where appropriate to instruct a third party to seek payment for our services already delivered to you).|
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).||Legitimate interests (our legitimate interest being to facilitate and organise our business by providing IT support and proper testing of systems used within our office locations).|
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How is your personal data stored?
We take appropriate technical and organisational measures to secure your personal data and protect it against unauthorised or unlawful processing or disclosure as well as accidental loss or destruction or damage.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted.
Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access to your personal data.
Our website may, from time to time, contain links to and from the websites of third parties. We cannot be held responsible for the security of your personal data collected by websites that our website may link to. Such third parties shall have their own privacy notices and you should read these carefully.
Do we share your personal data?
We may share your personal data with our contractors, business partners, suppliers and sub-contracts for the performance of any contract that you enter into with us. Our legal basis for sharing in this way is that it is in our legitimate interest to engage suppliers and work with other organisations to provide the best possible service to you and satisfy performance of the contract between us.
We may disclose your personal data to third parties:
- In the event that we sell or buy any business or assets, in which case, we may disclose your personal data to the prospective seller or buyer of such business or assets;
- If we or substantially all of our assets are acquired by a third party, in which case, personal data held by us about you will be one of the transferred assets;
- To protect the rights, property, or safety of us or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
In all instances where we disclose your personal data to third parties, we will ensure that your data is appropriately protected. Where our suppliers process your personal data on our behalf, we require them to put in place appropriate security measures to protect your personal data in line with our policies.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes, in accordance with our instructions and the General Data Protection Regulation (GDPR).
The types of organisations/groups that we may share personal data with include but are not limited to the following:
- Property Marketing Platforms e.g. Tayside Solicitors Property Centre
- Debt Collecting Agencies
- IT providers
- Revenue Scotland
- First Scottish
- Registers of Scotland
- Office of the Public Guardian
- Investment companies
- Pension providers
A full list is available on request.
Do we transfer your personal data outside of the European Economic Area (EEA)?
How long will we keep your personal data?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
It is important that the personal data we hold about you is accurate and up-to-date. Please keep us informed if your personal data changes during your working relationship with us.
Cookies are small text files that are stored on your computer or mobile device when you visit our website. They do not cause your computer any harm nor do they identify you personally, they only identify the computer being used to access the site. The cookies obtain information in relation to your use of the website.
Can you withdraw consent?
If we are relying on consent to process your personal data, you can withdraw your consent at any time, at which point we shall stop processing your personal data in that way. Please note this does not affect the legality of our processing up to the date of your withdrawal of consent.
What are your legal rights?
We have summarised your rights below. Please contact Emma Smith, Partner to exercise these.
|Right to be informed||This Privacy Notice provides you with details as to how we collect and use your personal data.|
|Right to access||You have a right to request access to the personal data we hold about you by making a “subject access request”. If the request is legitimate, you will be provided with a copy of all personal data that we hold about you. There will be no charge for providing you with this information. However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. We have installed automated software to assist us with streamlining your request.|
|Right of rectification||You have a right to request that we correct or complete any inaccurate or incomplete personal data we hold about you.|
|Right of erasure||You have the right to ask us to delete your personal data where it is no longer necessary for us to use it, you have withdrawn consent or where we have no lawful basis for retaining it. If we are required to keep your personal data to comply with our legal or regulatory obligations or legitimate interests in legal proceedings or claims, then we may have to decline your request|
|Right to restrict processing||You have the right to request that we restrict the processing of your personal data that we hold about you for specific reasons.|
|Right to data portability||You have a right to obtain and reuse the personal data that we hold about you for your own purposes in certain circumstances.|
|Right to object||You have a right to object to us processing your personal data where we are relying on legitimate interests and/or where we are using it for marketing purposes.|
|Right to Complain||In addition, you have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) using the following contact details. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance:
Information Commissioner’s Office