What information do we collect and why?
We may collect, process and disclose personal data relating to clients and counterparties and their personnel in the following circumstances:
- For the legitimate interest of the provision of legal services including instructing and liaising with counsel and other professional service providers in relation to matters that we are handling, or because we need to liaise with a counterparty on a matter in which we are instructed.
- To collect our fees or costs.
- In providing information on our services and legal updates that we consider may be relevant to clients.
- Inviting clients to events.
- Identifying where we may make improvements in service delivery.
- In order to comply with our obligations to check the identity of clients in compliance with anti-money laundering law and regulations.
- Where required by our insurers and other regulatory authorities including the Law Society of Ireland and the Revenue Commissioners.
Our general retention period for client files is 10 years, with some exceptions where files are required to be held for longer periods. If you require further information please contact us.
We may process personal data such as name, email address, job title, telephone number, area of business, job role, jurisdiction, language, seniority and other business contact information in the administration and operation of our legal services for legitimate business purposes such as:
- Making contact details available to our personnel.
- Performing analytics – such as trends, business intelligence, marketing effectiveness, uptake and progress.
Any personal data processed for the above purposes will be retained for no longer than is necessary for those purposes
If a business contact requests to be forgotten their contact details will be deleted. If a business contact opts out of receiving marketing materials their details will still be retained (as we may still be in contact) but marketing materials will no longer be sent to them.
Personal data, including name, email address, telephone number and other business contact information is collected.
- To receive services from our suppliers – we will use and disclose personal data in such manner as we believe is reasonably necessary to receive and to review the provision of those services from suppliers.
- To provide services to clients – if a supplier is assisting us in delivering services to our clients we will process personal data to manage that relationship.
- To agree payment arrangements with our suppliers, and to make payments to them.
Our legal basis for such processing is the performance of the supplier contract.
A general retention period of seven years (after the supplier relationship ends) will be applied unless there are any legal and or regulatory exceptions which require documentation to be held for longer periods. If you require further information please contact us.
Personal data will be collected from visitors to our website such as the time and date of your visit, the pages you visit and your physical location when visiting them, and other more specific details like your IP address, the links you click and the route you take through the website, and your information if you report a problem with our website. This is in our legitimate interest to improve our website offerings and enhance your online visit to us.
Personal data will also be collected if you sign up to attend any of our events and / or to receive our marketing literature via our website. You can specify your contact preferences when registering online to receive communications from us (for eg, through www.matheson.com) or by advising us of your contact preferences using options provided on all of our marketing emails or the contact details as below. We always include an unsubscribe button in our communications, so you can opt out of receiving such information at any time.
We share this data with our client relationship and e-marketing management system providers. They may process this data only for the purpose of providing us with their services.
Personal data, including name, email address, telephone number and other business contact information, is collected from consultants, experts and other third parties to provide services to clients. If an expert witness is assisting us in delivering services to our clients we will process personal data to manage that relationship. Personal data included in professional curriculum vitae (CV) is also processed in order to assist clients in appointing individuals of necessary expertise. Personal data of expert witnesses is retained for as long as the expert / consultant is providing services to us or our clients. Professional appointment (non-Matheson recruitment) CVs are retained for three years.
We correspond with other solicitors and barristers in relation to client matters and share their personal data with our personnel. We may also send emails through our email service provider and retain contact information in our customer relationship tool. The retention periods for client files are set out above.
Personal data is collected to ascertain a candidate’s suitability for a specific role. Matheson has a legitimate interest in recruitment new personnel.
Further information as to how we process applicant data is included in the privacy notice for each post advertised. We use third party software to provide a platform where applications are submitted and then processed by the Firm. We may also send a candidate emails about their application through our email service provider.
General Recruitment – We will retain unsuccessful applications for a period of 18 months. Successful applications are retained with the individual’s HR file.
Trainee Recruitment – Applications screened out at application stage are retained for 14 months from the date of initial submission, applications that are screened out at interview stage are retained for two years after the date of the initial submission so to allow for development and re-application.
Personal data in relation to employees will be held on various internal systems and applications. A privacy notice which sets out the purposes for which personal data will be processed and contains information on data subject rights is provided to employees. Our legal basis for such processing concerns the performance of the employer / employee contractual relationship. If further information is required please contact the Human Resources Department.
Links to Third Party Websites
Our website may contain links to other websites. Matheson is not responsible for the privacy practices or the content of such other websites. If you link to or visit another website, please review the privacy statement for that website.
Security of your Data
We use industry standard security measures to protect your information and to prevent the loss, misuse or alteration of any information in our control. All Matheson personnel are subject to strict confidentiality obligations. However, as effective as modern security practices are, no security system is entirely secure and we cannot guarantee the security of your information.
Transfers of personal data to non-EEA countries
We will only transfer your personal data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. This may be because you have instructed us or where we enter into standard European Commission approved data protection contracts. Remote access to our systems is on authorised devices only and appropriate technical safeguards are applied to protect personal data.
Your rights in relation to your personal data
Under certain circumstances you may:
- Request access to copies of the personal data we hold about you and further information in relation to its processing, or else request that such information be supplemented, updated or rectified.
- Request erasure, anonymisation or blocking of your personal data that is processed in breach of the law.
- Object on legitimate grounds to the processing of your personal data. In certain circumstances we may not be able to stop using your personal data; if that is the case, we’ll let you know why.
- Withdraw your consent – when personal data is processed on the basis of consent you may withdraw consent at any time. This does not affect the lawfulness of processing which took place prior to its withdrawal. In the event that you no longer want to receive any marketing material from us, please use the unsubscribe option (which is in all of our marketing emails to you), or contact us.
To exercise such rights (other than withdrawing from marketing emails) please contact firstname.lastname@example.org. You may lodge a complaint with the Irish Data Protection Commission.
Changes to our Privacy Statement
We may change this Privacy Statement from time to time. If we make changes, they will be posted here so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it.
Each time you use this website the then current Privacy Statement will apply and you should review it each time you use the website to satisfy yourself that you are happy with it.