Data Protection - GDPR Privacy Notice

McKinty and Wright is a Data Controller and processes personal data for the following purposes

  1. for the provision of legal services
  2. as an employer

McKinty and Wright does not carry out any automated decision making and profiling.

Data subject's rights

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object

Point of contact for further information on your rights or any data protection queries:

Roisin Harper, Data Protection Manager

Tel: 028 9041 2843

Email:

The data subjects that McKinty and Wright interacts with include:

  • Employees
  • Clients, their employees, servants or agents
  • A Client’s Policyholder(s) and their servants or agents (relevant to Insurers)
  • Suppliers
  • Joint Data Controllers including Counsel and expert witnesses

PROCESSING FOR THE PROVISION OF LEGAL SERVICES

The lawful basis for processing will be one or a combination of the following:

  • Contract;
  • Compliance with legal obligations;
  • Legitimate interests, which includes processing data for the purposes of internal audit, management review and improvement of our practices and procedures;
  • Consent.

Data Protection legislation makes provision for circumstances in which data protections rights and obligations may be restricted. Relevant to McKinty and Wright, such circumstances include the following:

Personal data that consists of information in respect of which a claim to legal professional privilege could be maintained in legal proceedings

Information required to be disclosed by law or in connection with legal proceedings, specifically including where disclosure of the personal data:

a) is necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings)

b) is necessary for the purpose of obtaining legal advice

c) is otherwise necessary for the purposes of establishing, exercising or defending legal rights

Personal data collected and processed by McKinty and Wright may include any or all of the following:

Name; date of birth; postal and email addresses; telephone numbers; national insurance number; bank account details; documentation to verify identity; employment details including job title and salary; income and expenditure details; next of kin details; any other information required in connection with legal proceedings or for the purposes of obtaining legal advice.

Special category, or sensitive, data collected and processed by McKinty and Wright may include any or all the following information:

Race; ethnic origin; politics; religion; trade union membership; genetics; biometrics (where used for ID purposes); health; sex life; or sexual orientation.

The lawful basis for processing special category data will be one or a combination of the following:

  • processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law;
  • processing is necessary for the establishment, exercise or defence of legal claims.

Information will be collected from a number of sources including any or all of the following:

  • The data subject
  • The data subject’s insurers, employers, legal representatives or any other third party having previously obtained information from the data subject e.g. loss adjustor
  • Third parties including expert witnesses and counsel when necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings) or for the purpose of obtaining legal advice
  • Public records

Information will also be shared with a number of sources including any or all of the following:

  • the data subject’s insurers, employers and legal representatives
  • Third parties including expert witnesses and counsel when necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings), or for the purpose of obtaining legal advice
  • Public authorities

How information is stored and transferred securely

We operate an Integrated Management System certified to ISO 9001 and 14001 Quality and Environmental standards which also incorporates ISO 27001 Information Security standards. Physical security is paramount and we have processes in place to keep hard copy documentation secure and confidential. Data is also stored electronically on a network file system with access controls in place. We also have procedures in place to keep our network secure that include change management, patching, pen testing, firewall and anti-malware protection. We use extra control measures to ensure the secure transfer of data outside of our network both in hard copy and electronically, including encryption. IT suppliers are only given access to our systems for change management purposes, that access is temporary, short term, controlled and revocable by McKinty and Wright at all times. Location for cloud storage is within the EU.

Retention periods

Having regard to guidance on minimum retention periods issued by the Law Society of Northern Ireland, we retain data:

  • On litigation matters for 6 years after completion
  • On property and commercial matters for 12 years after completion