We, Alastair Purdy LLP. Solicitors, take privacy very seriously. This statement outlines how we, as a data controller, collect and process personal data about:
- Visitors to our websites
- Individuals who apply for jobs through our website
- Subscribers to or users of our online services
- Individuals who we communicate or interact with during our business
- Individuals whose personal data is provided to us in connection with the provision of our services
- Individuals who attend events which we organise or sponsor
- Individuals who are employed or engaged by suppliers of goods or services or parties tendering to provide goods or services
Our “websites” include this website, all our associated sites (such as our knowledge sites and blogs), and our social media pages. This statement also provides information about data subject rights and our obligations under data protection law.
Information That We Collect
We may request personal data from individuals, including through our websites or at events we organise or sponsor. Individuals may also volunteer their personal data via various communication methods, such as telephone, email, or through our websites.
In providing our services, we may receive personal data directly or indirectly, including from publicly accessible sources. Categories of such personal data include names, addresses, contact information, and other relevant information.
At events we organise or sponsor, we may have photographers or videographers present, capturing images that may be used on our websites, social media, or printed materials. If you object, please inform the photographer, videographer, or any of our staff at the event.
We may also receive personal data from individuals working for or representing our suppliers or parties tendering to provide goods or services. This includes names, addresses, contact information, job titles, IP addresses, correspondence, financial information, and other relevant information. For security reasons, we may monitor and record access to our systems or premises and retain identification photographs.
Information communicated in connection with our services is subject to client confidentiality and may be protected by legal professional privilege.
In the context of COVID-19 (or any other pandemic), we may request health-related data before office visits, such as diagnoses, symptoms, advice to self-isolate, contact with confirmed or suspected cases, and recent travel.
How We Use Personal Data
| Purpose(s) for Processing | Legal Basis |
| Communicating with clients or other persons in the course of our business | (a) To fulfil our contractual obligations or (b) to support our legitimate interests in managing and improving our business and services, provided such interests are not overridden by data subjects’ rights and interests |
| Providing services to clients and managing our business | As above |
| Maintaining and operating our websites | As above |
| Using images obtained through photographs or videos in media | As above |
| Marketing our firm, services, and events | (a) Legitimate interests in managing our business, provided such interests are not overridden by data subjects’ rights and interests, or (b) consent, which can be withdrawn at any time |
| Processing of job applications | (a) To perform or enter into a contract with the data subject; (b) Legitimate interests in managing our business, provided such interests are not overridden by data subjects’ rights and interests |
| Managing goods and services received, including contract management and security | (a) To fulfil contractual obligations; (b) Legitimate interests in protecting our systems and premises and assessing suppliers, provided such interests are not overridden by data subjects’ rights and interests |
| Preventing and detecting fraud, money laundering, and other crimes | To comply with our legal obligations |
| Transferring information to third parties, including service providers | (a) Legitimate interests in managing and improving our business; (b) Legal obligations; (c) Protecting vital interests |
| Public health reasons | To comply with legal or regulatory obligations |
We retain personal data only as long as necessary for the purposes for which it was collected, as required by law or regulatory guidance, or for legal claims.
Personal data about job applicants is retained for no more than one year. Health data related to epidemics or pandemics is retained for no more than one month.
Disclosure of Your Information
We may disclose personal data to:
- Third parties, including cloud service providers, providing services to us
- Public authorities as required by law
- Third parties under legal obligations or on behalf of clients
- Prospective buyers or sellers of our assets or business
- Third parties to protect vital interests
- Third parties organising or sponsoring events
- Suppliers or tendering parties
For transfers of personal data outside the EEA, we ensure appropriate safeguards are in place, including standard contractual clauses under GDPR Article 46.2. Contact us for information on these safeguards.
Links to Other Sites
Our website may contain links to other websites with their own privacy policies. We do not accept responsibility for these policies. Please review them before submitting personal data.
Data Subject Rights
As a data controller, you may request access to, rectification, or erasure of your personal data, restrict or object to processing, and request data portability. These rights are subject to legal restrictions. Summary of rights:
- Right of access: Receive a copy of your personal data.
- Right to rectification: Correct inaccurate or incomplete data.
- Right to erasure: Request deletion of your data in certain circumstances.
- Right to restrict processing: Halt processing in certain circumstances.
- Right to object: Object to processing based on legitimate interests.
- Right to data portability: Request data transmission to a third party.
You have the right to lodge a complaint with the Data Protection Authority in your Member State of residence, work, or alleged infringement if you believe your data processing infringes GDPR. In Ireland, the appropriate authority is the Data Protection Commission. Their details are:
- Address: 21 Fitzwilliam Square S, Dublin 2, D02 RD28
- Phone: (057) 868 4800
To exercise these rights, contact us (see Contact Us below). We will respond within one month, extendable by two months if necessary. Proof of identification may be required. We may refuse requests that are unfounded or excessive or necessary for public interest.
In joint controller scenarios (e.g., social media), we will advise if another controller should be contacted.
Security and Storage of Personal Data
We are committed to protecting personal data with security technologies and procedures. However, no system is entirely secure, and we cannot guarantee complete security. We use strict internal guidelines to safeguard privacy. Passwords provided for site access should be kept confidential.
While we strive to protect data, transmission over the internet is at your own risk. Upon receipt, we use security measures to prevent unauthorised access or disclosure.
Changes to This Privacy Statement
We reserve the right to change this statement at our discretion. Changes will be posted here with an updated “Last Updated” date. Material changes will be notified via a prominent website notice before becoming effective. Review this statement periodically for updates.
Contact Us
Questions, comments, requests, and complaints regarding this statement and personal data should be addressed to:
- Email: DPO@purdyandco.ie
- Mail: Alastair Purdy LLP. Solicitors, Corrib Castle, 1 Waterside, Woodquay, Co. Galway
All requests will be handled promptly and efficiently.
Last Updated: 16 July 2024