1. Version 2.0
This Privacy Notice is v2.0 and is valid from 00:01hrs on 01 August 2020. It replaces and supersedes all other Privacy Notices associated with Muldoon Britton.
2. Changes to this Privacy Notice.
We continually review our Privacy Notice and update it where necessary. We advise that you regularly check our Privacy Notice for updates. We do not wish to bother you with lots of minor amendments, but where we make significant changes to our policy, we shall contact you to inform you.
3. Our Name & Contact Details.
The Data Controller of your personal data is Muldoon Britton. This means that Muldoon Britton decides how your personal data is processed and for what purposes. Our contact details are:
5 John Dalton Street
4. Data Protection Officer Contact Details.
In observance of the General Data Protection Regulation and the Data Protection Act 2018, Muldoon Britton has chosen to establish a Data Protection Officer.Michael Muldoon, the partner of the firm is the data protection officer. Should you wish to contact our Data Protection Officer regarding a data protection matter you can do so by emailing firstname.lastname@example.org, or writing to:
5 John Dalton Street
5. Personal data categories we collect
We may collect, use, store and transfer different kinds of personal data about you which we have categorised as follows:
- Identity Data: This includes first name, maiden name, last name, marital status, title, date of birth and gender.
- Contact Data: This includes email address and telephone numbers.
- Financial Data: This includes bank account information and payment details.
- Compliance Data: This includes recorded calls for quality checks and staff training. Such recordings may also be used to help us combat fraud.
- Technical Data: This includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage Data: This includes information about how you use our website, products and services.
- Marketing and Communications Data: This includes your preferences in receiving marketing from us and your communication preferences.
- Aggregated Data: This includes statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used under this privacy notice.
- Special Categories of Personal Data: This includes health and vulnerability related data that you may voluntarily share with us during the fulfilment of our services to you. We will always ask for your explicit consent to record and share Special Category Data.
6. For what purposes do we process personal data, and what are the lawful basis’ by which we process data?
Muldoon Britton processes your Personal Data for the following purposes:
|For What Purposes Do We Process Personal Data?||What is the lawful basis by which we process the data?|
|Supply, perform, manage and fulfil our services to you||Contract|
|Make and manage customer payments||Contract|
|Manage fees and charges due on customer payments||Contract|
|Communicate with third parties to fulfil, administer or enforce contractual obligations via email, telephone, SMS text, postal mail and push notifications;||Contract|
|Communicate with customers where we have your consent to do so via email, telephone, SMS text, postal mail and push notifications;||Consent|
|Communicate with third parties on matters where we have a legal obligation to do so via email, telephone, SMS text, postal mail and push notifications;||Legal Obligation|
|Verify the identity of individuals where necessary including for Subject Access Requests (SAR);||Contract|
|Update clients about changes to how we process their personal data and/or new processing activities via email, telephone, SMS text, postal mail;||Legal Obligation|
|Share testimonials, case studies and feedback on our website and future marketing;||Consent|
|Resolve complaints and/or disputes;||Contract|
|Request continuation of consent prior to consent expiry;||Consent|
|Prevent, detect and investigate fraud;||Legal Obligation|
|Prevent, detect and investigate crime;||Legal Obligation|
|Comply with the law;||Legal obligation|
|Fulfil our statutory or regulatory obligations;||Legal obligation|
|Maintain our own accounts and records;||Legal obligation|
7. Sharing your personal data
Muldoon Britton may choose to share your personal data internally and/or externally to the business. Where we choose to share your information, we shall do so for the following reasons:
- Where we have your “Consent” to do so. Where we process your data under the lawful consent basis, you have the right to withdraw consent. Please refer to “Your Right to Withdraw Consent” section below;
- Where necessary to fulfil the services and/or products we are “Contracted” to provide to you;
- Where we have a “Legal Obligation” and are required by law and to law enforcement agencies, judicial bodies, government entities, tax authorities or regulating bodies around the world, this includes communicating with you to update you about our privacy notice and changes to how we process your personal data;
- Where we outsource support functions of our organisations to trusted partners, the categories of these recipients include:
|Categories||Who we use||Privacy Notice|
|Outsource Providers||Churchill Sloan||https://www.churchillsloan.co.uk/privacy-policy/|
|Data Accuracy Support Provider||UK Search||https://www.uksearchlimited.com/ksupload/userfiles/Privacy-Policy-and-Fair-Processing-Notice-V6-UKSL-070918.pdf|
|IT support providers;||Titan||https://www.titannetworks.co.uk/|
|Mail scanning & support providers||Managed Inc||https://managedink.co.uk/wp-content/uploads/2018/07/Privacy-Policy.pdf|
|Secure Shredding Services||Secure Shredding Services||https://www.datashreddingservices.co.uk/index.html|
Where we choose and/or have your permission to share your personal data with 3rd Parties we will, where appropriate, ensure that they have signed a contract that requires them to:
- Abide by the requirements of all relevant data protection and privacy legislation;
- Treat your information as carefully as we would;
- Only use the information for the purposes it was supplied (and not for their purposes or the purposes of any other organisation); and
- Allow us to carry out checks to ensure they are doing all these things.
If you provide your data through a third party, we may share data with that lead provider to assist with the management of the services and to streamline client contact.
We may, from time to time, disclose your data to and receive from your lenders, underwriters, official receiver/insolvency practitioner and our processors, referrers, external auditors & regulator.
In addition to our firm we may, when required and necessary, share your personal data with other organisations. Depending on the work we are undertaking for you the other organisations may include:
- Our firm’s ‘data processors’ who are contractors from whom we obtain operational services including IT support, legal cashiering, costs draftsmen, secure document storage and shredding.
- Other ‘data controllers’ that provide professional or commercial services, such as Counsel, other solicitors, accountants, medical practitioners, surveyors and estate and letting agents.
- Experts that you and we agree are necessary to assist us to progress your matter.
- Providers of insurance, financial and banking services to you and/or to our firm.
- HMRC, HM Courts & Tribunals Service, HM Land Registry, Councils and other national and local government bodies.
- The Solicitors Regulation Authority, the Information Commissioner’s Office (ICO) and organisations involved with the preparation, assessment and certification of quality standards for which our firm is seeking or maintaining accreditation.
- If you agree, to organisations providing marketing services to our firm.
All of the above are located in the UK.
8. International Personal Data Transfer – Countries & Organisations.
Muldoon Britton may transfer personal data to countries outside of the UK and/or EEA. Specifically, we use data processors based in South Africa.
If data is transferred outside of the EEA, Muldoon Britton will put in place Standard Contractual Clauses with the Data Controller or Data Processor which contractually obliges them to protect your information to the same standard required by the General Data Protection Regulation and Data Protection Act 2018 post 31 December 2020.
9. Personal Data Retention Period
Muldoon Britton has the following data retention policies:
- Where a Regulating Body directs a statutory retention period, we shall retain the relevant data for the statutory period. For example, the data of your financial transactions shall be retained for seven years;
- Where you have used or enquired to use our services, we shall retain any personal details applicable to the contract delivery for seven years (name, email, telephone, postal address) after completion of the contract. During this time, we may contact you using consent and/or legitimate interest to market additional products or services.
- Where you have downloaded free content from our site, we shall retain your contact details (name, email, mobile telephone number, company, job title) for two years, or until you exercise your Right to Object or opt-out. During this time, we may contact you using legitimate interest to market similar free content that may be of interest to you.
- Where you have signed up to receive information emails from Muldoon Britton, we shall retain your contact details (name, email, mobile telephone number, company, job title) for two years, or until you withdraw your consent.
10. The rights available to individuals in respect of the processing
The rights available to individuals in respect of the processing
- Your right of access.You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about your Right to Access here.
- In most cases Muldoon Britton will not charge for this service however we do have the right to charge an administrative cost should we feel the request is excessive (excessive means that you submit a subject access request multiple times for the same or similar information). Fees will not exceed £50. Information will be provided within 28 calendar days from the day you request it. We will take all reasonable steps to verify your identity before providing you with details of any personal information we may hold about you.
- Your right to rectification.You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about your Right to Rectification here.
- Your right to erasure.You have the right to ask us to erase your personal information in certain circumstances. You can read more about your Right to Erasure here.
- Your right to the restriction of the processing.You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about your right to the Restriction of Processing here.
- Your right to object to processing.You have the right to object to processing if we can process your information because the process forms part of our public task or is in our legitimate interests. You can read more about your Right to Object to Processing here.
- Your right to data portability.This only applies to the information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. You can read more about your Right to Data Portability here.
If you wish to exercise any of your rights, you can do so by informing a member of our team or by contacting our Data Protection Officer by emailing dpo@Muldoonbritton.com
11. Your Right to Lodge a Complaint with the ICO
You have the right to complain with the UK’s Supervising Authority: The Information Commissioners Office. Before lodging a complaint, Muldoon Britton would like the opportunity to address any complaint you may have.
Should you have a complaint please in the first instance contact our Data Protection Officer by emailing or writing to:
Data Protection Officer
5 John Dalton Street
If your complaint has not been resolved, you can lodge a complaint with the Information Commissioners Office via email https://ico.org.uk/global/contact-us/email/ or by writing to:
Information Commissioner’s Office
Or by telephone on 0303 123 113