Data Processing Notice

Introduction

  1. In this Notice “us” and “we” means “Caytons”, which is the trading name of Caytons Law LLP registered in Ireland (LLP Number 12624370) with the registered office at 6 Upper Mount Street, Dublin 2, Ireland, D02 FT59. The Partners are Ronan Cosgrove, John Cayton and Mary Smith.
  2. In this Notice “you” means any party who reads this Notice.
  3. This Notice only applies to Personal Data, including Sensitive Personal Data, of Data Subjects under the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (EU) 2016/679 (GDPR).
  4. This Notice is intended to comply with the DPAs and Articles 12 to 14 of the GDPR
  5. This Notice is not legal advice and must not be relied upon as legal advice. We endeavour to keep the contents of this Notice correct and up to date but we do not accept any liability for mistakes or omissions. To the maximum extent allowable by law we do not accept any liability for damage or loss howsoever arising from this Notice.
  6. This Notice does not waive rights of us or our clients or other third parties, including rights of privilege and confidentiality, and is subject to those rights and is also subject to our obligations including those to the Court and those under the Codes of Conduct of the Law Society of Ireland.
  7. We own the copyright and other intellectual property rights in this Notice. Reproduction and distribution of this Notice or any part of it is prohibited.

Data Controller

  1. The Data Protection Commission in the Republic of Ireland is our lead data protection supervisory authority. We are a Registered Data Controller in the Republic of Ireland with the Data Protection Commissioners.
  2. Our nominated representative for the purposes of the DPA is Ronan Cosgrove.
  3. We are a Recognised Body authorised and regulated by the Law Society of Ireland (Firm Number F7792). Our main establishment is in the Republic of Ireland where decisions about purposes and means of processing are taken and implemented.

6 Upper Mount Street, Dublin 2, Ireland, D02 FT59
T: +353 (0)1 567 5400
E: info@caytonslaw.com

  1. We act for clients including clients who are also Registered Data Controllers.

Processing of Personal Data

  1. We process Personal Data fairly and lawfully under the DPA and GDPR in all aspects of our practice as a firm of solicitors.
  2. We process Personal Data in the conduct of our practice as a firm of solicitors, including:
    • Obtaining and collecting
    • Holding and storing
    • Retrieving
    • Consulting
    • Using
    • Transmitting and disclosing
      Personal Data, which includes:
    • Personal details
    • Family details
    • Lifestyle and social circumstances
    • Goods and services
    • Financial details
    • Business of the Data Subject whose Personal Data we are processing
    • Education and employment details
    • Physical or mental health details
    • Racial or ethnic origin
    • Political opinions
    • Religious or other beliefs
    • Sexual life
    • Trade union membership
    • Offences and alleged offences
    • Criminal proceedings, outcomes and sentences
  3. There is no automated decision-making, including profiling, by us using Personal Data.
  4. We only process Personal Data for the purposes for which the Personal Data was obtained.
  5. The purposes of processing Personal Data include pursuing our legitimate interest, as Data Controller, of conducting a solicitors’ practice.

Acting for Clients

  1. We obtain and receive on behalf of our clients Personal Data from Data Subjects and from many sources, including:
    • Our clients
    • Other representatives of our clients such as their insurance brokers and other professional advisers of clients
    • Publicly accessible sources such as Land Registry, CRO and local authorities
    • Factual witnesses contacted by us
    • Expert witnesses instructed by us
    • Parties in dispute with our clients and firms of solicitors acting for them including disclosure and inspection under the ROI Civil Procedure Rules e.g. Rules of the Superior Courts
  2. Some Personal Data is obtained by us under relevant statutory or contractual requirements.
  3. We use Personal Data as an integral part of all aspects of our practice when acting for clients, including:
    • Receiving instructions from our clients
    • Investigating matters in which we are acting for our clients
    • Advising and reporting to our clients
    • Conducting pre-action correspondence on behalf of our clients with parties in dispute with our clients or solicitors acting for those parties
    • Preparing and serving statements of case in litigation
    • Giving disclosure and inspection under ROI Civil Procedure Rules e.g. Rules of the Superior Courts
    • Preparing and serving witness statements in litigation
  4. We transmit and disclose Personal Data to many parties, including
    • Our clients
    • Other representatives of clients such as insurance brokers and other professional advisers
    • Parties in dispute with our clients and firms of solicitors acting for them
    • Counsel and Expert Witnesses instructed by us
    • Courts, arbitrators, adjudicators and mediators
    • Regulators and law enforcement agencies
    • External suppliers of services such as bulk photocopiers and IT specialists
  5. We hold and store Personal Data when our retainers with our clients have ended according to criteria agreed with our clients.

Other Aspects Of Our Practice

  1. We obtain Personal Data from Data Subjects and from many sources, including:
    • Our employees
    • Individuals applying to be our employees
  2. We use Personal Data as an integral part of all aspects of our practice, including:
    • Invitations to marketing events
    • The employment of our employees
    • Creating content for our website
  3. We transmit and disclose Personal Data to many parties, including:
    • Regulatory and law enforcement agencies
    • Our accountants and other professional advisors
    • Our insurers
    • Our lenders
  4. We hold and store Personal Data according to relevant contractual and statutory and regulatory requirements, including requirements of:
    • Law Society of Ireland
    • Revenue Commissioners
    • Employment legislation

Rights of Data Subjects

  1. Data Subjects have rights under, but subject to, the DPA and GDPR, including:
    • Right to be informed of material breaches of the DPA and GDPR
    • Right to access to Personal Data
    • Right to rectification of Personal Data
    • Right to erasure of Personal Data
    • Right to restrict processing of Personal Data
    • Right to portability of Personal Data
    • Right to object to Personal Data
    • Right not to be subject to automated decision-making, including profiling
    • Right to lodge a complaint with Data Protection Commissioner’s Office
  2. Further information regarding rights of Data Subjects are on the website of the Data Commissioner.