Data Protection Policy: How Does Dallas McMillan Process Data?
- Introduction
1.1 Dallas McMillan, (the Firm), is a law firm and provides legal advice and assistance to its clients. It is regulated by the Law Society of Scotland.
1.2 The personal data that the Firm processes to provide these services relates to its clients and other individuals as necessary, including staff and suppliers’ staff.
1.3 European Directive 95/46/EC, General Data Protection Regulations, (“GDPR”), effective from 25 May 2018 states: ‘The protection of natural persons in relation to the processing of personal data is a fundamental right’.
1.4 The Firm is committed to protecting your personal information and other data provided to the Firm via letter, electronic format or verbally and whether recorded electronically or on hard copy, or via this site ("Website"). Please read this Data Protection Policy, both General and Website sections carefully as it contains important information regarding data provided to the Firm about you and/or your matter.
- Scope
2.1 This policy applies to all personal data processed by the Firm and is part of Firm’s approach to compliance with data protection law. All Dallas McMillan staff are expected to comply with this policy and failure to comply may lead to disciplinary action for misconduct, including dismissal.
- Data Protection Principles
Dallas McMillan complies with the data protection principles set out below. When processing personal data, it ensures that:
3.1 It is processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’).
3.2 It is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’).
3.3 It is all adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).
3.4 It is all accurate and, where necessary, kept up to date and that reasonable steps will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without undue delay (‘accuracy’).
3.5 It is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’).
3.6 It is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
- On What Legal Basis Will My Data be Processed?
4.1 Within GDPR, there are six legitimate and lawful reasons for our processing of your personal data.
4.2 These are: with consent; under contract; further to a legal obligation; to protect vital interests; in the public interest or in the legitimate interest of the data controller.
4.3 For all client matters, where you as the client instruct us to act on your behalf, you will be entering into a contract governed by the Firm’s Terms of Business. The Firm’s Terms of Business is updated regularly with the latest version posted onto the Firm’s Website.
4.4 The Firm also has a legal obligation to process and retain certain data in relation to legislation such as Anti-Money laundering, the Proceeds of Crime and financial accounting, (this list is not exhaustive).
4.5 Where the Firm is appointed by a Public Body, such as a Court, data will be processed in the public interest and /or to protect vital interests.
4.6 As an individual you have the right to ‘portability’. If requested by signed mandate the Firm will facilitate any request from a data subject who wishes to exercise their rights under data protection law as appropriate, always communicating in a concise, transparent, intelligible and easily accessible form and without undue delay, (see Section 8: Data Subject Rights).
4.7 Newsletters, (see Section 5)
- Newsletters
5.1 From time to time the Firm will issue an electronic Newsletter. In compliance with GDPR, the Firm will require your explicit consent to send this to you.
5.2 If you opt-in the Firm will send you the Newsletter. This consent can be withdrawn at any time by ‘Unsubscribing’ to the Newsletter, or by contacting David McElroy at This email address is being protected from spambots. You need JavaScript enabled to view it. and enter ‘Unsubscribe from Newsletter’ in the subject line.
5.3 If you withdraw your consent to receiving an electronic Newsletter, we will erase your data from all databases relating specifically to the Newsletter, (see 8.5).
- Data Retention Periods
6.1 Client Matters: From completion of your matter, the Firm will retain your data, both hard copy file and your electronic file, (where applicable), in accordance with the Document Destruction dates as recommended by the Law Society of Scotland, or if different by other statue law.
6.2 Financial Matters: Financial information will be retained for the remainder of the financial year following completion of a matter and for a further six financial years, unless longer in terms of 6.1.
- Sharing of Information with Third Parties
7.1 The Firm will not disclose your personal information to third parties other than as described in the Website Privacy Statement noted below, or unless the Firm is legally required to do so.
7.2 The Firm reserves the right to access and disclose personal data or information to comply with applicable laws and lawful government requests.
- Data Subject Rights
8.1 Dallas McMillan has processes in place to ensure that it can facilitate any request made by an individual to exercise their rights under data protection law. All staff have received training and are aware of the rights of data subjects. Staff can identify such a request and know who to send it to.
8.2 All requests will be considered without undue delay and within one month of receipt as far as possible.
8.3 Subject access: the right to request information about how personal data is being processed, including whether personal data is being processed and the right to be allowed access to that data and to be provided with a copy of that data along with the right to obtain the following information:
8.3.1 The purpose of the processing
8.3.2 The categories of personal data
8.3.3 The recipients to whom data has been disclosed or which will be disclosed, provided the Firm is authorised by law to give that information
8.3.4 The retention period
8.3.5 The right to lodge a complaint with the Information Commissioner’s Office
8.3.6 The source of the information if not collected direct from the subject, and
8.3.7 The existence of any automated decision making
8.4 Rectification: the right to allow a data subject to rectify inaccurate personal data concerning them.
8.5 Erasure: the right to have data erased and to have confirmation of erasure, but only where:
8.5.1 The data is no longer necessary in relation to the purpose for which it was collected, or
8.5.2 Where consent is withdrawn, (see Section 5: Newsletter), or
8.5.3 Where there is no legal basis for the processing, or
8.5.4 There is a legal obligation to delete data
8.6 Restriction of processing: the right to ask for certain processing to be restricted in the following circumstances:
8.6.1 If the accuracy of the personal data is being contested, or
8.6.2 If our processing is unlawful but the data subject does not want it erased, or
8.6.3 If the data is no longer needed for the purpose of the processing but it is required by the data subject for the establishment, exercise or defence of legal claims, or
8.6.4 If the data subject has objected to the processing, pending verification of that objection
8.7 Data portability: the right to receive a copy of personal data which has been provided by the data subject and which is processed by automated means in a format which will allow the individual to transfer the data to another data controller. This will only apply if the Firm was processing the data using consent or on the basis of a contract.
8.8 Object to processing: the right to object to the processing of personal data relying on the legitimate interests processing condition unless the Firm can demonstrate compelling legitimate grounds for the processing which override the interests of the data subject or for the establishment, exercise or defence of legal claims.
- Special Category Personal Data
9.1 This includes the following personal data revealing:
9.1.1 Racial or ethnic origin
9.1.2 Political opinions
9.1.3 Religious or philosophical beliefs
9.1.4 Trade union membership
9.1.5 The processing of genetic data, biometric data for the purpose of uniquely identifying a natural person
9.1.6 An individual’s health
9.1.7 A natural person's sex life or sexual orientation
9.1.8 Criminal convictions or offences
9.2 The Firm processes special category data of clients and third parties as is necessary to provide legal services for the establishment, exercise or defence of legal claims.
9.3 The Firm processes special category data of employees as is necessary to comply with employment and social security law. This policy sets out the safeguards we believe are appropriate to ensure that we comply with the data protection principles set out above. Dallas McMillan also has a data retention policy which sets out how long special category data will be held onto.
- Responsibility for the Processing of Personal Data / Right to Lodge a Complaint
10.1 The partners of Dallas McMillan take ultimate responsibility for data protection.
10.2 If you have any queries or problems with regard to this Privacy Policy or the uses to which the Firm puts your information, please contact the Data Protection Compliance Officer, David McElroy by:
10.2.1 Email at: This email address is being protected from spambots. You need JavaScript enabled to view it.
10.2.2 Telephone: 0141 333 6750
10.2.3 Post to: Dallas McMillan Solicitors, Regent Court, 70 West Regent Street, Glasgow, G2 2QZ
- Monitoring and Review / Changes to Privacy Policy
11.1 The Firm reserves the right to add to or change the terms of this Privacy Policy in its sole discretion, without prior notice to you. If The Firm changes this Privacy Policy, the Firm will post the new Privacy Policy on the Website, and it will become effective from the time of posting to the Website. Please visit this Privacy Policy on a regular basis to make sure you have read the latest version and you understand what the Firm does with your information.
11.2 This policy was last updated on 22nd May 2018 and the intention is that it shall be regularly monitored and reviewed, at least every two years.