MacRae Stephen & Co – GDPR POLICY
MacRae Stephen & Co respect your privacy and are committed to protecting it throughout our compliance with this website General Data Protection Regulations Policy (“Policy”).
Maintaining protection of the information entrusted to our care by our clients is of the utmost importance to MacRae Stephen & Co.
This Policy describes the types of information we may collect from you or that you may provide when we carry out work on your behalf or when you visit our website www.macraestephen.co.uk (our “Website”), and our practices for collecting, using, protecting and disclosing that information.
When MacRae Stephen & Co knowingly collects your personal information (also called ‘personal data’), we will do so in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) (‘GDPR’) and EU member state national laws that implement or regulate the collection, processing and privacy of your personal data (together, ‘EU Data Protection Law’).
This GDPR Policy also provides information on your legal rights under EU Data Protection Law and how you can exercise them.
If MacRae Stephen & Co provides direct communications to individuals regarding services which may be of interest, this will be done in accordance with EU Data Protection Law, and in particular where we contact individuals for direct marketing purposes by SMS, email, fax, social media and/or any other electronic communication channels, this will only be with the individual’s consent.
Scope of the Policy
This Policy applies to information we collect:
Information We Collect About You and How We Collect It
We collect several types of information from and about our clients and users of our Website and others, including:
We collect this information:
Please also note that some of the personal data we receive and that we process may include what is known as ‘sensitive’ or ‘special category’ personal data about you, for example, information regarding your ethnic origin or political, philosophical and religious beliefs. This is not the type of data that MacRae Stephen & Co would routinely collect, but if we process such sensitive or special category data we will only do this in specific situations where:
(a) you have provided this with your explicit consent for us to use it;
(b) there is a legal obligation on us to process such data in accordance with EU Data Protection Law;
(c) it is needed to protect your vital interests (or those of someone else) such as in a medical emergency;
(d) where you have clearly chosen to publicise such information; or
(e) where needed in connection with a legal claim that we have or may be subject to.
Information You Provide to Us
We collect information you provide when you instruct us to carry out work on your behalf and when you interact with our Website and social media sites, including:
Although we limit access to certain pages on our website and you may set certain privacy settings for such information, please be aware that no security measures are perfect or impenetrable.
Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Content.
Usage Details, IP Addresses, Cookies and Other Technologies
As you navigate through and interact with our Website, we may automatically collect certain information about your equipment, browsing actions and patterns, including:
The information we collect in this way is anonymous. It is aggregated into statistical data to help us improve our Website and to deliver a better and more personalized service by enabling us to:
The technologies we use for this automatic data collection may include:
We do not collect personal information automatically, but we may tie this information to personal information about you that we collect from other sources or you provide to us, in which case we will process such personal information in accordance with the remainder of this Policy.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information
We may also use your information to contact you about our own services that may be of interest to you. MacRae Stephen & Co confirms that it will not sell or trade its client’s data without the prior approval. If you do not want us to use your information in this way, you may opt-out of these contacts by notifying us. For more information, see Choices About How We Use and Disclose Your Information section below.
Disclosure of Your Information
We may disclose aggregated information about our users, and information that cannot be used to identify any individual, without restriction.
We may disclose personal information that we collect or you provide as described in this Policy:
We may also disclose your personal information:
Other than as described above, we will treat your personal data as private and will not routinely disclose it to third parties without you knowing about it. The exceptions are in relation to legal proceedings or where we are legally required to do so and cannot tell you (such as a criminal investigation). We always aim to ensure that your personal data is only used by third parties we deal with for lawful purposes and who observe the principles of EU Data Protection Law.
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
Client Privacy Information
MacRae Stephen & Co will not sell, trade or share a clients personal information, including their name, phone number, email, or physical address with any unconnected parties nor will it send clients mailings on behalf of other unrelated organisations. This policy applies to all information received by MacRae Stephen & Co, both online and offline, as well as any electronic, written or oral communication.
Accessing and Correcting Your Information
You may also send us an e-mail at firstname.lastname@example.org to request access to, correct or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Under EU Data Protection Law, our clients have the following rights which are exercisable by making a request to us in writing:
(a) that we correct personal data that we hold about you which is inaccurate or incomplete;
(b) that we erase your personal data without undue delay if we no longer need to hold or process it;
(c) to object to our use of your personal data for direct marketing;
(d) to object and/or to restrict the use of your personal data for purpose other than those set out above unless we have a compelling legitimate reason; or
(e) that we transfer personal data to another party where the personal data has been collected with your consent or is being used to perform contract with you and is being processed by automated means.
If you make a request and are not satisfied with our response or believe that we are illegally processing your personal data, you have the right to complain to the Office of the Information Commissioner.
Retention of Data
We retain data on client files throughout the entire period of the transaction and for a period of 10 years thereafter at which time it will be permanently removed from our systems and destroyed. The reason for the 10 year time limit is due to the working practice of the legal industry in Scotland.
Refusal to provide Personal Data
The information about you that we have collected for the performance of our contracts is required in order for us to successfully fulfil our obligations to you. If you choose not to provide the personal data requested, we will not be able to enter into a contract with you to provide the benefits we offer. If we are already processing your personal information under a contract, you must end our contractual relationship (as/where permitted) in order to exercise some of your rights.
Children Under the Age of 16
We do not knowingly store information for people under 16 except under specific circumstances, for example when we have acted for children under 16 or have been supplied information from their parent, most commonly in matrimonial cases. Any times such information is collected, it will be done so with parental consent.
Our website is not intended for children under 16 years of age. No one under age 16 may provide any personal information to or on our Website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on our Website or on or through any of its features, interactive or public comment features of our Website or provide any information about yourself to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at email@example.com .
We have implemented technical and operational measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration and disclosure. All personal information you provide to us is stored on password-protected databases and all files are encrypted for additional security. Our data is stored on a NAS box which is replicated on a second NAS box located securely with our IT Expert. We train our employees on the importance of information security and focus specifically on practices for protecting against unauthorised disclosure of personal data. We have a documented incident response plan for acting upon events that violate MacRae Stephen & Co security or privacy policies, should they occur, and this plan is reviewed and updated on an ongoing basis. All incidents of this nature are reported to the owner, Archie Millar.
The safety and security of your information online also depends on you. The information you share in public areas may be viewed by any user of our Website.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website or over any public network. Any transmission of personal information is at your own risk. Without prejudice to any mandatory legal obligations to which we may be subject, we are not responsible for circumvention of any privacy settings or security measures contained on our Website.
MacRae Stephen & Co may change, add, modify or remove portions of this Policy at any time, which shall become effective immediately upon posting on this page. It is your responsibility to review this Policy for any changes. By continuing to instruct us and use our website, you agree to any changes in the Policy.
If you have any questions about MacRae Stephen & Co’s privacy protection practices or believe we have not adhered to this Policy, please contact Archie at firstname.lastname@example.org