Gibson Kerr will be a controller of the personal information relating to third parties that is provided to us in relation to the provision of legal services to our clients.
When we provide legal services to our clients, we will collect, store and use the personal information that the client or you provide to us which relates to, and is necessary for, the legal services we provide to that client.
Why we need your personal information – contractual purposes
We need to collect your personal information so that we can perform our service agreement with our client. We will only collect and use personal information which is relevant to, and necessary for, the legal service being provided to the client. We will use your personal information to:
- provide our client with legal advice;
- communicate with you by email, letter and/or telephone where that communication relates to the legal services being provided to our client;
- represent our client as their solicitors in connection with any legal matter they instruct us in;
- respond to and communicate with you regarding your questions, comments, or complaints, concerns or allegations in relation to the provision of legal services by us to our client, including using your personal information to investigate any complaint by you and take any appropriate action.
In relation to any information provided to us relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, we will only store that information where it specifically relates to, and is relevant to, the legal advice/services our client has asked us to provide them with.
If you do not provide us with all of the personal information that we need to collect then this may affect our ability to provide our client with legal advice and represent them as their solicitors.
Why we need your personal information – legal obligations
We are under a legal obligation to process certain personal information relating to our clients and connected third parties for the purposes of complying with our obligations under:
- the Law Society of Scotland requirements for solicitors, including the Law Society of Scotland Practice Rules 2011, and relevant legislation, including the Legal Services (Scotland) Act 2010; and
- UK anti-money laundering legislation, including The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (SI 2017 No. 692) and Proceeds of Crime Act 2002.
Why we need your personal information – Public Interest in Public Health
In light of the coronavirus pandemic, for as long as there is a risk to public health from this or any future pandemic, before any meeting (including any property viewing) takes place in person, we will ask you some questions to establish the risk of contraction of disease by the parties to the meeting. We will use this information to establish if a meeting can proceed safely. If we learn that any person in that meeting has a confirmed case of disease, depending on the timing of that diagnosis, we may contact the parties to that meeting to inform them.
If we have obtained your contact details because you have viewed a property being marketed by us and if we learn that you may have come in contact with someone with a confirmed case of disease, we may pass your contact details to NHS Scotland contact tracers.
Who we share your personal information with
We may be required to share personal information with statutory or regulatory authorities and organisations to comply with statutory obligations. Such organisations include the Law Society of Scotland for compliance purposes; the Police National Crime Agency for AML purposes and the Scottish Court Service in relation to any court action we are instructed to raise or defend.
Gibson Kerr employs third party suppliers to provide services, including client case management software, IT services, and cashroom services. These suppliers may process personal data on our behalf as “processors” and are subject to written contractual conditions to only process that personal data under our instructions and protect it.
We may also share personal data with other professional advisors for the purposes of taking advice.
In the event that we do share personal data with external third parties, we will only share such personal data strictly required for the specific purposes relating to the legal services we are providing our client with and we will take reasonable steps to ensure that recipients shall only process the disclosed personal data in accordance with those purposes.
How we protect your personal information
Your personal information is stored on our electronic filing system and our servers based in the UK, and some data is also stored in paper files in our storage system within our offices. This data is accessed by our staff and data processors for the purposes set out above. We have appropriate safeguards in place to protect your data.
How long we keep your personal information
We keep personal data relating to the provision of legal services to our clients indefinitely to ensure ongoing compliance with our legal and contractual obligations as set out above.
You can exercise any of the following rights by writing to us at
46 India Street
Your rights in relation to your personal information are:
- you have a right to request access to the personal information that we hold about you by making a “subject access request”, except where we cannot provide such information to you due to our overriding duty of confidentiality to our client;
- if you believe that any of your personal information is inaccurate or incomplete, you have a right to request that we correct or complete your personal information;
- you have a right to request that we restrict the processing of your personal information for specific purposes; and
- if you wish us to delete your personal information, you may request that we do so.
Any requests received by Gibson Kerr will be considered under applicable data protection legislation and under our professional obligations. If you remain dissatisfied, you have a right to raise a complaint with the Information Commissioner’s Office at www.ico.org.uk