Privacy Notice

Privacy Notice

Who we are

We are Johnsons Solicitors with offices based at the following locations:

  1. Johnson House, 50-56 Wellington Place, Belfast, BT1 6GF;
  2. 4 Harbourmaster Place, IFCS, Dublin 1; and
  3. 21 Arlington Street, London, SW1A 1RN

You can contact us by post at any of the above addresses.  We are the data controllers and are responsible for your personal data.

Our Data Protection Officer (DPO) is Elizabeth Cardwell, Practice Manager.  You can contact our DPO by post at Johnson House, 50-56 Wellington Place, Belfast, BT1 6GF or by e-mail at elizabeth.cardwell@johnsonslaw.co.uk

If you would like to request a hard copy version of this Privacy Notice please contact our DPO as detailed above.

How we collect personal data

Personal data may be collected in a number of ways, including:

  1. Through our provision of legal services to you/our client;
  2. When we collect publicly available information about you; and
  3. When we collect your personal data from third parties.

The legal basis for the processing of this data is necessary for the purpose of the legitimate interests of our firm in representing you/our clients.

The type of personal data that we may collect

The categories of personal data that we may collect includes, but is not limited to, the following:

  1. Contact details (including names, date of birth, national insurance number, postal addresses, email addresses and telephone numbers);
  2. Professional information such as job titles, previous jobs, and professional experience and qualifications;
  3. Where you provide it, information about your hobbies and interests;
  4. Images captured and provided on CCTV cameras or from those publicly available on social networking sites;
  5. Images depicting bodily scarring/injury and medical records;
  6. Financial data (including bank details and credit card details), details of earnings/state benefits;
  7. Vehicle information, driving license and motor insurance information; and
  8. Previous claims history.
  9. Where necessary and legally permitted, we may also collect more sensitive data such as diversity, health data (including hospital/GP notes and records, medical reports etc.), details of offences and related proceedings.

The legal basis for the processing of this data is necessary for the purposes of the legitimate interests pursued by our firm in representing you/our clients.

Where we store and transfer your personal information

We store the information you provide on our practice case management system.  We may, in certain circumstances, transfer personal information between our three offices. We may also be required, during the course of our legal services, to transfer your personal data to third parties.

We may also send you emails through our email service provider.

We will retain this data for a minimum of 6 years in accordance with our Data Retention Policy unless we reasonably consider it necessary to retain it for a longer period than is necessary.

We will not transfer or share data outside of the EU without your prior consent.

Processing personal data for recruitment purposes

We may process your personal data in accordance with our Recruitment and Selection processes.  For job applicants to the firm, we process data:

  1. to recruit new employees; and
  2. to ascertain your suitability for a specific role

The legal basis for this processing is necessary for the purpose of the legitimate interests of our firm in recruiting new staff.

We will retain this data for a period of 3 years in accordance with our Data Retention Policy.

Our Website and Cookies

You may browse our website without providing us with any personal data and this will not affect your ability to view our website.

You can set your browser to refuse all or some browser cookies or to alert you when websites wet or access cookies.  If you disable these, please note that some parts of this website may become inaccessible or not function properly. Please see our cookie policy for more information.

Your rights relating to personal data

You have the following rights under the GDPR, in certain circumstances and subject to certain exemptions, in relation to your personal data:

  1. Right to access the data – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
  1. Right to rectification- you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
  1. Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten. However, please note that we may not always comply with your request for specific legal reasons which will notified to you at the time of your request, if applicable.
  1. Right to restriction of processing or to object to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
  1. Right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
  1. Right to withdraw consent – If we are processing personal data based on your consent, you may withdraw that consent at any time. This does not affect the lawfulness of processing which took place prior to its withdrawal.

In order to exercise any of the rights set out above, please contact our DPO as detailed at the start of this privacy notice.

Complaints

If you are unhappy with how we process personal data, we ask you to contact our Data Protection Officer so that we can rectify the situation

You may also lodge a complaint with a supervisory authority. The UK supervisory authority is the Information Commissioners Office. The Irish supervisory authority is the Data Protection Commission.