Effective from 1st Jan 2019
Data Protection Notice prepared in accordance with General Data Protection Regulation (‘GDPR’) and its applicable Irish legislation and regulations
Aileen Keogan Solicitor and Tax Consultant as a firm will in the course of its engagement of services with clients of this firm gather and retain information about you as clients. This Notice relates to the personal data gathered and retained in this regard.
This Notice is also relevant for those of you
- who are not clients of this firm but who have made contact with this firm direct or via the firm’s website, or
- who are not clients of this firm but whose data has been provided to us by clients of this firm or by others in contact with this firm.
This Notice relates to personal data which is data relating to identified or identifiable living individuals that has not been anonymised.
The firm's core principles provide that personal data must:
- be processed fairly and lawfully and to the extent required under Irish law with valid and informed consent;
- be obtained for specific and lawful purposes;
- be kept accurate and up to date;
- be adequate, relevant and not excessive in relation to the purposes for which it is used;
- not be kept for longer than is necessary for the purposes for which it is used;
- be processed in accordance with the rights of individuals;
- be kept secure to prevent unauthorised processing and accidental loss, damage or destruction; and
- not be transferred to, or accessed from, another jurisdiction where these core principles cannot be met unless it is adequately protected.
Why we collect information and what might be collected
We collect this information so that we can provide the services of legal and taxation advice that you as a client require from us. The firm needs
- to know how to get in touch with you personally or in business
- to be certain of your identity
- to understand to the extent this may affect advices for succession purposes your family circumstances such as next of kin, marital status, personal information about your dependents or about those on whom you are dependent, the medical status of you and your dependants or persons linked with you in financial or personal terms, your race, your religious status, your sexual orientation
- to understand your financial circumstances and so we collect details of persons linked with you in financial terms such as connected persons in corporate, trust, partnership or in lending terms
- to understand your business relationships, including details concerning companies, trusts and partnerships and other legal entities with which you have a connection
- to know your nationality / citizenship as this may affect our advices for succession purposes
- to know your tax status, including your residency, ordinary residency, domicile and that of your parents and dependents to the extent that affects your domicile, also what filings you have made for tax in Ireland or outside Ireland, your status for tax and work outside Ireland to the extent this may affect your domicile, your tax and AML identifiers, including PPSNs or foreign equivalents such as FATCA or CRS identifiers
- to hold sensitive data such as medical information or disability information for the purposes of claiming tax reliefs or exemptions and advising on matters relation to dependency and succession issues
- to hold information of any criminal conviction for the purposes of complying with anti-money laundering obligations
- to hold information of your politics or that of person’s connected to you for the purposes of complying with anti-money laundering obligations
- to hold information as to your or your family’s or other connected person’s credit status such as for the purposes of advising you on creditor protection rights
- to know your education and employment history and status and that of your family for the purposes of advising in relation to dependants’ rights
- to hold information as to your bank details for the purposes of transferring client monies
- to hold all of this information to allow relationship management for the firm with its clients
- to hold all of this information to allow this firm fulfil its regulatory duties
- to hold all of this information to use for administrative purposes.
You may choose not to furnish us the information we need to collect to carry out the above but doing so may limit the services we are able to provide to you particularly as our advice requires us to have all relevant information available to us to ensure the advice is pertinent for your status.
For those who are not clients of this firm, if you are other professionals or intermediaries with whom we have made contact, we hold your data to be able to get in touch with you for business relationship purposes. This may include access or dietary requirements which may reveal information about your health or religious beliefs. If you wish to ensure your contact details are up to date, you should email us direct with your details if you have changed these since we last were in contact. Where you are a person who has not contacted this firm direct, we may hold personal data of yours which our client or his/her advisers / contacts have provided to us. This is held for the purposes of our client’s requirements to allow us to furnish advice to them and generally would be subject to legal privilege in allowing us to give legal advice to our clients.
Your details will not be given to third parties for marketing purposes. This does not mean that you will not be contacted from time to time by this firm for this firm’s marketing purposes. Your details will only in limited circumstances be shared with third parties such as for the administrative purposes in the management of this firm or as required for the purposes of providing the service and such sharing will be adequately protected.
When and how we collect information
We collect this information from the time we open a file for you and throughout our relationship with you.
Where you give this firm information about someone else (for example financial or other personal information about a child or other relative) we may add this to any personal information we already hold for the purposes of giving you advice and use it in accordance with this Notice.
We may get information about you from someone else, for instance on a referral from an accountant, solicitor or financial adviser to us of your file, and we may add it to any personal information we already hold and use it in accordance with this Notice.
We may also collect and use your information even if you are not a client of this firm where we will apply the principles outlined in this Notice when dealing with your information. This could arise for instance in respect of family members or other contacts of clients of this firm where information has been provided to us about you by the client or his/her advisors relevant for the purpose of us providing advice to that client, where you have made an initial enquiry to this firm for services but have not yet engaged the firm, or where information has been made available about you in the public domain such as on websites, directories, social media sites or forums or in the media. This also includes your consent to cookies on your visiting the website of this firm and our website may also collect your device’s unique identifier, such as an IP address and other Log Data. We refer to our specific website terms and conditions in relation to website data.
How we use this information and how long we hold onto this
We will only use your information with the care and principles outlined in this Notice to help this firm provide the service you require of us, to improve your experience with us, to fulfil our contract with you and to manage our business for our legitimate interests.
We will use the data and share the data where its use is necessary in relation to a service or contract you have entered into or because you have asked for something to be done as part of us providing you advice and carrying out of our services for you, for instance in filing with the Revenue Commissioners, with the Courts Service of Ireland, with the Courts of Ireland, instructing counsel registered in the Bar Council of Ireland. We may also share data when instructing on your behalf or by way of consultancy or where the firm subcontracts work to other firms of solicitors, accountants, tax consultants, probate service providers, financial advisers or other institutions or firms on certain aspects of the work where it is agreed in advance with you that their advice is required to enable this firm to perform its services or where you have agreed for us to instruct a firm separately in relation to certain advice required and we deem it necessary to pass on such data. We will use and share your data where you have consented to its use in a specific way.
We will also use and share your data when in the normal course of running a solicitor and taxation practice, we must give access to bodies with legal powers such as the Revenue Commissioners, the Law Society of Ireland and the Irish Tax Institute particularly (but without limitation to the generality of the foregoing) in audit and regulatory functions. The firm has statutory reporting obligations in relation to tax evasion, tax avoidance and anti-money laundering with which it must comply without advising you as our client of specific reporting of your affairs. The firm will use your information to comply with legal and regulatory obligations including complying with requests from all statutory and regulatory bodies (including central and local government) and law enforcement authorities, complying with binding production orders or search warrants and orders relating to requests for mutual legal assistance in criminal matters and indeed requests from the Data Protection Commission itself to ensure compliance with GDPR and its implementing legislation.
Your data will also be used by us in the recovery of debts you may owe us and to respond and manage any complaint you may make against us and we may then share your data with any debt collection firm, agency or solicitor, mediator, Taxing Master, Legal Costs Adjudicator, the Courts and the Law Society of Ireland and the Irish Tax Institute for such purpose(s).
We may also give access to your data to accountants, bookkeepers, secretarial service providers, quality control auditors, risk assessment auditors, account software providers, IT maintenance contractors, IT anti-virus providers, cloud storage providers, website developers, professional indemnity insurers and their agents, the Society of Trust and Estate Practitioners and others so that they can access or inspect random files each year so as to facilitate their carrying out of services to this firm such as audit services. They may collect data from our files or relating to the computer system used by this firm in carrying out their functions. This allows us to manage our firm properly and to fulfil our statutory obligations. We will use encrypted files and/or passwords for transfer of data when operating secretarial services. The firm uses secretarial services based in the UK (currently within the EEA) and we will seek to ensure this firm is GDPR compliant when required. We always seek to ensure that the provider of the relevant services to us is reputable and is subject to confidentiality and privacy rules, including GDPR.
When we deal with and store files offsite, whether electronic or hard copy, we will take all reasonable steps to ensure that we keep your information confidential. All original documents are stored offsite in a secure location where the client name, identification and document type is detailed for archiving purposes to that firm. Open and closed (archived) files are currently stored at the office premises but may be stored offsite in the future. We always seek to ensure that the provider of any offsite storage services to us is reputable and is subject to confidentiality and privacy rules, including GDPR.
Our computer files and all systems are stored through a cloud based storage system. Any system used will have contracted to comply with GDPR and, if it is a company situate in the US, it will have confirmed its adherence to the EU/US Privacy Shield. The computer system in the firm is subject to anti-virus software currently operated by a company based in the UK (currently within the EEA) which protects all computers on the firm’s system network. However no computer system/network is fail safe and this firm cannot be held responsible for the access to confidential files held under this normal security system. From time to time the firm may also downloads certain data on to hard disk for storage within the office and externally to protect the system from ransomware.
The office is located as a separate secure office within the grounds of a private residence. No cash is stored on the office premises.
Emails may be used to enable us to communicate with you. As with any other means of delivery, there is a risk that the communication may be inadvertently misdirected or non-delivery may occur. It is the responsibility of the recipient to carry out a virus check on any attachments received. Internet communications are capable of corruption and therefore we do not accept any responsibility for changes made to such communications after their dispatch.
The length of time we hold your data and generally your file as a whole depends on a number of factors such as regulatory rules, the type of data held and the type of service we have provided to you. We will keep a file (in both paper and electronic form or parts in one or the other form) containing our advices for you and relevant data therein generally for 7 years from the end of the calendar year during which the last active work on the file was carried out provided all fees have been paid for services rendered. We will then review the file with a view to assessing whether it should be destroyed within the period of one year thereafter. We will destroy your file if you have not given us instructions on the matter in a meaningful manner (as determined by this firm) for 7 years and there is nothing in the file that may indicate it would be useful for us or for you to refer to this in the future in relation to the transactions you have undertaken on foot of advice furnished by us. This assessment of usefulness will be determined by this firm based on our experience to date of what should be retained. This is our general retention period for files.
The general retention period is amended in the following specific instances:
- We will not destroy a probate file for 12 years.
- We will not destroy a trust file for the period of the duration of the trust plus 12 years.
- We will not destroy a file concerning a minor child for 7 years from the date the child turns age 18.
- We will not destroy a file relating to a person who has become incapacitated for the duration of the life of that person plus 7 years provided we have been made aware of that person’s incapacity within the general retention period.
- We will not destroy a file relating to notes on the drafting of a Will unless we have confirmation in writing of a later Will revoking the Will we advised upon and that later Will has been probated.
- We will not destroy a file that relates to matters over which we have given an undertaking.
- If you are in a legal dispute or being audited by Revenue or another regulatory body in relation to matters relevant to the file and you have informed us in writing of this specifically within the general retention period, we will not destroy the file until you have advised us that the matter is fully resolved or until we have not heard further from you on the matter within a further 7 years from the date of that notification.
- We will not destroy any original documents that we have agreed to retain for you (such as Wills, letters of wishes, advance care directives, shareholders agreements, partnership deeds, trust deeds, loan agreements that have not expired, cohabitation agreements, grants of probate, property title deeds, certificates of business name registration) unless we have confirmation in writing of a later document revoking the document we hold and, in the case of a Will, that later Will has been probated.
- We will maintain an archive list of original documents retained or sent elsewhere based on your instructions which list will contain certain data required to identify the document.
- We will retain files or parts of files in paper (hard) or electronic (soft) format for longer periods at our discretion for long term precedent use, where we will seek to anonymise such data where practicable. Where your data has been retained and not anonymised on a precedent file, your data shall only be used internally for cross reference and ease of retrieval and we will not use the data otherwise.
- We will retain your contact details and other pertinent data to identify you for business relationship purposes unless you have requested us not to do so. We will however retain details of that request itself for administrative purposes.
How to exercise your information rights
From 25 May 2018 you will have several enhanced rights in relation to how we use your information including
- the right without undue delay to respond to you. In most instances, we will respond within one calendar month. If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests), we may extend this period by a further two calendar months. Should this be necessary, we will explain the reasons why. If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise.
- to find out if we use your information, to access your information and to receive copies of the information we have about you.
- to request that inaccurate information is corrected and incomplete information updated.
- to object to particular uses of your personal data where the legal basis for our use of your data is our legitimate business interests
- to object to use of your personal data for direct marketing purposes. If you object to this use, we will stop using your data for direct marketing purposes.
- to have your data deleted or its use restricted. You have a right to this under certain circumstances, for example, where you withdraw consent you gave us previously and there is no other legal basis for us to retain it or where you object to our use of your personal information for particular legitimate business interests.
- to obtain a transferable copy of certain data to which can be transferred to another provider, known as “the right to data portability”. This right applies where personal information is being processed based on consent or for performance of a contract and the processing is carried out by automated means. It is not anticipated that this will arise for this firm as we do not generally process information in automated format. You are not able to obtain through the data portability right all of the personal information that you can obtain through the right of access. The right also permits the transfer of data directly to another provider where technically feasible. Therefore, depending on the technology involved, we may not be able to receive personal data transferred to us and we will not be responsible for the accuracy of same.
- to withdraw consent at any time, where any processing is based on consent. If you withdraw your consent, it will not affect the lawfulness of processing based on your consent before the withdrawal has occurred. Such withdrawal should be on an irrevocable basis.
Any such requests should be notified to us formally in writing. You should direct all complaints relating to how this firm has processed your data to Aileen Keogan. You have the right to complain relating to how this firm has processed your data to the Data Protection Commission or another supervisory authority. You can contact the Office of the Data Protection Commissioner at
Telephone: +353 (0)761 104 800 or Lo Call Number 1890 252 231
Fax: +353 57 868 4757
Postal Address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois.
How to contact us
If you have any questions about how your personal data is gathered, stored, shared or used, or if you wish to exercise any of your data rights, please contact Aileen Keogan.
Changes to this Notice
We will update this Notice from time to time without notice by amending this page. Any changes will be made available on our website and may be notified to you by Aileen Keogan by email or by post but without a duty on Aileen Keogan to notify you of such changes. Please check this page on the website from time to time for any changes we have made, as they are binding on you.
Confirmation of Privacy Notice terms agreed
Client to sign and Date