WEBSITE TERMS
The person using this website (the "Site") is subject to the terms and conditions (the "Terms") set out on this page. Please read the Terms carefully before accessing any other pages in the Site. Your use of the Site is conditional upon your acceptance of the Terms and by using the Site you agree to be bound by the Terms.
Accordingly if you do not accept the Terms, please leave the Site immediately.
LEGAL NOTICE
Dickson Minto LLP is a limited liability partnership registered in Scotland (SO307926) with its registered office at 16 Charlotte Square, Edinburgh, United Kingdom EH2 4DF and a separate office in London. A list of members is available for inspection at our registered office. Dickson Minto LLP is regulated by the Law Society of Scotland.
Dickson Minto Advisers LLP is a limited liability partnership registered in England (OC448025) with its registered office at Level 4 Dashwood House, 69 Old Broad Street, London United Kingdom EC2M 1QS. A list of members is available for inspection at our registered office. Dickson Minto Advisers LLP is authorised and regulated by the Financial Conduct Authority.
DM's VAT Number is GB416012502.
DM reserves the right to revise the Terms by amending this page on the Site. Please check this page from time to time for any changes DM has made, as they are binding on you.
The Terms are governed by Scots law and you submit to the exclusive jurisdiction of the Scottish Courts in respect of any disputes arising herefrom or connected hereto.
INTELLECTUAL PROPERTY
DM is the owner or the licensee of all copyright and other intellectual property rights in the Site, and in the material published on it. Those works are protected by copyright laws and treaties around the world. All such rights are reserved to DM.
The Site may be viewed, and pages and extracts from the Site may be downloaded and printed, by each user for his/her own personal and private use. However, the user shall not alter or change any of the paper or digital copies so downloaded or printed, shall not use, or incorporate, such, in whole or in part, in any work or publication, in whatever medium, and shall not remove any copyright notices from such.
Except as expressly provided above, the Site and its content may not be, in whole or in part, in any form, by any means or in, or through, any medium, stored, copied, reproduced, distributed, transmitted or otherwise made available without the prior written consent of DM.
LIMITATION OF LIABILITY
The content of the Site is provided for general information purposes only and does not constitute legal or other professional advice. While DM believes that, at the time of writing, the information on the Site is accurate, DM cannot and does not guarantee the accuracy of any such information. DM therefore accepts no liability or responsibility for any loss or damage which may arise from reliance on information contained in the Site. Notwithstanding the foregoing, nothing in the Site affects DM's liability for death or personal injury caused by negligence, for fraud or for any other liability which cannot be excluded or limited under applicable law.
LINKS
Links to other websites may be included on the Site but are only provided for general information. DM has no control over the content of the websites linked to, and accepts no liability or responsibility for material found on them or for any loss or damage that may arise from use of them.
No links may be made to the Site without DM's prior written consent.
VIRUSES
You must not (a) misuse the Site by knowingly introducing viruses, trojans, worms, logic bombs, keystroke loggers, spyware or other material which is malicious or potentially technologically harmful ("Viruses"); or (b) attempt to gain unauthorised access to, interfere with, damage or disrupt the Site, the server on which the Site is stored or any server, computer or database connected to the Site; or (c) attack the Site via a denial-of-service attack or a distributed denial-of-service attack.
DM cannot guarantee that the Site, or any documents, files and information on the Site, will be free from Viruses. DM is not liable for any loss or damage which may be suffered by you or any other person caused by any such Viruses or that may otherwise arise from use of the Site or any linked website.
MODERN SLAVERY AND HUMAN TRAFFICKING STATEMENT
This statement is made pursuant to section 54(1) of the Modern Slavery Act 2015 and constitutes our slavery and human trafficking statement for the financial year ending April 2024.
We are a law firm providing professional legal services to a variety of corporate clients and are organised as a partnership. We operate from offices in Edinburgh and London. We recognise that law firms, like any other business, must take steps to ensure that there is no slavery or human trafficking in any part of our business. We have zero tolerance to slavery and human trafficking. In this regard, we are committed to ensuring that there is no modern slavery or human trafficking in our business or in our supply chains.
Our Modern Slavery and Human Trafficking Policy reflects our commitment to acting ethically and with integrity in all our business relationships and to implementing and enforcing effective systems and controls to ensure slavery and human trafficking is not taking place anywhere in our business or our supply chains.
Our supply chains consist primarily of the provision of low risk professional support services or office facilities, principally in connection with technology, supply of stationary and other office equipment and maintenance of our offices. When we engage external recruiters, we only engage reputable recruitment agents.
As part of our initiative to identify and mitigate risk we have in place systems to:
· identify and assess potential risk areas in our supply chains;
· mitigate the risk of slavery and human trafficking occurring in our supply chains;
· monitor potential risk areas in our supply chains; and
· encourage that any suspicions of slavery or human trafficking are reported and to protect whistle blowers.
To ensure all those in our supply chain and contractors comply with our values we have established a supply chain compliance programme and will continue over the next 12 months to refresh our due diligence checks in our supply arrangements.
We are committed to fair employment practices in relation to our own employees which is embodied in our employment policies including our equal opportunities policy which describes our commitment to be an equal opportunities employer.
Further, to ensure a high level of understanding of the risks of modern slavery and human trafficking in our supply chains and our business we have in the last 12 months and will continue to provide regular training to our staff.
ANTI-MONEY LAUNDERING STATEMENT
Our anti-money laundering policies and procedures are designed to meet the highest standards required of us. DM's members and staff are fully committed to complying with all legislation and appropriate guidelines designed to prevent and combat financial crime, money laundering, the funding of terrorism, proliferation financing and criminal activity in the jurisdictions in which we operate ("Relevant Financial Crime"). We are committed to ensuring that the firm conducts client due diligence both at acceptance of, and throughout, our business relationship with our clients and that we assess and monitor the risk profile of our clients and their transactions. The firm also has in place policies and procedures which seek to ensure that any suspicions that a Relevant Financial Crime offence has been or is being committed is reported to the appropriate authorities. All our lawyers and staff receive regular training to ensure they are aware of all current issues relating to Relevant Financial Crime and our policies and procedures.
ANTI-FACILITATION OF TAX EVASION STATEMENT
DM has a zero tolerance policy to tax evasion and the facilitation of tax evasion. We are fully committed to complying with all legislation and appropriate guidelines designed to prevent tax evasion and the facilitation of tax evasion in the jurisdictions in which we, our clients and business partners operate. The firm is subject to the Criminal Finances Act 2017 and has adopted a policy, endorsed by senior management, designed to prevent tax evasion and the facilitation of tax evasion. Our policy establishes a culture both across the firm and in relation to other professional advisers who may from time to time be instructed by us to act for our clients, in which tax evasion and the facilitation of tax evasion is unacceptable. The policy is based on a detailed risk assessment undertaken by the partners annually.
ANTI-CORRUPTION STATEMENT
DM is subject to the UK Bribery Act 2010 and we have adopted an anti-corruption policy, which has been endorsed by the members. The policy is based on a detailed risk assessment and reflects the standards that we expect of our lawyers and staff and those who perform services for us. We are committed to the highest standards of ethical conduct and integrity in our business activities and we have a zero tolerance policy to corruption and bribery. Our lawyers and staff receive regular training to ensure that they are aware of all current issues relating to the law in this area.
PRIVACY NOTICE
Introduction
Dickson Minto LLP and Dickson Minto Advisers LLP ("Dickson Minto", "we", "us" or "our") is committed to protecting the privacy of individuals whose data we process and to complying with our obligations under relevant data protection and privacy laws including the General Data Protection Regulation (Regulation 2016/679) (the "GDPR") (which now forms part of the laws of the UK by virtue of section 3 of the European Union (Withdrawal) Act 2018 as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (as amended) ("UK GDPR"), the Privacy and Electronic Communications Regulations 2003 (as well as other related laws and regulations) and the Data Protection Act 2018 (the "DP Laws").
This privacy policy aims to give you information on how Dickson Minto process personal data which we collect about you in connection with the provision of legal and/or coporate finance advice and/or other services, if you are a potential client or business contact, if you are applying for employment or work experience with us, or if you are a contractor or other service provider. In addition, it outlines your rights under the DP Laws.
For the purposes of the DP Laws, the "controller" of your personal data will depend on the circumstances for which you engage with Dickson Minto and/or provide your personal data to Dickson Minto. If you apply for a job with, receive advice from, visit the website of or otherwise engage with Dickson Minto LLP, then Dickson Minto LLP will be the controller of your personal data. Alternatively, if you apply for a job with, receive advice from, visit the website of or otherwise engage with Dickson Minto Advisers LLP, then Dickson Minto Advisers LLP will be the controller of your personal data.
There may be circumstances where both Dickson Minto LLP and Dickson Minto Advisers LLP are controllers of your personal data.
We may from time to time update this policy. Please refer back regularly to see any if any changes have been made.
This privacy policy is provided in a layered format so you can easily refer to the sections which relate to the information that we collect about you.
If you have any queries in relation to our processing of your personal data or if you would like to request a downloadable copy of this policy please contact our data protection and compliance team ("DP Team") (gdpr@dmws.com).
Glossary
In this privacy policy:
personal data or personal information means information relating to an identified or identifiable natural person;
special categories of personal data includes information about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions and/or trade union membership, as well as information about health and genetic and biometric data; and
you is defined in each section of this policy.
PRIVACY POLICY
CLIENTS
This section of our privacy policy sets out how we may process personal data about clients of Dickson Minto. In this section:
client means a client of Dickson Minto (whether an individual or organisation); and
you and your means a person whose personal data is held by us, where that data has been provided to us by a client or by its directors, partners, employees, agents or representatives on its behalf, or has been collected by us, in each case, in the context of the provision by us of legal and/or corporate finance services (and/or other services) to that client.
The data we may hold
We may hold various kinds of personal data about you, which the client or you provide to us from time to time or which we otherwise obtain in the course of our relationship with you, and which we have grouped together as follows:
Identity data may include names, dates of birth and pronoun preferences;
Contact data may include addresses, work email addresses, personal email addresses and telephone numbers;
Employment data may include places of work and job titles, employment history and qualifications;
KYC data may include copies of passports, driving licences, utility bills and information which may be revealed by an anti-money laundering search conducted on you (including details of your directorships, your electoral registration, your political exposure, insolvency proceedings against you, criminal convictions and/or any adverse media in relation to you);
Financial data may include bank account details;
Technical data may include internet protocol (IP) address, mail server URL, MIME version, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use when you correspond with us; and
CCTV data may include image and sound recordings.
We also collect information provided to us by email or post, during telephone calls and/or in meetings with the client or you.
In addition, we may collect personal data about you from third parties including background check providers, which may include credit references or reports from the disclosure and barring service (namely reports on unspent criminal convictions), and from third party publicly accessible sources including Companies House records and social media. Where we are advising on a transaction contemplating the sale, acquisition or investment in a business or asset and you are also involved in that transaction we may collect data about you from third parties who provide it to us. For example, if you are a director or employee of a business which is subject to an investment and/or a sale, we may collect information about you which is provided to us by the business via a secure "data site".
We will not usually collect any special categories of personal data about you, except where: (i) this is relevant to any legal and/or corporate finance services (and/or other services) that we are providing to the client or you; or (ii) you are invited to attend certain firm social events where this may be relevant (for example firm cycling trips); or (iii) this is used as part of our anti-money laundering checks; or (iv) you volunteer the information to us in writing (for example if you disclose to us that you have Covid-19).
What we use your personal data for
We will only use your personal data for the following purposes:
To administer and manage our relationship with the client and/or you.
To provide, or facilitate the provision of, legal and/or corporate finance advice (and/or other services) to the client.
To instruct bank transfers and other payments required as part of the transactions upon which we have provided legal and/or corporate finance advice (and/or other services).
To conduct our business, including in relation to advisory and/or transactional legal and/or corporate finance work (and/or other services).
To comply with our legal or regulatory requirements, such as anti-money laundering laws or the requirements of the Law Society of Scotland and/or the FCA.
To send you updates, news items, articles or other material which we think may be of interest to you.
To send you invitations to events and seminars and the like which we think may be of interest to you.
To monitor emails sent to us (including attachments) for viruses or malicious software.
To protect and manage email traffic.
To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV.
Generally to manage the activities of Dickson Minto, including monitoring and recording electronic communications (including telephone calls and emails).
Legal basis for processing your personal information
We will only use your personal information as the law permits. By law we are required to tell you the legal bases upon which we rely in processing your personal information. The legal bases we principally rely upon are these:
It is necessary for the performance of a contract between Dickson Minto and the client for the provision of legal and/or corporate finance services (and/or other services) or in order to take steps at your request prior to entering into such a contract.
It is necessary for the purposes of our legitimate interests, where such interests are not overridden by your rights or interests.
We may also rely upon the following legal bases for processing your personal information:
It is necessary for us to comply with a legal obligation on us.
It is necessary to protect your vital interests or those of another individual.
Please note that even where such processing is being carried out on the basis that it is necessary to pursue our legitimate interests, we will always weigh our legitimate interests against your interests and your fundamental rights and freedoms and will not process on that basis if your interests outweigh ours.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact our DP Team if you need us to confirm which of the legal bases set out above we relied upon in a specific type of processing for a particular category of personal data.
Purpose / Activity | Type of data | Legal basis for processing |
---|---|---|
To administer and manage our relationship with the client and/or you | Identity data, Contact data, Employment Data | (a) Performance of a contract with the client and/or you (b) Our legitimate interests of pursuing and developing our business |
To provide, or facilitate the provision of, legal and/or corporate finance advice (and/or other services) to the client | Identity data, Contact data, Employment Data | (a) Performance of a contract with the client and/or you |
To instruct bank transfers and other payments required as part of the transactions upon which we have provided legal and/or corporate finance advice | Identity data, Contact data, KYC data, Financial data | (a) Performance of a contract with the client and/or you (b) Compliance with our legal and regulatory obligations |
To conduct our business, including in relation to advisory and/or transactional legal and/or corporate finance work | Identity data, Contact data, Employment data, KYC data, Financial data, Technical data | (a) Performance of a contract with the client and/or you (b) Our legitimate interests of pursuing and developing our business |
To comply with our legal or regulatory requirements, such as anti-money laundering laws or the requirements of the Law Society of Scotland and/or the FCA | Identity data, Contact data, Employment data, KYC data | (a) Compliance with our legal and regulatory obligations |
To send you updates, news items, articles or other material | Contact data | (a) Our legitimate interests of pursuing and developing our business |
To send you invitations to events and seminars and the like which we think may be of interest to you | Contact data | (a) Our legitimate interests of pursuing and developing our business |
To monitor emails sent to us (including attachments) for viruses or malicious software | Technical data, Contact data | (a) Our legitimate interests to protect and maintain the security of our systems |
To protect and manage email traffic | Technical data, Contact data | (a) Our legitimate interests to protect and maintain the security of our systems |
To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV | Technical data, CCTV data | (a) Our legitimate interests of maintaining the security of our office |
Generally to manage the activities of Dickson Minto, including by monitoring and recording electronic communications (including telephone calls and emails) | Technical data, Contact data, Identity data, Employment data | (a) Our legitimate interests of pursuing and developing our business |
Where your consent is required
We do not normally rely on consent to the processing of your personal data. However, if we consider it necessary to obtain your consent in relation to a certain planned use of your personal data, we will contact you specifically to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal information, you may withdraw that consent at any time by contacting our DP Team.
Marketing
We may send to our client and to you, if you are a director, partner, employee, agent or representative of our client, from time to time, by electronic means or post, marketing communications:
if you have specifically requested that information from us;
if you have specifically consented to receiving marketing communications from us; or
which relate to matters connected to those on which we have previously provided legal and/or corporate finance advice (and/or other services) to the client or you, provided you have not opted out of receiving that marketing (which you may do at any time by contacting our DP Team).
Please note, you can ask us to stop sending you marketing messages at any time by following the opt-out or unsubscribe links on any marketing message sent to you.
If you fail to provide personal information requested
Where we need to collect personal data by law or under the terms of a contract we have with the client or you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with the client or you (for example, to provide you with legal and/or corporate finance services (and/or other services)). We will notify you if this is the case at that time.
Automated decision-making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Data retention periods
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of providing legal and/or corporate finance advice (and/or other services) to the client and satisfying our legal, accounting, reporting and/or compliance obligations. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we process that personal data and whether we can achieve those purposes through other means as well as the applicable legal requirements. Details of retention periods for different aspects of the personal data that we hold are set out in our retention policy.
Disclosures of your personal data
Except as may be required by law or regulatory requirements and as described below, we will not disclose personal information we hold about you to any third party other than to third parties who are providing services to us, which may include the following:
IT service providers.
Software and software-as-a-service (SaaS) providers, including those capable of delivering e-signatures and virtual completions (which involves inputting your contact details into this software and uploading the relevant contract for signature).
Event management businesses.
PR and marketing service providers.
Background, compliance, anti-money laundering and/or credit reference services.
Printers.
Telephone service providers.
Document storage providers.
Backup and disaster recovery service providers.
UK law firms.
Overseas law firms.
Professional services providers, such as accountants and tax advisers.
Third parties in connection with a transaction or the work in relation to which we are instructed.
CCTV providers.
We may also disclose your personal data in the course of a transaction (for example where we are advising on the sale, acquisition or investment in a business or asset) to third parties (including law firms) which are acting in connection with that transaction.
Where such data is provided to third parties, except if the third party acts as "controller" (such as a law firm) and is therefore bound to comply with the DP Laws anyway, we will enter into agreements with such third parties to ensure that they process that data in accordance with the requirements of the DP Laws.
International transfers
Some of the external service providers used by Dickson Minto are based (or carrying on processing) outside the UK so their processing of your personal data will involve a transfer of data outside the UK.
Whenever your personal data is transferred by us out of the UK, unless it is to a country that has been deemed to provide an adequate level of protection for personal data by the Secretary of State, we ensure a similar degree of protection is afforded to it including, where appropriate, by putting in place specific standard contracts approved by the Secretary of State which give personal data the same protection it has in the UK.
Please contact our DP Team if you want further information on the specific mechanism used when transferring your personal data out of the UK.
Data security
We have put in place what we consider to be appropriate security measures (including network and database security measures) to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, or altered or disclosed to unauthorised persons but we cannot guarantee the security of any data we collect and store.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and where appropriate they are subject to a duty of confidentiality.
We have also put in place procedures to deal with any actual or suspected personal data breach and will notify you and any applicable regulator of such a breach where we are legally required to do so.
Your legal rights
In certain circumstances, by law you have the right to the following:
You may request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
You may ask us to correct the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
You may require erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
You may be able to object to us processing your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
You may request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
You may request the transfer of your personal information to another party.
If you wish to exercise any of the rights set out above, please contact our DP Team.
Where you have given consent to the processing of your personal data, you may equally withdraw that consent at any time. Withdrawing your consent will not affect the lawfulness of processing based on consent before its withdrawal or the lawfulness of continued processing not based on consent. To withdraw your consent to processing by Dickson Minto, please email our DP Team.
You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Complaints to the ICO
You have the right to make a complaint at any time to the UK Information Commissioner's Office, the UK supervisory authority for data protection issues ICO. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact our DP Team in the first instance.
PRIVACY POLICY
NON-CLIENT BUSINESS CONTACTS
This section of our privacy policy sets out how we may process personal data in relation to business contacts who do not have a current retainer with Dickson Minto, which may include non-client individuals to whom completion funds are to be transferred as part of a transaction, persons that are known to a partner or employee of Dickson Minto, persons that have provided a business card to, or have corresponded with, a partner or employee of Dickson Minto and/or persons that have attended firm events.
In this section you and your means a person who is a non-client business contact of Dickson Minto and whose personal data has been provided to or collected by us, in the context of our business and our work in the provision of legal and/or corporate finance services (and/or other services).
The data we may hold
We may hold various kinds of personal data about you which you provide to us from time to time, or which we otherwise obtain in the course of our relationship with you, and which we have grouped together as follows:
Identity data may include names, dates of birth and pronoun preferences;
Contact data may include addresses, work email addresses, personal email addresses and telephone numbers;
Employment data may include places of work and job titles, employment history and qualifications;
KYC data may include copies of passports, driving licences, utility bills and information which may be revealed by an anti-money laundering search conducted on you (including details of your directorships, your electoral registration, your political exposure, insolvency proceedings against you, criminal convictions and/or any adverse media in relation to you);
Financial data may include bank account details;
Technical data may include internet protocol (IP) address, mail server URL, MIME version, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use when you correspond with us; and
CCTV data may include image and sound recordings.
We also collect information provided to us during telephone calls, by letter or email and/or in meetings with you.
In addition, we may collect personal data about you from third parties including background check providers which may include credit references or reports from the disclosure and barring service (namely unspent criminal convictions), and from third party publicly accessible sources including Companies House records and social media. Where we are advising on a transaction contemplating the sale, acquisition or investment in a business or asset and you are also involved in that transaction we may collect data about you from third parties who provide it to us. For example, if you are a director or employee of a business which is subject to an investment and/or a sale, we may collect information about you which is provided to us by the business via a secure "data site".
We will not usually collect any special categories of personal data about you, except where: (i) this is relevant to any legal and/or corporate finance services (and/or other services) that we are providing; or (ii) you are invited to attend certain firm social events where this may be relevant (for example firm cycling trips); or (iii) this is used as part of our anti-money laundering checks; or (iv) you volunteer the information to us in writing (for example if you disclose to us that you have Covid-19).
What we use your personal data for
We will only use your personal data for the following purposes:
To administer and manage our relationship or potential relationship with you.
To instruct bank transfers and other payments required as part of the transactions upon which we have provided legal and/or corporate finance advice (and/or other services).
To comply with our legal or regulatory requirements, such as anti-money laundering laws or the requirements of the Law Society of Scotland and/or the FCA.
To conduct our business, including in relation to advisory and/or transactional legal and/or corporate finance work (and/or other services).
To provide, or facilitate the provision of, legal and/or corporate finance advice (and/or other services) to our client(s) (where you are connected to the client and it is relevant for the purposes of providing our legal and/or corporate finance advice (and/or other services)).
To send you updates, news items, articles or other material which we think may be of interest to you.
To send to you invitations to events and seminars and the like which we think may be of interest to you.
To monitor emails sent to us (including attachments) for viruses or malicious software.
To protect and manage email traffic.
To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV.
Generally to manage the activities of Dickson Minto, including monitoring and recording electronic communications (including telephone calls and emails).
Legal basis for processing your personal information.
We will only use your personal information as the law permits. By law we are required to tell you the legal bases upon which we rely in processing your personal information. The legal bases we principally rely upon are these:
It is necessary in order to take steps at your request prior to entering into a contract between Dickson Minto and you.
It is necessary for the purposes of our legitimate interests, where such interests are not overridden by your rights or interests.
We may also rely upon the following legal bases for processing your personal information:
It is necessary for us to comply with a legal obligation on us.
It is necessary to protect your vital interests or those of another individual.
Your consent.
Please note that even where such processing is being carried out on the basis that it is necessary to pursue our legitimate interests, we will always weigh our legitimate interests against your interests and your fundamental rights and freedoms and will not process on that basis if your interests outweigh ours.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact our DP Team if you need us to confirm which of the legal bases set out above we relied upon in a specific type of processing for a particular category of personal data.
Purpose / Activity | Type of data | Legal basis for processing |
---|---|---|
To administer and manage our relationship or potential relationship with you | Identity data, Contact data, Employment data | (a) Our legitimate interests of pursuing and developing our business |
To instruct bank transfers and other payments required as part of the transactions upon which we have provided legal and/or corporate finance advice (and/or other services) | Identity data, Contact data, KYC data, Financial data | (a) Compliance with our legal and regulatory obligations (b)Your legitimate interests of receiving payment in connection with a transaction |
To comply with our legal or regulatory requirements, such as anti-money laundering laws or the requirements of the Law Society of Scotland and/or the FCA | Identity data, Contact data, Employment data, KYC data | (a) Compliance with our legal and regulatory obligations |
To conduct our business, including in relation to advisory and/or transactional legal and/or corporate finance work (and/or other services) | Identity data, Contact data, Employment data, KYC data, Financial data, Technical data | (a) Our legitimate interests of pursuing and developing our business |
To provide, or facilitate the provision of, legal and/or corporate finance advice (and/or other services) to our client(s) (where you are connected to the client and it is relevant for the purposes of providing our legal and/or corporate finance advice (and/or other services)) | Identity data, Contact data, Employment data | (a) Our legitimate interests of pursuing and developing our business (b) Our client's legitimate interests of receiving the benefit of legal and/or corporate finance advice (and/or other services) |
To send you updates, news items, articles or other material which we think may be of interest to you | Contact data | (a) Our legitimate interests of pursuing and developing our business |
To send you invitations to events and seminars which we think may be of interest to you | Contact data | (a) Our legitimate interests of pursuing and developing our business |
To monitor emails sent to us (including attachments) for viruses or malicious software | Technical data, Contact data | (a) Our legitimate interests to protect and maintain the security of our systems |
To protect and manage email traffic | Technical data, Contact data | (a) Our legitimate interests to protect and maintain the security of our systems |
To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV | Technical data, CCTV data | (a) Our legitimate interests of maintaining the security of our office |
Generally to manage the activities of Dickson Minto, including by monitoring and recording electronic communications (including telephone calls and emails) | Technical data, Contact data, Identity data, Employment data | (a) Our legitimate interests of pursuing and developing our business |
Where your consent is required
We do not normally rely on consent to the processing of your personal data. However, if we consider it necessary to obtain your consent in relation to a certain planned use of your personal data, we will contact you specifically to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal information, you may withdraw that consent at any time by contacting our DP Team.
Marketing
We may send to you from time to time, by electronic means or post, marketing communications if:
you have specifically requested that information from us; or
you have specifically consented to receiving marketing communications from us, provided that you have not opted out of receiving marketing communications (which you may do at any time by contacting our DP Team.
Please note, you can ask us to stop sending you marketing messages at any time by following the opt-out or unsubscribe links on any marketing message sent to you.
If you fail to provide personal information requested
Where we need to collect personal data by law or under the terms of a potential contract we propose entering into with you and you fail to provide that data when requested, we may not be able to (as applicable) enter into the contract with you (for example, to provide you with legal and/or corporate finance services (and/or other services)), assist you in connection with a transaction to which you are connected (for example we may be unable to transfer completion funds to you) and/or include you in events we invite you to participate in. We will notify you if this is the case at that time.
Automated decision-making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Data retention periods
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying our legal, accounting, reporting and/or compliance obligations. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we process that personal data and whether we can achieve those purposes through other means as well as the applicable legal requirements. Details of retention periods for different aspects of the personal data that we hold are set out in our retention policy.
Disclosures of your personal data
Except as may be required by law or regulatory requirements and as described below, we will not disclose personal information we hold about you to any third party other than to third parties who are providing services to us, which may include the following:
IT service providers.
Software and software-as-a-service (SaaS) providers, including those capable of delivering e-signatures and virtual completions (which involves inputting your contact details into this software and uploading the relevant contract for signature).
Event management businesses.
PR and marketing service providers.
Background, compliance, anti-money laundering and/or credit reference services.
Printers.
Telephone service providers.
Document storage providers.
Backup and disaster recovery service providers.
UK law firms.
Overseas law firms.
Professional services providers, such as accountants and tax advisers.
Third parties in connection with a transaction or the work in relation to which we are instructed.
CCTV providers.
We may also disclose your personal data in the course of a transaction to third parties (including law firms) which are acting in connection with the transaction.
Where such data is provided to third parties, except if the third party acts as a "controller" (such as a law firm) and is therefore bound to comply with the DP Laws anyway, we will enter into agreements with such third parties to ensure that they process that data in accordance with the requirements of the DP Laws.
International transfers
Some of the external service providers used by Dickson Minto are based (or carrying on processing) outside the UK so their processing of your personal data will involve a transfer of data outside the UK.
Whenever your personal data is transferred by us out of the UK, unless it is to a country that has been deemed to provide an adequate level of protection for personal data by the Secretary of State, we ensure a similar degree of protection is afforded to it, including, where appropriate, by putting in place specific standard contracts approved by the Secretary of State which give personal data the same protection it has in the UK.
Please contact our DP Team if you want further information on the specific mechanism used when transferring your personal data out of the UK.
Data security
We have put in place what we consider to be appropriate security measures (including network and database security measures) to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way or altered or disclosed to unauthorised persons but we cannot guarantee the security of any data we collect and store.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and where appropriate they are subject to a duty of confidentiality.
We have also put in place procedures to deal with any actual or suspected personal data breach and will notify you and any applicable regulator of such a breach where we are legally required to do so.
Your legal rights
In certain circumstances, by law, you have the right to the following:
You may request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
You may ask us to correct the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
You may require erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
You may be able to object to us processing your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
You may request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
You may request the transfer of your personal information to another party.
If you wish to exercise any of the rights set out above, please contact our DP Team.
Where you have given consent to the processing of your personal data, you may equally withdraw that consent at any time. Withdrawing your consent will not affect the lawfulness of processing based on consent before its withdrawal or the lawfulness of continued processing not based on consent. To withdraw your consent to processing by Dickson Minto, please email our DP Team.
You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Complaints to the ICO
You have the right to make a complaint at any time to the UK Information Commissioner's Office , the UK supervisory authority for data protection issues (ICO) (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact our DP Team in the first instance.
PRIVACY POLICY
CONTRACTORS & SERVICE PROVIDERS
This section of our privacy policy sets out how we may process personal data about contractors or other organisations providing services to Dickson Minto. In this section:
contractor or service provider means an individual or organisation providing services to Dickson Minto; and
you and your means a person whose personal data is held by us, where that data has been provided to us by a contractor or service provider or by its directors, partners, employees, agents or representatives on its behalf, or has been collected by us, in each case, in the context of the provision of services to Dickson Minto by that contractor or service provider.
The data we may hold
We may hold various kinds of personal data about you which the contractor or service provider or you provide to us from time to time, or which we otherwise obtain in the course of our relationship with you, and which we have grouped together as follows:
Identity data may include names, dates of birth and pronoun preferences;
Contact data may include addresses, work email addresses, personal email addresses and telephone numbers;
Employment data may include places of work and job titles, employment history and qualifications;
KYC data may include copies of passports, driving licences, utility bills, and information which may be revealed by an anti-money laundering search conducted on you (including details of your directorships, your electoral registration, your political exposure, insolvency proceedings against you, criminal convictions and/or any adverse media in relation to you);
Financial data may include bank account details;
Technical data may include internet protocol (IP) address, mail server URL, MIME version, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use when your correspond with us; and
CCTV data may include image and sound recordings.
We also collect information provided to us during telephone calls, by letter or email and/or in meetings with the controller or service provider or you.
In addition, we may collect personal data about you third parties including from background check providers, which may include credit references or reports from the disclosure and barring service (namely unspent criminal convictions), and from third party publicly accessible sources including Companies House records and social media.
We will not usually collect any special categories of personal data about you, except where this is relevant to any services that you are providing to Dickson Minto or this is necessary as part of our compliance checks, or if you volunteer this information to us in writing (for example if you disclose to us that you have Covid-19).
What we use your personal data for
We will only use your personal data for the following purposes:
To administer and manage our relationship with you and/or the contractor or service provider.
To comply with our obligations under the terms of a contract between the contractor or service provider and Dickson Minto.
To assess your skills and qualifications, your suitability for the role and to decide whether to enter into a contract with you or to permit access to our offices.
To assess and to monitor the standard of services being provided or offered to us.
To allow us to process payments in relation to any goods and services provided to Dickson Minto.
To update and maintain our records including details of people that have accessed our offices.
To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV.
To comply with our legal and regulatory requirements.
To monitor emails sent to us (including attachments) for viruses or malicious software.
To protect and manage email traffic.
Generally to manage the activities of Dickson Minto, including monitoring and recording electronic communications (including telephone calls and emails).
Legal basis for processing your personal information
We will only use your personal information as the law permits. By law we are required to tell you the legal bases upon which we rely in processing your personal information. The legal bases we principally rely upon are these:
It is necessary for the performance of a contract between Dickson Minto and the contractor or service provider or in order to take steps prior to entering into such a contract.
It is necessary for the purposes of our legitimate interests, where such interests are not overridden by your rights or interests.
We may also rely upon the following legal bases for processing your personal information:
It is necessary for us to comply with a legal obligation on us.
It is necessary to protect your vital interests or those of another individual.
Please note that even where such processing is being carried out on the basis that it is necessary to
pursue our legitimate interests, we will always weigh our legitimate interests against your interests and
your fundamental rights and freedoms and will not process on that basis if your interests outweigh
ours.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact our DP Team if you need us to confirm which of the legal bases set out above we relied upon in a specific type of processing for a particular category of personal data.
Purpose / Activity | Type of data | Legal basis for processing |
---|---|---|
To administer and manage our relationship with you and/or the contractor or service provider | Identity data, Contact data, Employment data, Financial data | (a) Performance of a contract with you and/or the contractor or service provider (b) Our legitimate interests of pursuing and developing our business |
To comply with our obligations under the terms of a contract between the contractor or service provider and Dickson Minto | Identity data, Contact data, KYC data, Financial data | Performance of a contract with you and/or the contractor or service provider |
To assess your skills and qualifications, your suitability for the role and to decide whether to enter into a contract with you or to permit access to our offices | Identity data, Contact data, Employment data | Our legitimate interests of pursuing and developing our business and ensuring continuity and quality of services |
To assess and to monitor the standard of services being provided or offered to us | Identity data, Contact data, Employment data | Our legitimate interests of pursuing and developing our business and ensuring continuity and quality of services |
To allow us to process payments in relation to any goods and services provided to Dickson Minto | Identity data, Contact data, KYC data, Financial data | (a) Performance of a contract with you and/or the contractor or service provider (b) Compliance with our legal and regulatory obligations |
To update and maintain our records including details of people that have accessed our offices | Technical data, Contact data, KYC data, Financial data | (a) Our legitimate interest to keep our records updated and in certain circumstances for the prevention of bribery, corruption and tax evasion (b) Necessary to comply with a legal obligation |
To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV | Technical data, CCTV data | Our legitimate interests of maintaining the security of our office |
To comply with our legal and regulatory requirements | Identity data, Contact data, Employment data, KYC data | Compliance with our legal and regulatory obligations |
To monitor emails sent to us (including attachments) for viruses or malicious software | Technical data, Contact data | Our legitimate interests to protect and maintain the security of our systems |
To protect and manage email traffic | Technical data, Contact data | Our legitimate interests to protect and maintain the security of our systems |
Generally to manage the activities of Dickson Minto, including by monitoring and recording electronic communications (including telephone calls and emails) | Technical data, Contact data, Identity data, Employment data | Our legitimate interests of pursuing and developing our business |
Where your consent is required
We do not normally rely on consent to the processing of your personal data. However if we consider it necessary to obtain your consent in relation to a certain planned use of your personal data, we will contact you specifically to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal information, you may withdraw that consent at any time by contacting our DP Team.
If you fail to provide personal information requested
Where we need to collect personal data by law or under the terms of a contract we have with the contractor or service provider or you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with the contractor or service provider or you. We will notify you if this is the case at that time.
Automated decision-making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Data retention periods
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying our legal, accounting, reporting and/or compliance obligations. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means as well as the applicable legal requirements. Details of retention periods for different aspects of the personal data that we hold are set out in our retention policy.
Disclosures of your personal data
Except as may be required by law or to comply with regulatory requirements, we will not disclose personal information we hold about you to any third party other than to third parties who are providing services to us, which may include the following:
IT service providers.
Software and software-as-a-service (SaaS) providers, including those capable of delivering e-signatures (which involves inputting your contact details into this software and uploading the relevant contract for signature).
Landlords.
Office utility managers.
Background, compliance, anti-money laundering and/or credit reference services.
CCTV providers.
Telephone service providers.
Document storage providers.
Backup and disaster recovery service providers.
Where such data is provided to third parties, except if the third party acts as a "controller" (such as a law firm) and if therefore bound to comply with the DP Laws anyway, we will enter into agreements with such third parties to ensure that they process that data in accordance with the requirements of the DP Laws.
International transfers
Some of the external service providers used by Dickson Minto are based (or carrying on processing) outside the UK so their processing of your personal data will involve a transfer of data outside the UK.
Whenever your personal data is transferred by us out of the UK, unless it is to a country that has been deemed to provide an adequate level of protection for personal data by the Secretary of State, we ensure a similar degree of protection is afforded to it, including, where appropriate, by putting in place specific standard contracts approved by the Secretary of State which give personal data the same protection it has in the UK.
Please contact our DP Team if you want further information on the specific mechanism used when transferring your personal data out of the UK.
Data security
We have put in place what we consider to be appropriate security measures (including network and database security measures) to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way or altered or disclosed to unauthorised persons but we cannot guarantee the security of any data we collect and store.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and where appropriate they are subject to a duty of confidentiality.
We have also put in place procedures to deal with any actual or suspected personal data breach and will notify you and any applicable regulator of such a breach where we are legally required to do so.
Your legal rights
In certain circumstances, by law you have the right to the following:
You may request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
You may ask us to correct the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
You may require erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
You may be able to object to us processing your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
You may request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
You may request the transfer of your personal information to another party.
If you wish to exercise any of the rights set out above, please contact our DP Team.
Where you have given consent to the processing of your personal data, you may equally withdraw that consent at any time. Withdrawing your consent will not affect the lawfulness of processing based on consent before its withdrawal or the lawfulness of continued processing not based on consent. To withdraw your consent to processing by Dickson Minto, please email our DP Team.
You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Complaints to the ICO
You have the right to make a complaint at any time to the UK Information Commissioner's Office, the UK supervisory authority for data protection issues ICO. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact our DP Team at gdpr@dmws.com in the first instance.
PRIVACY POLICY
JOB APPLICANTS
This section of our privacy policy sets out how we may process personal data about applicants for jobs, students applying for or attending work experience with Dickson Minto and/or in relation to other potential employees of Dickson Minto.
In this section you and your means a person who is an applicant for work, or work experience, with Dickson Minto.
The data we may hold
In connection with your application for work or work experience with us, we may hold various categories of personal data about you, which you provide to us from time to time, or which we otherwise obtain in the course of our relationship with you, and which we have grouped together as follows:
Identity data may include your name, title, date of birth and pronoun preferences;
Contact data may include addresses, work email addresses, personal email addresses, and telephone numbers;
Right to work data may include copies of your passport, driving licence and utility bills, and unspent criminal convictions;
KYC data may include copies of your passport, driving licence and utility bills, information which may be revealed by an anti-money laundering conducted on you (including details of your directorships, your electoral registration, your political exposure, insolvency proceedings against you, and/or any adverse media in relation to you);
Financial data may include bank account details;
Equal opportunities data may include your gender, gender identity, ethnicity, age, sexual orientation, religion and beliefs, physical or mental impairments, and native language;
Career data may include places of work, job titles, employment history, qualifications and CV;
Technical data may include internet protocol (IP) address, mail server URL, MIME version, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you when you correspond with us; and
** CCTV data** may include image and sound recordings.
We also collect information provided to us during telephone calls, by letter or email and/or in meetings with you.
In addition, we may collect personal data about you from recruitment agencies and/or background check providers, which may include reports from the disclosure and barring service (namely unspent criminal convictions), from third party publicly accessible sources including Companies House records and social media.
We may hold special categories of personal data about you if this is necessary for Dickson Minto to comply with its legal and regulatory obligations and for equal opportunities monitoring (see further details below). We may also collect special category data if you volunteer the information to us in writing (for example if you disclose to us that you have Covid-19).
What we use your personal data for
We will only use your personal data for the following purposes:
To assess your skills and qualifications, to consider your suitability for the position and to decide whether to enter into a contract with you.
To carry out background and reference checks.
To communicate with you about the recruitment process.
To keep records related to our hiring processes.
To comply with our legal and regulatory requirements.
To consider whether we need to provide appropriate adjustments during our recruitment process.
To be able to undertake equal opportunity monitoring and reporting.
To monitor emails sent to us (including attachments) for viruses or malicious software.
To protect and manage email traffic.
To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV.
Generally to manage the activities of Dickson Minto, including by monitoring and recording electronic communications (including telephone calls and emails).
Once we receive your CV and covering letter or your application form, we may process that information to decide whether we have any suitable vacancies and if you meet the basic requirements to be shortlisted for that role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the work. If we decide to offer you the work, we will then take up references and we may carry out criminal record or other checks before confirming your appointment.
Legal basis for processing your personal information
We will only use your personal information as the law permits. By law we are required to tell you the legal bases upon which we rely in processing your personal information. The legal bases we principally rely upon are these:
It is necessary in order to take steps at your request prior to entering into a contract between you and Dickson Minto.
It is necessary for the purposes of our legitimate interests, where such interests are not overridden by your rights or interests.
We may also rely upon the following legal bases for processing your personal information:
It is necessary for us to comply with a legal obligation on us.
It is necessary to protect your vital interests or those of another individual.
Where we process special categories of personal data, we ensure that such processing satisfies one of the additional conditions required for processing special categories of personal data.
Please note that even where such processing is being carried out on the basis that it is necessary to pursue our legitimate interests, we will always weigh our legitimate interests against your interests and your fundamental rights and freedoms and will not process on that basis if your interests outweigh ours.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact our DP Team if you need us to confirm which of the legal bases set out above we relied upon in a specific type of processing for a particular category of personal data where more than one basis has been set out below.
Purpose / Activity | Type of data | Legal basis for processing |
---|---|---|
To assess your skills and qualifications, to consider your suitability for the position and to decide whether to enter into a contract with you and to take steps prior to entering into a contract with you | Identity data, Right to work data, KYC data, Financial data, Equal opportunities data, Career data | (a) Performance of (or taking steps prior to entering into) a contract (b) Our legitimate interests of pursuing and developing our business |
To carry out background and reference checks | Right to work data, KYC data | (a) Compliance with our legal and regulatory obligations |
To communicate with you about the recruitment process | Contact data | (a) Performance of (or taking steps prior to entering into) a contract |
To keep records related to our hiring processes | Identity data, Contact data, Right to work data, Equal opportunities data, Career data | (a) Compliance with our legal and regulatory obligations (b) Our legitimate interests of pursuing and developing our business, maintaining a diverse and equal working environment and ensuring that no discrimination occurs in the workplace |
To comply with our legal and regulatory requirements | Contact data, Right to work data, Equal opportunities data | (a) Compliance with our legal and regulatory obligations |
To consider whether we need to provide appropriate adjustments during our recruitment process | Equal opportunities data | (a) Compliance with our legal and regulatory obligations (b) Necessary for the purposes of carrying out obligations in the field of employment law (in particular, our obligation to make reasonable adjustments under the Equality Act 2010) |
To be able to undertake equal opportunity monitoring and reporting | Equal opportunities data | Our (and our employees’ / prospective employees’) legitimate interests to maintain a diverse and equal working environment and ensure that no discrimination occurs in the workplace (b) Necessary for the purposes of identifying and keeping under review the existence or absence of equality of opportunity and treatment |
To monitor emails sent to us (including attachments) for viruses or malicious software | Technical data, Contact data | (a) Our legitimate interests to protect and maintain the security of our systems |
To protect and manage email traffic | Technical data, Contact data | (a) Our legitimate interests to protect and maintain the security of our systems |
To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV | Technical data, CCTV data | (a) Our legitimate interests of maintaining the security of our office |
Generally to manage the activities of Dickson Minto, including by monitoring and recording electronic communications (including telephone calls and emails) | Technical data, Contact data, Identity data, Employment data | (a) Our legitimate interests of pursuing and developing our business |
Where your consent is required
We do not normally rely on consent to the processing of your personal data. However if we consider it necessary to obtain your consent in relation to a certain planned use of your personal data, we will contact you specifically to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal information, you may withdraw that consent at any time by contacting our DP Team.
Marketing & potential employment information
We may send to you from time to time, by email or post, marketing communications or information about employment opportunities from us if:
you have specifically requested that information from us; or
you have specifically consented to receiving that type of information from us, provided that you have not opted out of receiving that type of information (which you may do at any time by contacting our DP Team.
Please note, you can ask us to stop sending you marketing messages at any time by following the opt-out or unsubscribe links on any marketing message sent to you.
If you fail to provide personal information requested
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.
Automated decision making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Data retention periods
If your application is successful, the information you provide during the application process will be retained by us as part of your employee file and held in accordance with applicable laws, DM's employee privacy notice and our data retention policy (copies of which will be available).
If your application is unsuccessful, we may retain and use your personal data to consider you for other positions in the future. Retention periods may vary and will be determined by various criteria including the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of that personal data, our legal obligations and the purposes for which we process that personal data. Details of retention periods for different aspects of the personal data that we hold are set out in our retention policy.
Disclosures of your personal data
Except as may be required by law or to comply with regulatory requirements, we will not disclose personal information we hold about you to any third party other than to third parties who are providing services to us, which may include the following:
IT service providers.
Event management businesses.
PR and marketing service providers.
Recruitment consultants.
Service providers including for the provision of contextualised recruitment services.
Background, compliance, anti-money laundering and/or credit reference services.
Printers.
Telephone service providers.
Document storage providers.
Backup and disaster recovery service providers.
Where such data is provided to third parties we will enter into agreements with such third parties to ensure that they process that data in accordance with the requirements of the DP Laws.
International transfers
Some of the external service providers used by Dickson Minto are based (or carrying on processing) outside the UK so their processing of your personal data will involve a transfer of data outside the UK.
Whenever your personal data is transferred by us out of the UK, unless it is to a country that has been deemed to provide an adequate level of protection for personal data by the Secretary of State, we ensure a similar degree of protection is afforded to it, including, where appropriate, by putting in place specific standard contracts approved by the Secretary of State which give personal data the same protection it has in the UK.
Please contact our DP Team if you want further information on the specific mechanism used when transferring your personal data out of the UK.
Data security
We have put in place what we consider to be appropriate security measures (including network and database security measures) to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed to unauthorised persons but we cannot guarantee the security of any data we collect and store.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions where appropriate and they are subject to a duty of confidentiality.
We have also put in place procedures to deal with any actual or suspected personal data breach and will notify you and any applicable regulator of such a breach where we are legally required to do so.
Your legal rights
In certain circumstances, by law you have the right to the following:
You may request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
You may ask us to correct the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
You may require erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
You may be able to object to us processing your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
You may request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
You may request the transfer of your personal information to another party.
If you wish to exercise any of the rights set out above, please contact our DP Team.
Where you have given consent to the processing of your personal data, you may equally withdraw that consent at any time. Withdrawing your consent will not affect the lawfulness of processes based on consent before its withdrawal or the lawfulness of continued processing not based on consent. To withdraw your consent to processing by Dickson Minto, please email our DP Team.
You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Complaints to the ICO
You have the right to make a complaint at any time to the UK Information Commissioner's Office, the UK supervisory authority for data protection issues ICO. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact our DP Team in the first instance.
About us
Dickson Minto LLP is a limited liability partnership registered in Scotland (SO307926) with its registered office at 16 Charlotte Square, Edinburgh, United Kingdom, EH2 4DF and a separate office in London. A list of members is available for inspection at our registered office. Dickson Minto LLP is regulated by the Law Society of Scotland.
Who should I complain to?
We aim to provide the highest standard of legal service to every client. We also take our professional responsibilities seriously in relation to both clients and non-clients. However, if you have an issue that has not been resolved by informal means, you may invoke our formal complaints procedure by contacting either the partner responsible for the work in question or your relationship partner. If you are a client, their names and contact details will be in the engagement letter that you received when you first instructed the firm on the relevant matter. If you are unsure who to contact, then please contact our client relations partner (details below) who will refer you to the correct person to review your complaint in the first instance. When you contact us, you should provide us with as much detail as possible about the matter in question and the nature of your concerns.
What will we do?
We will acknowledge your complaint as soon as possible and set out a suggested timetable for our response. We will then aim to respond to you as soon as possible but not more than one calendar month of receiving your complaint. Our response may be in writing or by way of a meeting with you.
If you are not satisfied with our initial response, the complaint can be escalated to the firm's client relations partner, Ewan Gilchrist (ewan.gilchrist@dmws.com). The client relations partner will review the substance of the complaint and seek to understand any remaining concerns. We will aim to provide a final written response to you within one calendar month of the complaint being escalated.
If you remain dissatisfied, you are entitled to refer the complaint to the Scottish Legal Complaints Commission ("SLCC"), 12-13 St Andrew Square, Edinburgh, EH2 2AF (Telephone: 0131 201 2130 / enquiries@scottishlegalcomplaints.org / www.scottishlegalcomplaints.org.uk).
Further information
If you require any further information, please contact the client relations partner.