Privacy Notice

1. About us

LK Shields Solicitors LLP is a partnership of solicitors whose principal business address is at 38 Upper Mount Street, Dublin 2, Ireland (LK Shields, we, us or our) and is the controller for the purpose of this notice.

2. Who this notice applies to

This notice applies to different types of individuals including prospective, existing or former clients, business contacts and other persons when you access, browse and use our website (through various domains) and apps; join our mailing lists to receive marketing communications including our news, insights, podcast episodes, publications and invitations to events and interact with us on our social media pages, by telephone, email, at events (including those held remotely) and by other means.

3. Personal data processed in the course of our Services

Except for Non-Client Data (defined below), this notice does not apply to the personal data we process when providing our legal services (Services). Our client privacy notice, describes how we control and process our clients’ personal data (and, where applicable, that of their officers, staff, shareholders, beneficiaries, dependents and next of kin) in the course of providing our Services and should be read in conjunction with this notice.

Depending upon the Services we provide to our clients, it may be necessary for us to process personal data related to individuals unconnected to LK Shields where necessary for us to provide, and for our clients to receive, our Services (Non-Client Data).  For example, in the course of a contentious matter, we may process personal data relating to plaintiffs, claimants, defendants and other individuals against whose interests we act, their representatives, witnesses and others, and other advisors, professionals and service providers involved in such matters.   

4. Careers and recruitment

Our website and apps may allow you to submit applications for employment vacancies and speculative employment applications. If you submit an application, whether through our online assets, in person, through a recruitment agency or otherwise, the personal data we receive will be processed in accordance with our job candidate privacy notice which we furnish when responding to applications for employment. This notice will apply to your general use of our website and apps.

5. The personal data we collect about you

“Personal data” means information about an individual from which that person can be identified. It does not include information where an individual’s identity has been removed (anonymous data).  Throughout this privacy notice we use the term "processing" (and derivatives of this term) to refer to all activities involving your personal data, including collecting, handling, storing, sharing, accessing, using, transferring, erasing and disposing of it.

The personal data we receive about you depends on how you interact with us and our online assets.  For example, we collect different types of personal data depending on whether you request to join our mailing lists or only browse our website.  Typically, we collect and process the following kinds of personal data:

• Identity and Contact Data such as your name, company and/or business name, job title, email address and telephone number.
• Technical Data such as technical and device-related information from your use of our website and apps.
• Usage Data including information about how you use our website and apps and your interactions with our marketing communications, for example the webpages you view or search for, length of visits and page interaction information.
• Marketing and Communications Data including your Identity and Contact Data, your preferences in receiving electronic marketing communications from us, your communication preferences, your acceptance of invitations for and your attendance at events we host, and in some cases your personal image contained in photographs or videos we take at these events.  
• Non-Client Data including Identity and Contact Data and other types of personal data we receive about you in the course of providing our Services to our clients. Depending upon the particular legal advice and assistance we provide to our clients, we may process special categories of personal data (described below) for example, we may need to process details of your medical condition in relation to the defence of a personal injury claim.

Except for Non-Client Data, we do not request or collect any special categories of personal data about you (this is personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership; genetic data; biometric data for the purpose of uniquely identifying an individual or data concerning health or sexual orientation).

6. How we receive your personal data

We may receive your personal data through various sources including:

• Direct Interactions: We will receive your:
  • Identity and Contact Data when you communicate with us in person or by post, telephone, email, SMS, social media or other means; and
  • Identity and Contact Data and Marketing and Communications Data when you join our mailing lists to receive marketing communications and when you register for or attend one of our events (including those held remotely).

If you provide us personal data relating to any individual other than you, you must ensure that you do so in accordance with applicable data protection laws. Please inform those third parties that you intend to disclose their personal data to us, the purpose for this disclosure and that their personal data will be processed by us in accordance with this notice.

• Third-party sources: We will receive:
  • Technical Data and Usage Data about you from analytics providers, such as Google Analytics, in respect of your visits and use of our website and apps;
  • Identity and Contact Data about you from professional and social media platforms, internet searches and other publicly available sources; and
  • Non-Client Data in the course of providing our Services to our clients. We receive this from our clients, other law firms, barristers, insurance companies, experts, witnesses and others that are involved in a matter in respect of which we are providing our Services to our clients. In some cases, we may receive Non-Client Data from government departments, public and semi-state bodies, public registries and databases, publicly available information and internet searches.
• Automated technologies or interactions: As you interact with our website, apps and certain marketing communications, we collect Technical Data and Usage Data.  We collect this information by using cookies and other similar technologies (hereafter ‘cookies’).

7. How we use your personal data

We have set out below a description of the ways we typically process your personal data and the legal grounds we rely on to do so. 

Purpose / Activity	Type of Data	Legal Grounds
To manage our relationship with you including: (i) responding to communications you submit to us through our website, apps, email, telephone, social media, in person and other means; (ii) arranging, preparing for and attending meetings (in person and remotely); (iii) notifying you of changes to our website, apps and other services; (iii) notifying you of changes to this notice and any other notices or policies published on our website and apps; (iv) managing complaints and disputes; (v) administering your data protection, privacy and other rights; (vi) conducting or exploring any re-organisation of some or all of our business and assets, merger or acquisition.	Identity and Contact Data Technical Data Usage Data Marketing and Communications Data	Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. Necessary to comply with a legal obligation. Necessary for our legitimate interests for responding to communications, attracting new clients and readership, running our business and to develop new business, keeping our records updated.
To administer and protect our business, services, networks, systems, website, apps and data, content and property hosted on or made available through our online assets including implementing and monitoring security measures, troubleshooting, data and usage analysis, testing, system maintenance, support and reporting; detecting, investigating, preventing and addressing fraud and other illegal activity; and enforcing the legal notices and policies published on our website and apps, any other contract we may have with you and our legal rights and obligations; conduct or assist with internal, government, law enforcement and other investigations, inquiries or actions; comply with our insurance policies and to exercise or defend our legal rights or to comply with court orders or orders by applicable regulators.	Identity and Contact Data Technical Data Usage Data Marketing and Communications Data	Necessary for the performance of a contract with you.   Necessary to comply with a legal obligation.   Necessary for our legitimate interests including for running and/or re-organising our business, network security, to identify and/or prevent fraud or any other illegal activity.   Necessary for the purposes of obtaining legal advice or for the purposes of, or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings, or is otherwise necessary for the purposes of establishing, exercising or defending legal rights.
To use information obtained through our use of cookies that monitor usage, measure performance and optimise our online assets. We do this in order to improve our services, inform our marketing strategy and output, improve user interactions, relationships and experiences.	Technical Data Usage Data	Necessary for our legitimate interests to define types of customers for our products and services, to keep our website and apps updated and relevant, to develop our business and to inform our marketing strategy.
To allow you to register for our marketing mailing lists; to send you news, insights, podcast episodes and publications; and to manage your preferences in receiving these.   When subscribing for our mailing lists you may indicate areas of interest for which you would like to receive our publications, which will involve limited profiling.	Identity and Contact Data Marketing and Communications Data Technical Data Usage Data	Necessary to comply with a legal obligation.   Necessary for our legitimate interests to develop and improve our services, to grow our business, to inform our marketing and business strategy and output and to conduct direct marketing.
To allow you to register for events we host (which may be held in person or remotely (e.g. webinars)) and send you details of those events or others we think you might be interested in. If you attend our events, your personal image may be captured by our photographer or videographer and included in our social media. We may contact you by email after the event to seek your feedback and will use this feedback to inform our planning of future events. We may process personal data associated with your attendance at an event (including for example webinars) for CPD purposes. When subscribing for our events you may indicate areas of interest for which you would like to receive future invites, which will involve limited profiling.	Identity and Contact Data Marketing and Communications Data	Necessary for our legitimate interests to develop and improve our services, to grow our business, to inform our marketing and business strategy and output, to conduct direct marketing and to confirm attendance for CPD purposes.
If you post comments about us, tag us or post photos to our social or professional media pages we may process this information to highlight our services and branding or to respond to you.	Identity and Contact Data	Necessary for our legitimate interests to develop our services and business profile.

Non-Client Data: We may need to process your Non-Client Data to allow us to effectively advise and assist our clients. We rely on a number of legal grounds for this, but we typically process this category of personal data where: (i) necessary to comply with a legal obligation; (ii) necessary to protect the vital interests of another person; (iii) necessary for our legitimate interests or that of our clients or other affected persons in providing, and for our clients receipt of, our Services; (iv) your personal data has been manifestly made public by you; or (v) necessary for the purposes of providing or obtaining legal advice or for the purposes of, or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings, or is otherwise necessary for the purposes of establishing, exercising or defending legal rights.

Consent: Generally, we do not rely on consent as a legal ground for processing your personal data although we will request your consent before (i) sending direct marketing communications to you by electronic means (e.g. via email); and (ii) before setting non-necessary cookies on your device.

Marketing: We will ask for your consent to send you marketing messages when you subscribe to our mailing list through our website, apps, emails and social media.  You can unsubscribe at any time by using the ‘unsubscribe’ link in our marketing communications or by contacting us using the Contact Us details below. If you are a new client, we will add you to our marketing mailing list so that we can keep you informed of news, insights, podcast episodes and publications.  If you do not wish to receive these communications you can unsubscribe and opt-out at any time by emailing us at dataprotection@lkshields.ie or by using the ‘unsubscribe’ link in our marketing communications.

Cookies: If you consent, as part of our online cookies framework, we will use non-necessary cookies (for example, analytics cookies) that collect Technical Data and Usage Data related to your visit to our website or use of our apps. We may use technologies that allow us to see whether news updates and other marketing communications you subscribe to have been viewed and read. Some of the cookies we use are strictly necessary for your use of our website and apps, for example, to make sure that our online assets operate as you expect and to provide for information security. These cookies may process some of your Technical Data and Usage Data. We rely on our legitimate interests to secure our website and apps, and to comply with our obligations to secure our online assets and any personal data we process. To learn more about our use of cookies please see our Cookies Policy.

Anonymisation: We may anonymise certain elements of your personal data so that it may be used in conjunction with other anonymised data for statistical and other purposes. We rely upon our legitimate interests to collate statistical information to enhance our services and business. Anonymised data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.

8. Disclosure of your personal data

We may have to share personal data with the parties set out below for the purposes set out in the table above.

• Affiliates: UMS Management Services Limited is a company affiliated with LK Shields, which provides various back-office services to us and generally supports us in providing our Services to our clients. 
• Service providers: Companies and businesses that provide products and services to us such as professional advisors, auditors, IT systems suppliers and support, data storage solutions, IT developers, insurance providers, analytics companies, website hosting providers, software as a service and other service providers. We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. 
• Public and Government Authorities: This includes law enforcement, Revenue and entities that regulate or have jurisdiction over us.  We may be required to disclose your personal data in order to comply with a legal obligation for example if we are ordered to do so by a court of competent jurisdiction, law enforcement body, regulatory authority or administrative authority. We may also do so where we consider necessary in order to enforce our legal notices and other policies published on our website and apps and other agreements we may have with you, or to protect the rights, property and/or safety of our staff, clients, website users and others.
• Business reorganisation: If we acquire other businesses or merge with them it may be necessary for us to disclose your personal data to them and their professional and other advisors in the course of the transaction.

Non-Client Data: We may need to disclose your Non-Client Data to the categories of recipients identified above and to other third parties in the course of providing our Services to our clients. For example, we may need to disclose Non-Client Data to our clients, other law firms, barristers, insurance companies, experts, witnesses, the Courts, regulatory, public and statutory bodies and others that are involved in a matter in respect of which we are providing our Services to our clients. We also share your personal data with LK Shields affiliates, including with UMS Management Services Limited to help us provide our Services to our clients. Please note that some of the recipients of your Non-Client Data may be independent controllers of your personal data (e.g. insurance companies) and their control of your personal data will be subject to their own privacy notices and practices.  

9. International transfers

In some circumstances, it may be necessary for us to process or transfer your personal data outside of the EEA for the purposes described in this notice. In which case, we comply with Irish data protection law when doing so, such as by ensuring that the country or territory where your personal data will be processed is deemed by the European Commission to have an adequate level of protection for personal data or by using a lawful safeguard, such as the European Commission’s standard contractual clauses.  For further information, including details of the specific legal mechanism used to ensure the lawful transfer of your personal data, please use the information provided in the Contact Us section below.  

10. Data Retention

We keep your personal data for no longer than is necessary, based on the purposes set out in this notice and for the purposes of complying with any legal, regulatory or professional requirements or in order for us to establish, exercise or defend our legal rights. When determining the appropriate period to retain personal data, we consider various factors including relevant regulatory guidance, specific legal or regulatory obligations and applicable statutory limitation periods.

11. Your legal rights

Under certain circumstances, you may have the following rights.

• Access. You have the right to request a copy of your personal data we control.
• Correction.  You can request to have any incomplete or inaccurate personal data we control corrected. 
• Erasure.  This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with local law.  We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, following our receipt of your request.
• Object. You may object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and you wish to object to processing on this ground because you consider it impacts your fundamental rights and freedoms.  You also have the right to object where we process your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms.
• Restriction. You can ask us to suspend the processing of your personal data in the following scenarios: (i) if you want us to establish its accuracy; (ii) where you consider our use of the personal data is unlawful but you do not want us to erase it; (iii) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
• Data portability. You can ask us to provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to process or where we processed the personal data to perform a contract with you.
• Withdraw consent. If you provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you wish to withdraw your consent, we will take steps to ensure we no longer process your personal data for the purpose(s) you originally agreed to, unless we have another legitimate basis for doing so in law. Withdrawal of consent will not affect the lawfulness of processing based on consent before withdrawal.

Exercising your rights: In order to exercise one or more of your rights in respect of your personal data, please contact us in writing using the Contact Us details below. 

Exceptions: The rights afforded to you and the obligations placed on us under Irish data protection law may under those laws be restricted or may not apply depending on the particular circumstances. For example, the legal rights set out above may not be available to you: (i) if your personal data is processed by us for the purpose of providing legal advice; (ii) if a claim of privilege could be made for the purpose of or in the course of legal proceedings, including personal data consisting of communications between us and our clients; or (iii) if the exercise of your rights or the performance of our data protection obligations would constitute a contempt of court.   

Data Protection Commission (DPC): You have the right to make a complaint at any time to the DPC, the Irish supervisory authority for data protection issues (www.dataprotection.ie). We would appreciate the chance to deal with your concerns before you contact the DPC and ask that you contact us in the first instance.

12. Updating your personal data

It is important that the personal data we hold about you is accurate and current.  Please keep us informed, using the Contact Us details below, if any of your personal data changes during your relationship with us.

13. Third party links

Our website and apps may include links to third party websites and other online assets.  Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third-party websites and are not responsible for their privacy notices. When you leave our website and apps, we encourage you to read the privacy notices of every website you visit. Please see our Cookies Policy for details of the cookies served by us and third parties and how to control these. 

14. Changes to this Notice 

We will change this privacy notice from time to time and any changes will be contained in a revised privacy notice posted on our website.  This version of the privacy notice was last updated on 1 February 2022.  Historic versions of our privacy notice can be obtained by contacting us using the details below. 

15. Contact Us

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please write to us at dataprotection@lkshields.ie or at Data Protection Team, LK Shields Solicitors LLP, 38 Upper Mount Street, Dublin 2, Ireland.