Last update August 2019
This Policy sets out the basis on which personal data that we collect from you, or that you provide to us, will be processed by us. Please read this document carefully to understand our use of your personal data and how it will be processed. We keep certain basic information when you visit our website. We recognise the importance of keeping that information secure and letting you know what we will do with it.
In this Policy, “Data Protection Legislation” means all applicable legislation which relates to the protection of individuals with regards processing personal data, including the General Data Protection Regulation (EU) 2016/679.
This Policy only applies to our website.
Information about us
Murgitroyd & Company Limited (referred to as "we", "us" or "our") is registered in Scotland under number SC144082, whose registered office is at Scotland House, 165-169 Scotland Street, Glasgow. We are the data controller of information.
Information we collect from you
We shall collect and process the following data about you when you use our website, by example:
- Information that you shall provide to us by completion of forms on our website, providing data such as: Name, postal address, telephone and/or facsimile number, e-mail address and details of your enquiry.
- If you contact us, we will keep a record of that correspondence.
We will use this information to help us to provide you with services which may be relevant to you; to let you know about changes in the services that we offer; to alert you to new features, special events; to process and respond to your enquiry to us; and to keep you up-to-date with developments in law, finance, business or other issues which may be of interest to you.
We will only use your personal data when Data Protection Legislation allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- Where we have your consent to do so; and
- Where we need to comply with a legal or regulatory obligation.
Disclosure of your information
Clients should note, it may be necessary for us to pass your details to reputable third parties to ensure that you receive appropriate advice. We may also disclose your personal information to third parties (e.g. organisations that otherwise assist us in providing goods, services or information, Auditors and other professional advisers or law enforcement or other government or regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation) in the event that you tell us you wish to attend an event, your name and Company may appear on a list which we provide to other delegates at the event; if we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets; or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (as above). This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
How we protect information
The security of your personal information is important to us and we attempt to protect against the loss, misuse and alteration of personal information which we hold about you. We have implemented appropriate administrative, technical and physical measures to protect your personal information.
How can you view or update your information
To ensure that you have as much control over your personal information as possible you may update your information by contacting us in the Contact section of the website. We will make reasonable efforts to process any change you make in line with our procedures under Data Protection Legislation and all applicable legal obligations.
International transfer of information
We are an international firm and your data might be passed on to our international offices, some of which are in countries outside the European Economic Area, including the United States. The website is hosted on servers in the United Kingdom and/or United States.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries: https://ec.europa.eu/info/law/...
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries: https://ec.europa.eu/info/law/...
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield: https://ec.europa.eu/info/law/...
It is your choice whether you receive information such as marketing from us. If you indicated that you are interested in receiving regular information about our activities, we may send you communications electronically or by post. We will not contact you for marketing purposes unless you have given your prior consent. If, at any time, you no longer wish to receive this information, please send a written request to the address below.
All of our email marketing correspondence gives you the option to opt-out of receiving further marketing emails. Please note that you will still receive emails directly related to an enquiry you raised with us.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Details of retention periods for different aspects of your personal information are available in our retention policy which is available on request. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Under Data Protection Legislation, you have the right in certain circumstances to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check we are lawfully processing it;
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party). You also have the right to object where we are processing your personal information for direct marketing purposes;
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
- Request the transfer of your personal information to another party; and
- Withdraw your consent to the processing of your personal information at any time where consent is being relied upon as the lawful basis for processing.
If you would like to exercise any of your rights above, please contact us using the details below.
You also have the right to complain to the Information Commissioner’s Office in relation to our use of your information.
From time to time, we may change this Policy and changes will be effective as of the date on the Policy document. Should the arrangements under which we process your personal data change, this Policy will be updated accordingly.
Our website may contain links to third party websites and we are not responsible for the privacy practices or the content of such websites.