Customer Privacy Policy

Last update: January 2025

Introduction #

Murgitroyd & Company Limited (referred to as "we", "us" or "our") is registered in Scotland under number SC144082, whose registered office is at 165-169 Scotland Street, Glasgow. We are what is known as the 'data controller' of personal information we collect and use. This means that we are responsible for determining the purpose and the means of processing your personal data.  We are registered with the Information Commissioner’s Office under number Z7349800.

Our Chief Compliance Officer ensures that we apply the best standards to protecting your personal information and comply with our responsibilities for data protection. If you have any questions about how we handle your personal information or concerns please contact us using the information provided under ‘How to Contact Us’.

The purpose of this policy is to outline our approach to protecting the personal data we collect, process, hold and share as a Data Controller. We take your privacy seriously and are committed to protecting information through a range of technical and organisational measures to safeguard all personal information under our control. We maintain records of our processing activities, data protection risk assessments and a range of other measures to support our compliance with data protection law. This privacy policy is a key component of our wider Information Security and Governance Framework incorporating our Data Protection and ICT policies.

 

Personal Data We Collect #

Under UK GDPR, personal data means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data.

Below is a list of the types of your personal data that we may process:

  • Name
  • Contact details
  • Address
  • Job Title
  • Financial information such as bank account details
  • Employment information such as job title and company email


How We Use Your Personal Data #

Murgitroyd use your personal data primarily for your employment. Below is a table of the reasons why we use your personal data and the corresponding lawful basis.

Purposes for Processing

Lawful Basis

Sending Newsletter

Consent

Managing generic web form enquiries

It is in Murgitroyd’s legitimate interests to manage inbound web form enquiries in order to respond and to help answer any questions.

Processing telephone enquiries

It is in Murgitroyd’s legitimate interests to answer telephone enquiries in order to respond and to help any queries that come in over the phone.

Processing emailing enquiries

It is in Murgitroyd’s legitimate interests to manage enquiries via email in order to respond and to help any queries via email.

Managing events and invitations

It is in Murgitroyd’s legitimate interests to manage events and invitations to ensure all attendees has the relevant information to attend the event.

Mailshot regarding important legal update

It is in Murgitroyd’s legitimate interests to send legal updates to its clients in order to provide updates on any applicable laws and regulation changes.

Collating and analysing client feedback

It is in Murgitroyd’s legitimate interests to seek client feedback in order to improve its services, ensuring customers get the best possible service from us.

Instant feedback form from email footer.

It is in Murgitroyd’s legitimate interests to provide a method of clients to provide proactive feedback.

Client feedback form (allowing written and verbal feedback to be reported 

It is in Murgitroyd’s legitimate interests to consolidate all forms of feedback in order to improve our services.

E-Signature service for NDAs and engagement letters

Performance of a contract

New Client OnBoarding Form

 

Performance of a contract

Managing client experiences

 

Performance of a contract

Onboarding case portfolios

Performance of a contract

 

Sharing Your Personal Data #

We will share your personal data that we hold with the following organisations:

  • Moneypenny
  • HubSpot
  • Monday.com
  • Eventbrite
  • MyCustomerLens
  • DocuSign
  • Lotus Notes

We may disclose your personal data to other organisations who assist us pass your details to reputable third parties to ensure that you receive appropriate advice; make a lawful request for disclosure; provide us with professional services or advice; or assist us in our marketing and promotional work.

 

International Transfers #

We may transfer personal data to a country not in Europe where data subjects’ rights may not be adequately protected or enforceable. Whenever we arrange for international transfers of data overseas we will ensure the suitable arrangements are in place to provide suitable safeguards for the people whose information we transfer. When we appoint overseas data processors we check that suitable arrangements are in place such as European Commission Adequacy Decisions, Standard Contractual Clauses, or other permitted mechanisms. These transfers include:

  • HubSpot – US EU-US data privacy framework and the UK extension
  • Moneypenny – US EU-US data privacy framework and the UK extension
  • Monday.com – US EU-US data privacy framework and the UK extension
  • Eventbrite – US EU-US data privacy framework and the UK extension
  • Outlook – Adequacy Regulations
  • HCL Notes – Adequacy Regulation

 

Data Retention #

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Details of retention periods for different aspects of your personal information are available in our retention policy which can be exercised under the “How to Contact Us” section of this policy. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

Automated Decision Making #

We do not use information relating to you for any profiling nor do we have any have systems that take automated decisions about you.

 

Your Rights #

Under UK data protection law, you have a set of certain rights, and they are as follows:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check we are lawfully processing it
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below)
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it
  • Request the transfer of your personal information to another party (in certain circumstances
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party). You also have the right to object where we are processing your personal information for direct marketing purposes
  • Rights in Relation to Automated Decision Making and Profiling
  • Withdraw your consent to the processing of your personal information at any time where consent is being relied upon as the lawful basis for processing.

You can exercise your rights by emailing us on the contact details below or by writing in to us at, 165-169 Scotland Street, Glasgow, Scotland, G5 8PL. Please mark your correspondence for the attention of the Chief Compliance Officer.

You also have a right to lodge a complaint with Information Commissioners Office (ICO) where you believe we have not complied with UK data protection law. In the first instance, we encourage you to resolve the matter with Murgitroyd. However, you can contact the ICO via www.ico.org.uk, [email protected] or 0303 123 1113.

 

How to Contact Us #

For further information regarding your personal data or about our approach to data protection in general, please contact our Chief Compliance Officer at:

165-169 Scotland Street
Glasgow
Scotland
G5 8PL

(e) [email protected]

(t) +44 (0) 141 307 8400

 

Version Control #

Version

Approved By

Date

Changes

1.0

Thomas Gibb

02.01.25

Policy updated

1.1

Thomas Gibb

28.04.25

Update to "International Transfers"

 

 

 

 

 

 

 

 

The logo of the Financial Times features the bold initials "FT" in black on a beige background, with "Financial Times" written below in dark blue.
"IP STARS logo featuring bold dark blue text with a star in the letter 'A,' and yellow 'from Managing IP' text below, on a white background."
Logo displaying the text 'Legal500' in a large serif font.
The SIAAM 300 logo features three red horizontal lines next to bold black and red text, with a minimalist design highlighting the brand name.
Logo with three stacked red rounded bars on the left and a large red M on the right against a white background.
Design resembling the IAM 1000 rating badge featuring the name Murgitroyd, recommended for 2025, on a gray background with bold black and red text.
WTR 1000 logo with blue and black text and beige horizontal lines on a transparent background.
Logo featuring the words "LEXULOGY" and "INDEX" with a design of six dark circles arranged in two columns on the left side.
A round badge with a white interior and gold border, featuring a gold eagle emblem, Chinese characters on a red ribbon, and the text "2024" at the bottom.
The Déla Marken logo features three black stars with shooting lines inside a red circle and the words "DÉCIDEURS MAGAZINE" in bold black and red text below.
Logo for WIPR 2024 featuring the word "Diversity" and the phrase "Influential Woman in IP" on a teal background.
LBG logo featuring a purple circle with white text, alongside "Legal Benchmarking" and "Social Impact Awards 2024" in black and orange text.
A colorful icon with six petal-like shapes in blue, purple, green, and orange surrounding a central circle, with "IP INCLUSIVE" text and a tagline about diversity and inclusion.
A logo with interconnected circles forming a stylized design, accompanied by the text "ADAPT.legal" beneath it.
European Patent Pipeline Program (EPPP) logo with bold pink and dark blue text on a gray background.
Logo for the Legal Sustainability Alliance featuring the acronym "LSA" with leaf and wave designs, and text indicating membership for 2024.
A badge with a blue background, white text reads "Cyber Essentials Certified" with a green checkmark and a stylized checkmark graphic.
Cyber Essentials Plus logo with a blue and green checkmark next to the text on a dark background.
A stylized swoosh design in blue, green, and yellow colors with the text "bvea" and the tagline "invested in a better future" beneath it.
Green globe with swirling lines next to the text "United Kingdom Best Managed Companies" in black.
WIPR Rankings logo with blue letters, a light-blue 'Rankings' badge and gold-gradient 'Highly Recommended Firm' beside 'UK Patents 2025' in light blue.