Customer Privacy Policy

Last update: January 2025

Introduction

Murgitroyd & Company Limited (referred to as "we", "us" or "our") is registered in Scotland under number SC144082, whose registered office is at 165-169 Scotland Street, Glasgow. We are what is known as the 'data controller' of personal information we collect and use. This means that we are responsible for determining the purpose and the means of processing your personal data.  We are registered with the Information Commissioner’s Office under number Z7349800.

Our Chief Compliance Officer ensures that we apply the best standards to protecting your personal information and comply with our responsibilities for data protection. If you have any questions about how we handle your personal information or concerns please contact us using the information provided under ‘How to Contact Us’.

The purpose of this policy is to outline our approach to protecting the personal data we collect, process, hold and share as a Data Controller. We take your privacy seriously and are committed to protecting information through a range of technical and organisational measures to safeguard all personal information under our control. We maintain records of our processing activities, data protection risk assessments and a range of other measures to support our compliance with data protection law. This privacy policy is a key component of our wider Information Security and Governance Framework incorporating our Data Protection and ICT policies.

 

Personal Data We Collect

Under UK GDPR, personal data means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data.

Below is a list of the types of your personal data that we may process:

  • Name
  • Contact details
  • Address
  • Job Title
  • Financial information such as bank account details
  • Employment information such as job title and company email

 

Source of Personal Data

We may collect personal data about you from: 

  • you directly
  • employers/clients when you apply for a role or are considered for an opportunity
  • referees (where relevant and permitted)
  • publicly available sources (for example professional networking sites, business websites, and public records)
  • credit reference agencies (CRAs) where required for consumer credit, identity, or affordability checks
  • third party service providers used to support recruitment, screening, and compliance processes

 

How We Use Your Personal Data

Below is a table of the reasons why we use your personal data and the corresponding lawful basis.

Purposes for Processing

Lawful Basis

Sending Newsletter

Consent

To register you as a new client

Where you are not our direct client – Necessary it is in Murgitroyd’s legitimate interests (to provide Services in a lawful manner).
Where you are our client - Performance of a contract with you.

Managing generic web form enquiries

It is in Murgitroyd’s legitimate interests to manage inbound web form enquiries in order to respond and to help answer any questions.

Processing telephone enquiriesIt is in Murgitroyd’s legitimate interests to answer telephone enquiries in order to respond and to help any queries that come in over the phone.

Processing emailing enquiries

It is in Murgitroyd’s legitimate interests to manage enquiries via email in order to respond and to help any queries via email.

Managing events and invitations

It is in Murgitroyd’s legitimate interests to manage events and invitations to ensure all attendees has the relevant information to attend the event.

Mailshot regarding important legal update

It is in Murgitroyd’s legitimate interests to send legal updates to its clients in order to provide updates on any applicable laws and regulation changes.

Collating and analysing client feedback

It is in Murgitroyd’s legitimate interests to seek client feedback in order to improve its services, ensuring customers get the best possible service from us.

Instant feedback form from email footer.

It is in Murgitroyd’s legitimate interests to provide a method of clients to provide proactive feedback.

Client feedback form (allowing written and verbal feedback to be reported 

It is in Murgitroyd’s legitimate interests to consolidate all forms of feedback in order to improve our services.

E-Signature service for NDAs and engagement letters

Performance of a contract

To file and maintain registrations relating to intellectual property Where you are not our direct client – Necessary it is in Murgitroyd’s legitimate interests (to provide Services in a lawful manner).
Where you are our client - Performance of a contract with you.
To conduct legal proceedings on the instructions of our client.Where you are not our direct client – Necessary it is in Murgitroyd’s legitimate interests (to provide Services in a lawful manner).
Where you are our client - Performance of a contract with you.
To deal with complaints or proceedings
against us.		Necessary for our legitimate interests (to defend our legitimate interests). 
Managing client experiencesPerformance of a contract
Onboarding case portfoliosPerformance of a contract

 

 

Credit Reference and Affordability Checks

To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs).
We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.

  • Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority
    FCA Firm Reference Number: 742313
  • TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority
    FCA Firm Reference Number: 805757

The information we receive may include data relating to your identity, credit commitments, payment history, and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws.

Further information about how Creditsafe and TransUnion process your personal data can be found in their respective privacy notices:

 

Recipients or Categories of Recipients

We may share personal data with customers or business partners, third-party service providers, regulators, or law enforcement bodies where required, and professional advisers. Where data is shared outside the UK, appropriate safeguards will apply. 

 

International Transfers

We may transfer personal data to recipients or service providers located outside the UK and/or European Economic Area (EEA). 

Where such transfers take place, we ensure appropriate safeguards are in place to protect personal data in accordance with applicable data protection laws. These safeguards may include the use of approved standard contractual clauses, international data transfer agreements, or transfers to countries that have been recognised as providing an adequate level of data protection.

 

Data Retention

We keep personal data only for as long as necessary for its purpose and to meet legal or regulatory obligations. Data used for credit reference or affordability checks is retained only for as long as required and then securely deleted.

Details of retention periods for different aspects of your personal information are available in our retention policy which can be exercised under the “How to Contact Us” section of this policy. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

Automated Decision Making

We may use automated systems and tools to support certain business processes, such as risk assessment, fraud prevention, affordability checks, identity verification, or record management.

These tools may analyse personal data using predefined criteria or rules to generate indicators, scores, or recommendations. However, we do not make decisions that have a legal or similarly significant effect on individuals based solely on automated processing. Any such decisions are subject to meaningful human review.

The use of these tools may influence the speed or level of review applied to an application or request, but individuals will not be subject to automatic rejection or adverse decisions without human involvement.

 

Your Rights

Under UK data protection law, you have a set of certain rights, and they are as follows:

  • Right of access – You have the right to request a copy of the personal data we hold about you and information about how it is used.
  • Right to rectification – You have the right to request that inaccurate or incomplete personal data is corrected.
  • Right to erasure (“right to be forgotten”) – You have the right to request that we delete your personal data where there is no lawful reason for us to continue processing it.
  • Right to restrict processing – You have the right to request that we limit how we use your personal data in certain circumstances.
  • Right to data portability – You have the right to receive your personal data in a structured, commonly used, and machine readable format, and to request that we transfer it to another organisation where technically feasible. readable format, and to request that we transfer it to another organisation where technically feasible.
  • Right to object – You have the right to object to the processing of your personal data where we rely on legitimate interests or where data is used for direct marketing. 
    Right to Withdraw Consent - Withdraw your consent to the processing of your personal information at any time where consent is being relied upon as the lawful basis for processing.
     

You can exercise your rights by emailing us on the contact details below or by writing in to us at, 165-169 Scotland Street, Glasgow, Scotland, G5 8PL. Please mark your correspondence for the attention of the Chief Compliance Officer.

You have the right to complain to the UK Information Commissioner’s Office (ICO) or another relevant data protection authority if you are dissatisfied with how we manage your personal data. In the first instance, we encourage you to resolve the matter with Murgitroyd. However, you can contact the ICO via www.ico.org.uk, [email protected] or 0303 123 1113.

 

Provision of Personal Data

The provision of certain personal data is primarily contractual and, in some circumstances, required to meet legal and regulatory obligations.

Personal data is required to: 

  • enter and perform contracts with customers, suppliers, or business partners.
  • process orders, manage accounts, and deliver goods and services.
  • verify identity and prevent fraud; and
  • comply with applicable legal, regulatory, accounting, and tax obligations. 

What are the consequences of not providing personal data?

If you choose not to provide the personal data, we request: 

  • we may be unable to enter a contract with you.
  • we may be unable to fulfil orders, supply goods, or provide services.
  • we may be unable to conduct necessary verification, compliance, or fraud prevention checks; and
  • as a result, our services may be delayed, restricted, or declined.

Where personal data is requested for optional purposes, such as marketing communications, providing this data is not mandatory, and you may withdraw your consent at any time without affecting your ability to receive goods or services from us. 

 

How to Contact Us

For further information regarding your personal data or about our approach to data protection in general, please contact our Chief Compliance Officer at:

165-169 Scotland Street
Glasgow
Scotland
G5 8PL

(e) [email protected]

(t) +44 (0) 141 307 8400

 

Version Control

Version

Approved By

Date

Changes

1.0

Thomas Gibb

02.01.25

Policy updated

1.1

Thomas Gibb

28.04.25

Update to "International Transfers"

1.2

Thomas Gibb

03.02.26

Policy updated

 

 

 

 

The Financial Times logo featuring large "FT" initials above the words "FINANCIAL TIMES" on a beige background.
"IP STARS logo with text in dark blue and yellow, featuring a star symbol within the text, set against a plain background."
The word Legado500 in a large, elegant serif font with black lettering on a transparent background.
The IAM 300 logo features bold red and black text with a stylised red graphic element on a white background.
Three red rounded bars on the left and a large red M on the right against a black background.
A certificate with a grey background, displaying a score of 1000, awarded to Murgitroyd, recommended firm for 2025, featuring the IAM logo and bold text.
WTR 1000 logo in various shades of blue, gold, and black, with a geometric design and text on a transparent background.
The image displays the Lexology Client and Industry News logo with a pattern of dark circles and the words "LEXOLOGY" and "INDUSTRY NEWS".
A round badge with a white interior and gold border, featuring a gold eagle emblem, Chinese characters on a red ribbon, and the text "2024" at the bottom.
Logo of DéCIDEURS MAGAZINE featuring three shooting stars inside a circle and the magazine name in bold black and red text.
WIPR 2024 logo highlighting Diversity, with the tagline "Influential Woman in IP" on a teal background.
The Legal Benchmarking Social Impact Awards 2024 logo features a purple circle with "LBG" and bold black text to the right.
A colourful four-petal flower logo with a dark circle in the centre, accompanied by the text "IP INCLUSIVE" and the tagline "Working for diversity and inclusion in IP".
A colourful abstract logo with interconnected circles and the text "ADAPT.legal" underneath, set against a dark grey background.
European Patent Pipeline Program logo with the acronym "EPPP" in large pink letters above the full name in smaller dark blue text.
LSA logo with green text and leaf design, accompanied by black text reading "Legal Sustainability Alliance" and "Member | 2024".
A close-up of a cybersecurity badge featuring a blue background, green check mark, and the words "Cyber Essentials Certified."
A Cyber Essentials Plus logo featuring a blue and green circular emblem with a tick mark, accompanied by the text "CYBER ESSENTIALS PLUS".
The logo features the word "oveda" with a stylised, multicoloured swoosh design and the slogan “Invested in a better future” underneath.
Green and black logo featuring a stylised globe with wavy lines and the text "United Kingdom Best Managed Companies" beside it.
WIPO Rankings logo with "Highly Recommended Firm" and "UK Patents 2025" text in a mix of dark blue, light blue, and gold colours.