Introduction and Scope

At Mason Hayes & Curran LLP (MHC) we know that your privacy is important to you. This privacy notice (Notice) describes the types of information we collect and use, who that information relates to, how and why we use such information, who we share it with and your legal rights.

When we talk about information in this Notice, we mean any information relating to you, either directly or indirectly.

Unless indicated otherwise, this Notice applies to all our website, domains, apps, and to our provision of legal services and assistance (the Services).

Who Is Responsible For Your Information?

MHC is responsible for your information.

This Notice applies to Mason Hayes & Curran LLP, a law firm partnership, located at South Bank House, Barrow Street, Dublin 4, Ireland which is the data controller for the purposes of this Notice.

When we say “MHC”, “we”, “us” or “our”, we mean the controller of your information.

If you want to get in touch and seek to exercise your rights described below, please contact us at dpqueries@mhc.ie.

Who This Notice Applies To

We collect and process information which relates to a variety of categories of individuals. These include individuals who may not have a direct relationship with MHC. We have described below the main types of individuals whose information we collect, use and otherwise process:

  • Clients and related individuals: We collect and use information relating to our prospective, current and former clients. We also collect and use information relating to individuals connected with clients, such as their employees, partners, directors, company secretaries, shareholders or beneficial owners and, in the case of private clients, their beneficiaries and dependents and next of kin.
  • Individuals whose information is relevant to the legal advice and assistance we provide: We also collect, use and otherwise process information relating to individuals where their information is considered by us or our clients to be relevant to the legal advice and assistance we provide to our clients. For example, in the course of litigation, we collect or receive information relating to plaintiffs, claimants, defendants, notice parties, third parties, solicitors, barristers, witnesses, expert witnesses, summons servers and service providers such as stenographers and private investigators.
  • Business and marketing contacts: In the course of providing and marketing our Services, we also collect and use information relating to visitors to our websites and domains, users of our apps, visitors to our offices, event invitees or attendees, blog, ezine or other email recipients, and other business and marketing contacts.

Who We Receive Information From

We receive your information from a variety of sources, including from third parties. For example, in the course of providing legal services, we may receive your information from our clients, other solicitors and law firms, barristers, insurance companies, experts, doctors, actuaries, witnesses, summons servers, private investigators, discovery processes, government departments, public and semi-state bodies, public registries and databases (such as the Companies Registration Office and Land Registry), publicly available information and internet searches, such as from professional media profiles.

Information We Collect and How We Use It

In the course of providing the Services, we collect or receive information in different ways and relating to various groups of individuals (described above). We use this information for a number of purposes, including those described further below.

  • Providing legal services: If you are a client of MHC, we will collect and use information relating to you. While much of this information will relate specifically to the type(s) of legal services we provide to you, we will also use information as part of our administrative, financial and operational processes. This information may include your contact details, payment and financial information, marketing profiles, including what events and communications we think you might be interested in, and client relationship management and feedback information, in addition to the information you give us so we can provide legal services to you. We will also collect and process AML information (described below). In carrying out this processing we rely on the following legal bases: contractual necessity, compliance with our legal obligations and legitimate interests (described below).

If you are not a client of MHC, we may also collect, use and otherwise process your information in the course of providing legal advice and assistance to our clients where your information is considered by us or our clients to be relevant to the legal advice and assistance we provide to our clients. The precise information in this regard will depend on what legal advice and assistance we are giving. For instance, if we are advising on a claim or dispute that involves you, the information will include any information about you that is relevant to that claim. In carrying out this processing we rely on the following legal bases: compliance with our legal obligations and legitimate interests (described below).

  • AML compliance: We may collect and use your information in the context of compliance with anti-money laundering (AML) laws and our regulatory obligations. This includes your ID and proof-of-address information. Shareholders with more than 25% interest in a company, who live outside of Ireland, are required to complete a Politically Exposed Persons (PEP) questionnaire. AML information may be sent to other solicitors and law firms that rely on our AML collection practices. Equally, we may receive AML information from other law firms. In carrying out this processing we rely on the following legal bases: compliance with our legal obligations.
  • Websites and apps: If you visit any of our websites or use our apps, we will collect certain information relating to you. Generally, unless you submit information to us, such as via an online form, we only collect technical and device-related information from your use of our website and apps. We do so to secure our websites and apps, understand how you use them, and analyse how we can improve them. See the Cookies Policy on our website for more details. With your consent such as your subscription to ezines or blogs or your registration for our events, materials or event notifications, we may send you updates, invites and marketing materials. We may also do this if you are a client or a former client and you will always have the right to unsubscribe from such communications. If we do so, we will also collect information on your interaction with such communications. In carrying out this processing we rely on the following legal bases: legitimate interests.
  • Events: Where you register for or attend an event organised by or in conjunction with MHC, we will collect certain information relating to you, including your contact details, your role and employer and the event you attended. We may send you emails and communications about the event, and other events and information we think you might be interested in. If you attend an event, we might capture your image in photographs and videos. If you object to this, please contact us at dpqueries@mhc.ie or inform one of our staff at the event (for instance, you can tell the photographer at the time they are taking the photo). In general, we use your information in the context of the event, and for future marketing and events, unless you have objected to such use. In carrying out this processing we rely on the following legal bases: legitimate interests.
  • Building visitors: If you visit our offices, your image might be captured on CCTV. CCTV is deployed in our offices for safety, security and administrative purposes. In carrying out this processing we may rely on the following legal bases: contractual necessity, legitimate interests and compliance with our legal obligations.
  • CRM and business contacts: If you are a current or former client or have agreed that we may stay in touch with you in relation to updates and events, we will include your information in our CRM database. We do so to keep in touch with you such as to send you communications, surveys and marketing about our events and Services; to identify what other events or Services we think you might be interested in; and understand how you use our Services. We add business contact information to our CRM database to provide insights to understand who is requesting our Services. We also keep business contact information including information about meetings and communications between our staff and you in the past for business intelligence purposes. We may receive your business contact information directly from you, as a client or from business cards, or we may get your information from third party sources, such as your website or professional network profile. In carrying out this processing we rely on the following legal bases: legitimate interests.

Sensitive Information

In the course of providing the Services, particularly legal services, we may process certain information that attracts special protection under EU law. For example, in the context of litigation or disputes, particularly healthcare cases, we might process information relating to health (e.g. your medical condition), genetics, race, religious beliefs, sex life, sexual orientation, or trade union membership. This information could be in respect of a client, a claimant, witness or an individual otherwise connected with a case or other legal matter. Similarly, if we represent you in a criminal case, we will collect information about the alleged offences and any related criminal history. In the context of our AML obligations, we might process information relating to political opinions or criminal convictions. We rely on exceptions contained in Article 9 of the GDPR and in the Data Protection Act 2018 to process this information.

Information You Give Us About Other People

If you provide information to us about any person other than yourself, you should ensure that you have a legal basis for doing so and that you have complied with your transparency obligations under data protection law. For instance, the Irish Data Protection Act 2018 contemplates that the processing of special categories of personal data shall be lawful where the processing:

  • is necessary for the purposes of providing or obtaining legal advice or for the purposes of, or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings, or
  • is otherwise necessary for the purposes of establishing, exercising or defending legal rights.

You should also try to limit the personal information you give us to what you think is necessary for us to provide you with legal advice and assistance.

Our Legal Bases

In order to collect, use, share, and otherwise process your information for the purposes described in this Notice, we rely on a number of legal bases, some of which are mentioned above, including where:

  • necessary to perform a contract we have with you, such as our Terms of Engagement, and to provide the Services (we refer to this as contractual necessity above);
  • you have consented to the processing (in which case you may revoke your consent at any time);
  • necessary for us to comply with a legal obligation, or to establish, exercise or defend legal claims;
  • necessary to protect your vital interests or those of others;
  • necessary in the public interest;
  • necessary for the purposes of MHC’s or a third party’s legitimate interests, such as those of clients, partners, staff or others, provided that those interests are not overridden by your interests or fundamental rights and freedoms; and

The Irish Data Protection Act 2018 contemplates that the processing of special categories of personal data and Article 10 data (broadly speaking, data relating to criminal convictions) shall be lawful where the processing:

  • is necessary for the purposes of providing or obtaining legal advice or for the purposes of, or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings, or
  • is otherwise necessary for the purposes of establishing, exercising or defending legal rights.

We will rely on these exceptions in the 2018 Act and other exceptions in Article 9 of the GDPR when processing special categories of personal data.

Legitimate Interests

Where we collect, use, disclose and otherwise process your information based on legitimate interests, we may rely on the following interests:

  • Provision of legal services: We use your information to pursue our clients and other impacted individuals’ legitimate interests in obtaining and/or benefitting from legal advice and assistance, as well as our interests in providing legal advice and assistance to our clients.
  • Keeping our Services Safe and Secure: We use your information in certain instances as necessary to pursue our and your legitimate interests of keeping some of our Services, such as our domains, websites, apps, offices and events, safe and secure. For example, we collect IP addresses and process log files to ensure our website and apps are not subject to fraudulent access.
  • Marketing our Services: We use your information as necessary to pursue our legitimate interests in marketing our Services. For example, where permitted by digital marketing law we may contact you by email to let you know of future events you might be interested in.
  • Providing, improving and developing the Services: We use your information as necessary to pursue our legitimate interests in tailoring and improving our Services. For example, if you are a client, we may send you a survey or questionnaire to understand your experience in obtaining legal services from MHC.
  • Business Intelligence: We use your information as necessary to pursue our legitimate interests in understanding who is requesting and using our Services.
  • Providing seamless Services with affiliates of MHC: In some cases, the Services require the engagement of, or sharing of your information with, other companies affiliated with MHC, MHC Professional Services Limited and Mason Hayes & Curran (USA) Inc who are processors of your data.

Sharing Your Information

In the course of providing the Services, we share information with various third parties, including service providers, MHC affiliates, clients, mediators, arbitrators, translators, couriers, barristers, other solicitors and law firms, independent experts, witnesses, insurance companies doctors, actuaries, summons servers, private investigators, government departments, regulators, and statutory and public bodies.

We do this based upon the legal bases and exceptions mentioned in section 8 of this Notice.

  • Experts, advisors, lawyers and others connected to the provision of legal services: We share your information with a variety of third parties so we can provide legal services to our clients. This may include sharing your information with clients, other solicitors and law firms, barristers, insurance companies, experts, doctors, actuaries, witnesses, mediators, summons servers and private investigators, including recipients located outside of the EEA.
  • Courts, regulators and statutory bodies: We share your information with Courts, regulatory, public and statutory bodies for a variety of reasons, including where necessary to provide legal services to our clients and where required in order to comply with a legal or regulatory obligation.
  • MHC affiliates: We share your information with MHC affiliates, including with Mason Hayes & Curran Professional Services Limited and Mason Hayes & Curran (USA) Inc, to help us provide legal services to our clients.
  • Legal and safety reasons: We may retain, preserve, or share your information if we have a good-faith belief that it is reasonably necessary to (a) respond, based on applicable law, to a legal request (e.g., a subpoena, search warrant, court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce our Terms of Engagement or any other contracts we have with you; (e) prevent physical injury or other harm to any person or entity, including you and members of the public.
  • Service providers: We may share your personal information to help us provide our services and communicate with you. Categories of service providers include IT software and hosting providers and records-storage companies. Where such third parties are processors, these third parties are contractually required to use it only to provide their service to us and are contractually barred from using it for their own purposes.
  • Business re-organisation: In instances where our business is subject to a re-organization, such as a merger or acquisition of some or all of its assets, we may, in accordance with our legitimate interests, need to share information in the course of the transaction. In such circumstances, your information may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status of MHC.

Data Transfers

In certain cases, we need to transfer your information to recipients outside the European Economic Area (“EEA”), such as where it is necessary to provide legal services to our client and to perform our Terms of Engagement. For example, we might transfer your information to other law firms, experts or MHC affiliates located outside the EEA.

Where we transfer your information, we do so in accordance with EU data protection law. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your information. We may rely on different legal mechanisms to ensure the transfer is lawful. If the recipient is in a country that is not deemed ‘adequate’ by the European Commission, we may enter into the ‘standard contractual clauses’ with the recipient. These are contracts that contain standard commitments approved by the EU Commission protecting the privacy and security of the information transferred.

Please note that the privacy protections and the rights of authorities to access your information in some of these countries may not be the same as in your home country. We will only transfer information as permitted by law.

All MHC offices throughout the world ensure a level of data protection at least as protective as that required in the European Economic Area.

For further information, including obtaining a copy of the documents used to protect your information, please contact us on dpqueries@mhc.ie.

Retention

We may retain your information for as long as necessary in light of the purposes set out in this Notice, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for MHC to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled. We take account of guidance issued by the Law Society of Ireland in determining how long to store client files. We also have certain legal obligations to retain certain information for specific periods such as AML information. . In general, we will retain information and documents relating to a matter on which MHC has acted for between 6 and 15 years after the matter is completed. We retain CCTV footage for 30 days, unless there is a reason to keep it for longer in a specific case.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We also consider regulatory and Law Society guidance, as appropriate.

Your Rights

You have a number of rights in relation to your information that we process. To exercise these rights, please contact us at dpqueries@mhc.ie.

While some of these rights apply generally, certain rights apply only in specific circumstances. We describe these rights below.

  • Access: You have the right to request access to your information that we control.
  • Data Portability: You have the right to request that some of your personal information that you initially provided to us is returned to you or another controller in a commonly used machine readable format.
  • Rectify, Restrict and Delete: You have the right to ask us to restrict the processing of your information or to rectify or delete your information. Please note that despite a deletion request, we may continue to process your information if we have a legal basis to do so.
  • Object: If we process your information based on our legitimate interests explained above, or in the public interest, you can object in certain circumstances. In such cases, where legally required to do so, will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing, you can always object using the unsubscribe link in such communications or by contacting us at dpqueries@mhc.ie.
  • Revoke Consent: Where you have previously provided your consent, you have the right to withdraw your consent to our processing of your information at any time. For example, you can withdraw your consent to email marketing by using the unsubscribe link in such communications or contacting us at dpqueries@mhc.ie. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
  • Complain: You have the right to submit a complaint about our use of your information with your local supervisory authority or MHC’s supervisory authority, the Irish Data Protection Commission.

These rights are subject to a number of exceptions under law. For instance, the Irish Data Protection Act 2018 provides that certain of your rights under the GDPR and Data Protection Act 2018 (such as the right of access and objection) may not apply:

  • to personal data processed for the purpose of seeking, receiving or giving legal advice,
  • to personal data in respect of which a claim of privilege could be made for the purpose of or in the course of legal proceedings, including personal data consisting of communications between a client and his or her legal advisers or between those advisers, or
  • where the exercise of such rights or performance of such obligations would constitute a contempt of court.

Third Party Services

Our websites, domains and apps may contain links to other websites and services, which are managed and controlled by third parties. Please note that this Notice does not apply in those cases and we are not responsible for the privacy practices of such third parties.

Amending the Notice

From time to time, we may amend this Notice. This might happen, for example, where we make changes to the Services. If we make material changes to the Notice, we will take steps to notify you, such as by posting a notice on our website. The Notice was last updated: October 2023.

Contact Us

If you want to exercise your rights (described above), or if you have any questions about this Notice, please contact us as follows:

Data Privacy

Mason Hayes & Curran LLP

Dublin 4

Ireland

+353 (1) 614 5000 | dpqueries@mhc.ie

npm