- 1‘Personal Data’ means any data (whether stored in an electronic or printed form) relating to a living individual who can be identified
- 2 from the data; or
- 3 from the data and other information in the possession of, or likely to come into the possession of MFG.
2. PERSONS RESPONSIBLE FOR COLLECTING AND PROCESSING CLIENT’S PERSONAL DATA
The Personal Data of our clients is collected and controlled by the officers of MFG on the basis of the business relationship which has been established between a client and MFG or on the basis of instructions given for the provision of legal services by MFG.
3. TYPES OF PERSONAL DATA WHICH MAY BE COLLECTED
3.1. MFG may collect the following types of Personal Data:
- Information which is needed for identifying our clients, such as our clients’ name, D.O.B., postal address, home address, business address, telephone number, mobile number, facsimile number, email address, social security number and Taxpayer Registration Number.
- Other personal information, such as curriculum vitae, job title, source of income, tax information or employment details.
- Information on business or corporate or legal transactions which shall be provided at the time of our engagement for the purposes of advising our clients or assisting them on the completion of such corporate or legal transactions.
- Information on any assets whatsoever our clients may hold or any investments they have made or are planning to make.
- Information on payment transactions and data which is necessary for us to make or process payments on behalf of our clients but at the same time implement fraud prevention measures, including credit / debit card numbers, security code numbers and other such relevant billing details.
- Any data or information which we are legally bound to collect to comply with Know Your Client and anti-money laundering regulations as well as to comply with our client intake procedures.
- Information collected from publicly available resources or forums, including but not limited to information collected from databases we use to carry out compliance checks.
- Information about our clients relating to an interest or office which they may hold or relating to certain relationships our clients may have with a corporate entity, a partnership, trust or other vehicle to which we provide legal services.
- Where necessary, we may collect information about our clients which may include sensitive information such as in relation to their health or criminal history. The processing of such data shall be based entirely on our clients providing their consent and in them having the right to request that we do not process such data.
- Other information relevant to the provision of legal services to our clients.
3.2 This is a non-exhaustive list which is reflective of the varied nature of the Personal Data processed as part of a law firm providing legal services.
4. HOW MFG COLLECTS PERSONAL DATA
MFG will collect Personal Data of its clients in the following circumstances:
- When any client, (whether a physical person or an entity) seeks our legal services, such as any type of legal advice or corporate services.
- When any client makes an enquiry through our website, in person, over email or over the telephone.
- When a third party entity, (including professional firms or business entities), engages MFG to provide legal services to any of their own clients or associates or where such clients or associates either hold an office, or are affiliated or have any other business relationships with such third party entity.
- When our clients request that we file any type of application on their behalf before any government agency in Jamaica.
5. HOW MFG USES PERSONAL DATA
MFG may use the Personal Data of its clients for the following purposes:
- To provide legal advice or other legal services as may be requested by our clients.
- To manage and /or administer our clients’ companies or business relationship with our office, including processing payments, invoicing, or providing any ancillary services to our clients.
- For the purposes of compliance with our legal obligations such as record keeping obligations, anti-money laundering, fraud and crime prevention and detection purposes.
- Our clients may be contacted in order for us to confirm their identity where such action is relevant for compliance purposes.
- To provide updates, reminders, requests and directions relevant to the legal duties we have undertaken towards our clients and in compliance with local laws.
- To protect the security of communication systems, websites and other systems, and to detect security threats, fraud or other criminal or malicious activities against our office or our clients.
- For insurance purposes.
- To ensure compliance with our policies and standards.
- To identify persons authorized to trade and/or act on behalf of our clients and/or service providers.
- Upon receipt of instruction or request from our clients or any third party authorized by our clients.
- For the purposes of communication with our clients through approved channels of communications and where necessary to keep our clients up to date on the latest legal developments, announcements, and other information.
- To comply with court orders and to exercise and/or defend our legal rights.
- For any purpose related and/or ancillary to any of the above or any other purpose for which the Personal Data of our clients is required by our office.
We may further process information of clients for the following purposes:
- Where this is necessary for the introduction to a new client or a third- party, at the request of such third- party and with the consent of the new client.
- To provide our clients with newsletters, legal updates and other general communications. Our clients have the option to request that we do not send any such communication to them.
6. HOW WILL WE SHARE OUR CLIENTS’ PERSONAL DATA
6.1 We will limit sharing of our clients’ Personal Data as follows:
- We may share our clients’ Personal Data with an affiliate or associated entity of MFG on a confidential basis, who may only use your Personal Data for the purposes listed above and who will be bound by law or contract to protect your Personal Data and only use your Personal Data in accordance with our instructions.
- We may share our clients’ Personal Data with any government agency in Jamaica for the purposes of fraud and crime prevention purposes, including financial institutions and regulatory bodies.
- We may convey our clients’ Personal Data with any government agency in Jamaica for the purposes of processing an application on behalf of any of our clients.
- We may share our clients’ Personal Data with any third- party to whom we assign or novate any of the rights or obligations of MFG.
- We may share our clients’ Personal Data with courts, law enforcement authorities, regulators or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defense of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process.
- We will otherwise only disclose our clients’ Personal Data when our client directs us or gives us permission to do so, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.
- We may also use aggregated Personal Data and statistics for the purpose of monitoring website usage in order to help us develop our website and our services.
6.2 We may also share our clients’ Personal Data with a variety of the following categories of third parties as necessary:
- Our professional advisers such as lawyers and accountants.
- Professional indemnity or other relevant insurers.
- Regulators/tax authorities/corporate registries.
- Third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, document and information storage providers.
- Third parties engaged in the course of the services we provide to clients such as counsel, arbitrators, mediators, clerks, witnesses, opposing party and their lawyers and experts such as tax advisors or valuers.
- Third party postal or courier providers who assist us in delivering documents related to a matter.
6.3 Please note this list is non-exhaustive and there may be other examples where we need to share
our clients’ Personal Data with other parties in order to provide the legal services as effectively as we can.
7. CAN CLIENTS REFUSE TO SHARE PERSONAL DATA WITH MFG
7.1 Personal Data is received by our office on a voluntary basis and upon request from us on the basis of us being in compliance with the laws of Jamaica.
7.2 Where, however ,clients refuse to provide us with the Personal Data requested by our office, we may not be able to provide any legal services because we are legally required to adhere to anti-money laundering and/or compliance regulations or require such data in order for us to process the instructions or otherwise to provide our clients with our legal services.
8.1 We take appropriate technical and organizational measures to keep our clients’ Personal Data confidential and secure, in accordance with our internal policies and procedures regarding storage of, access to and disclosure of Personal Data. Our clients’ Personal Data is kept in the electronic systems of our office, in back storage systems and on paper files.
8.2 All of our partners, employees, consultants, workers and data processors (i.e. those who process our clients’ Personal Data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of our clients’ Personal Data, are obliged to respect the confidentiality of such Personal Data.
8.3 MFG, however, does not make any representations or warrants that our clients’ Personal Data may not be accessed, disclosed, altered, or destroyed by breach of such safeguards. MFG will notify our clients immediately in the event of a security breach and will maintain an incident response policy that includes notifications consistent with applicable law.
9. PERSONAL DATA WE RECEIVE FROM OUR CLIENTS ABOUT THIRD PARTIES
9.1 It is required by MFG that, where our clients provide us with the Personal Data of third parties, such as their employees, directors of their companies, or other persons they may have dealings with, they must ensure that they are entitled to divulge the Personal Data to us as their lawyers and have obtained their consent to that disclosure.
9.2 Our clients are further required that they should ensure that any disclosure by us of the Personal Data of such third parties, is permitted and no further steps are required by our office for such disclosure.
9.3 More specifically, it is a requirement that when our clients disclose any Personal Data of third parties to us, such third parties should be aware of this disclosure, they should be made aware as to who we are, how their Personal Data will be used, what disclosure practice we have in place and the rights of any such third party to contact our office and to inquire about the purposes for which we collect data, what our disclosure practices are and the rights of the any such third party in relation to our holding of their data.
10. TRANSFER OR PERSONAL DATA
10.1 There may be circumstances in which the Personal Data of our clients would be transferred to a territory outside of Jamaica and such territory may not provide for an adequate level of data protection as granted in Jamaica.
10.2 When making such transfers, we shall ensure that they are subject to appropriate safeguards in accordance with any applicable data protection legislation.
10.3 It will be our obligation to alert our clients at the time of our engagement, that the need may arise during our engagement for us to transfer Personal Data to a territory outside of Jamaica.
10.4 The consent of our clients must be given for such transfer of Personal Data and our clients should not hold us liable for the manner in which their Personal Data is held or processed by any third parties which are situated outside Jamaica.
11. TRANSFER OF PERSONAL DATA TO ANY GOVERNMENT AGENCIES
Where our clients instruct us to file any application before any government authorities and where for the purposes and in the course of processing any such applications, we shall be obliged to transfer any Personal Data, we shall do so with the consent of our clients. We shall not however be held liable for the manner in which Personal Data shall be processed and/ or be used by any such government agencies.
12. RETENTION OF PERSONAL DATA
12.1 We will generally keep the Personal Data of our clients provided to us during the course of our engagement for a period of ten (10) years or such other period as may be necessary in the circumstances. We will ordinarily retain copies of files, either in physical form or electronically, for a period of at least seven (7) years after termination. Thereafter our files may be destroyed, and we are not obliged to provide our clients with any notice of such destruction.
12.2 It is a requirement that when our clients disclose any Personal Data of third parties to us, our clients shall obtain the consent for us to retain for a similar period the Personal Data of such third parties and our clients shall wholly indemnify and keep us indemnified against any loss, damage or claim made against or incurred by us resulting from the retention of such Personal Data by us.
13. WHAT ARE THE RIGHTS OF OUR CLIENTS WITH RESPECT TO DATA PROTECTION
13.1 Our clients will have the following rights with respect to their Personal Data:
- Access: Our clients are entitled to ask us if we are processing their Personal Data and, if we are, our clients can request access to their Personal Data. This enables our clients to receive a copy of the Personal Data we hold about them and certain other information regarding the Personal Data;
- Rectification: Our clients are entitled to request that any incomplete or inaccurate Personal Data we hold about them is rectified. If our clients are entitled to rectification and if we have shared their Personal Data with others, we will notify them about the rectification where possible. If our clients make such a request, where possible and lawful to do so, we will also tell our clients who we have shared their Personal Data with so that our clients may contact them directly.
- Erasure: Our clients are entitled to ask us to delete or remove Personal Data in certain circumstances such as where we no longer need it or if our clients withdraw their consent (where applicable). There are also certain exceptions where we may refuse a request for erasure, for example, where the Personal Data is required for compliance with local laws or in connection with claims. If our clients are entitled to erasure and if we have shared their Personal Data with others, we will notify them about the erasure where possible.
- Restriction: Our clients are entitled to ask us to suspend the processing of their Personal Data, for example, if our clients would like for us to establish its accuracy or the reason for processing it;
- Transfer: Our clients may request that we transfer certain of their Personal Data to another party;
- Objection: Our clients are entitled to ask us to stop processing their Personal Data in certain circumstances, for example, where the processing is likely to cause substantial damage or distress except if we can demonstrate compelling legal grounds for the processing. Our clients also have the right to object where we are processing their Personal Data for direct marketing purposes. Our clients may opt-out of receiving direct marketing from us at any time.
- Automated decisions: Our clients may contest any automated decision made about them where this has a legal or similar significant effect and ask for it to be reconsidered.
- Consent: If we rely on our clients’ consent (or explicit consent) as our legal basis for processing their Personal Data, our clients may withdraw their consent at any time. However, we note that this will not affect the lawfulness of any processing carried out before our clients withdraw their consent. If our clients withdraw their consent, we may not be able to provide certain legal services to our clients. We will of course advise our clients, if this is the case, at the time our clients withdraw their consent.
13.2 Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the Personal Data of our clients or where Personal Data may be exempt from disclosure due to reasons of legal professional privilege.
13.3 If our clients would like to exercise any of the abovementioned rights, they may contact the Data Privacy contact set out in this Policy below.
14. CORRECTING AND UPDATING PERSONAL DATA
14.1 Our clients must inform us immediately where our clients’ Personal Data has changed, or where our clients believe that the Personal Data we hold is inaccurate.
14.2 It is the obligation of our clients or of any third-party with whom our clients have a contractual or a business relationship with, to inform us of the existence of such relationship.
14.3 Our office will not be held responsible for any loss that may arise due to us having any inaccurate, incomplete, or otherwise deficient Personal Data which any client or any third-party entity have provided to us.
15. CHANGES TO THIS PRIVACY STATEMENT
16. LINKS TO THIRD PARTY WEBSITES
16.2 If our clients follow a link to any other websites, please note that these websites have their own privacy notices which will set out how their Personal Data is collected and processed when visiting those sites.
17. APPLICABLE LAW
18. HOW TO CONTACT US
Please contact us if you have any questions or comments about our privacy practices or this Privacy
Policy. Our contact information are as follows:
Contact Person: Christopher Kelman, Managing Partner
Email Address: firstname.lastname@example.org
Telephone No: (876) 922-5860 ext 2519
Facsimile: (876) 922-4811