GDPR & Privacy Commitment

The GDPR are important European regulations, which have introduced amendments to data protection law including introducing additional rights for individuals in relation to their personal and sensitive personal data. GDPR applies to all EU Member States from 25 May 2018.

Abbey Blue Group are committed to protecting and keeping confidential all the information you provide to us, subject to certain legal duties that are explained in our terms and conditions leaflet "Our Agreement With You".

We ask that you read this privacy notice carefully as it contains important information about who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and how to contact us and supervisory authorities in the event you have a complaint.

Abbey Blue Group is a Limited Company registered in Ireland, company number 656847. The registered office is at Somerset House, Ballyhine Lane, Barntown, Wexford. When it does so it is also regulated under the GDPR by the Information Commissioner and is responsible as 'controller' of that personal information.

In the course of your legal transaction, we collect the following personal information when you provide it to us:

• Name, address, date of birth, contact information (telephone and email where appropriate) PPS number (where appropriate).
• Identity information and documentation.
• Additional information in relation to your legal transaction to enable us to advise you and progress your case. This will depend on the type of legal work you instruct the firm to undertake.

We use your personal information primarily to enable us to provide you with a legal service in accordance with your instructions. We also use your personal information for related purposes including identity verification, administration of files, updating existing records if you have instructed the firm previously, analysis to help improve the management of the firm, for statutory returns and legal and regulatory compliance. The information will be collected related to the legal matter.

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

We require a "lawful basis" to collect and use your personal information under data protection law. The law allows for six ways to process personal information (and additional grounds for sensitive personal information). Four of these are relevant to the types of processing that the firm carries out.

Sensitive personal information (also called "special category" data) requires higher levels of protection. It includes information such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data.

Depending on the nature of the legal service you instruct the firm to undertake, it may be necessary for you to provide us with some sensitive personal information.

We will only collect and use your sensitive personal information where we have your explicit consent (unless the law allows us to process sensitive information for some other reason), where we need this information to carry out our legal obligations or to exercise or defend legal rights, or where we need it for reasons of substantial public interest.

We will hold your personal information for the duration of the legal matter for which you have instructed us.

After the completion of the file we will retain your personal information for a period of time in accordance with the Law Society recommended minimum retention periods to enable us to manage our legal and regulatory obligations.

After the recommended period of retention has expired, we will delete your personal information by destroying physical files and deleting electronic files securely.

The GDPR restrict the transfer of personal information outside of the European Economic Area (EEA). In some circumstances it may be necessary for the firm to transfer your personal information outside of the EEA. This will only be done:

• When the European Commission has decided the country you are transferring to ensures an adequate level of protection for personal information
• Where we have put in place appropriate safeguards with the recipient to protect your personal information including contractual clauses
• In other circumstances permitted by the GDPR provided we have informed you and suitable safeguards are in place

Under data protection law you have rights including:

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us if you wish to make a request.

If you have any questions about this privacy notice or how we handle your personal information, please contact:

You have the right to make a complaint at any time to the Data Protection Commission, the Irish supervisory authority for data protection issues.

We would, however, appreciate the chance to deal with your concerns before you approach the Data Protection Commission so please contact us in the first instance.