Privacy Policy

1. WHO ARE WE AND THE PURPOSE OF THIS PRIVACY NOTICE

Welcome to the Franceschi Family Law Privacy Notice (“Privacy Notice”).

Marika Franceschi, trading as Franceschi Family Law, (“we”, “our”, “us”) respects your privacy (“you”) and we recognise the need for appropriate protections and management of your Personal Data.

We have prepared this Privacy Notice to assist you in understanding what Personal Data we collect about you and how that information is used by us and by third parties as part of the relationship we have with you. This Privacy Notice does not form part of any contract to provide services.

When we, and our service providers, collect and use your Personal Data we are the Controller for the purposes of Data Protection Legislation (defined below).

It is important that you read and retain this Privacy Notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing Personal Data about you, so that you are aware of how and why we are using such information and what your rights are under the Data Protection Legislation.

Please see the Glossary for an explanation of the capitalised terms used in this Privacy Notice

2. HOW TO CONTACT US

If you have any questions regarding this Privacy Notice you can contact us at:

Name: Marika Franceschi (trading as Franceschi Family Law)
Email: [email protected];
Post: 21 Young Street, Edinburgh, EH2 4HU;
Telephone: 0131 357 3150

You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

3. CHANGES TO THIS PRIVACY NOTICE AND INFORMING US OF CHANGES

We keep our privacy notice under regular review. This Privacy Notice was last updated on 19 May 2023.

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.

GLOSSARY

1. KEY TERMS

When we refer to Data Protection Legislation we mean the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Personal Data or Personal Data is any information identifying you as a specific individual. It can identify you directly from that information alone or indirectly in combination with other information we hold or can reasonably access. As well as identifying you as a specific individual, to be Personal Data, the data must also relate to you. Truly anonymous information is not Personal Data.

Processing is almost anything that can be done with Personal Data, including collecting, recording, storing, using, analysing, combining, disclosing or deleting it.

Special Category Personal Data means information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.

Criminal Convictions Data means Personal Data relating to the alleged commission of offences by you; or proceedings for an offence committed or alleged to have been committed by you or the disposal of such proceedings, including sentencing.

A Controller is someone who decides why Personal Data is to be collected and how it will be used and treated.

ICO means the UK Information Commission’s Office, the UK supervisory authority for data protection issues.

2. LEGAL BASIS AND ADDITIONAL CONDITIONS

To Process your Personal Data we need to be able to rely on one of the following Legal Basis:

1. Consent: you have given your consent for us to process your Personal Data for that purpose.
2. Contract: the use of your Personal Data is necessary for the performance of a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
3. Legal Obligation: the use of your Personal Data is necessary for us to comply with law.
4. Vital Interests: the use of your Personal Data is necessary to protect your vital interests (e.g. your life).
5. Public Task: we need to process Personal Data (a) in the exercise of official authority (e.g. public functions and powers that are set out in law) or (b) to perform a specific task in the public interest that is set out in law.
6. Legitimate Interests: the use of your Personal Data is necessary for legitimate interests pursued by us or a third party. Before we rely on this legal basis we will balance your interests against the legitimate interests pursued by us. In particular, if you would not reasonably expect your Personal Data to be used in a certain way, or it would cause unwarranted harm, your interests are likely to override the legitimate interests. However, your interests do not always have to align with the legitimate interests.

To process your Special Category Personal Data and/or Criminal Convictions Data, as well as having a Legal Basis, we need to be able to apply an Additional Condition (which is almost like a second type of Legal Basis):

1. Consent: you have given your explicit consent for us to Process your Personal Data for that purpose.
2. Employment Relationship or other laws: use of your Personal Data is necessary for the purposes of carrying out our obligations or exercising our rights (or your rights) in the field of employment, social security, social protection law, or a collective agreement in so far as it is authorised by law.
3. Vital Interests: the use of your Personal Data is necessary to protect your vital interests (e.g. your life).
4. Manifestly Public: relates to Personal Data which are manifestly made public by you.
5. Legal Claims: necessary for the establishment, exercise or defence of legal claims.
6. Assessment of Working Capacity: necessary for the assessment of the working capacity of an employee pursuant to a contract with a health professional.
7. Substantial Public Interest: necessary for reasons of substantial public interest, on the basis of law.

 

OUR PROCESSING ACTIVITIES

1. WHAT PERSONAL DATA DO WE COLLECT.

We may collect, use, store and transfer different types of Personal Data about you during your relationship with us. We have grouped together these types of Personal Data as follows:

• Identity Data includes title, first name, middle name(s), last name, username or similar identifier, the organisation you work for your job title or position date of birth, geographic location, photograph or image and other information to enable us to check and verify your identity.
• Contact Data includes billing address, residential and/or business address, email address and telephone numbers (business and/or personal including mobile phone and fax) and social media.
• Financial Data includes bank and building society accounts and payment card details and other billing information; payments made to us and payments made on your behalf and/or in connection with your transactions; credit reference checks; and other payment and/or financial data to enable us to carry out fraud and/or identity checks and/or to verify the source of funds and/or the source of wealth, as well as information collected from publicly available resources and/or credit agencies or any other information needed to enable us to undertake credit or financial checks on you.
• Transaction Data includes details about the legal services relating to the matter on which you have instructed; the information we will process about you to open our files and administer the client relationship and any credit checks we may have carried out.
• Voice Recordings which will include any information that you provide to us when you leave a voicemail message or when you telephone.
• Video Recordings (including still images and sounds captured during a video recording and any information that you provide to us during that video recording) when used to carry out customer due diligence and/or as required by law and/or for the purposes of sanctions checks or otherwise where you have agreed to the recording for the purposes of carrying out our legal services.
• Health Data which includes data provided to us or we may need to know about where you are visiting any of our premises such as accessibility or mobility concerns that you have; dietary requirements; or other health matters which could affect your use of our services or the way we need to provide our services. We will only do so to the extent that processing relates to personal data which are manifestly made public by you or otherwise with your consent.
• Additional Data which includes personal information about you we receive from third parties to enable us better to provide our services and/or to conduct customer due diligence, and/or recruitment. Such third parties will include (but not limited to) other parties in a transaction including their law firm, counsel, accountants and other professional advisors; or law firms, accountants and other professional advisors who may refer your matter to us and/or who may be acting for you in relation to other aspects of a particular matter; banks, building societies, insurers, and other financial institutions; courts and court agents (including sheriffs’ officers), regulatory bodies, surveyors and estate agents; personal representatives, attorneys, trustees and executors; credit reference agencies; employers; education providers; the providers of electronic identity verification services; and regulatory bodies such as the Scottish Legal Complaints Commission and the Law Society of Scotland or similar bodies.
• Technical Data includes internet protocol address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website(s).
• Profile Data includes purchases made by you, your interests, preferences, feedback and survey responses.
• Usage Data includes information about how you use our website(s), products and services.
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Our Services are not directed at children and we do not proactively collect their Personal Data. We may, however, process the Personal Data of children as part of providing Services to you, for example, in dealing with a divorce or childcare arrangements. We process such Personal Data only where necessary and appropriate for the Services for which we have been appointed.

We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Data but is not considered Personal Data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.

Where you are not a client we may collect or receive Personal Data about you because you are involved in a matter on which we are advising our client or have advised our client.

Failure to Provide Personal Data

Where we need to collect Personal Data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

2. HOW DO WE USE YOUR PERSONAL DATA AND WHY?

Generally, we will use your Personal Data for the purposes of managing our relationship with you.

We have set out in the table below further detail of all the ways we plan to use your Personal Data, and which of the Legal Basis and, if applicable, Additional Condition we rely on to do so. We have also identified what our Legitimate Interests are where appropriate.

 

Purpose/Activity	Type of Data	Legal Basis (Including Basis of Legitimate Interest)
To onboard you as a new client	Identity Data Contact Data Video Recordings	Contractual Purposes: We are carrying out the necessary steps prior to you entering into a contract with us – typically because you wish to instruct us to provide you with our services.
To provide you with the legal services you have instructed us to provide, or to provide estimates of cost in relation to which, and to represent you as your solicitor in connection with your case.	Identity Data Contact Data Financial Data Transaction Data Voice Recordings Video Recordings Special Categories of Personal Data Health Data Additional Data Criminal Convictions	Contractual Purposes: We are carrying out the necessary steps in relation to a contract to which you are a party – typically because you wish to instruct us to provide you with our services.
Where we have been referred by other parties, such as counsel, accountants and other professional advisors; or law firms, accountants and other professional advisors who may refer your matter to us.	Identity Data Contact Data Financial Data Transaction Data Voice Recordings Video Recordings Special Categories of Personal Data Health Data Additional Data Criminal Convictions	Contractual Purposes: We are carrying out the necessary steps prior to you entering into a contract with us – typically because you wish to instruct us to provide you with our services. We are carrying out processing within our legitimate interests seeking to engage with and provide services to prospective and current clients.
To process and deliver your order including managing payments, fees and charges and collecting and/or recover money owed to us	Identity Data Contact Data Financial Data Transaction Data Marketing and Communications Data	Contractual Purposes: We are carrying out the necessary steps in relation to a contract to which you are a party – typically because you wish to instruct us to provide you with our services. Necessary for our legitimate interests (to recover debts due to us).
To enable you to partake in a prize draw, competition or complete a survey	Identity Data Contact Data Profile Data Usage Data Marketing and Communication Data	Contractual Purposes: We are carrying out the necessary steps in relation to a contract to which you are a party – typically because you wish to instruct us to provide you with our services. Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business).
To manage our relationship with you which may include notifying you about changes to our terms or this Privacy Notice and/or requesting that you to leave a review or take a survey	Identity Data Contact Data Profile Data Marketing and Communication Data	Contractual Purposes: We are carrying out the necessary steps in relation to a contract to which you are a party – typically because you wish to instruct us to provide you with our services. We are carrying out processing which is necessary for compliance with a legal obligation. Necessary for our legitimate interests (to keep our records updated and to study how clients use our products / services).
Where you attend our seminars and or events we may record or live stream such event and it may be watched online.	Identity Data Contact Data Profile Data Usage Data Marketing and Communication Data	On the basis of legitimate interests and to enable our clients and contacts to view and or participate in our events or seminars from a remote location. We will inform you prior to commencement of the event or seminar that it is being recorded and or live streamed. We are carrying out processing within our legitimate interests seeking to engage with and provide services to prospective and current clients.
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	Identity Data Contact Data Technical Data	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud) We are carrying out processing which is necessary for compliance with a legal obligation.
Where you are not a client but involved in a matter, to provide our services to our client and/or as part of conducting customer due diligence.	Identity Data Contact Data Financial Data Transaction Data Voice Recordings Video Recordings Special Categories of Personal Data Health Data Additional Data Criminal Convictions	Contractual Purposes: We are carrying out the necessary steps in relation to a contract to which our client is a party. We are carrying out processing which is necessary for the performance of a task carried out in the public interest or, in relation to Special Categories of Personal Data and/or Criminal Convictions Data, processing which is necessary for reasons of substantial public interest.
To carry out customer due diligence and/or to meet our professional and legal obligations and/or legislation and/or guidance relating to anti money laundering and countering the financing of terrorism, and to conduct sanctions checks.	Identity Data Contact Data Financial Data Transaction Data Voice Recordings Video Recordings Special Categories of Personal Data Health Data Additional Data Criminal Convictions	Contractual Purposes: We are carrying out the necessary steps in relation to a contract to which you are a party or prior to you entering into a contract with us – typically because you wish to instruct us to provide you with our services.
To comply with the legal and/or regulatory obligations that we as solicitors must comply with.	Identity Data Contact Data Financial Data Transactional Data Voice Recordings Video Recordings Special Categories of Personal Data Health Data Additional Data Criminal Convictions	We are carrying out processing which is necessary for compliance with a legal obligation.

Business records

Your Personal Data may be included in business records (e.g. voicemails, e-mails, correspondence, documents, and other work product) and communications created, stored or transmitted using our networks, applications, devices, computers or communications equipment. We have this information as it is necessary for our business and therefore in our Legitimate Interests (and where we have a Contract in place with you, it is necessary for your Contract).

Litigation

We require to use any or all types of your Personal Data for litigation purpose depending on the specific nature of the litigation. We rely on the Legal Basis of our Legitimate Interests for this purpose, and the Additional Condition of Legal Claims.

Change of Purpose

We will only use your Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the Legal Basis which allows us to do so.

Please note that we may process your Personal Data without your knowledge or Consent, in compliance with the above rules, where this is required or permitted by law or regulation.

 

3. MARKETING

We aim to provide you with choices regarding certain Personal Data uses, particularly in relation to marketing and advertising.

• Promotional Material:
  You may receive marketing communications from us if you have requested information from us or purchased products/services from us and you have not opted out of receiving that marketing.
• Opting Out:
  You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message we, or third parties, have sent to you or by contacting us:
  Name: Marika Franceschi (trading as Franceschi Family Law
  Email: [email protected];
  Post: 21 Young Street, Edinburgh, EH2 4HU;
  Telephone: 0131 357 3150].
• Cookies: Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, see section 7, “Cookies” below.

4. RETENTION PERIODS

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

In some circumstances you can ask us to delete your data: please see section 9, “Your Rights” below.

5. DATA SECURITY

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Additionally, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

2. SHARING AND TRANSFERS OF PERSONAL DATA AND STORAGE

The data that we collect from you will usually be stored inside the UK. However, in providing our services it may be necessary for us to share your Personal Data outside the UK.

We will only share your personal data outside the UK where:

• we need to share your details to instruct lawyers or other professionals in foreign jurisdictions;
• we share your personal data with relevant regulatory bodies or law enforcement organisations;
• where you are based outwith the UK and we are required to process your personal data;
• where your or our service providers are based outwith the UK (see below)

Where we do share your Personal Data in the above situations we shall ensure that appropriate safeguards are put in place to ensure that the transfer of your Personal Data complies with the Data Protection Legislation.

Service Providers and Other Third Parties

We contract with third party service providers and suppliers to deliver or receive certain services. We may also have to share your Personal Data with other third parties.

Such third parties and/or service providers will usually be bound by obligations of confidentiality, in connection with the processing of your Personal Data for the purposes described in this Privacy Notice. Such third parties and service providers may include but is not limited to:

Name or category of Service Provider / Third Party	Role of Services Provider / Third Party	Location of service provider or other third party / details of adequate safeguard
Third parties relevant to the legal services. This may include, but is not limited to: counterparties to litigation (including, but not limited to, their lawyers and counsel); bankers; auditors and insurers.	These third parties are relevant to and/or directly involved in the legal services that we provide.	Typically these third parties will be based in the UK, however in the event that they are not, we will ensure that appropriate safeguards are put in place to ensure that the transfer of your Personal Data complies with the Data Protection Legislation. These third parties in the categories set out here will change on case-by-case basis depending on who we provide our services to.
Third party agents, suppliers and contractors This may include, but is not limited to: general insurers; auditors and accountants; pension providers; banks and other financial institutions; providers of electronic verification services; credit reference agencies and regulatory bodies.	These third parties allow us to organise and run our business.	Typically these third parties will be based in the UK, however in the event that they are not, we will ensure that appropriate safeguards are put in place to ensure that the transfer of your Personal Data complies with the Data Protection Legislation. These third parties in the categories set out here will change on case-by-case basis depending on who we provide our services to.
Third party marketing firms, agencies and platform providers.	These third parties assist us in general advertising, marketing, promotional, tendering activities (e.g. organising assisting us with our events, issuing of client updates / bulletins, seminars, training, business development and networking opportunities).	Currently in the UK.
IT and system administration service providers.	These third parties allow us to organise and run our business.	Currently in the UK
Digital Ocean	is our server supplier, some customer data is stored on these servers.	Servers are Hosted in the UK
Campaign Monitor	is our Email Newsletter service provider, this service manages our customer subscription and unsubscription lists. Only customer names, email addresses and usage data is stored in this system.	Servers are hosted all over the UK
Mailgun	is our transactional email system, it sends one-off emails, your data is stored in sending logs for 30 days before being deleted.	Servers are Hosted in the UK and US

Please note this above list is non-exhaustive and there may be other examples where we need to share Personal Data with other parties in order to provide our services and/or to conduct customer due diligence.

Legal and regulatory

We may also require to share your personal information with regulators, government departments, law enforcement authorities, tax authorities, professional advisors, financial institutions and insurance companies including but not limited to: the Law Society of Scotland, the Scottish Legal Complaints Commission, Land Registry, Registers of Scotland, Companies House, Office of the Public Guardian, National Crime Agency, lenders, Revenue Scotland, HMRC and other tax authorities.

Other

We may also provide your Personal Data to third parties in connection with any sale, merger, acquisition, disposal, reorganisation or similar change in our business or assets.

We will provide information about you to any other person who is authorised to act on your behalf.

7. COOKIES

In common with many other website operators, we use standard technology called “cookies” on our websites.

Please see our cookies policy here explaining the cookies we use on our websites: Cookie Policy.

8. AUTOMATED DECISION-MAKING

Automated decision-making takes place when an electronic system uses Personal Information to make a decision without human intervention.

We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.

9. YOUR RIGHTS

You have certain rights under the Data Protection Legislation which apply in certain circumstances:

• Access: Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully Processing it.
• Rectification: Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Erasure: Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to Process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to Processing (see below), where we may have Processed your information unlawfully or where we are required to erase your Personal Data to comply with local law.
• Object: Object to Processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to Processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are Processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to Process your information which override your rights and freedoms.
• Restriction: Request restriction of Processing of your Personal Data. This enables you to ask us to suspend the Processing of your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Portability: Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided Consent for us to use or where we used the information to perform a Contract with you.
• Withdraw Consent at any time where we are relying on Consent to Process your Personal Data. However, this will not affect the lawfulness of any Processing carried out before you withdraw your Consent. If you withdraw your Consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your Consent.

You can exercise you rights by contacting us using the details outlined above.

You will not usually have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may not always be able to comply with your request to exercise your rights for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Further details about your rights can be found on the ICO’s website at https://ico.org.uk/.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. It may take us longer than a month if your request is particularly complex or you have made a number of requests. If this is the case, we will notify you and keep you updated.