1. INTRODUCTION

RDJ LLP is a law firm with offices in Cork, Dublin, and Galway, Ireland. We are responsible for protecting your personal information under data protection law.

RDJ LLP (“RDJ” or, in this privacy notice, “we”, “us”, “our”) is strongly committed to protecting your privacy and being transparent about how we handle your personal information. This privacy notice explains what personal information we collect, how we use it, who we share it with, and your rights regarding that information.

This notice applies to the provision of legal services and assistance, events, education, training and awareness, insights and publications, our website, domains and apps (the “Services”). 

Personal information (or "personal data") means any information that can identify you as an individual, either directly or indirectly. When we use terms like "Data Controller" and "Data Processor” in this Notice, we mean what those terms mean under data protection law.
 

2. WHO THIS NOTICE APPLIES TO 

This Notice applies to people in the European Union and covers how RDJ processes personal information through our EU operations.

When we provide legal services, we collect and use personal information about different types of people. This includes people who may not have a direct relationship with us but whose personal information is relevant to the legal matters we handle or in relation to the provision of our Services. Below, we explain the main categories of individuals whose personal information we process:

2.1. Clients and related people: We collect and use personal information about our current, former, and potential clients. We also collect information about people connected to our clients, such as employees, partners, directors, shareholders, and in the case of private clients, their family members and beneficiaries.

2.2. People involved in legal matters: We also collect and use personal information about people whose information is relevant to the legal advice we provide. For example, in court cases, we may collect information about plaintiffs, defendants, witnesses, expert witnesses, other lawyers, and service providers like court reporters and investigators.

2.3. Business and marketing contacts: We also collect and use personal information about people who visit our websites, social media systems and domains, attendees at our events or events we are participating at, users of our systems, visitors to our offices, subscribers to our communications and other business contacts.

2.4. RDJ vendors/suppliers: We collect contact details of such vendors, suppliers and Affiliates’ or such vendor’s, supplier’s or affiliates’ employees (including name, title, phone number, email address, etc.); and financial information (such as bank account details).

3. WHERE WE GET PERSONAL INFORMATION

Because of the nature of legal work, we receive personal information from many different sources. This includes our clients, other law firms and lawyers, insurance companies, expert witnesses, courts, government agencies, public registries (like the Companies Registration Office), investigators and service providers to our clients and RDJ, as well as publicly available sources including professional profiles and news reports.

4. WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT

We collect and use personal information in different ways depending on the legal services we provide, and the people involved. Below, we explain why we process personal information and the legal basis for each type of processing.

4.1. Providing legal services: If you're our client, we collect and use your personal information to provide legal services to you. This includes your contact details, payment information, and information about what services and events might interest you, as well as the specific information needed for your legal matter. We also collect information that is necessary to perform our contract with you, to comply with legal obligations, and for our legitimate business interests.

If you're not our client, we may still collect and use your personal information when it's relevant to the services we provide to our clients. The specific information depends on the legal matter - for example, if we're advising on a dispute involving you, we'll collect information relevant to that dispute. We do this to comply with legal obligations and for our legitimate business interests.

4.2. Anti-money laundering compliance: We collect and use your information to comply with anti-money laundering laws and regulations. This includes ID and proof-of-address information. Shareholders with more than 25% interest in a company who live outside Ireland must complete a Politically Exposed Persons questionnaire. We may share this information with other law firms, and we may receive similar information from them. We do this because the law requires it.

4.3. Websites and apps: When you visit our websites (which include www.rdj.ie  and www.rdjstartups.ie) (the “Websites” and each a “Website”) or use our systems or application, we collect information to ensure security, understand how you use our services, and improve your experience. Unless you actively provide personal information through forms or subscriptions, we mainly collect technical information about your device and how you use our digital services. See our Cookies Policy for more details. If you give us permission, we may send you updates, event invitations, and other communications. You can always unsubscribe. We do this for our legitimate business interests.

4.4. Events: When you register for or attend our events, we collect your contact details, job title, employer, and event attendance information. We may send you emails about the event and other events we think you might like. You can always unsubscribe by using the unsubscribe link in such communications or by contacting us at rdjevents@rdj.ie.  We might take photos or videos at events that include you. If you don't want to be photographed, please contact us at privacy@rdj.ie or tell our staff at the event. We use this information for the event and for future marketing, unless you object. We do this for our legitimate business interests.

4.5. Office visitors: If you visit our offices, we may record you on CCTV. We use CCTV for safety, security, and administrative purposes. We do this because it's necessary for our contract with you, for our legitimate interests, and to comply with legal obligations.

4.6. Customer relationship management and business contacts: If you're a current or former client, or have agreed to stay in touch with us, we include your information in our client database. We do this to keep in touch with you, send you communications about our services and events, understand what might interest you, and see how you use our services. We also keep business contact information to understand who is requesting our services and for business intelligence. We may get your business contact information directly from you, from business cards, or from third-party sources like your website or professional profile. We do this for our legitimate business interests.

5. SENSITIVE PERSONAL DATA

Legal matters often involve sensitive personal information that is specially protected under data protection law. This includes information about health, genetics, race, religious beliefs, sex life, sexual orientation, trade union membership, political opinions, or criminal convictions. This information might relate to clients, witnesses, or other people connected to legal matters we handle. We only process this sensitive information when necessary for legal purposes and rely on specific legal exceptions that allow such processing for legal advice, legal proceedings, and establishing, exercising or defending legal rights.

6. INFORMATION YOU GIVE US ABOUT OTHER PEOPLE

If you give us information about other people, please ensure you have the legal right to do so. Irish data protection law recognises that processing personal information, including sensitive information, is lawful when it is:

  • necessary for providing or getting legal advice, or for legal claims or legal proceedings, or
  • necessary for establishing, exercising or defending legal rights.

We encourage you to share only the personal information that we need to provide effective legal advice. This approach helps protect privacy while ensuring we have what we need to serve you properly.
 

7. LEGAL BASIS FOR PROCESSING

To collect, use, share, and otherwise process your personal information for the purposes described in this notice, we rely on several legal bases, including where:

  • it's necessary to perform our contract with you, such as our Terms of Engagement, and to provide our services;
  • you have given us permission (which you can withdraw at any time);
  • it's necessary for us to comply with a legal obligation, or to establish, exercise or defend legal claims;
  • it's necessary to protect your vital interests or those of others;
  • it's necessary in the public interest; or
  • it's necessary for RDJ’s or a third party’s legitimate interests, such as those of clients, partners, or staff, provided that those interests don't override your interests or fundamental rights and freedoms.

Irish data protection law allows the processing of special categories of personal information and information about criminal convictions where the processing:

  • is necessary for providing or getting legal advice or for legal claims or legal proceedings, or
  • is necessary for establishing, exercising or defending legal rights.

We rely on these exceptions in Irish law and other exceptions in EU data protection law when processing special categories of personal information.
 

8. LEGITIMATE INTERESTS

When we process your personal information based on legitimate interests, we may rely on the following interests:

8.1. Providing legal services: We use your personal information to pursue our clients' and other affected people's legitimate interests in getting legal advice, as well as our interests in providing legal advice to our clients.

8.2. Keeping our services safe and secure: We use your personal information to pursue our legitimate interests and yours in keeping our services, websites, apps, offices and events safe and secure. For example, we collect IP addresses and process log files to ensure our website and apps aren't subject to fraudulent access.

8.3. Marketing our services: We use your personal information to pursue our legitimate interests in marketing our services. For example, where permitted by law, we may contact you by email about future events you might like.

8.4. Providing, improving and developing our services: We use your personal information to pursue our legitimate interests in tailoring and improving our services. For example, if you're a client, we may send you a survey to understand your experience with our legal services.

8.5. Business intelligence: We use your personal information as necessary to pursue our legitimate interests in understanding who is requesting and using our services.

8.6. Working with RDJ affiliates: Sometimes our services require us to work with or share your personal information with other RDJ companies, who process your information on our behalf.

9. DO WE SHARE PERSONAL INFORMATION WITH ANYONE ELSE? 

To provide effective legal services, we need to share personal information with various third parties as necessary. This may include service providers, other RDJ companies, clients, legal professionals (such as barristers and other solicitors), expert witnesses, court officials, mediators, arbitrators, insurance companies, medical professionals, investigators, service providers, government departments, regulators, and other statutory bodies.

We do this based on the legal bases and exceptions mentioned in section 8 of this Notice.

9.1. Legal service providers: We share your personal information with various third parties so we can provide legal services to our clients. This may include sharing your information with clients, other solicitors and law firms, barristers, insurance companies, experts, doctors, actuaries, witnesses, mediators, summons servers and investigators, including recipients located outside the European Economic Area.

9.2. Courts, regulators and statutory bodies: We share your personal information with courts, regulatory, public and statutory bodies for various reasons, including where necessary to provide legal services to our clients and where required to comply with legal or regulatory obligations.

9.3. RDJ affiliates: We share your personal information with other RDJ companies and Affiliates to help us provide legal services to our clients and to pursue of our legitimate business interests.

9.4. Legal and safety reasons: We may keep, preserve, or share your personal information if we reasonably believe it's necessary to: (a) respond to a legal request based on applicable law (such as a subpoena, search warrant, or court order); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce our Terms of Engagement or other contracts; or (e) prevent physical injury or other harm to any person.

9.5. Service providers: We may share your personal information with third parties who help us provide our services and communicate with you. This includes IT software and hosting providers and records-storage companies. When these third parties process information on our behalf, they are contractually required to use it only to provide their service to us and are contractually prohibited from using it for their own purposes.

9.6. Business reorganization: If our business is subject to reorganisation, such as a merger or acquisition, we may need to share personal information as part of the transaction for our legitimate interests. In such circumstances, your personal information may be disclosed, where permitted by law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status of RDJ.

10. TRANSFERS OUTSIDE THE EUROPEAN AREA

We sometimes need to transfer your personal information to recipients outside the European Economic Area to provide legal services effectively. This might happen when working with international law firms, experts located outside the European Economic Area, or when legal matters involve international elements.

We only transfer personal information internationally when necessary for our legal services or when required for legal proceedings. All transfers comply with EU data protection law and include appropriate safeguards to protect your personal information. We may use various legal mechanisms, including standard contractual clauses approved by the European Commission, which provide contractual protections for your personal information when transferred to countries without adequate data protection laws.

It's important to know that the privacy protections and the rights of authorities to access your personal information in some of these countries may not be the same as in your home country. We'll only transfer personal information as permitted by law. RDJ ensures a level of data protection at least as protective as that required in the European Economic Area.

If you'd like further information, including a copy of the documents used to protect your personal data, please contact us at privacy@rdj.ie.

11. HOW LONG WE KEEP PERSONAL INFORMATION 

We keep your personal information for as long as necessary to fulfil the purposes outlined in this notice and to meet our legal and professional obligations. This includes satisfying legal, accounting, and reporting requirements, and keeping personal information needed to defend legal claims. We follow guidance from the Law Society of Ireland and consider various legal obligations, including specific requirements for anti-money laundering records. Generally, we keep client matter files for 6 to 15 years after completion, though this may vary depending on the nature of the matter. Internal RDJ CCTV footage is typically kept for 30 days unless there are specific reasons to keep it longer.

When determining the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the information and whether we can achieve those purposes through other means, and the applicable legal requirements. We also consider regulatory and Law Society guidance, as appropriate.

12. YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION

You have important rights regarding your personal information, and we're committed to helping you exercise them. If you'd like to make a request or have questions about your rights, please contact us at privacy@rdj.ie.

While you have these rights regarding your personal information, some rights apply in all circumstances whilst others apply only in specific situations. We explain each right below, including when it applies.

12.1. Access: You have the right to ask us for access to your personal information.

12.2. Data portability: You have the right to request that some of your personal information that you initially provided to us is returned to you or another controller in a commonly used machine-readable format.

12.3. Rectify, restrict and delete: You have the right to ask us to restrict the processing of your personal information or to correct or delete your personal information. Please note that despite a deletion request, we may continue to process your personal information if we have a legal basis to do so.

12.4. Object: If we process your personal information based on our legitimate interests (explained above) or in the public interest, you can object in certain circumstances. In such cases, where required by law, we'll stop processing your personal information unless we have compelling legitimate grounds to continue processing or where it's needed for legal reasons. Where we use your information for direct marketing, you can always object using the unsubscribe link in such communications or by contacting us at privacy@rdj.ie.

12.5. Withdraw consent: If you've previously given your consent, you can withdraw your consent to our processing of your personal information at any time. For example, you can withdraw your consent to email marketing by using the unsubscribe link in such communications or contacting us at privacy@rdj.ie  In certain cases, we may continue to process your personal information after you've withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.

12.6. Complain: You have the right to submit a complaint about our use of your personal information with your local supervisory authority or RDJ’s supervisory authority, the Irish Data Protection Commission.

Certain legal limitations may apply to these rights. Irish data protection law recognises that some rights (such as access and objection) may be limited in specific circumstances, particularly where they relate to:

  • personal information processed for seeking, receiving or giving legal advice,
  • personal information subject to legal privilege, including communications between a client and their legal advisers, or
  • where exercising such rights would constitute contempt of court.

13. THIRD PARTY SERVICES

Our websites and application may contain links to other websites and services operated by third parties. This privacy notice applies only to our services and practices. We're not responsible for the privacy practices of other organisations, and we encourage you to review their privacy policies when you visit their sites.

14. HOW TO MAKE A COMPLAINT 

Complaints about the use, retention and disposal of personal information can be submitted via email to privacy@rdj.ie.

Under data protection law, you also have the right to lodge a complaint with the relevant supervisory authority of your country.

15. CHANGES TO THIS NOTICE 

We'll review and update this notice from time to time to reflect changes in the law and our experience with processing personal information in practice. We'll tell you about any changes and, if necessary, we'll get your consent before applying any changes to any personal information collected from you before the change becomes effective. We encourage you to periodically review this notice to stay informed about how we collect, use, and disclose personal information.

16. CONTACT INFORMATION

We welcome your questions and feedback about this notice and our data protection practices. Please don't hesitate to contact us at:

Name: RDJ LLP

ATTN: Data Privacy

Address: 85 South Mall, Cork, T12 TP8D, Ireland

E-mail: privacy@rdj.ie