Client Privacy Notice

We provide tailored and innovative solutions.

Miller Samuel Hill Brown LLP (“MSHB”, “we”, “us”) respects the privacy and legal rights of the individuals and organisations we deal with. 

This Notice provides information about how we collect and use data from visitors to our website and the persons and organisations we deal with when providing services and administering our business.  It should be read in conjunction with our website and terms of engagement.

This Notice (together with our Website Terms & Conditions (“Website Terms”) and any other documents referred to in it) explains how we make use of personal data we collect from or about you or which you provide to us.

Using our website will include the processing of your data as set out in this notice where you get in touch with us via our website.  If you or your organisation is one of our clients, further information will be found in our engagement letter.

Who we are

For the purpose of the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulation (Regulation (EU) 2016/679) (“the GDPR”), the data controller in respect of any personal data controlled by the firm is Miller Samuel Hill Brown LLP. MSHB is a limited liability partnership under the laws of Scotland, registered under number SO 300152.  Our registered address is RWF House, 5 Renfield Street, Glasgow, G2 5EZ. 

We are authorised and regulated by the Law Society of Scotland.

Personal data you give us

When we use the term “Personal data” in this Notice, we mean information about living individuals which, alone or in conjunction with other information held by us, is capable of identifying them.  The DPA and the GDPR regulate our use of your personal data.

We may obtain personal data from you when you contact us, including when you call us, get in touch with us via our website or when you or your organisation corresponds with us using any means of communication. This includes personal data you provide to us when you:

  • Contact us with a question or enquiry;
  • Contact us or authorise anyone to contact us about employment with MSHB;
  • Register for a seminar, event, or to receive legal updates or newsletters;
  • Attend events or provide our staff with business cards or contact details;
  • Deal with us when we are providing services to one of our clients (which may be you, your organisation or a third party);
  • Make a complaint; or
  • Deal with us in order to provide us with goods or services.

We may also collect and retain personal data:

  • Obtained from public sources about you or your organisation;
  • Obtained from third parties, who may include our clients, legal and accountancy professionals and their firms, courts, professional regulators, public bodies, and other entities, including credit reference agencies and providers of analysis, screening and database services who have a right to disclose this information to us; and
  • Relating to whether our contacts read electronic correspondence from us or click on links we send them.

We can use any personal data we obtain for a number of purposes, as set out below. 

  • To provide you or your organisation or our clients with information or services (we will keep this until you tell us to remove your personal data from our records for these purposes, or until we have reason to believe that you may no longer have any need for this information and our services) and to improve and to tailor how we provide those services and that information;
  • To perform a contract with the person about whom we hold data (we will keep your data for so long as is necessary for the contract and then as required for legal and compliance purposes);
  • To deal with enquiries or requests or to contact people on behalf of our clients (we’ll keep your data for so long as is necessary to deal with the enquiry or request);
  • To protect or pursue MSHB’s legitimate interests or those of our clients, the courts or anyone else we provide personal data to, after taking into account the legitimate interests of the person the data is about;
  • To comply with the law – for example, when performing background or money laundering checks (we’ll keep your data for so long as is necessary to document our compliance with the law and our regulator’s requirements);
  • To assess the credit-worthiness of a person or organisation we’re considering doing business with (we’ll keep your data until we make a decision about doing business with them);
  • To promote the services we provide and obtain new business (we’ll keep your data unless you ask us to remove it from our records or we decide you’re not likely to be interested in our services);
  • To offer our business contacts the opportunity to attend events and seminars and to receive information about the firm, legal updates and topics we think might interest them (we’ll keep your data unless you ask us to remove it from our records or we decide you’re not likely to be interested in our events, seminars and information);
  • To promote the administration of justice and comply with our solicitors’ duties as officers of the court (we’ll keep your data for so long as is necessary to achieve this – in some cases this may be up to 10 years); and
  • In any other way which we consider necessary and appropriate in order to conduct our business as a law firm, including to fulfil our professional, regulatory and legal obligations to our clients, the courts or other persons (we’ll keep your data for as long as we need to in order to achieve this, but for no longer than is necessary).

We will not retain personal data for longer than is necessary for the purpose or purposes for which we use it and we also explain below generally how long we will retain personal data for a given purpose.  If you or your organisation are a client of MSHB, our engagement letter has further information about our file retention policy.

Personal data we may obtain from our website about web visitors

We may automatically collect the following information, which may or may not be personal data, on anyone visiting the website:

  • IP addresses (static or dynamic) and other technical information relating to the virtual or physical location of a visitor and their means of access, including browser information, time zone settings and hardware information;
  • How visitors use the website, including dates and times and any details of how and for what duration particular resources are viewed or used; and
  • Clickstream data, including where users navigate to our site to and from and any searches you have made on or relating to our site. 

We will use this data to:

  • run our website and ensure it works properly;
  • improve how we present the information on it and make browsing easier and more productive;
  • maintain the site’s security and that of our visitors

Cookies

An HTTP cookie is a piece of data sent on behalf of a website (such as MSHB’s website) and stored on the user's computer by the user's web browser while the user is browsing

We may use internal resources or third party analysis services which use cookies to collect information on site usage and behaviour patterns.  We do this to find out things such as the number of visitors to the various parts of our website and improve it.  We may also share website usage data with service providers for benchmarking and site rating purposes.

We don’t use cookies in a way which allows MSHB to identify site users.

You can block cookies via your web browser and can screen out certain cookies using browser add-ons or other software.  This may prevent you from accessing all of our website.

How we share your data with other people and organisations

We may provide access to your personal data to our employees, contractors and agents and to our clients and their employees, contractors and agents. 

Where we supply personal data to our own employees, contractors and agents, this will be for the performance of their duties or contractual responsibilities to us and to be used only in a manner which isn’t incompatible with the purposes for which we obtained it. 

Where we supply other people and organisations with personal data for purposes other than their processing this data for us according to our instructions, we will consider (where allowed by law or our duties to the courts and our clients) the security and privacy of that data in the hands of the recipient.  However, we won’t be responsible for the security and privacy of data held by third parties where we don’t control their policies and practices.   
We may share personal data with other people and organisations for these reasons:

  • providing you or others with legal services or information
  • to enforce and protect our own legal rights or those of our clients and other persons (including by supplying information to our insurers);
  • to prepare for, anticipate or conduct legal proceedings of any kind;
  • if we’re required to by law or by our professional regulators;
  • maintaining and improving our website, including the use of web analytics and search engine optimisation;
  • to help administer seminars, courses, lectures and other events you have asked to attend or which we think may be of interest to you;
  • to get our clients’ feedback on our work; or
  • to market and promote our services.

Where we share data for the above reasons, we may transfer it to countries or territories outside the European Economic Area (EEA).  We do not make these transfers as a matter of course, but may do so when this is necessary to provide services (for example, a client, a party in relation to whom we are conducting proceedings or dealing with, or an asset that is the subject of legal proceedings is located outside the EEA) or to obtain goods and services from third parties.

Where you give us your personal data, you consent to the transfer of such personal data out of the EEA and acknowledge that this may involve the transfer of personal data to a country or territory which may not be deemed by the European Commission or the European Courts to provide an adequate level of protection for your rights and freedoms as a data subject

Your Rights to Object to Direct Marketing

Like other businesses, we will sometimes use your personal data to provide you with information about the services we offer, developments in the law which might affect you and other topics we think might interest our clients and business contacts.  If you ask us to provide legal services to you, the terms of business and engagement letter we provide you will have additional information about how we can use your personal data.

We appreciate that you may decide that you don’t want us to use your personal data in this way and we will respect that choice.  We also have a legal obligation under the DPA and GDPR to stop sending you marketing communications if you object, so if you don’t want us to use your personal data in this way, just let us know.  We suggest sending an e-mail to us at This email address is being protected from spambots. You need JavaScript enabled to view it. or writing to us care of:

The Data Protection Officer,

Miller Samuel Hill Brown LLP,

The Forsyth Building,

5 Renfield Street,

Glasgow,

G2 5EZ

We’ll give you the opportunity to opt out of future marketing whenever we send you marketing material.

Your Rights in the Personal Data we Process

Under the DPA, you have the following rights in relation to your own personal data:

  • to prevent us using your data for direct marketing;
  • to have (in certain circumstances) inaccurate personal data corrected, blocked or destroyed;
  • to access a copy of the information comprised in your personal data that is undergoing processing (“subject access rights”);
  • to object to automated decisions (MSHB do not, however, use automated decision making);
  • to obtain compensation through legal proceedings for damage caused by a breach of the DPA; and
  • a right to object to processing that is likely to cause or is causing damage or distress.

If you want to (1) tell us to stop using your data for direct marketing; (2) exercise your subject access rights; (3) tell us about inaccurate personal data you think we hold on you; or (4) object to a use you believe we’re making of your data which is causing, or is likely to cause, damage or distress, please contact MSHB’s Data Protection Officer (as per the contact details above).

We will not charge you to exercise your subject access rights, but may make charge a reasonable fee reflecting our administrative costs should you request further copies of the personal data.  When you contact us to exercise any of the above rights, we will first ensure that the person requesting the data is the person whose data is being sought (or that it is being requested on that person’s behalf).  This may involve providing us with proof of your identity or your authority to act for the data subject.  We can also ask you for any information we need to help us find the personal data you’re enquiring about.

We will also provide you with the following information relating to your personal data:

  • the purpose for which we’re processing it;
  • what categories of data about you we process;
  • the recipients of your data, if any, including specifically international or foreign organisations;
  • our expected retention period or how we’ll calculate this, if we don’t know yet;
  • your rights in relation to the data; and
  • the source of the data, if we didn’t get it from you.