ELLIS & ELLIS Law Agents & Record Searchers
Last updated: 4th November 2022
At Ellis & Ellis we are committed to ensuring that you and clients’ privacy is protected. This privacy notice together with the Cookies Settings (at the bottom of your screen), and our general terms and conditions set out the basis on which any personal data we collect from and about you or about clients that you provide to us, or that we collect as a by-product of providing our services to you, will be processed by us. We provide law searching, title investigation and town agency services (our Business). For more information on our services, please see here [Add Hyperlink: https://ellis.ie/services/]
We collect, use and are responsible for certain personal data about you. The term personal data means any information concerning or relating to a living person who is either identified or identifiable. When we do so we are subject to the General Data Protection Regulation (the GDPR) and other national data protection and privacy laws (such as, in Ireland, the Data Protection Acts 1988 to 2018 and European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 as may be amended or replaced from time to time) (Data Protection Laws). We refer to this information as Your Data.
This Privacy Notice describes how we and our affiliates process personal data we collect from or about you in relation to their use of our websites (including https://ellis.ie/ and https://searches.ellis.ie/) and applications (collectively, the Sites) and ordering, enquiring and usage of services of our Business (collectively, our Services). Under Data Protection Laws, we are generally the controller of the personal data we collect, as we determine the means and/or purposes of the processing. Where we process personal data provided for or collected on behalf of our clients in course of providing our Services then we are the processor of such personal data and our clients are the controllers. We refer to this information as Client Data.
Your privacy is of paramount importance to us. This Privacy Notice is designed to:
- In respect of Your Data, protect you by informing you what personal data we collect, how we will use it, with whom we share it, how long we keep it and how to contact us if you have any queries or concerns about our use of Your Data; and
- In respect of Client Data, provide you with information on how our Business collects, uses and protects Client Data, with whom we share it and how long we keep it.
By using or accessing our Services, you agree to the terms of this Privacy Notice. Please read this Privacy Notice, see the Cookies Settings and any other document we provide to you, such as our general Terms and Conditions carefully so you understand our views and practices regarding Your Data and Client Data and how we will treat it. Registering for your account on our Sites, use of your account or our Sites or otherwise accepting the terms of this Privacy Notice indicates that you have reviewed this Privacy Notice and have agreed to be bound by it. If you do not agree to these terms you must leave our Sites immediately. If you no longer consent to our processing of Your Data, you may request that we cease such processing by contacting us.
- Who we are
We are Ribige Limited trading as Ellis & Ellis, a company incorporated in Ireland with registered number 291613 and registered at the address of 31-36, Ormond Quay Upper, D07 WP21. You can contact us at this address by phone, fax, post, email at email@example.com and via our proprietary website at www.ellis.ie and www.econveyance.ie. For queries in relation to Your Data, you can contact us at these contact details or by email to firstname.lastname@example.org.
- our legal bases AND PURPOSES for processing YOUR DATA
- We may use Your Data on any one or more of the following legal bases: (i) to perform a contract with you; (ii) for our legitimate business purposes in providing our Services to you (in which case, our legitimate interests will not override your fundamental privacy rights); and/or (iii) in limited circumstances, where you have given us your express consent. We may also use or disclose Your Data to comply with a legal obligation to which we are subject.
- Please note that we may process Your Data for more than one legal basis, depending on the specific purpose(s) for which we are using Your Data. We have set out below the most commonly applicable legal basis for the purposes and processing activities below. Please contact us via www.ellis.ie or on the other contact details set out in section 1 “Who We Are” above.
- For individuals who visit and interact with our Sites, we process data:
- to respond to your query when you contact us through one of our Sites;
- to sign up to our newsletter, other marketing or events alerts when you request subscription through our Sites;
- to administer, improve and protect our Sites and Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data); and
- to register you for an account on the Sites.
The legal basis for this processing is our legitimate interest in the administration and operation of our Services as well as our legitimate interest in marketing and promoting our Services.
- For our potential clients, we process data:
- in order to market the services of our firm;
- to provide you with information about services we offer through our Business that are similar to any you may have already requested from us or enquired about;
- to provide you with legal updates and newsletters to which you have subscribed; and/or
- to provide quotations for fees.
The legal basis for the processing of this data is processing necessary for the purpose of the legitimate interests of our firm in promoting our services.
- For our clients, we process data:
- in order to liaise with you about our matters on which you seek our Services;
- to allow us to provide you with the services you request from us
- to comply with legal obligations to which we may be subject (such as anti-money laundering, sanctions or financial sanctions);
- to notify you of any changes to our Services;
- to provide you with information about services we offer through our Business that are similar to those you have already requested of us or enquired about; and
- to monitor and improve the quality of our Services.
The legal basis for the processing of this data is processing necessary for the purposes of the legitimate interests pursued by our firm in representing our clients, for compliance with a legal obligation (where required to do so). We may also seek and rely upon your consent to certain marketing activities.
- For candidates interested in positions with our Business, we process data:
- to recruit new employees; and
- to ascertain your suitability for a specific role.
The legal basis for this processing is processing necessary for the purpose of the legitimate interests of our firm in recruiting new staff. We may also provide further privacy/data protection information in our job advertisements on how we process applicant data. Please review this information carefully if relevant to you.
- We may also process Your Data to enforce our legal rights or defend or undertake legal proceedings. Depending on the circumstances, the legal basis for processing of this data will be to fulfil our legal and regulatory obligations; or in other cases, for our legitimate interests (to protect our business, interests and rights).
- PERSONAL DATA WE PROCESS
- With respect to Your Data and Client Data, we may collect and process this information we obtain directly from you of from other sources:-
- Information we obtain directly from you:
This is information about you and/or clients data that you give us by corresponding with us by phone, email, through our Sites or otherwise. It includes the information you supply us with when you seek employment with us, or you engage us to provide our Services, or when you wish to be provided with relevant information to you and/ or your business. For persons who view and interact with our Sites, we process Your Data (i) to respond to requests for searches or other Services (ii) to respond to your query when sent through our ‘contact us’ form should we in the future introduce that facility in our Sites and or (iii) to sign up to a newsletter or information when you ask to do so, through our Sites should we in the future introduce that facility in our Sites. The information you give us may include, but is not limited to, first names, surnames, address, e-mail address, phone number, or other identification documents, etc. When you visit our Sites, we may collect your internet protocol (IP) address and login data, browser or client application information, language preference, operating system and application version, device type and ID, and device model and manufacturer, and other technology on the devices you use to access the Sites.
- Information we collect from other sources:
In the course of our Business, we might also obtain Your Data and Client Data from other sources such as those tasked with registers maintained in the public interest (e.g. the Companies Registration Office, Register of Beneficial Ownership and the Property Registration Authority), government and regulatory authorities, business partners, agents, and other service providers, etc. Our clients are not obliged to provide us with either Your Data or Client Data. However, if you do not, we might not be able to carry out the services you have requested of us. Such information can include prefixes and suffixes, names, former names, personal and business addresses, directorship and shareholder information, dates of birth, civil status, and any other information contained in public records and registries.
- Who we share YOUR data AND CLIENT DATA with
- Where appropriate we may share Your Data and Client Data with agents, contractors, or partners of Ellis & Ellis in connection with our services that these individuals or entities perform for or with Ellis & Ellis. These include but are not limited to providers of document management services, IT support services, accounting support services, and third party experts solely for the purposes we have listed above in the section 2 “Our Legal Bases and Purposes for Processing Your Data” above.
- We restrict access to Your Data and Client Data to employees, contractors, and agents who need such access in order to operate, develop, or improve our Services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, civil litigation and/or criminal prosecution, if they fail to meet these obligations.
- We may share Your Data with our professional advisors such as accountants, auditors, lawyers, bankers, insurers, and other outside professional advisors.
- In respect of Your Data, we may share such data with anyone you authorise us to give Your Data to.
- Where we reasonably believe that you are or may be in breach of any applicable laws we may disclose Your Data or Client Data to relevant third parties, such as law enforcement agencies. We would only do so in circumstances where such disclosure is permitted or required under applicable laws, including Data Protection Laws.
- If our Business is acquired or merged with another company, Your Data and Client Data may be transferred to the new owners so that we may continue to sell products and Services to you. If we become involved in a merger, acquisition, or any form of sale of some of all of its assets, Your Data will not be transferred to any third party unless there are adequate safeguards in place with the recipient in respect of the security of Your Data.
- retention of your data and client data
- Your Data will be kept and stored for such period of time as we deem necessary taking into account the purpose for which it was collected in the first instance. This may include retaining Your Data as necessary to administer our business relationship and/or any account you have registered on our Sites; comply with our legal obligations; resolve disputes; enforce our agreements; support business operations; and/or continue to develop and improve our Services. Unless otherwise required under applicable law, we store Your Data for as long as we provide Services to you and for a period of no less than seven years beginning on the date we archive your file. In respect of applicants for positions with Ellis & Ellis, please see the privacy/data protection information setting out the applicable retention period in those circumstances.
- Where we retain Your Data for improvement and development of our Services, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyse personal characteristics about you.
- We will retain Client Data only for so long as authorised by and upon the documented instructions of our clients and in compliance with Data Protection Laws.
- security of your data and client data
- We take our security responsibilities towards all personal data, including Your Data and Client Data, seriously, employing appropriate technical and organisational measures to ensure a level of security appropriate to the risks that are presented by the processing of Your Data and Client Data, including staff training and awareness. In particular, we consider the risks presented by accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Your Data and Client Data transmitted, stored or otherwise processed. We review our personal data security measures and procedures regularly.
- We restrict access to Your Data and Client Data to employees, contractors and agents on a need-to-know basis in order to operate, develop or improve the Services. We might store information in different places. Physical files are stored in our office and our archives. Electronic files are stored on our secure servers.
- We ensure that we have appropriate physical and technological security measures to protect your information; and we ensure that when we outsource any processes that the service provider has appropriate security measures in place. However, our Sites may contain hyperlinks to websites owned and operated by third parties. These third party websites have their own privacy policies, including cookies (See further in section 11 “Links to Third Party Websites” below). We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.
- Unfortunately, the transmission of information by means of the internet, including through e-mail, is not completely secure. Although we will do our best to protect Your Data and Client Data, we cannot guarantee the security of your data transmitted to or from us by means of e-mail and any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. To the extent permitted by law, we are not responsible for any delays, delivery failures, or any other loss or damage resulting from (i) the transfer of data over communications networks and facilities, including the internet, or (ii) any delay or delivery failure on the part of any other service provider not contracted by us, and you acknowledge that our Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities. You will appreciate that we cannot guarantee the absolute prevention of cyber-attacks such as hacking, spyware and viruses. Accordingly, you will not hold us liable for any unauthorized disclosure, loss or destruction of Your Data and Client Data arising from such risks.
- INTERNATIONAL DATA Transfers
- Your Data and Client Data may be transferred, stored and accessed within the European Economic Area (EEA) or transferred to, stored in, and accessed from countries outside the EEA for the purposes of us providing our Services. It may also be processed by staff operating outside the EEA who work for us or any of our suppliers.
- Unless otherwise permitted by Data Protection Laws, we can and will only transfer Your Data and Client Data to a territory outside the EEA where an adequate or equivalent degree of protection of your rights is assured. We will take all steps reasonably necessary to ensure that Your Data and Client Data are treated securely. Such safeguards in place with regard to the transfer of Your Data to third countries shall include (but shall not be limited to):
- the country has been deemed to provide an adequate level of protection for personal data by the European Commission (known as an adequacy decision) further to Article 45 of the GDPR. A list of countries the European Commission has currently made adequacy decisions in relation to is available here. We rely on adequacy decisions for transfers to the following countries: the United Kingdom.
- we have entered into appropriate contracts with third parties incorporating standard contractual clauses approved by the European Commission under Article 46(2) of the GDPR together with any supplementary measures required appropriate to any risks in the transfer. For further details, see European Commission: Standard contractual clauses for data transfers between EU and non-EU countries. We rely on standard contractual clauses for transfers to the following countries: United States.
- there are appropriate safeguards that comply with Chapter V of the GDPR in place, together with enforceable rights and effective legal remedies for you.
- a specific exception applies that comply with Article 49 of the GDPR or other applicable Data Protection Laws.
- Please contact us (see section 1 “Who We Are” above) if you want further information on the specific mechanism used by us when transferring Your Data outside the EEA.
- Your rights relating to YOUR data
As a data subject, you have the following rights under Data Protection Laws and, where we act as controller of Your Data, we have a duty to comply with such rights in respect of Your Data. These rights are explained in more detail below, but if you have any comments, concerns or complaints about our use of Your Data, please contact us (see section 1 “Who We Are” above). We will respond to any rights that you exercise within one month of receiving your request, unless the request is particularly complex, in which case we will respond within three months (we will inform you within the first month if it will take longer than one month for us to respond).
Right of Access
You have the right to request a copy of Your Data. Requests for Your Data must be made to us (see section 1 “Who We Are” above) specifying what personal data you need access to, and a copy of such request may be kept by us for our legitimate purposes in managing the Services. To help us find the information easily, please give us as much information as possible about the type of information you would like to see. If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person, if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person, if possible.
We are also entitled to refuse a data access request from you where (i) such request is manifestly unfounded or excessive, in particular because of its repetitive character (in this case, if we decide to provide you with the personal data requested, we may charge you a reasonable fee to account for administrative costs of doing so); or (ii) we are entitled to do so pursuant to Data Protection Laws.
For security reasons, we will take reasonable steps to confirm your identity before providing you with any personal data we may hold about you.
Right of Rectification
You have the right to request that we amend any inaccurate or incomplete personal data that we have about you. If you would like to do this, please (i) email or write to us (see ‘How to Contact Us’ below); (ii) let us have enough information to identify you (e.g. name, registration details); and (iii) let us know the information that is incorrect and what it should be replaced with.
If we are required to update Your Data, we will inform recipients to whom that personal data have been disclosed (if any), unless this proves impossible or has a disproportionate effort.
It is your responsibility that all of the personal data provided to us is accurate and complete. If any information you have given us changes, please let us know as soon as possible (see contact details in section “Who We Are” above).
Right to Object
You have the right to ask us to stop using Your Data, and we will comply unless there is a legal basis for us to continue using it, which we will explain to you.
Right to Erasure
You can ask us to erase Your Data (i) where we do not need Your Data in order to process it for the purposes set out in this Privacy Notice; (ii) if you had given us consent to process Your Data, you withdraw that consent and we cannot otherwise legally process Your Data; (iii) you object to our processing and we do not have any legal basis for continuing to process Your Data; (iv) Your Data has been processed unlawfully or have not been erased when it should have been; or (v) the personal data have to be erased to comply with law.
We may continue to process Your Data in certain circumstances in accordance with Data Protection Laws. Where you have requested the erasure of Your Data, we will inform recipients to whom that personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will also inform you about those recipients if you request it.
Right to Restriction of Processing
You may request that we stop processing Your Data temporarily if (i) you do not think that Your Data is accurate (but we may start processing again once we have checked and confirmed that it is accurate); (ii) the processing is unlawful but you do not want us to erase Your Data; (iii) we no longer need the personal data for our processing; or (iv) you have objected to processing because you believe that your interests should override the basis upon which we process Your Data.
If you exercise your right to restrict us from processing Your Data, we will continue to process the personal data if: (i) you consent to such processing; (ii) the processing is necessary for the exercise or defence of legal claims; (iii) the processing is necessary for the protection of the rights of other individuals or legal persons; or (iv) the processing is necessary for public interest reasons.
Right to Data Portability
You may ask for an electronic copy of Your Data that you have provided to us and which we hold electronically, or for us to provide this directly to another party. This right only applies to personal data that you have provided to us – it does not extend to data generated by us. In addition, the right to data portability also only applies where (i) the processing is based on your consent or for the performance of a contract; and (ii) the processing is carried out by automated means.
Right to be informed
You have the right to clear, transparent and easily understandable information about your rights and about how we use Your Data. We use this Privacy Notice to inform you of your rights. If you have any queries
Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw your consent at any time with future effect by contacting us. However, if you do withdraw your consent, we may not be able to continue to provide the service we offer to you.
Right to ask us to stop contacting you with direct marketing
We have a legitimate interest to send you electronic communications in connection with the Services and related matters (which may include but shall not be limited to newsletters, announcement of new features or Services, etc. and which may also appear on social media platforms such as Facebook, LinkedIn, Twitter or Instagram). We may also ask you for your consent to send you direct marketing from time to time.
You may be able to select your preferences with respect to direct marketing when registering an account on our Sites. We may also ask you different questions for different services, including competitions. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:
click on ‘unsubscribe’ on an email; or
send an email info:@ellis.ie with “Unsubscribe” in the header or subject of the email.
We will provide you with information on action taken on a request to stop direct marketing – this may be in the form of a response email confirming that you have “Unsubscribed”. Unsubscribing from direct marketing does not unsubscribe you from electronic communications in respect of the administration of business relationship with you.
Right to Complain to the Data Protection Commission
If you do not think that we have processed Your Data in accordance with this Privacy Notice, please contact us in the first instance (see section 1 “Who We Are” above). If you are not satisfied, you can complain to the Data Protection Commission or exercise any of your other rights pursuant to Data Protection Laws. Information about how to do this is available on the Data Protection Commission website at www.dataprotection.ie.
- PERSONAL DATA Breach Reporting
- We will notify serious Personal Data Breaches in respect of Your Data to the Data Protection Commission without undue delay, and where feasible, not later than 72 hours after having become aware of same. If notification is not made after 72 hours, we will record a reasoned justification for the delay. However, it is not necessary to notify the Data Protection Commission where the Personal Data Breach is unlikely to result in a risk to the rights and freedoms of natural persons. In this section, a Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
- We will keep a record of any Personal Data Breaches, including their effects and the remedial action taken, and will notify you of any Personal Data Breach affecting Your Data (which poses a high risk to you) or Client Data (which poses a high risk to your clients) when we are required to do so under Data Protection Laws. We are not required to notify you of a Personal Data Breach where (i) we have implemented appropriate technical and organisational measures that render Your Data or Client Data unintelligible to anyone not authorised to access it, such as encryption; (ii) we have taken subsequent measures which ensure that the high risk to data subjects is not likely to materialise; or (iii) it would involve disproportionate effort, in which case we may make a public communication instead.
- Links to THird Party WEbsites
- This Privacy Notice applies to websites and services that are owned and operated by us. We do not exercise control over the sites/applications that may be linked from the Services. You may see ‘social buttons’ during your use of the Sites, including but not limited to Twitter, Facebook, LinkedIn and Instagram which enable you to share or bookmark certain web pages. These websites and social platforms have their own cookies and privacy practices, which are controlled by them. These other sites/applications may place their own cookies or other files on your computer, collect data or solicit personal information from you. You acknowledge that the Services may enable or assist you to access the Sites’ content of, correspond with, and purchase goods and services from, third parties via third-party websites and that you do so solely at your own risk.
- Requirement to process personal data
If you do not provide us with your information for the purposes described above, we cannot send you our newsletter, respond to your queries and requests, liaise with you on client matters, progress a matter for you or assess your suitability for a role within our firm.
- Automated decision-making and profiling
We do not use any personal data for automated decision-making or profiling.
- Changes to this privacy notice
- We may update this Privacy Notice from time to time and at our sole discretion. We will publish the date of the most recent updated version on our Sites and at the top of this Privacy Notice, as appropriate.
- If you do not agree to these changes, please do not continue to use the Services to submit Your Data. If material changes are made to the Privacy Notice, we will notify you by placing a prominent notice on our Sites or by sending you a notification in relation to this.