top of page



Commitment to Your Privacy


We, Michael A Brown, Solicitors, a law firm regulated by the Law Society of Scotland, are committed to safeguarding and respecting your privacy rights.


For the purpose of the EU General Data Protection Regulation (GDPR) and applicable legislation in force from time to time, the Data Controller (and the Data Lead) for the firm is:


Michael A Brown, Solicitors, 17 South Tay Street, Dundee, DD1 1NR  

(Tel: 01382 204242; Email:


This policy sets out the basis on which any personal information we obtain from you will be processed and retained by us. Please read the following carefully to understand our practices regarding your personal information and how we will treat it.


Personal Information


What kinds of personal information do we use?

The type and quantity of information we obtain, how we use it and who we share it with, depends on the nature of the legal service we are providing.


We may obtain, process and retain data about you which includes, but is not strictly limited to, the following:


  • Your name

  • Date and place of birth

  • National Insurance Number

  • Contact details such as postal address, e-mail address and telephone number (landline, mobile and/or business)

  • Financial information (e.g. bank account details, mortgage details, source of funds)

  • Status in relation to property or asset ownership

  • Any other information that is required to enable us to comply with dealings on your behalf as your solicitor or estate agent, Law Society regulations, our Anti-Money Laundering, Fraud Prevention and Risk Assessment duties in compliance with the applicable legislation in force from time to time

Sensitive Information

We generally do not ask you to disclose any sensitive personal information (e.g. information related to racial or ethnic origin, political opinions, religion or other beliefs, health or medical condition or trade union membership).


In certain circumstances we may require certain sensitive personal information where, for example, your health/medical condition is significant to the legal service being provided (e.g. your capacity in relation to granting a Power of Attorney, executing a Will, Deed or other document), or the information is necessary in order to comply with our obligations in relation to solicitor or estate agent, Law Society regulations, our internal Anti-Money Laundering, Fraud Prevention and Risk Assessment procedures.


How do we obtain your personal information?

Information about you may be obtained from a number of sources, including the following:


  • You may volunteer the information about yourself

  • You may provide information relating to someone else, if you have the authority to do so

  • Information passed to us by third parties which may include, but are not strictly limited to, the following:

  • Banks, Building Societies or other lending institutions

  • Referrals from existing clients

  • Organisations that may refer work to us, such as other solicitors, licensed brokers or mortgage or financial intermediaries

  • Public or Government bodies and medical or financial institutions – who provide your personal records/information relevant to the business we are conducting on your behalf

  • Attorneys or Financial Guardians


Please note we are not responsible for the privacy, information or other practices of any third parties from which information is received and you should review their policies and practices to ensure you are happy with how they treat your data.


How do we use your personal information?


We may use information held about you in a number of ways including:


  • Conducting business on your behalf and providing you with the specific legal services that you request from us, communicating with you regarding your business, responding to your queries and acting upon your instructions

  • With your permission, putting you in touch with appropriate third parties where it is relevant to your business

  • Complying with our legal and regulatory obligations and our compliance with the Law Society regulations such as carrying out our internal Anti-Money Laundering, Fraud Prevention and Risk Assessment procedures. This includes verifying your identity and (if applicable) source of funds.

  • For internal record-keeping purposes

  • Responding to any complaint or allegation of negligence against us


Disclosure of your personal information

In the course of providing our legal services, we may also require to share your personal information with appropriate third parties such as other service providers. When we share personal information with such third parties we endeavour to ensure that they use your personal information, strictly and confidentially, to the extent necessary for providing services to us (or you, as the case may be) and not for their own purposes unless you have explicitly consented to them doing so (where applicable). These third parties include, but are not strictly limited to, the following:


  • Solicitors and/or estate agents acting on the other side (e.g. in sale/purchase transactions) or in separate representation scenarios

  • Banks, Building Societies or other lending institutions

  • Licensed brokers or financial intermediaries

  • Revenue Scotland, HMRC and other Scottish and UK Government bodies

  • Local Authorities

  • Registers of Scotland

  • Tayside Solicitors Property Centre

  • Scottish Courts and Tribunals Service, including The Office of the Public Guardian

  • The Law Society of Scotland

  • Professional Search Companies

  • Advocates or other instructed solicitors or legal specialists

  • Our external Law Accountants

  • Auditors of Court

  • In the event that our firm is acquired by a third party, in which case personal information held by us about our clients will be one of the transferred assets

  • If we are under a duty to disclose your personal information in order to comply with any legal obligation, or to protect the rights, property, or safety of our clients, ourselves or third parties


There may be some instances of use of personal information that may require your specific consent. If this is the case, we will contact you separately to ask for your consent which you are free to withdraw at any time.


Storage and Security


All information we obtain is stored as follows:


  • Digitally on password-protected computers installed with up to date security software

  • Digitally on on site and/or off-site backup drives

  • In paper format on your individual client file(s) in filing cabinets or storage within our office premises and building

  • Particularly valuable documents such as Title Deeds and Wills/Testamentary Writings are kept in fire resistant strong room within our office premises

  • The cloud drive of our external Law Accountants and software providers whose own policies are in compliance with the GDPR and applicable legislation in force from time to time


Your Rights


You have the right to request access to the personal information we hold about you. Your right of access can be exercised free of charge. You can ask for this data to be provided in hard copy or in a structured, commonly used electronic format, so it can be easily transferred.


You have the right to object to how we use your personal information. If you have previously given us your consent to use your personal information, you can withdraw this consent at any time.


You can ask us to make changes to any inaccurate or incomplete personal information held about you. You can also ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn your consent, or where we have no lawful basis for retaining it.


If you wish to request access, changes or deletion of your personal information, or withdraw your consent, please contact the Data Controller.


We will try to comply with your requests as soon as reasonably practicable and in accordance with our obligations under the applicable data protection laws. However, please note that we may need to retain certain information for record-keeping purposes, Law Society compliance purposes or where a lawful basis applies.


Data Retention


We will retain your personal information only for the period necessary to fulfil the purposes outlined in this Privacy Policy. We have an internal retention policy, in accordance with the Law Society of Scotland's rules, where there are varying retention periods for different categories of legal services and whether there is a lawful basis for continuing to retain certain data (such as valuable documents like Title Deeds and Wills/Testamentary Writings). After a retention period has elapsed, the data is deleted and files shredded unless a lawful basis applies.




Our legal services are not aimed specifically at children because in legal work individuals under the age of 16 are generally represented by their parent or guardians. In relation to data protection, a child who has reached the age of 12 in Scotland can generally be deemed competent to provide consent on his or her own behalf and exercise their own data subject rights. If you are a child or the parent or guardian of a child and need further advice or explanation about how we would use a child's personal information, please contact the Data Controller.



Changes to the Privacy Policy


This Privacy Policy was last updated on 25th May 2018 and will be regularly monitored and reviewed at least every 2 years.


Your consent to our collecting, processing and retaining your personal information will remain valid for any future business we carry out on your behalf unless there are any subsequent changes to the GDPR or applicable legislation in force from time to time, or any changes to our other regulatory requirements, at which point we shall require renewal of your express written consent based on the revised Privacy Policy.




Please do not hesitate to contact the Data Controller if you have any questions, comments or concerns about this Privacy Policy.


As stated in the sections above, you have various rights with regard to your personal information including the right to tell us if you:


  • Wish to withdraw your consent

  • Wish to find out what information we have about you and/or wish to request a copy of the personal information which we hold about you

  • If you think that any personal information we hold about you is inaccurate, incomplete, out of date or irrelevant

  • Wish to report any breaches of the Privacy Policy


If you have any questions or complaints about this Privacy Policy, please contact the Data Controller. We will investigate any complaint, and notify you of our decision in relation to the complaint, as soon as practicable after it is received.


If we are unable to satisfactorily resolve your concerns about our handling of your personal information, you can contact the Information Commissioner's Office (ICO), either through their website: or through the ICO telephone helpline: 0303 123 1113.

bottom of page