Smyth Solicitors is committed to safeguarding the fundamental rights and freedoms of individuals whose personal data we process. Each such individual data subject has a right to the information in this Privacy Notice.


1.   The identity and contact details of the data controller


We are Smyth Solicitors of Alexandra House, Ballsbridge Park, Ballsbridge, Dublin 4, Ireland. We are a data controller for the purposes of data protection laws because we determine the purpose and means of processing the personal data that we obtain. We can be contacted at our Ballsbridge address by post or by email at Our data protection representative is Keith Smyth, the principal of the firm.


2.   The purposes for which the personal data are intended to be processed or are being processed


There are various types of personal data that we obtain and process. We are a corporate law firm and most of our clients are corporate persons/entities. The services that we provide to those clients invariably require or cause us to obtain and process the personal data of natural persons, be they directors, shareholders, partners, employees or other stakeholders in our clients.


We process the personal data of non-client entities through our dealings with our clients and through our dealings with the counterparties to our clients’ transactions, contracts and relationships. We process the data of other professionals and professional entities (e.g. barristers, experts, consultants, etc.) in the provision of our services and necessarily process the personal data of the directors, shareholders, partners, employees and/or other stakeholders of those professionals and professional entities.


We process personal data for the purposes of assessing prospective instructions and for the purposes of providing legal advices and services. We process personal data to assist with legal claims or legal proceedings and to assist with legal rights. We also process data to comply with our regulatory obligations (e.g. anti-money laundering obligations, file retention obligations, etc.).


We process the data of job applicants and employees of the firm. We also process data for direct marketing of the services of the firm within a period of twelve months from the last instruction.


The purpose of all of this processing is to operate a law firm so as to provide, and to be able to provide on an ongoing basis, legal services and give legal advices to our clients.


The legal bases for the processing of the personal data


There are a number of legal bases that we rely on for processing data subjects’ personal data. Much of the processing is necessary for the performance of the legal services contracts which our clients have entered into with this firm or in order to take steps at the request of the date subject prior to entering into a contract for legal services. Much of the processing is necessary for the purposes of the legitimate interests pursued by the firm in the proper administration and correct operation of our solicitors’ firm. Some processing is necessary for compliance with the legal, regulatory and taxation framework within which Irish law firms operate. We also have legitimate interests in marketing and promoting this firm’s legal services and find some processing necessary for these purposes, but we always consider that such interests may be overridden by the interests or fundamental rights and freedoms of the data subjects which require protection of their personal data.


There may also be limited circumstances where our legal basis for processing personal data is consent (where we have sought it and it has been provided to us), in which case that consent may be withdrawn at any time.


Categories of recipients of the personal data


We share personal data with third parties. There are various categories of third-party recipients. In the normal course of operating a solicitors’ practice and in the course of meeting our obligations as required by law, we share or disclose personal data with trusted third parties where to do so is necessary to the legal services being provided. Those third parties include, but are not limited to, governmental departments (e.g. the Companies Registration Office, The Courts Service of Ireland), regulatory bodies (e.g. The Law Society of Ireland), and financial institutions/banks.


We also retain or engage with other professional services providers in the provision of our legal services. This may involve the disclosure and sharing of personal data. Those service providers include accountants, tax advisors and auditors, barristers, other solicitors’ firms representing other parties in client-related transactions, professional law searchers, IT suppliers and maintenance contractors, IT back-up and cloud storage providers, and external file and document archive storage providers.


Many of these service providers (e.g. IT back-up and cloud storage providers) will be data processors and may only process the personal data for the purposes and services for which they have been retained by us and for no other purpose. Some of these service providers (e.g. auditors, barristers, other solicitors’ firms, etc.) may themselves be data controllers and may independently determine the purpose and means for processing the personal data as may be required by their role and by their mandate in any particular matter.


Periods for which the personal data will be retained


We retain personal data for defined periods of time and for no longer than is necessary or appropriate for the particular processing that we are undertaking. We retain all client files for a period of not less than six years for the purposes of meeting the firm’s accounting, revenue and tax obligations and to exhaust the period for actions pursuant to the provisions of the Statute of Limitations Act, as amended. Documents of identity that were obtained and processed for the purposes of anti-money laundering legislation are held for not less than five years under the relevant Criminal Justice legislation. Employee records are kept for a minimum of one year after the cessation of employment for the purposes of the relevant Organisation of Working Time Act. Other periods are based on the requirements of applicable data protection laws and on the purposes for which the personal data is collected and processed, taking into account good practices and Smyth Solicitors’ business purposes.


3.   Information detailing the right of the data subject to request from the controller access to, and the rectification and erasure of, the personal data


All data subjects have rights under data protection laws. Data subjects are entitled (at all times in particular circumstances and subject to certain exemptions) to request details of the personal data held by us about them and details of how we process that personal data. Data subjects have a right in accordance with applicable data protection law to have personal data rectified or deleted, to restrict our processing of that data, to stop unauthorised transfers of personal data to a third party and, in some circumstances, to have personal data relating to you transferred to another organisation. We will respond to your request in writing, or orally if requested, as soon as practicable and in any event within one month of receipt of your request. We may request proof of identification to verify your request. All requests should be addressed to us at the contact details above.


If we are processing personal data based on consent, the data subject may withdraw that consent at any time. This does not affect the lawfulness of processing which took place prior to its withdrawal. If you object to the processing of your personal data, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.


Your objection to processing (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to provide legal services and give legal advices to you, the data subject. Please note that, even after you have chosen to withdraw your consent, we may be able to continue to process your personal data to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.


In order to seek to exercise any of the rights set out above, please contact using the contact details above. We must ensure that your personal data is accurate and up to date. Therefore, please advise us of any changes to your personal data by contacting us using the contact details above. If a data subject is unhappy with how we process personal data, we ask the data subject to contact us so that we can address the situation.


4.   Information detailing the right of the data subject to lodge a complaint with the Commission and the contact details of the Commission


You also have the right to lodge a complaint in relation to our processing of your personal data with a local supervisory authority, which in Ireland is the Data Protection Commission. The contact details of the Commission are:


Telephone: +353 57 8684800 | +353 (0)761 104 800




Postal Address: Data Protection Commission, Canal House, Station Road, Portarlington, Co Laois, R32 AP23, Ireland.


5.   Changes to data protection policies


We reserve the right to change our privacy and data protection policies from time to time at our sole discretion. If we make any changes, we will publish the updated position in a replacement privacy notice on our website. We would ask you, therefore, to check this privacy notice from time to time.