Customer Privacy Policy

Last update: January 2025

Introduction

Murgitroyd & Company Limited (referred to as "we", "us" or "our") is registered in Scotland under number SC144082, whose registered office is at 165-169 Scotland Street, Glasgow. We are what is known as the 'data controller' of personal information we collect and use. This means that we are responsible for determining the purpose and the means of processing your personal data.  We are registered with the Information Commissioner’s Office under number Z7349800.

Our Chief Commercial Officer ensures that we apply the best standards to protecting your personal information and comply with our responsibilities for data protection. If you have any questions about how we handle your personal information or concerns please contact us using the information provided under ‘How to Contact Us’.

The purpose of this policy is to outline our approach to protecting the personal data we collect, process, hold and share as a Data Controller. We take your privacy seriously and are committed to protecting information through a range of technical and organisational measures to safeguard all personal information under our control. We maintain records of our processing activities, data protection risk assessments and a range of other measures to support our compliance with data protection law. This privacy policy is a key component of our wider Information Security and Governance Framework incorporating our Data Protection and ICT policies.

 

Personal Data We Collect

Under UK GDPR, personal data means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data.

Below is a list of the types of your personal data that we may process:

  • Name
  • Contact details
  • Address
  • Job Title
  • Financial information such as bank account details
  • Employment information such as job title and company email


How We Use Your Personal Data

Murgitroyd use your personal data primarily for your employment. Below is a table of the reasons why we use your personal data and the corresponding lawful basis.

Purposes for Processing

Lawful Basis

Sending Newsletter

Consent

Managing generic web form enquiries

It is in Murgitroyd’s legitimate interests to manage inbound web form enquiries in order to respond and to help answer any questions.

Processing telephone enquiries

It is in Murgitroyd’s legitimate interests to answer telephone enquiries in order to respond and to help any queries that come in over the phone.

Processing emailing enquiries

It is in Murgitroyd’s legitimate interests to manage enquiries via email in order to respond and to help any queries via email.

Managing events and invitations

It is in Murgitroyd’s legitimate interests to manage events and invitations to ensure all attendees has the relevant information to attend the event.

Mailshot regarding important legal update

It is in Murgitroyd’s legitimate interests to send legal updates to its clients in order to provide updates on any applicable laws and regulation changes.

Collating and analysing client feedback

It is in Murgitroyd’s legitimate interests to seek client feedback in order to improve its services, ensuring customers get the best possible service from us.

Instant feedback form from email footer.

It is in Murgitroyd’s legitimate interests to provide a method of clients to provide proactive feedback.

Client feedback form (allowing written and verbal feedback to be reported 

It is in Murgitroyd’s legitimate interests to consolidate all forms of feedback in order to improve our services.

E-Signature service for NDAs and engagement letters

Performance of a contract

New Client OnBoarding Form

 

Performance of a contract

Managing client experiences

 

Performance of a contract

Onboarding case portfolios

Performance of a contract

 

Sharing Your Personal Data

We will share your personal data that we hold with the following organisations:

  • Moneypenny
  • HubSpot
  • Monday.com
  • Eventbrite
  • MyCustomerLens
  • DocuSign 
  • Lotus Notes

We may disclose your personal data to other organisations who assist us pass your details to reputable third parties to ensure that you receive appropriate advice; make a lawful request for disclosure; provide us with professional services or advice; or assist us in our marketing and promotional work.

 

International Transfers

We may transfer personal data to a country not in Europe where data subjects’ rights may not be adequately protected or enforceable. Whenever we arrange for international transfers of data overseas we will ensure the suitable arrangements are in place to provide suitable safeguards for the people whose information we transfer. When we appoint overseas data processors we check that suitable arrangements are in place such as European Commission Adequacy Decisions, Standard Contractual Clauses, or other permitted mechanisms. These transfers include:

  • HubSpot - US EU-US data privacy framework and the UK extension
  • Moneypenny - US EU-US data privacy framework and the UK extension
  • Monday.com – Adequacy Regulation 
  • Eventbrite - US EU-US data privacy framework and the UK extension
  • Outlook – Adequacy Regulations
  • HCL Notes – Adequacy Regulation

 

Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Details of retention periods for different aspects of your personal information are available in our retention policy which can be exercised under the “How to Contact Us” section of this policy. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

Automated Decision Making

We do not use information relating to you for any profiling nor do we have any have systems that take automated decisions about you.

 

Your Rights

Under UK data protection law, you have a set of certain rights, and they are as follows:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check we are lawfully processing it
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below)
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it
  • Request the transfer of your personal information to another party (in certain circumstances
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party). You also have the right to object where we are processing your personal information for direct marketing purposes
  • Rights in Relation to Automated Decision Making and Profiling
  • Withdraw your consent to the processing of your personal information at any time where consent is being relied upon as the lawful basis for processing.

You can exercise your rights by emailing us on the contact details below or by writing in to us at, 165-169 Scotland Street, Glasgow, Scotland, G5 8PL. Please mark your correspondence for the attention of the Chief Compliance Officer.

You also have a right to lodge a complaint with Information Commissioners Office (ICO) where you believe we have not complied with UK data protection law. In the first instance, we encourage you to resolve the matter with Murgitroyd. However, you can contact the ICO via www.ico.org.uk, [email protected] or 0303 123 1113.

 

How to Contact Us

For further information regarding your personal data or about our approach to data protection in general, please contact our Chief Compliance Officer at:

165-169 Scotland Street
Glasgow
Scotland
G5 8PL

(e) [email protected]

(t) +44 (0) 141 307 8400

 

Version Control

Version

Approved By

Date

Changes

1.0

Thomas Gibb

02.01.25

Policy updated

 

 

 

 

 

 

 

 

 

 

 

 

FT LOGO RGB COL WEB
IP STARS LOGO RGB COL WEB
THE LEGAL 500 LOGOTYPE RGB
IAM300 LOGO RGB COL WEB
IAM1000 LOGO RGB COL WEB
WTR LOGO RGB COL
WWL LOGO RGB COL WEB
Logo 2024 Most Recommended Intl IP Agencies Service 1
Decideurs Magazine Full RGB
WIPR 2024 Diversity Woman Logo Colour RGB
Social Impact Awards 2024 final
IP INCLUSIVE WEB
Adapt Legal Logo RGB
EPPP Logo web size
Lsa logo 2024 CMYK
Cyber Essentials certified final
Cyber Essentials PLUS final
BVCA logo Colour