privacy · Éamonn CONLON SC

what's this page about?

This page describes how I deal with personal information. I may change it from time to time.

Does this page concern you?

This page concerns you if you are a living person and any of these are true —

you and I communicate with each other
you are or were my client or an officer, shareholder, or partner of my client; or you work or worked for a client or a client’s shareholder or partner
my client works with you or with a person or organisation that you work for
you are a party to dispute resolution proceedings in which I am advising or have been appointed (or considered) as arbitrator or other neutral; or you work or worked for a party; or you are involved in the proceedings, for example as another tribunal member, counsel, witness, secretary, or person working for an institution administering the proceedings; or you are mentioned in the proceedings.

If any of this applies you, I could be handling personal information about you.

About me

I am Éamonn CONLON, a solicitor, arbitrator and alternative dispute resolution practitioner. In my work, I —

do legal work for clients
serve as arbitrator, mediator, conciliator, adjudicator or other neutral in disputes
operate and develop my practice
write, lecture and do other professional activities related to law.

I refer to all this as my work.

In my work, I have to handle personal information, information that identifies living people. The General Data Protection Regulation (GDPR) has a name for someone who does that. I am a data controller.

What personal information do I handle?

The personal information I handle could include—

your name, where you work, contact details like your telephone numbers and email addresses
communications like letters, emails, texts, voicemails, and my notes of meetings and telephone calls
information about your involvement and activities in contracts, disputes, or other matters relevant to my work
if you are or work for a client, or are or work for a client’s shareholder or partner (or were or did any of these in the past): documents showing who you are, where you live, your date of birth, and your connection to my client.

Where do I get personal information?

Mostly from—

you
my clients and people and organisations that my clients work with
institutions administering disputes I am appointed or being considered as arbitrator or other neutral, the parties to those disputes, and their counsel and witnesses
other people and organisations that I work with on my work
media reports and websites
public and government records.

For what purposes do I handle personal information?

to communicate with you
to do my work: mostly to advise my clients, resolve disputes, and operate my practice
to check for conflicts of interest in my work, current and future
to confirm my clients’ identity and assess the risk of money laundering, terrorist financing, or other crimes
to respond to competent authorities’ disclosure requirements, or make reports to them
to take or defend proceedings or respond to complaints.

My legal justifications for handling personal information

Handling personal information is necessary for my legitimate interests and the legitimate interests of my clients and the parties to disputes in which I am appointed or being considered as arbitrator or other neutral. This justification does not apply if your interests or fundamental rights or freedoms override my interests and interests of my clients or disputants.
- My clients’ interests are in me completing the work they entrust to me.
- The interests of parties to disputes are in resolving their disputes.
- My interests are in doing my work and dealing with proceedings and complaints.

Using personal information to check for conflicts of interest, confirm my clients’ identity, assess risk, and make disclosures or reports to authorities is necessary to comply with my legal obligations.

With whom do I share personal information?

I may need to share personal information with—

my clients
people and organisations that I work with in my work
those who read my arbitral awards or other decisions as arbitrator or other neutral
courts, tribunals, public authorities, auditors, and regulators
people helping me in my work
another solicitor responsible for dealing with my practice if I die or am unable to continue in practice.

Transferring personal information outside Europe

I use cloud services to store and back up personal information. I have contracts for this with companies in the European Economic Area (EEA) and in Canada, which the European Commission has decided has adequate data protection. Some of these companies store information on servers in the United States or other countries with lesser data protection and other safeguarding measures such as the EU-US Data Privacy Framework.

I might have to transfer your personal information outside the EEA—

when necessary for establishing, exercising or defending legal claims in the course of my work involving clients, parties, counsel, arbitrators, institutions or others outside the EEA or
to communicate with you or
with your explicit consent or
to perform a contract with you or in your interest.

If I transfer personal information outside the EEA (or the other countries that the European Commission has decided have adequate data protection) it might not have the same level of protection as in those countries.

Do you have to give me personal information?

Usually, no. But if I don’t get information I need, I might not be able to do my work.

How long will I keep personal information?

I keep information I obtain doing client work for 7 years after the work is finished.
I keep copies of information about the identity of clients and client personnel for 5 years after completion of the transaction or end of the business relationship, whichever is later.
I will keep your contact details and some details about the work I did for the rest of my career if I think I’ll need them to check conflicts in the future.
When appointed as arbitrator or other neutral, I usually keep information for 4 months after the proceedings end.
I keep accounting records for 7 years.
I will keep your contact details for as long as we remain in contact.

Do I guarantee that personal information will be secure?

No. I use appropriate technologies and procedures to help secure the confidentiality, integrity, and availability of information while I have it, and while I am sending it over the internet or in other ways. But no physical or electronic systems are entirely secure.

Your rights

You have rights concerning personal information about you that I handle. They include—

asking what personal information about you I handle
accessing it
asking me to correct it if it is incorrect
asking me to delete it
objecting to how I handle it, for example on the basis that your rights override the legitimate interests in handling it
asking me to send a soft copy to someone else.

These rights do not always apply. For example, I might hold personal information that is protected by my or my clients’ legal privileges or confidentiality rights or duties. Your rights are explained further here. If you want to exercise them, please contact me here.

In the EU, you also have the right to make a complaint to the data protection authority where you live or work or where you believe an infringement of the GDPR occurred. Details for the Irish Data Protection Commission are here.