This privacy notice relates to the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (GDPR).
As our client you are advised to read the following information carefully. This privacy notice is addressed to individuals whose personal data we (our barristers) process, and it contains information about the data we collect, record, store and use; the reasons for this processing; who we may share this data with; the security mechanisms we have put in place to protect them; and how to contact us in the event you need further information.
1. Who we are?
1.1We, collect, record, store, use and are responsible for personal information about you.
1.2When we do this by automated means or a filing system and, jointly with others, determine the purposes and means of the processing, we are a “data controller” of this information for the purposes of the DPA and the GDPR.
1.3This privacy notice relates to processing carried out by us as a data controller.
1.4If you need to contact us about your data, or the processing we carry out, you can use the contact details at the end of this privacy notice.
2. What do we do with your information?
2.1Information collected from you will be used to provide legal services, advice or references.
This data may also be used for the operation and management of our chambers, recruitment and supervision of clerks and staff, mentoring and recruitment of its mini-pupils, pupils and members and the delivery of our marketing and training programmes. We may collect personal information in the following categories from you:
2.1.1biographical information;
2.1.2biometric data;
2.1.3criminal convictions, disposals, offences, proceedings and sentences and related security measures;
2.1.4education, training and employment details;
2.1.5family details;
2.1.6financial details;
2.1.7genetic data;
2.1.8goods and services;
2.1.9lifestyle and social circumstances;
2.1.10other personal data relevant to instructions to provide legal services, including data specific to the case or instructions in question;
2.1.11personal details;
2.1.12physical or mental health details;
2.1.13political opinions;
2.1.14racial or ethnic origin;
2.1.15relationships;
2.1.16religious, philosophical or other beliefs;
2.1.17trade union membership; and
2.1.18sex life or sexual orientation.
2.2 Information collected from other sources
We may also collect information in the same categories from third parties, such as:
2.2.1clerks, members, mini-pupils, pupils and staff in/of our and other chambers;
2.2.2current, past or prospective employers or referees;
2.2.3education and examining bodies;
2.2.4government departments and other public authorities, including investigators,
2.2.5ombudsmen, prosecutors and regulators;
2.2.6lay and professional clients and their staff;
2.2.7members of the public;
2.2.8other legal professionals or experts;
2.2.9publicly accessible sources of information, including databases, law reports,
2.2.10records and registers and the mainstream and social media;
2.2.11the intended recipient, where you have asked us to provide a reference;
2.2.12the members and staff of courts, tribunals and inquiries;
2.2.13professional advisers, associations and trade bodies, e.g. Bar Associations, the Bar Council or the Inns of Court;
2.2.14witnesses; and
2.2.15your associates, family and friends.
2.3 Purposes
We may record, store and use your personal information for the following purposes:
2.3.1as permitted or required by law and by our professional obligations, including under the Bar Standards Board Handbook and Code of Conduct;
2.3.2to carry out anti-money laundering and terrorist financing checks;
2.3.3to check for actual or potential conflicts of interest in connection with actual or potential cases or instructions;
2.3.4to keep accounting and professional records and carry out office administration;
2.3.5to participate in the operation and management of our chambers,
2.3.6the assessment, recruitment and supervision of clerks and staff, mentoring and recruitment of mini-pupils, pupils and members and the delivery of marketing and training programmes;
2.3.7to participate in the operation and management of professional associations and trade bodies, e.g. Bar Associations, the Bar Council or the Inns of Court (in such circumstances, we may be acting as a data processor on behalf of the body in question);
2.3.8to promote or market our services;
2.3.9to provide legal services to our clients, including taking instructions and providing legal advice and representation in arbitrations, courts, inquiries, mediations and tribunals;
2.3.10to publish judgments or decisions of courts or tribunals;
2.3.11to respond to potential complaints or make complaints;
2.3.12to respond to subject access requests;
2.3.13to take or defend actual or potential legal or regulatory proceedings or to exercise a lien;
2.3.14to train other barristers, mini-pupils and pupils and when providing work experience or work shadowing opportunities;
2.3.15to train students and qualified or trainee legal professionals or experts using personal information which is already in the public domain;
2.3.16to respond to requests for references; and
2.3.17when procuring goods and services.
2.4 Where information has to be provided by you, and why
If we have been instructed by you or on your behalf, if you have asked for a reference or if you have applied to be or are a clerk, member, mini-pupil, pupil or staff member in/of our chambers, your personal information may have to be provided, to enable us to:
2.4.1provide you with legal services or a reference;
2.4.2participate in the operation and management of our chambers, the assessment, recruitment and supervision of our clerks and staff, the assessment, mentoring and recruitment of our mini-pupils, pupils and members and the delivery of our marketing and training programmes;
2.4.3comply with our legal or professional obligations; and
2.4.4keep accounting records.
2.5 The legal basis for processing your personal information
We rely on the following as the lawful basis on which we collect, record, store and use your personal information:
2.5.1If you have consented to the processing, then we may carry it out for the purposes set out above to the extent to which you have consented to us doing so.
2.5.2If you are a client, the processing may be necessary for the performance of a contract for legal services or in order to take steps at your request prior to entering into a contract.
2.5.3We rely on our legitimate interests and/or the legitimate interests of third parties in carrying out the processing for the purposes set out above as a provider of legal services and references and when participating in:
2.5.3.1the operation and management of our chambers, the assessment, recruitment and supervision of our clerks and staff, the assessment, mentoring and recruitment of our mini-pupils, pupils and members and the delivery of our marketing and training programmes; and
2.5.3.2the operation and management of professional associations and trade bodies, e.g. Bar Associations, the Bar Council or the Inns of Court.
2.5.4In certain circumstances, the processing may be necessary for the performance of a task in the public interest, e.g. if we are assisting a pro bono organisation.
2.5.5In certain circumstances, the processing may be necessary in order that we can comply with our legal or professional obligations, including accounting to HM Revenue and Customs, carrying out anti-money laundering or terrorist financing checks, checking for actual or potential conflicts of interest and complying with common law duties of care and other legal or professional obligations and subject access requests.
2.5.6The processing may also be necessary when publishing judgments or decisions of courts or tribunals.
2.5.7In relation to information which is in categories (2)-(3), (7), (12)-(14) or (16)-(18) at para.2.1 above, which are considered particularly sensitive:
2.5.7.1We rely on your consent for any processing for the purposes set out in Section 2.3 Purposes above. If you do not consent to any of these, we will be unable to take your case or instructions or provide legal support, guidance or a reference. This is because we need to be able to retain material about your case until there is no prospect of a complaint, fee dispute, legal or regulatory proceedings or subject access request being made and to provide an informed and complete reference.
2.5.7.2We are further entitled to process such information in accordance with data protection, legislative or legal requirements where this is necessary for legal proceedings, legal advice, or otherwise for establishing, exercising or defending legal rights or where it has been manifestly made public by you or for reasons of substantial public interest connected with the administration of justice.
2.6 With whom may we share your personal information?
Some of the information we collect as set out above, will be protected by legal professional privilege unless and until it becomes public in the course of any proceedings or otherwise. We also have an obligation to keep personal information confidential and private, except where it otherwise becomes public, or its publication or disclosure is necessary as part of the case or proceedings. It may be necessary to share your information with the following:
2.6.1clerks, members, mini-pupils, pupils and staff in/of our and other chambers;
2.6.2current, past or prospective employers or referees;
2.6.3education and examining bodies;
2.6.4the general public in relation to the publication of judgments or decisions of courts or tribunals;
2.6.5government departments and other public authorities, including investigators,
2.6.6ombudsmen, prosecutors and regulators;
2.6.7in the event of complaints, our head of chambers, other members of these chambers who deal with complaints, our clerks and chambers director, the Bar Standards Board and the Legal Ombudsman;
2.6.8in the event of legal proceedings, our head of chambers, our clerks and chambers director, our insurers and our own legal advisers;
2.6.9IT support staff, email providers and data storage providers;
2.6.10lay and professional clients and their staff;
2.6.11other legal professionals or experts;
2.6.12the intended recipient, where you have asked us to provide a reference;
2.6.13the members and staff of courts, tribunals and inquiries;
2.6.14professional advisers, associations and trade bodies, e.g. Bar Associations, the Bar Council or the Inns of Court;
2.6.15witnesses; and
2.6.16your associates, family and friends or those of our clients.
We may be required to provide your information to regulators such as the Bar Standards Board, the Legal Ombudsman, the Financial Conduct Authority or the Information Commissioner’s Office.
In the case of the latter, there is a risk that your information may lawfully be disclosed by that Office for the purpose of other civil or criminal proceedings, without our consent or yours, which includes privileged information.
We may also be required to disclose your information to the police or intelligence services in accordance with our legal or professional obligations.
2.7 Transfer of your information outside the European Economic Area (EEA)
This privacy notice is of general application and as such it is not possible to state whether it will be necessary to transfer your information out of the EEA in any particular case or for a reference.
However, if you reside outside the EEA or your case or the role for which you require a reference involves persons or organisations or courts or tribunals outside the EEA, then it may be necessary to transfer some of your personal information to that country outside of the EEA for that purpose.
If you are in a country outside the EEA or if the instructions you provide come from outside the EEA, then it is inevitable that information will be transferred to those countries. If this applies to you and you wish additional precautions to be taken in respect of your information, please indicate this when providing initial instructions. Some countries and organisations outside the EEA have been assessed by the European Commission and their data protection laws and procedures have been found to provide adequate protection. If your information has to be transferred outside the EEA, then it may not have the same protections and you may not have the same rights as you would within the EEA.
If we decide to publish a judgment or decision of a court or tribunal containing your information, then this will be published to the world. We will not otherwise transfer personal information outside the EEA except as necessary for providing legal services or for any legal proceedings.
2.8 Security measures
2.8.1Publication of details about our security arrangements would risk their compromise, but our accounts, equipment, premises and records are all backed-up, encrypted, locked, password-protected, secured and/or subject to anti-virus and firewall protection as appropriate and having regard to Bar Council guidance on IT issues.
2.8.2Furthermore, where our chambers act as a data processor we do so in line with the DPA & GDPR-compliant constitutional, contractual, technical and organisational arrangements, policies and procedures and subject to guarantees and obligations of confidentiality. We also use chambers’ IT systems, including email servers, fee, diary, practice-management and record-keeping software, internet and intranet, network and other shared drives and servers.
3. What is our retention policy with respect to your personal data?
3.1cWe may store your information for up to seven years from either the date of the last item of work carried out by us on the case; the date on which time for any further appeal expired; the date of the last payment received by us; or the date on which all outstanding payments are written off.
3.2Further retention is likely to occur where: a longer limitation period applies; the case involved an order which remains effective, contains an injunction or undertakings to the court and is subject to a penal notice; or connected complaint, legal or regulatory proceedings are active or in prospect. In such circumstances, we will carry out as much minimisation as is practicable and set a date for a further review on a case-by-case basis.
3.3Deletion / destruction / minimisation will be carried out (without further notice) as soon as reasonably practicable after the information is marked for this to done.
3.4We will store some of your information which we need to carry out conflict checks for. However, this is likely to be limited to your name and contact details, solicitors and outline information relating to the case or instruction. This will not include any information within categories at para. 2.1 above. Information related to anti-money laundering checks will be retained until five years after the completion of the transaction or the end of the business relationship, whichever is the later.
3.5Reasons for retaining documents/information beyond the end of a case include:
3.5.1cCase documents may be relevant to an appeal out of time (especially in criminal cases).
3.5.2Anonymised case documents can be used as precedents.
3.5.3Case documents may contain the results of research into the law, which may be relevant to a current case. These should be anonymised once no longer required.
3.5.4Instructions, facts or expert opinions in a previous case may be relevant to a current case. These should be anonymised once no longer required.
3.5.5Correspondence or instructions contain contact details which may be useful. These will be saved to a list of contacts e.g. in Outlook
3.5.6Information from case documents or records may be important when carrying out a conflict search. It will not usually be necessary to retain substantial numbers of case files for this purpose, and you may find that it is sufficient for the necessary information to be retained on the Chambers’ system, for those who normally carry out these searches.
3.5.7Case documents must be retained in the event that a complaint is made against a barrister, or a barrister makes a claim against their insurers or solicitors. The limitation period for such claims should provide guidance as to the appropriate period of retention. You could seek guidance from your insurer as to their requirements for your document retention.
3.5.8An extended retention period may be required where clients are minors, lack capacity or, in criminal cases, during the defendant’s custody.
3.5.9Correspondence, such as emails should be deleted when no longer required. If possible, it may be advisable to send emails that do not contain substantive advice in the body of the email and provide advice as attachments which can then be saved with your case files.
4. Consent
4.1We are relying on your consent to process your information as set out above. You provided this consent when you agreed that we would provide legal services, you asked us to provide a reference, or you applied to be or became a clerk, member, mini-pupil, pupil or staff member in/of our chambers.
4.2You have the right to withdraw this consent at any time, but this will not affect the lawfulness of any processing activity we have carried out prior to you doing so. Furthermore, where we also rely on other legal bases for processing your information, or there is a statutory requirement you may not be able to prevent us doing so.
5. Your rights
5.1Under the DPA and the GDPR, you have a number of rights that you can exercise free of charge in certain circumstances. In summary, and subject to certain legislative exemptions and restrictions, you may have the right to:
5.1.1ask for access to your personal information and other supplementary information;
5.1.2ask for correction of mistakes in your data or to complete missing information;
5.1.3ask for your personal information to be erased;
5.1.4receive a copy of the personal information you have provided to us or have this information sent to a third party in a structured, commonly used and machine-readable format;
5.1.5object at any time to processing of your personal information for direct marketing;
5.1.6object in certain circumstances to the continued processing of your personal information;
5.1.7restrict our processing of your personal information;
5.1.8ask not to be the subject of automated decision-making which produces legal effects that concern you or affect you in a significant way.
If you want more information about your rights under the DPA & GDPR, please see the Information Commissioner’s guidance.
5.2If you want to exercise any of the above rights, please:
5.2.1use the contact details at the end of this privacy notice;
5.2.2provide proof of your identity and address;
5.2.3provide a contact address;
5.2.4state the right(s) you wish to exercise.
5.3We may need to ask you to provide other information so that you can be identified and will respond within one month from receipt of your request.
6. How to make a complaint
6.1The DPA & GDPR also gives you the right to lodge a complaint with the Information Commissioner’s Office if you are in the UK, or with the supervisory authority of the Member State where you work, normally live or where the alleged infringement of data protection laws occurred.
6.2The Information Commissioner’s Office can be contacted at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow, SK9 5AF
www.ico.org.uk
Tel: 0303 123 113
7. Future Processing
7.1We do not intend to process your personal information except for the reasons stated within this privacy notice. If these reasons change, this privacy notice will be amended and placed on our chamber’s website.
8. Video Conferencing
8.1We are the Data Controller responsible for the personal information you may provide when using video conferencing technology, such as Zoom.
8.2Why we need your personal data.
8.2.1When using video conferencing technology staff and members may use either their chambers-provided devices when in chambers or a personal device when working from home.
8.2.2When using video conferencing technology staff and members may use either their chambers provided devices when in chambers or a personal device when working from home.
8.2.3When using video conferencing technology staff and members may use either their chambers provided devices when in chambers or a personal device when working from home.
8.3The lawful basis for processing is under GDPR, where special category data is discussed, this is processed in particular with regard to the health of staff affected by the Coronavirus under Article 9.2(b) Employment, social security and social protection and/or Article 9.2(g) Reasons of substantial public interest (Contingencies Act 2004).
8.4Your data will be used during the use of the Video Conferencing facility and users are requested not to record meetings.
8.5The meeting organiser should monitor to ensure only invited attendees join the meeting and use the password facility where available to prohibit access by others.
8.6Our video conferencing application does not monitor meetings or store them after the meeting ends unless they are requested to record and store them by the meeting host. If there were a need to record a meeting, this would be alerted to the participants via both audio and video when joining the meeting and participants have the option to leave the meeting.
8.7The Video Conferencing facility may record names and emails for login and IP addresses, but there is no need to retain this data and the users are requested to delete this following use.
8.8We will not disclose your personal information to third parties for marketing or sales purposes or for any commercial use, and we will not use your personal data in a way which may cause you harm.
8.9Zoom’s privacy policy confirms that they “only collect the user data that is required to provide Zoom services. This includes technical and operational support and service improvement. For example, we collect information such as a user’s IP address and OS and device details to deliver the best possible Zoom experience to you regardless of how and from where you join”.
8.10They also state that they “do not use data we obtain from your use of our services, including your meetings, for any advertising. We do use data we obtain from you when you visit our marketing websites, such as zoom.us and zoom.com. You have control over your own cookie settings when visiting our marketing websites”.
8.11The user also has the ability to delete any data (such as names and emails for login and IP addresses) after meetings have concluded and at the end of the use of the application. Zoom has stated that; any data stored on US servers is minimal and relates only to the users of the application.
8.12Recordings will be kept for no more than six months.
8.13You have the right to access your data and correct any inaccuracies. For further details of your rights please contact the Data Protection Officer or go to our website for a more detailed explanation.
9. Mimecast Email Archive
9.1Chambers use MimeCast to provide business continuity to the mail system in the event of a serious incident or event. Mimecast also provides email filtering and protection from malicious emails and content sent to chambers and its members.
9.2Mimecast has a default archive retention period of ten years for all emails received. This retention period is currently under review and may change without notice.
9.3All data held in Mimecast is in line with our security best practices and is compliant with GDPR and the Data Protection Act and does not affect your rights.
10. Exemptions
We may rely on the following exemptions under the DPA when processing your information:
10.1Crime and Taxation
10.2Required by law or in connection with legal proceedings
10.3Legal professional privilege
10.4Self incrimination
10.5Disclosure prohibited or restricted by enactment
10.6Immigration
10.7Function designed to protect the public
10.8Audit functions
10.9Bank of England functions
10.10Regulatory functions relating to legal services, the health and children’s services
10.11Parliamentary privilege
10.12Judicial appointments, independence and proceedings
10.13Crown honours, dignities and appointments
10.14Journalism, academia, art and literature
10.15Research and statistics
10.16Health data - processed by a court
10.17Social work data - processed by a court
11. Changes to this privacy notice
11.1This privacy notice was updated on 18 January 2023.
11.2We continually review our privacy practices and may change this policy from time to time.
12. Contact details
If you have any questions about this privacy notice or the information we hold about you, please contact the Clerks.
Our contact details:
Address:
The Chambers of David Josse KC
5 St Andrew’s Hill
London
EC4V 5BZ
Email: dscothern@5sah.co.uk