This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

CLOSE

Privacy Notice

Privacy Notice for the Chambers of Christopher Hancock QC and Duncan Matthews QC

Summary

  • All the barristers and arbitrators at 20 Essex Street are independent practitioners who share the costs of offices and administration, but not profits or liabilities. Each barrister and arbitrator is a separate data controller, and is separately responsible for his or her own compliance with data protection law.
  • We collect, store, use and otherwise process personal data to carry out business administration including marketing.
  • The personal data we process is about people who engage or appoint our members or make enquiries about their professional services, people involved in legal matters, visitors to chambers, present, past and prospective pupils, assistants, staff and members of chambers, suppliers, lawyers, judges, arbitrators and court and arbitral institution employees, and tribunal secretaries.
  • Where necessary for professional reasons or because we are legally required to do so, we share personal data with others including regulators, courts, tribunals, arbitrators, arbitral institutions, and for the administration of our members’ professional practices.
  • We will not keep personal data longer than we think is necessary.
  • Using secure means we transfer personal data outside the EU to chambers’ staff who work in chambers’ office in Singapore, to other members of chambers in various countries, and to encrypted storage in Switzerland.
  • For the processing of data relating to chambers’ administration generally, the decisions about why and how to process personal data are made by the Heads of Chambers, who are “data controllers” for the purposes of the Data Protection Act 2018 and the General Data Protection Regulation (usually known as the GDPR). Because of the way barristers’ chambers like ours operate, other people in chambers may also be data controllers for the same data.
  • Each member of chambers has his or her own Privacy Notice in addition to this one which describes how that member processes personal data (including in relation to legal cases). You can find a link on each member’s personal page on our website (or you can ask us for a copy).
  • You have several rights relating to our processing of your personal data. Depending on the circumstances, these include the right to know how we are processing it, the right to have it erased and the right to complain to the Information Commissioner.

Our contact details

If you have any questions about this privacy notice or the data we hold about you, please get in touch.

The best way to contact us is to write to our Director of Administration and Finance:

Mr Dan Clark,
20 Essex Street,
London,
England,
WC2R 3AL.

The telephone number is +44 (207) 842 1200, and the email address is dclark@20essexst.com. Please include “Data Protection” in the subject line of your email.

How our Chambers works

As is usual for barristers’ chambers, the members of our chambers at 20 Essex Street have no collective legal identity. All the barristers and arbitrators here are independent practitioners who share the costs of offices and administration, but not profits or liabilities. Each barrister and arbitrator is a separate data controller, and is separately responsible for his or her own compliance with data protection law.

Facilities such as practice management software, document reproduction, internet and communications, are provided by our Heads of Chambers for the benefit of all of us. This means that the Heads of Chambers are “data processors” for us in relation to those facilities. The Heads of Chambers are also the employers of our clerks and staff, and are data controllers in respect of personal data relating to chambers’ general administration, such as staff employment, tenancy and pupillage applications, relationships with suppliers, general marketing activities and monitoring for equality and diversity and work allocation.

Because we all participate in the management of chambers as a whole, each member may also (depending on the particular data in question) be a joint data controller with other members in chambers. But even where this is the case, each remains responsible for his or her own compliance with data protection law and any relevant obligations of confidentiality.

Our members have data processing agreements and joint data controller arrangements in place between them to ensure your rights are protected.

Each member of chambers has their own Privacy Notice in addition to this one, which describes how that member processes personal data (including in relation to legal cases). You can find a link on each member’s personal page on our website [https://www.20essexst.com](or you can ask us for a copy).

Please ask if you want further details.

 

Your Rights

You have a number of rights that you can exercise free of charge and on request in certain circumstances. But if your requests are obviously unfounded or excessive, we reserve the right to charge a reasonable fee or to refuse to act on them.

In summary, depending on the circumstances, you have the right:

  • to be informed about the collection and use of your personal data
  • to access your personal data and supplementary information
  • to have inaccurate personal data corrected, or completed (if it is incomplete)
  • to have your personal data erased
  • to restrict our processing of your personal data
  • to receive a copy of any personal data you have provided to us, in a machine-readable format, or have this information sent to a third party
  • to object at any time to processing of your personal data for direct marketing purposes
  • to object in certain other situations to the continued processing of your personal data

For more information on these rights and when you can exercise them, see the Information Commissioner’s Guide [https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/].

If you want to exercise any of these rights, please let us know by using the contact details above. If you want us to reply, or to send you anything, you must give us your contact details as well. We may need to ask you to verify your identity.

We will respond to you within one month from when we receive your request, unless the complexity and number of requests we receive means that we need more time. If we need more time (up to two further months) we will tell you why within the first month.

How to make a complaint

You also have the right to lodge a complaint with the Information Commissioner’s Office if you are in the UK, or with the supervisory authority of the European Member State where you work, normally live or where the alleged infringement of data protection laws occurred. The Information Commissioner’s Office can be contacted here [http://ico.org.uk/concerns/].

How we use personal data

Our particular reasons and justifications for processing your personal data depend on our relationship.

If you are a past, present or potential future pupil, mini-pupil or work experience student, member of or employee at our chambers

What we process and why

We will use the information you provide during the recruitment process to progress your application with a view to offering you a pupillage, mini-pupillage, work experience or tenancy contract, or to fulfil legal or regulatory employment requirements if necessary. We will also use your personal data to pay you and provide you with employment benefits, to keep employment records, to monitor and assess your performance and progression, and to provide you with a reference if required.

We will process:

  • your name and contact details (address, phone number and email address)
  • ID document information (document numbers, photograph) and visa document information
  • your professional, academic and educational qualifications and institutions attended
  • your training and previous experience and employment details
  • if you are a lawyer, details of your practice to date
  • your tax reference/NI number/PAYE and payroll details
  • previous references
  • correspondence involving or concerning you
  • your bank details, to process salary or other payments to you
  • your emergency contact details—so we know who to contact in case you have an emergency at work

The information we ask for at the recruitment stage is used to keep you informed about the progress of your application and to assess your suitability for the position you have applied for. You don’t have to provide it for but it may affect your application if you don’t.

You will also be asked to provide equal opportunities information so that we can produce and monitor equal opportunities statistics. This is not mandatory—if you don’t provide it, it won’t affect your application, contract or membership. We won’t make the information available to anyone apart from those members of chambers and staff involved in the monitoring of equal opportunities.

The legal basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract.

The legal basis we rely on to process any information which is special category data, such as health, religious, ethnic or sexual orientation information (for example if you would like us to make adjustments to accommodate you) is article 9(2)(b) of the GDPR, which relates to our obligations in employment and the safeguarding of your fundamental rights, and article 9(2)(h) for assessing your work capacity as an employee. We also rely on Schedule 1 part 1 paragraphs 1, 2(a) and 2(b) of the Data Protection Act 2018 which relates to processing for employment, the assessment of your working capacity and preventative or occupational medicine.

If you are a member of chambers or pupil and you leave chambers, we will keep your name and contact details to stay in touch with you, but only if you agree. The legal basis we rely on for processing that personal data is article 6(1)(a) of the GDPR, which relates to processing you have consented to.

Where we get this data from

We will get this information from you or, from members of our chambers involved in recruitment, from recruitment agencies, from the Bar Standards Board and Bar Council, and in the case of pupillage applications, from the Bar Council’s Pupillage Gateway. If you nominate referees, we will get information about you from them.

How long we store your personal data for

If your application is unsuccessful, we will retain your data for one year from the date a decision is communicated to you. If your application is successful, we will retain your personal information during your employment, contract or membership and for two years afterwards. If you are a former member or pupil, we will keep your name and contact details for as long as you agree.

If you are a visitor to Chambers or to a Chambers event

We keep records of who you are, when you visit, and who you are visiting. We will record and keep that information for one month and then destroy it.

We also operate a CCTV system in our buildings which will record your image, and a security access system which retains your details for 14 days.

We may keep all of that information, and share it with the police and our insurers if it is necessary to do so for the purposes of an ongoing criminal or insurance investigation.

We process this information for security and safety reasons. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

If your name or image reveals personal data concerning your racial or ethnic origin or your religious or philosophical beliefs, we will process it for those same reasons. The legal bases we will rely on are articles 9(2)(e) and 9(2)(g) of the GDPR and Schedule 1 Part 2 paragraph 10 of the Data Protection Act 2018, to the extent they have manifestly been made public by you, and because it is necessary for reasons of the substantial public interest in the prevention or detection of an unlawful act.

We have Wi-Fi at chambers for the use of visitors. If you use it we record the device address, the name of your device and the IP address allocated to you. We retain that information whilst you are using the Wi-Fi, and for a short while longer (about 24 hours).

The purpose for processing this information is to provide you with access to the internet whilst visiting our site. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

If you use the Chambers' website or Chambers’ IT systems

We use cookies on our website which are necessary for the website to work properly.

A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

Some cookies will be deleted from your computer when you close your browser, but some will remain stored on your computer until deleted, or until they reach a specified expiry date.

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including ours.

For security reasons and to fulfil our legal obligations to ensure that the systems are adequately secured so that clients’ affairs can be kept confidential, we will record your IP address and details of the pages you have visited. We keep this information for up to one month, unless it is needed for the purposes of an ongoing security investigation.

The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

If you telephone or email Chambers

We need to keep details of phone calls or emails so that we can respond to them promptly and properly.

We will process:

  • your name
  • the name of your organisation
  • your position or job title
  • your telephone number or email address
  • any personal information you provide during the call or leave in a message, or provide in an email

The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

If you leave a voicemail for us, this will be deleted after we have listened to the message or automatically after 4 weeks.

Our voicemail system will also automatically send a copy of your voicemail message to us by email. This email will be deleted once we have dealt with it or automatically after 4 weeks.

If you do not fall into the other categories (for example if you supply us with goods or services)

In order to manage our relationship with you, manage our business, to buy products or services from you and to comply with our legal obligations to keep accounting and tax records, we will process:

  • your name and contact details
  • financial information (bank account number, sort-code, VAT details), which is only likely to be personal data if a non-corporate account is used
  • correspondence involving or concerning you

The legal bases we rely on for processing your personal data are article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract or to take steps at your request before entering a contract, and article 6(1)(f) of the GDPR because it is necessary for the purpose of our legitimate interests. To the extent that we need to keep data in records for tax or accounting purposes, our legal basis for processing this information is article 6(1)(c) of the GDPR because it is necessary for compliance with our legal obligations.

We will keep your information for so long as we think we might have a business relationship and for up to 7 years if it is necessary to do so for accounting or tax purposes.

Sharing your information

In chambers, we use some third party data processors such as IT service and support companies to help us provide our legal services. We have contracts in place with them which mean that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any other organisation. They will hold it securely and retain it for the period we instruct.

For the purposes of chambers’ administration, we share personal data with members of our chambers. Please see “How our chambers works” above.

If you apply for a position as a pupil, mini-pupil or work experience student, member or employee, we will share personal data with:

  • the intended recipient, where you have asked us to provide a reference
  • other members of chambers who are involved in the recruitment process and in monitoring for the purposes of equality and diversity
  • current, past or prospective employers

Transfer of your information outside the European Union

Our chambers has an office in Singapore. Some of the administrative staff are based there, and they have secure access to chambers’ administrative computer systems. Therefore, for the purposes of chambers administration, your name, contact details and (if you are a client or appointing party) billing details, and details concerning your case necessary for administrative purposes, will be transferred out of the EU to staff in Singapore.

Given the international nature of the work our members do, some of them work outside the EU. Any personal data which is transferred by or on behalf of any member of chambers to them or to any staff outside the EU for any of the purposes discussed in this privacy notice, is transferred subject to standard contract terms which have been approved by the European Commission. Those contract terms ensure that you have effective legal rights and remedies.

If you communicate with us and you are in a country outside the EU, or if for professional reasons we must contact someone in a country outside the EU, then we will have to transfer information which may include personal data to those countries. If this applies to you and you wish additional precautions to be taken in respect of your information please let us know. The same applies if we have to provide a reference for you to someone outside the EU.

The data protection laws and procedures of some countries and organisations outside the EU have been assessed by the European Commission and found to be adequate. The list can be found here [https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en]. Most have not been found to be adequate. If your data has to be transferred outside the EU to one of these countries, then it may not have the same protections and you may not have the same rights as you would within the EU.

So that we can access your data when we need to, and protect it in the case of corruption, we use a cloud storage and backup solution which is based in Switzerland (which is outside the EU). Switzerland does not have the same data protection laws as the EU but has been recognised by the European Commission as providing adequate protection.

If you would like any further information please let us know.

Marketing Communications

If you provide us with your name, contact details or professional interests, we may use them for the purposes of sending you marketing communications.

We will not send you any marketing communications by email unless you have consented or unless you have given us your details in the course of the sale or negotiations for the sale of our services to you, the marketing is in respect of similar services, and you have been given the opportunity to opt-out.

You will also be given another opportunity to opt-out in all marketing emails.

If you have consented to receive marketing communications by email, we rely upon that consent as the legal basis for processing your personal data for that purpose, under article 6(1)(a) of the GDPR.

Otherwise, the legal basis we rely on for the purposes of sending you marketing communications is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

If at any time you do not wish to receive marketing communications (whether by email or otherwise), please let us know and we’ll update our records immediately to reflect your wishes.

For the purposes of the marketing of members of chambers’ practices, we will share your details with members of chambers, but we will not share those details with any third parties for marketing purposes.

We will keep your name, contact details and details of you professional interests on our business development system for direct marketing purposes for two years after your last contact with chambers. At that point we will delete your details from that system.

 

Last updated:  June 2018

 

Contains public sector information from https://ico.org.uk licensed under the Open Government Licence v3.0 [[http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/]].