Data Controller: Outer Temple Chambers Limited, The Outer Temple First Floor, 222 Strand, London WC2R 1BA
Data Protection Manager: HR Manager, firstname.lastname@example.org
“Personal data” is information relating to you as a living, identifiable individual. Outer Temple Chambers Limited will process your personal data in accordance with applicable data protection and privacy laws including the Data Protection Act 2018 and the UK GDPR.
Outer Temple Chambers is a set of barristers’ chambers. Most practitioners associated with this set of chambers are self employed individuals. Outer Temple Chambers is not a firm and its practitioners are not partners of employees of it.
Outer Temple Chambers Limited is the vehicle responsible for providing management and administrative support functions on behalf of the practitioners at Outer Temple Chambers.
This policy relates to the processing of personal data by Outer Temple Chambers Limited. We are a data controller for this information. This means that we are responsible for how we hold and use personal data about you.
It does not apply to any data collected by barristers actively practising from Outer Temple Chambers providing professional services such as legal advice or representation, ADR services, expert services, consultancy services or acting in a judicial or quasi-judicial capacity. In those circumstances the barristers are individual data controllers for the personal data they hold and process. Each has their own privacy notice which is available from them on request.
This policy covers:
We will at all times comply with the data protection principles set out in the UK GDPR and Data Protection Act 2018 (which includes not only electronic data, but also personal data held in paper format in filing systems). We will ensure that your personal data is:
In addition, the principle of accountability means that we, as data controller, are responsible for and must be able to demonstrate compliance with these principles.
For these purposes, personal data means any information about an individual from which that individual is capable of being identified. It does not include data where the identity has been removed (anonymised data). There are ‘special categories’ of sensitive personal data which require a higher level of protection and which are referred to below.
Suppliers and Service Providers
Direct Access Clients
Visitors to our Premises
This information may either be directly provided by you or, in the case of service providers or suppliers, the legal entity for whom you work, colleagues, referees, trade bodies or associations and/or your organisation’s website.
We will keep your personal data secure at all times. Your information may be stored in different places including a paper based filing system and IT systems including our hosted desktop, diary management and email systems.
We operate various security measures in order to prevent loss of, or unauthorised access to, your personal data. In order to ensure this, we restrict access to your personal data to those with a genuine business need to access it, and we have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Personal data that is processed by us will not be retained for any longer than is necessary for that processing, or for purposes relating to or arising from that processing (including any legal, accounting regulatory and reporting requirements) and in line with our Data Retention Policy which is available on request. This policy is reviewed periodically and the periods for storage specified in it may alter depending on the requirements of law and regulation, best practice and insurance.
Please note, however, that different periods for keeping your personal data may apply depending upon the type of data being retained and the purpose of its retention.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
The UK GDPR requires all organisations that process personal data to have a lawful basis for doing so. The lawful bases identified in the UK GDPR are:
We will primarily use your personal information:
We may need to process your personal data in order to ensure that we are able to protect your interests (or those of someone else) and where it is needed in the public interest, for instance in relation to COVID 19 track and trace. In other cases, we have a legitimate interest in processing your personal data. This might include:
There may also be instances where we need to obtain and process data in order to satisfy legal requirements placed upon us including record keeping, administration and regulatory activities.
On occasion we may rely upon your consent particularly in relation to our marketing activity. At all times you retain the right to withdraw your consent. Where we have relied upon your consent and you opt to withdraw it this does not invalidate our lawful basis for processing data historically.
Certain personal data is subject to additional safeguards under data protection legislation. Such information includes details of:
It may be necessary for us to process some sensitive personal data in order to comply with legal or regulatory obligations (including making reasonable adjustments for visitors with disabilities), or if we need to do so in order to seek confidential legal advice, or establish or defend legal claims.
Otherwise, we will only process your sensitive personal data with your explicit consent. If you voluntarily send us your sensitive personal data, we shall treat that as your explicit consent for us to hold that data, which otherwise shall only be processed in accordance with this policy.
We confirm that your personal data will only be used for the purposes for which it was collected, except in those circumstances where we reasonably consider that it needs to be used for another reason, and that reason is compatible with the original purpose. Should we need to use your personal data for an unrelated purpose, we will notify you, and we will explain the legal basis which allows us to do so.
Note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We will use your details to provide you with information about our work, activities and matters such as invitations to events and seminars that we think you will find of interest. From time to time we may invite you to events that we run jointly with other organisations. If you register for such an event then we may share your contact details with that organisation.
We may also send you questionnaires or surveys about issues that we think are of interest to clients, or for research purposes. We may also occasionally telephone you to discuss these matters.
We do not otherwise share your data for marketing purposes.
You may opt out of marketing communications at any time by contacting our Marketing & Client Care Director (email@example.com) or you can use the unsubscribe function or opt out in the communication you receive.
If you decide not to supply personal data that we have requested and as a result we are unable to comply with our professional, legal or regulatory obligations, then we may not be able to facilitate acting for you or enter into a relevant contract with you.
Your personal data may be seen or used by our staff in the course of their duties or others working lawfully with us in the ordinary course of our business (for example agency staff and those working for us on a consultancy basis). In the case of prospective clients your personal data will additionally be shared with relevant barristers prior to its allocation to a named person.
We may need to share your data with relevant third parties (for example other professional advisers, agencies responsible for the detection of crime and fraud and auditors) in order to fulfil our legal and professional obligations, or to undertake searches about you, or where you ask us to share your data. In the event of a complaint we may need to share your information with the members of Outer Temple Chambers involved in the administration of complaints, the Bar Standards Board and the Legal Ombudsman.
We may also outsource some of our support services or engage consultants and others to support us (for example finance, business administration, marketing, courier, translation, transcribing or IT services). In these cases relevant personal data would be provided to and processed by the provider of such services, in accordance with the terms of our contract with them and to the extent appropriate for the performance of that contract.
We might need to share your personal information in order to obtain necessary confidential legal advice or to comply with our insurance, legal or regulatory obligations. For example, we may have to provide some or all of the information to our insurers, legal advisors, public authorities such as HMRC, or to a court/tribunal.
We do not expect to transfer your personal information outside the UK. If we do we will ensure the relevant safeguarding measures are in place.
Data protection legislation gives you various rights in relation to your personal data that we hold and process. These rights are subject to specific time limits in terms of how quickly we must respond to you. The rights which data subjects have are, in the main, set out in Articles 12–23 of the UK GDPR. They are as follows:
Right of access – this is usually known as making a data subject access request. It enables you to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to that personal data and various other information, including the purpose for the processing, with whom the data is shared, how long the data will be retained, and the existence of various other rights (see below).
Right to rectification – this enables you to have any inaccurate or incomplete personal information we hold about you corrected.
Right to erasure – sometimes referred to as the right to be forgotten, this is the right for you to request that, in certain circumstances, we delete data relating to you.
Right to restrict processing – the right to request that, in certain circumstances, we restrict the processing of your data.
Right to data portability – the right, in certain circumstances, to receive that personal data which you have provided to us, in a structured, commonly used and machine-readable format, and a right to have that personal data transmitted to another controller.
Right to object – the right, in certain circumstances, to object to personal data being processed by us where it is in relation to direct marketing, or in relation to processing where we are relying on the legitimate interests of the business as our legal basis for doing so.
Right not to be subject to automated decision making – the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you. We do not envisage that any decisions will be taken about you based solely on automated decision making, including profiling.
Full details of these rights can be found in the UK GDPR or by reference to guidance produced by the Information Commissioner’s Office.
In the event that you wish to exercise any of these rights please contact the Data Protection Manager. Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them. We may need to request specific information from you in order to verify your identity and check your right to access the personal data or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent please contact the Data Protection Manager. Once we have received notification that you have withdrawn your consent we will no longer process your personal information for the purpose you originally agreed to.
If you have any queries as to the acquisition, use, storage or disposal of any personal data relating to you please contact the Data Protection Manager (Asia Gibbs).
Despite our best efforts, inevitably sometimes things do go wrong. If you are unhappy with any aspect of the use and/or protection of your personal data, you have the right to make a complaint to the Information Commissioner’s Office, who may be contacted in writing at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; by telephone on 0303 123 1113; by fax on 01625 524510; or online at www.ico.org.uk.
If you would like this policy to be supplied to you in another format (for example audio, large print, braille) please contact the Data Protection Manager.