Privacy Policy

Privacy policy from Outer Temple Chambers.

Data Controller: Outer Temple Chambers Limited, The Outer Temple First Floor, 222 Strand, London WC2R 1BA

Data Protection Manager:  HR Manager, 

This privacy policy explains how Outer Temple Chambers Limited, The Outer Temple, 222 Strand, London WC2R 1BA will collect, use or otherwise process your personal data.

“Personal data” is information relating to you as a living, identifiable individual. Outer Temple Chambers Limited will process your personal data in accordance with applicable data protection and privacy laws including the Data Protection Act 2018 and the UK GDPR.

Who are we?

Outer Temple Chambers is a set of barristers’ chambers. Most practitioners associated with this set of chambers are self employed individuals. Outer Temple Chambers is not a firm and its practitioners are not partners of employees of it.

Outer Temple Chambers Limited is the vehicle responsible for providing management and administrative support functions on behalf of the practitioners at Outer Temple Chambers.


This policy relates to the processing of personal data by Outer Temple Chambers Limited. We are a data controller for this information. This means that we are responsible for how we hold and use personal data about you.

It does not apply to any data collected by barristers actively practising from Outer Temple Chambers providing professional services such as legal advice or representation, ADR services, expert services, consultancy services or acting in a judicial or quasi-judicial capacity. In those circumstances the barristers are individual data controllers for the personal data they hold and process. Each has their own privacy notice which is available from them on request.

We have a Privacy Policy which applies to all prospective employees, members, pupils, door tenants, associates, consultants, apprentices, volunteers and contractors.

We also have policies covering Website Use and Cookies.

Existing employees, members, pupils, door tenants, associates, consultants, apprentices volunteers and contractors should contact the HR & Regulatory Manager for a copy of the privacy policy relevant to them.

This policy covers:

  • our suppliers and service providers who are natural persons (such as self-employed persons);
  • the representatives or contact persons of our suppliers and service providers who are legal entities;
  • those individuals whose case has been sent to us but has not yet been allocated to a specific barrister (direct access clients);
  • professional clients (for example instructing solicitors); and
  • visitors to our offices.

Please make sure that you read this policy together with any other related information or policies/notices that we may provide to you from time to time so that you know how and why we are using such information. If you have any questions about this privacy policy, or how we handle your personal information, please contact the Data Protection Manager.

Data protection principles

We will at all times comply with the data protection principles set out in the UK GDPR and Data Protection Act 2018 (which includes not only electronic data, but also personal data held in paper format in filing systems). We will ensure that your personal data is:

  • processed lawfully, fairly and in a transparent manner;
  • collected for specified and legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • accurate and kept up to date;
  • kept in a form which permits your identification for no longer than is necessary for those purposes; and
  • processed in a way which ensures appropriate security of data.

In addition, the principle of accountability means that we, as data controller, are responsible for and must be able to demonstrate compliance with these principles.

For these purposes, personal data means any information about an individual from which that individual is capable of being identified. It does not include data where the identity has been removed (anonymised data). There are ‘special categories’ of sensitive personal data which require a higher level of protection and which are referred to below.

What types of personal data do we collect about you?

Suppliers and Service Providers

  • Contact information (name, postal address, email, fixed and/or mobile phone number);
  • Your title and position within the organisation;
  • For natural persons acting as suppliers or service providers, financial information such as your bank details;
  • Details of any relevant qualifications, trade membership/associations and quality standards;
  • References from previous clients/customers.

Direct Access Clients

  • Contact information (title, name, postal address, email, fixed and/or mobile phone number);
  • Sufficient information specific to your case to enable us to allocate it to an appropriate barrister.
  • Personal identification documents which may include photographic ID such as a driving licence or passport, evidence of address, date of birth, address history.

Professional Clients

  • Contact information (title, name, position in the organisation, postal address, email, fixed and/or mobile phone number).

Visitors to our Premises

  • Name;
  • Details of any disability which may affect your access to, exit from or use of our premises;
  • Contact telephone number and company name (if applicable). This information is taken specifically for track and trace purposes and is retained for one month.

How do we collect your personal data?

This information may either be directly provided by you or, in the case of service providers or suppliers, the legal entity for whom you work, colleagues, referees, trade bodies or associations and/or your organisation’s website.

How do we store your data?

We will keep your personal data secure at all times. Your information may be stored in different places including a paper based filing system and IT systems including our hosted desktop, diary management and email systems.

We operate various security measures in order to prevent loss of, or unauthorised access to, your personal data. In order to ensure this, we restrict access to your personal data to those with a genuine business need to access it, and we have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How long do we keep your personal information?

Personal data that is processed by us will not be retained for any longer than is necessary for that processing, or for purposes relating to or arising from that processing (including any legal, accounting regulatory and reporting requirements) and in line with our Data Retention Policy which is available on request. This policy is reviewed periodically and the periods for storage specified in it may alter depending on the requirements of law and regulation, best practice and insurance.

Please note, however, that different periods for keeping your personal data may apply depending upon the type of data being retained and the purpose of its retention.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

The legal basis for processing your personal information

The UK GDPR requires all organisations that process personal data to have a lawful basis for doing so. The lawful bases identified in the UK GDPR are:

  • Consent of the data subject
  • Performance of a contract with the data subject or to take steps to enter into a contract
  • Compliance with a legal obligation
  • To protect the vital interests of a data subject or another person
  • Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

How do we use your personal information and on what basis?

We will primarily use your personal information:

  • to manage our relationship with you including entering into supply/service contracts and payment of invoices;
  • to determine which barrister to allocate your case to with a view to you entering into a contract with them;
  • in respect of visitors to our premises, to ensure compliance with health and safety laws and to deal with issues such as reasonable adjustment.

We may need to process your personal data in order to ensure that we are able to protect your interests (or those of someone else) and where it is needed in the public interest, for instance in relation to COVID 19 track and trace. In other cases, we have a legitimate interest in processing your personal data. This might include:

  • maintaining accurate and up-to-date records and contact details;
  • the management, administration and operation of Chambers, including regulatory functions;
  • for all business development and marketing purposes;
  • establishing, exercising and defending legal claims;

There may also be instances where we need to obtain and process data in order to satisfy legal requirements placed upon us including record keeping, administration and regulatory activities.

On occasion we may rely upon your consent particularly in relation to our marketing activity. At all times you retain the right to withdraw your consent. Where we have relied upon your consent and you opt to withdraw it this does not invalidate our lawful basis for processing data historically.

Certain personal data is subject to additional safeguards under data protection legislation. Such information includes details of:

  • your racial or ethnic origin;
  • your political opinions;
  • your religious beliefs or other beliefs of a similar nature;
  • whether you are a member of a trade union;
  • your physical or mental health or condition;
  • your sexual life;
  • the commission or alleged commission by you of any offence, or
  • any proceedings for any offence committed or alleged to have been committed by you, the disposal of such proceedings or the sentence of any court in such proceedings.

It may be necessary for us to process some sensitive personal data in order to comply with legal or regulatory obligations (including making reasonable adjustments for visitors with disabilities), or if we need to do so in order to seek confidential legal advice, or establish or defend legal claims.

Otherwise, we will only process your sensitive personal data with your explicit consent. If you voluntarily send us your sensitive personal data, we shall treat that as your explicit consent for us to hold that data, which otherwise shall only be processed in accordance with this policy.

We confirm that your personal data will only be used for the purposes for which it was collected, except in those circumstances where we reasonably consider that it needs to be used for another reason, and that reason is compatible with the original purpose. Should we need to use your personal data for an unrelated purpose, we will notify you, and we will explain the legal basis which allows us to do so.

Note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.


 We will use your details to provide you with information about our work, activities and matters such as invitations to events and seminars that we think you will find of interest. From time to time we may invite you to events that we run jointly with other organisations. If you register for such an event then we may share your contact details with that organisation.

We may also send you questionnaires or surveys about issues that we think are of interest to clients, or for research purposes. We may also occasionally telephone you to discuss these matters.

We do not otherwise share your data for marketing purposes.

When you access Outer Temple Chambers website, further relevant privacy information and details of the data we collect and process is set out in our website privacy policy and our cookies policy. We may use the information we collect about your interactions with our website to tailor our marketing communications to those areas that we consider are most likely to interest you (“profiling”).

You may opt out of marketing communications at any time by contacting our Marketing & Client Care Director ( or you can use the unsubscribe function or opt out in the communication you receive.

What if you fail to provide personal information?

If you decide not to supply personal data that we have requested and as a result we are unable to comply with our professional, legal or regulatory obligations, then we may not be able to facilitate acting for you or enter into a relevant contract with you.

Sharing your data with others

 Your personal data may be seen or used by our staff in the course of their duties or others working lawfully with us in the ordinary course of our business (for example agency staff and those working for us on a consultancy basis). In the case of prospective clients your personal data will additionally be shared with relevant barristers prior to its allocation to a named person.

We may need to share your data with relevant third parties (for example other professional advisers, agencies responsible for the detection of crime and fraud and auditors) in order to fulfil our legal and professional obligations, or to undertake searches about you, or where you ask us to share your data. In the event of a complaint we may need to share your information with the members of Outer Temple Chambers involved in the administration of complaints, the Bar Standards Board and the Legal Ombudsman.

We may also outsource some of our support services or engage consultants and others to support us (for example finance, business administration, marketing, courier, translation, transcribing or IT services). In these cases relevant personal data would be provided to and processed by the provider of such services, in accordance with the terms of our contract with them and to the extent appropriate for the performance of that contract.

We might need to share your personal information in order to obtain necessary confidential legal advice or to comply with our insurance, legal or regulatory obligations. For example, we may have to provide some or all of the information to our insurers, legal advisors, public authorities such as HMRC, or to a court/tribunal.

Transferring your data outside the UK

We do not expect to transfer your personal information outside the UK. If we do we will ensure the relevant safeguarding measures are in place.

Your rights in relation to your data

Data protection legislation gives you various rights in relation to your personal data that we hold and process. These rights are subject to specific time limits in terms of how quickly we must respond to you. The rights which data subjects have are, in the main, set out in Articles 12–23 of the UK GDPR. They are as follows:

Right of access – this is usually known as making a data subject access request. It enables you to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to that personal data and various other information, including the purpose for the processing, with whom the data is shared, how long the data will be retained, and the existence of various other rights (see below).

Right to rectification – this enables you to have any inaccurate or incomplete personal information we hold about you corrected.

Right to erasure – sometimes referred to as the right to be forgotten, this is the right for you to request that, in certain circumstances, we delete data relating to you.

Right to restrict processing – the right to request that, in certain circumstances, we restrict the processing of your data.

Right to data portability – the right, in certain circumstances, to receive that personal data which you have provided to us, in a structured, commonly used and machine-readable format, and a right to have that personal data transmitted to another controller.

Right to object – the right, in certain circumstances, to object to personal data being processed by us where it is in relation to direct marketing, or in relation to processing where we are relying on the legitimate interests of the business as our legal basis for doing so.

Right not to be subject to automated decision making – the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you. We do not envisage that any decisions will be taken about you based solely on automated decision making, including profiling.

Full details of these rights can be found in the UK GDPR or by reference to guidance produced by the Information Commissioner’s Office.

In the event that you wish to exercise any of these rights please contact the Data Protection Manager. Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them. We may need to request specific information from you in order to verify your identity and check your right to access the personal data or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.

In the limited circumstances where you have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent please contact the Data Protection Manager. Once we have received notification that you have withdrawn your consent we will no longer process your personal information for the purpose you originally agreed to.

Making a complaint

If you have any queries as to the acquisition, use, storage or disposal of any personal data relating to you please contact the Data Protection Manager (Asia Gibbs).

Despite our best efforts, inevitably sometimes things do go wrong. If you are unhappy with any aspect of the use and/or protection of your personal data, you have the right to make a complaint to the Information Commissioner’s Office, who may be contacted in writing at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; by telephone on 0303 123 1113; by fax on 01625 524510; or online at

Changes to this policy

This privacy policy is reviewed annually. The terms and provisions of this policy may be changed, updated and amended from time to time.

If you would like this policy to be supplied to you in another format (for example audio, large print, braille) please contact the Data Protection Manager.

Portfolio Builder

Select the expertise that you would like to download or add to the portfolio

Download    Add to portfolio   
Title Type CV Email

Remove All


Click here to share this shortlist.
(It will expire after 30 days.)