Data Controller: Outer Temple Chambers Limited, The Outer Temple First Floor, 222 Strand, London WC2R 1BA
Data Protection Manager: HR Manager, firstname.lastname@example.org
“Personal data” is information relating to you as a living, identifiable individual. Outer Temple Chambers Limited will process your personal data in accordance with applicable data protection and privacy laws including the Data Protection Act 2018 and the UK GDPR.
Outer Temple Chambers is a set of barristers’ chambers. Most practitioners associated with this set of chambers are self employed individuals. Outer Temple Chambers is not a firm and its practitioners are not partners of employees of it.
Outer Temple Chambers Limited is the vehicle responsible for providing management and administrative support functions on behalf of the practitioners at Outer Temple Chambers.
This policy relates to the processing of personal data by Outer Temple Chambers Limited. We are a data controller for this information. This means that we are responsible for how we hold and use personal data about you.
This website is not intended for children and we do not knowingly collect data relating to children.
We will at all times comply with the data protection principles set out in the UK GDPR and Data Protection Act 2018 (which includes not only electronic data, but also personal data held in paper format in filing systems). We will ensure that your personal data is:
In addition, the principle of accountability means that we, as data controller, are responsible for and must be able to demonstrate compliance with these principles.
For these purposes, personal data means any information about an individual from which that individual is capable of being identified. It does not include data where the identity has been removed (anonymised data). There are ‘special categories’ of sensitive personal data which require a higher level of protection and which are referred to below.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
This information may be directly provided by you. You may give us your Identity or Contact data by filling in forms or by corresponding with us. This includes personal data you provide when you create an account on our website, subscribe to our services or publications, request marketing to be sent to you, respond to a survey or give us feedback or contact us.
We may also obtain Technical Data from third parties including analytics providers such as Google.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those with a genuine business need to access it. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Personal data that is processed by us will not be retained for any longer than is necessary for that processing, or for purposes relating to or arising from that processing (including any legal, accounting regulatory and reporting requirements) and in line with our Data Retention Policy which is available on request. This policy is reviewed periodically and the periods for storage specified in it may alter depending on the requirements of law and regulation, best practice and insurance.
Please note, however, that different periods for keeping your personal data may apply depending upon the type of data being retained and the purpose of its retention.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
The UK GDPR requires all organisations that process personal data to have a lawful basis for doing so. The lawful bases identified in the UK GDPR are:
We will only use your personal data when the law allows us to. The primary purpose for processing your personal data is to provide you with information about the services we offer, our work, activities and matters such as invitations to events and seminars that we think you will find of interest. In addition we may use your personal data to seek feedback from you. From time to time we may invite you to events that we run jointly with other organisations. If you register for such an event then we may share your contact details with that organisation.
We may also send you questionnaires or surveys about issues that we think are of interest to clients, or for research purposes. We may also occasionally telephone you to discuss these matters.
You will receive marketing communications from us if you have requested information from us or purchased services from us and have not opted out of receiving that marketing. We do not otherwise share your data for marketing purposes.
We may need to process your personal data in order to ensure that we are able to protect your interests (or those of someone else) and where it is needed in the public interest. We may also use your personal data where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We have a legitimate interest in processing your personal data including:
There may also be instances where we need to obtain and process data in order to satisfy legal requirements placed upon us including record keeping, administration and regulatory activities.
We may rely upon your consent particularly in relation to our marketing activity. At all times you retain the right to withdraw your consent. Where we have relied upon your consent and you opt to withdraw it this does not invalidate our lawful basis for processing data historically.
We confirm that your personal data will only be used for the purposes for which it was collected, except in those circumstances where we reasonably consider that it needs to be used for another reason, and that reason is compatible with the original purpose. Should we need to use your personal data for an unrelated purpose, we will notify you, and we will explain the legal basis which allows us to do so.
Note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
You may opt out of marketing communications at any time by contacting us at email@example.com or you can use the unsubscribe function or opt out in the communication you receive.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us for any other purpose.
If you decide not to supply personal data that we have requested and as a result we are unable to comply with our professional, legal or regulatory obligations, then we may not be able to facilitate acting for you or enter into a relevant contract with you.
Your personal data may be seen or used by our staff in the course of their duties or others working lawfully with us in the ordinary course of our business (for example agency staff and those working for us on a consultancy basis).
We may need to share your data with relevant third parties (for example other professional advisers, agencies responsible for the detection of crime and fraud and auditors) in order to fulfil our legal and professional obligations or where you ask us to share your data. In the event of a complaint we may need to share your information with the members of Outer Temple Chambers involved in the administration of complaints, the Bar Standards Board and the Legal Ombudsman.
We may also outsource some of our support services or engage consultants and others to support us (for example business administration, marketing, IT and system administration services). In these cases relevant personal data would be provided to and processed by the provider of such services, in accordance with the terms of our contract with them and to the extent appropriate for the performance of that contract.
We might need to share your personal information in order to obtain necessary confidential legal advice or to comply with our insurance, legal or regulatory obligations. For example, we may have to provide some or all of the information to our insurers, legal advisors, public authorities such as HMRC, or to a court/tribunal.
We do not expect to transfer your personal information outside the UK. If we do we will ensure the relevant safeguarding measures are in place.
Data protection legislation gives you various rights in relation to your personal data that we hold and process. These rights are subject to specific time limits in terms of how quickly we must respond to you. The rights which data subjects have are, in the main, set out in Articles 12–23 of the UK GDPR. They are as follows:
Full details of these rights can be found in the UK GDPR or by reference to guidance produced by the Information Commissioner’s Office.
In the event that you wish to exercise any of these rights please contact the Data Protection Manager. Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request from you to exercise them. We may need to request specific information from you in order to verify your identity and check your right to access the personal data or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
Where you have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent please contact the Data Protection Manager. Once we have received notification that you have withdrawn your consent we will no longer process your personal information for the purpose you originally agreed to.
If you have any queries as to the acquisition, use, storage or disposal of any personal data relating to you please contact the Data Protection Manager, firstname.lastname@example.org.
Despite our best efforts, inevitably sometimes things do go wrong. If you are unhappy with any aspect of the use and/or protection of your personal data, you have the right to make a complaint to the Information Commissioner’s Office, who may be contacted in writing at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; by telephone on 0303 123 1113; by fax on 01625 524510; or online at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
If you would like this policy to be supplied to you in another format (for example audio, large print, braille) please contact the Data Protection Manager.