The following text is also set out in the attached file.  

 

Data Protection and Privacy Policy

Carmelite Chambers is committed to safeguarding the privacy of our clients, employees, instructing solicitors and applicants. 

This policy explains what data Carmelite Chambers and its members collect from you, how that data is used for the operation of Chambers’ business, and the steps we take to ensure that your data remains secure. 

 

Applicability  

This policy applies to all interactions between the clerking team and staff of Carmelite Chambers, and:

• Clients of Carmelite Chambers.

• Prospective clients of Carmelite Chambers.

• Subscribers to Carmelite Chambers mailing lists.

• Employees of Carmelite Chambers.

• Job applicants.

• Pupillage applicants.

• Mini-pupillage applicants.

• Mini-pupils.

Many members of Chambers have subscribed to this privacy policy; this policy applies to your professional dealings with members of Chambers unless you are specifically advised otherwise by an individual member of Chambers. A list of those members of Chambers who have signed this policy is included in the Members Annex (attached to the policy available in the link above).

 

Data Protection Officer 

Carmelite Chambers has appointed a Data Protection Officer (DPO) with responsibility for data protection compliance within the organisation. 

 

Queries 

Questions about this policy, or requests for further information, should be directed to the Data Controller in the first instance.

Further queries may be directed as follows:

 

Orla O'Sullivan 

Email    oosullivan@carmelitechambers.co.uk 

Phone   020 79366300

 

Data Protection Officer (DPO)

Email   DPO@carmelitechambers.co.uk

 

What information do we collect?

This section tells you what personal data we may collect from you when you use our services or instruct members of Chambers.

 

Clients

When you are registered as a client of Carmelite Chambers we will usually collect:

• Personal data including name, address(es) and contact details.

• The names and telephone numbers of clients and associates.

• Details of any solicitor or legal representative.

During the course of your dealings with Carmelite Chambers and instruction of members of Chambers, we may also receive data such as:

• Details of any legal claim(s) against you or in which you are involved.

• Special category data such as gender, race and nationality.

• Medical, criminal, disciplinary or financial records.

• Images of you or your likeness.

 

Applicants

During the course of your application for an employed position, pupillage or mini-pupillage at Carmelite Chambers, we will usually collect data such as:

• Personal data including name, address(es) and contact details.

• Information about your personal and career history.

• Special category data, including data collected for the purposes of Equality and Diversity monitoring.

 

Visitors

CCTV images of you may be captured on our premises. IP addresses may be logged on our IT system if you use one or more of the Carmelite Chambers Wi-Fi networks or electronic facilities. 

 

Purpose

Carmelite Chambers and members of Chambers will use your data as appropriate to:

• Provide services (including legal advice and representation), quotations, and information.

• Communicate with you.

• Facilitate the billing of services.

• Direct enquiries to the appropriate member of Chambers.

• Investigate and address complaints.

• Investigate, address or defend legal proceedings relating to your use of our services.

• Meet our legal obligations and regulatory requirements, including obligations to maintain Equality and Diversity monitoring statistics.

• Carry out activities necessary for the process of employing members of staff, and our pupillage and mini-pupillage application processes.

• Carry out activities necessary for the performance of employment or other contracts to which Carmelite Chambers is a party.

 

Data controllers

Individual members of Chambers are the controllers of any personal data which is supplied to or received by them in the course of and during your instructions for the member to provide legal services. 

Carmelite Chambers is the controller of your personal data if you are applying for any role within Chambers, if you lodge a complaint about a member of Chambers, or when Chambers processes your personal data in relation to billing or marketing activities.

 

Data processors 

From time-to-time Carmelite Chambers and members of Chambers may find it necessary to appoint data processors, or to engage the services of those whose function will make them data processors, for example support staff or pupil (trainee) barristers.

Members of Chambers act as data processors when acting on behalf of Chambers in any capacity involving the administration of Chambers, or the recruitment of staff, pupils and mini-pupils.

 

How to access your data 

As a data subject, you have a number of rights in relation to your personal data.

You have the right to make a Subject Access Request. If an individual makes a subject access request, Carmelite Chambers or the member of Chambers to whom the request is addressed will respond to the request within thirty days and will produce a response to the request in line with the Information Commissioners Office (ICO) guidelines. 

The data subject will need to prove themselves by a form of identification which will be deemed adequate by the Data Protection Officer (DPA). A Subject Access Request to Carmelite Chambers or any individual member of Chambers should be submitted to:

Data Protection Officer (DPO)

Email   DPO@carmelitechambers.co.uk

If a Subject Access Request is manifestly unfounded or excessive, the organisation or member of Chambers is not obliged to comply with the request. Alternatively, the organisation or member can agree to respond but, the data subject may be charged a fee if extra costs are incurred to retrieve data, which will be based on the administrative cost of responding to the request. A Subject Access Request is likely to be manifestly unfounded or excessive where it repeats a request to which the organisation has already responded. 

If an individual submits a request that is unfounded or excessive, the organisation will notify him/her that this is the case and whether or not it will be responded to. 

If we cannot facilitate a request based on limitations with IT functionality, the DPO will notify the individual accordingly, stating what aspect of the request they can respond to. 

Whilst we will always aim to respond to any Subject Access Request within the thirty days, if a request takes longer than the regulation timeline, then the data subject will be notified and will be updated, and the request provided at the earliest opportunity. 

It should be noted that due to the business practices and the nature of the business model of Carmelite Chambers, some data may not be requested under a Subject Access Request for legal reasons. If it is felt that a request may not be granted or fulfilled, the data subject will be informed. 

A response to a Subject Access Request will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise.

A data subject has the right to the following information regarding the processing of their data:

• Whether or not their data is processed and if so why. 

• The categories of personal data concerned and the source of the data if it is not collected from the individual.

• To whom their data is or may be disclosed, including to recipients located outside the European Economic Area (EEA) and the safeguards that apply to such transfers.

• For how long their personal data is to be stored (or how that period is decided).

• Their rights to rectification or erasure of data, or to restrict or object to processing.

• Their right to complain to the Information Commissioner if they think the organisation or individual has failed to comply with the data subject’s data protection rights.

• Whether or not the organisation carries out automated decision-making and the logic involved in any such decision-making.

 

Data processing

Personal data will be retained for the shortest time necessary. Please note that some legal cases will require Carmelite Chambers or a member of Chambers to hold your data for a significant period after a case has been heard. 

Under the General Data Protection Regulation (GDPR) you have the following rights to request information from Carmelite Chambers and members of Chambers:

• Right of access to the data (Subject Access Request).

• Right for the rectification of errors.

• Right to erasure of personal data (please note, this is not an absolute right).

• Right to restrict processing or to object to processing.

• Right to portability.

Due to the nature and purpose of data we hold (for the purposes of legal representation), the erasure of data may not be possible where such erasure is prohibited by law or where member of Chambers are under a regulatory obligation to retain records.

 

Lawful basis for processing 

The General Data Protection Regulation (GDPR) and Data Protection Act 2018 are pieces of legislation explaining your rights over the processing of your personal information. 

The GDPR requires Carmelite Chambers and our members to identify which of six "lawful reasons" we use when processing your data.

In respect of Carmelite Chambers:

• we process data on the basis of "consent" when: communicating with you about your case(s); sending newsletters or material relating to Carmelite Chambers; and responding to applications for employment, mini-pupillage and pupillage.

• we operate on the basis of "legitimate interest" when: communicating with you in other ways (e.g. when responding to your enquiry or case); when using data to satisfy our regulatory obligations; and when using data for the purposes of maintaining a record of conflicts, quality assurance and training.

• when processing personal data relating to legal cases in order to provide legal services to you, we rely on “legal obligation” and “contract” as our lawful basis for processing.

In respect of members of Chambers, each member of Chambers will be required to handle and process your data in order to effectively act on your instruction. It is vital that barristers are able to process your personal data in order to assist you in your case.

Members of Chambers rely on the following “lawful reasons” for processing your data:

• Members of Chambers rely on the basis of "consent" when: using data to provide legal services to you, and when communicating with you about your case(s).

• Members of Chambers rely on the basis of "legitimate interest" when: processing, storing or retaining data in order to satisfy their regulatory obligations; maintaining a record of conflicts; and where the retention of data is necessary for the defence of legal claims or maintenance of precedents.

• Members of Chambers rely on the basis of “legal obligation” and “contract” when providing legal services to you.

During the course of providing legal service to our clients, Carmelite Chambers and members of Chambers may collect, process, store and retain special category data. Such data is processed on the following grounds:

• Where we have consent from the data subject to process data.

• Where we process data manifestly made public.

• Where processing is necessary for the establishment, exercise or defence of legal claims.

 

Consent 

Where Carmelite Chambers or its members hold and process data on the legal basis of consent, the data subject has the right at any time to withdraw the consent. 

Each of our Carmelite Briefings and emails relating to lectures, events and news contain a link to unsubscribe from the specific mailing list to which that correspondence is sent. To withdraw your consent for Carmelite Chambers to contact you in respect of that mailing list, please follow the ‘unsubscribe’ link provided.

To unsubscribe from multiple or all mailing lists, or to withdraw your consent to be contacted by Carmelite Chambers at all, please contact:

 

Orla O'Sullivan 

Email    oosullivan@carmelitechambers.co.uk 

Phone   020 79366300

To withdraw your consent for Carmelite Chambers or a member of Chambers to hold and process your data for any other means, such as in respect of the provision of legal services, please contact the member of Chambers with whom you were previously dealing, or contact the Data Protection Officer.

 

Members of Chambers

Email   clerks@carmelitechambers.co.uk

 

Data Protection Officer (DPO)

Email   DPO@carmelitechambers.co.uk

For those under sixteen years of age, consent will often be required from an adult to process information relating to that data subject. 

In relation to case data, consent may be obtained by the representing solicitor.

 

Data security 

Carmelite Chambers and members of Chambers take the security of personal data seriously. 

Carmelite Chambers has internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by employees in the proper performance of their duties. These controls are implemented under the ICO and the Bar Council guidelines and are subject to regular monitoring and review.

Where Carmelite Chambers engages third parties to process personal data on its behalf, such parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. 

Our staff, barristers and associates undergo regular Bar Council, data handling and GDPR training, to ensure that our policies and procedures are compliant with all aspects of data protection legislation. Our servers are held in a restricted area and are managed and monitored by IT and cyber data experts. This service is provided by a recognised, vetted and accredited service provider. Encryption for our data and emails are used at all times. 

Members of Chambers have a responsibility to control and hold data in a manner commensurate to our security, data and cyber policies and the Bar Council guidelines. 

Members of Chambers may also store data on personal electronic devices. All such devices are suitably protected by password protection and encryption.

Every effort shall be made by Carmelite Chambers and members of Chambers to ensure the secure electronic storage of data in such a manner as to mitigate any risk of data loss as a result of technological failure or malfunction.

From time-to-time, particularly in legal cases involving parties outside the United Kingdom, data may be transferred to a legal representative not located within the United Kingdom or the European Union (EU). 

Carmelite Chambers and members of Chambers shall ensure that any such data transfer is undertaken commensurate with our data protection policies and guidelines, and subject to reciprocal undertakings in data security.

 

Sharing personal information 

As an organisation we do not share any information held with third parties unless consent is given by the data subject, or where such disclosure is necessary within the conduct of a legal case, or according to other legal or obligations on Carmelite Chambers or members of Chambers.

We will only share information with the following organisations is it felt that we have a legal obligation or are instructed to do so from an authority requiring specific information on a data subject.

• Police forces.

• Government departments.

• Local authorities.

• Consultants or medical professionals.

• Other barristers or legal representatives.

• Chambers clerks assigned to a legal case. 

Your data may be transferred to countries outside the European Economic Area (EEA). If any data is transferred outside the EEA it is based on the contractual obligations to third parties and processed in accordance with your data rights.

 

Complaints procedure

Please contact us directly with any questions or complaints as we aim to resolve any questions relating to data privacy with the data subject immediately. 

Contact:  

Data Protection Officer (DPO)

Email   DPO@carmelitechambers.co.uk

All legal rights regarding privacy are the responsibility of the Information Commissioners Office (ICO). 

More information about their complaints procedure can be found at: https://ico.org.uk/concerns/

 

ICO registration

Carmelite Chambers is an ICO-registered organisation.

Carmelite Chambers ICO Registration: ZA246759

All members of chambers are individually ICO-registered. 

Details of individual registrations are included in the Members Annex (attached to the policy available as the link above),

 

Changes to this privacy notice

We reserve the right to make changes to this Privacy Notice from time to time, so please take the time to review it periodically.

Last reviewed: June 2020