Celestial Chambers Privacy Policy

January 2024

Our contact details

Name:         Celestial Chambers

E-mail:        celestialchambers@protonmail.com

Application of the policy

References in this policy to ‘Chambers’ are intended to apply to members of Chambers (barristers), trainee barristers, staff to Chambers (including clerks).

The type of personal information we collect

Subject to the nature of case in which instructions are received, Chambers may process some or all of the following (but not limited to) types of information where relevant to a particular case and/or client:

(a) personal details

(b) family details

(c) lifestyle and social circumstances

(d) goods and services

(e) financial details

(f)   education, training and employment details

(g) physical or mental health details [an Appropriate Policy Document appears at the Annex to this policy as regards ‘special category’ data]

(h) racial or ethnic origin

(i)   political opinions

(j)   religious, philosophical or other beliefs

(k) trade union membership

(l)   sex life or sexual orientation

(m)genetic data

(n) biometric data for the purpose of uniquely identifying a natural person

(o) criminal proceedings, outcomes and sentences, and related security measures

(p) other personal data relevant to instructions to provide legal services, including data specific to the instructions in question.

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly through instructions received or by organisations or public bodies involved in a case in connection with a barrister’s provision of representation regarding legal issues and Chambers in relation to case management of such representation. In Public Access Scheme (‘PAS’) cases (if provided), information may also be obtained from other third parties such as other legal professionals or experts, members of the public, family and friends of a lay client, witnesses, courts and other tribunals, investigators, government departments, regulators, public records and registers.

Chambers may use personal information for the following purposes:

(i) to provide legal services to clients, including the provision of legal advice and representation in courts, tribunals, arbitrations, and mediations;

(ii) to keep accounting records and carry out office administration;

(iii) to take or defend legal or regulatory proceedings or to exercise a lien;

(iv) to respond to potential complaints or to make complaints;

(v)  to check for potential conflicts of interest in relation to future potential cases;

(vi)  to promote and market services to professional clients;

(vii) to carry out anti-money laundering and terrorist financing checks, if applicable;

(viii) to train other barristers and when providing work-shadowing opportunities;

(ix) to respond to requests for references;

(x)  when procuring goods and services;

(xi) to publish legal judgments and decisions of courts and tribunals;

(xii) as required or permitted by law.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information, including as regards any PAS case (if provided) are:

• Consent: if consent has been provided to the processing of your personal information, then Chambers may process your information for the Purposes set out above to the extent to which you have consented to me doing so. In certain cases, reliance is placed on explicit consent to process in categories (g) to (o) above. Such consent is provided at the time of acceptance of instructions and, in relevant cases, a request for provision of a reference.

Consent may be withdrawn at any time by contacting celestialchambers@protonmail.com. This will not, however, affect the lawfulness of any processing activity carried out prior to withdrawal of consent. Where Chambers relies on other bases for processing information, it may not be possible to prevent the processing of data. For example, if work has been undertaken as instructed and time spent on a case, money may nonetheless be owed giving rise in appropriate cases to referral to a regulating body or to an entitlement to claim.

• If you are a client, processing is necessary for the performance of a contract for legal services or in order to take steps at your request prior to entering into a contract.
• In relation to information which is in categories (g) to (o) above (these being categories which are considered to include particularly sensitive information and which include information about criminal convictions or proceedings) Chambers relies on consent for any processing for the purposes set out in purposes (ii), (iv), (vi), (viii) and (ix) above. I need your consent to carry out processing of this data for these purposes. However, if you do not consent to processing for purposes (iv) and (ix) (responding to potential complaints and providing a reference) Chambers will be unable to take your case or to provide a reference. This is because Chambers needs to be able to retain all the material about your case until there is no prospect of a complaint, and to provide an informed and complete reference.
• In relation to information in categories (g) to (o) above (these being categories which are considered to be particularly sensitive information and include information about criminal convictions or proceedings), Chambers is entitled by law to process the information where the processing is necessary for legal proceedings, legal advice, or otherwise for establishing, exercising or defending legal rights.
• In relation to information which is not in categories (g) to (o) above, Chambers relies on legitimate interest and/or the legitimate interests of a third party in carrying out the processing for the Purposes set out above.
• In certain circumstances processing may be necessary in order that Chambers is in compliance with a legal obligation (including carrying out anti-money laundering or terrorist financing checks).
• The processing is necessary to publish judgments or other decisions of courts or tribunals.

Who will Chambers share your personal information with?

If you are a client, some of the information you provide will be protected by legal professional privilege unless and until the information becomes public in the course of any proceedings or otherwise. As a barrister I have an obligation to keep your information confidential, except where it otherwise becomes public or is disclosed as part of the case or proceeding

In addition to those forming part of Chambers, as set out above, it may also be necessary to share information with the following (including information sharing arising from PAS instructions):

• data processors, including but not limited to IT support staff, email providers, data storage providers

• other legal professionals

• experts and other witnesses

• prosecution authorities

• courts and tribunals

• lay clients (under any PAS instructions)

• family and associates of the person whose personal information is being processed

• in the event of complaints, the Head of Chambers, other members of Chambers who deal with complaints, the Bar Standards Board, and the Legal Ombudsman

• other regulatory authorities

• current, past or prospective employers

• education and examining bodies

• business associates, professional advisers and trade bodies, e.g. the Bar Council

• the intended recipient, where you have asked me to provide a reference.

• the general public in relation to the publication of legal judgments and decisions of courts and tribunals [this requires the production of a policy document to comply with this obligation – DPA Bill sch. 1 Part 2. para. 5(1)].

A requirement may be made for provision of information to regulators, such as the Bar Standards Board, the Financial Conduct Authority or the Information Commissioner’s Office.

In the case of the Information Commissioner’s Office, there is a risk that your information may lawfully be disclosed by them for the purpose of any other civil or criminal proceedings, without consent from Chambers or anyone providing consent, which includes privileged information.

Chambers may also be required to disclose information to the police or intelligence services, where required or permitted by law.

Sources of information

The personal information obtained may include information which has been obtained from:

• other legal professionals

• experts and other witnesses

• prosecution authorities

• courts and tribunals

• trainee barristers

• lay clients (in PAS matters)

• family and associates of the person whose personal information being processed

• in the event of complaints, the Head of Chambers, other members of Chambers who deal with complaints, the Bar Standards Board, and the Legal Ombudsman

• other regulatory authorities

• current, past or prospective employers

• education and examining bodies

• business associates, professional advisers and trade bodies, e.g. the Bar Council

• the intended recipient, where a request to provide a reference has been made.

• the general public in relation to the publication of legal judgments and decisions of courts and tribunals [this requires the production of a policy document to comply with this obligation – DPA Bill sch. 1 Part 2. para. 5(1)].

• data processors, including Chambers staff, IT support staff, email providers, data storage providers

• public sources, such as the press, public registers and law reports.

Transfer of your information outside the European Economic Area (EEA)

This section is of relevance only to some PAS cases and, as such, will be provided to relevant PAS clients and form part of relevant client care letters where case appropriate.

How Chambers stores your personal information

Your information is securely stored electronically by the barrister instructed on a particular case or for a particular client on their individual secure devices and by Celestial Chambers on its case management system. All staff members, contractors and trainee barristers are subject to this policy.

All client data and information received will be retained for such time as is reasonably necessary for the provision of legal advice, assistance and/or representation for the particular case or client in relation to which or whom instructions are received for a period of 7 years following the end of a case or conclusion for any reason of instruction. Data and information will then be removed by the permanent deletion of the electronic data and the secure shredding of any paper documents that it has been necessary to produce.

Data protection rights

Under data protection law, rights arising include:

• Right of access - the right to ask us for copies of personal data and/or information.
• Right to rectification - the right to ask us to rectify personal data and/or information believed to be inaccurate and to complete information believed to be incomplete.
• Right to erasure - he right to ask us to erase your personal data and/or information in certain circumstances.
• Right to restriction of processing - the right to ask us to restrict the processing of data and/or personal information in certain circumstances.
• Right to object to processing - the right to object to the processing of personal data and/or information in certain circumstances.
• Right to data portability - the right to ask that we transfer the personal data and/or information provided to us to another organisation, or to you, in certain circumstances.

There is no requirement to pay any charge for exercising such rights. If a request is made, we have one month to respond to you.

Please contact us at celestialchambers@protonmail.com in order to make a request.

How to complain

If you have any concerns about Chambers’ use of your personal information, a complaint may be made to us at celestialchambers@protonmail.com.

A complaint may also be made to the Information Commissioners’ Office (ICO) if there is concern as to how Chambers has used data and/or information. The ICO can be contacted at http://ico.org.uk/concerns/ or at the following address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Future Processing

Chambers does not intend to process personal information except for the reasons stated within this privacy notice. If this changes, this privacy notice will be amended and the policy updated on Chambers’ website.

Changes to this privacy notice

This privacy notice is dated 30^th January 2024.

The policy will continually be reviewed and may be subject to change from time to time. Any changes will be updated on the Chambers’ website.

The next review will take place no later than 30^th January 2025.

Contact Details

If any questions arise about this privacy notice or the information held, please contact celestialchambers@protonmail.com

Retention and erasure policies

We retain information and documentation until the matter is concluded (including after any appeal has concluded).

All briefed papers will be returned to the Instructing Solicitor (who will retain for the minimum of 7 years).

All electronic material will be deleted once the period for any appeal being lodged has expired or following advice that no appeal arises.

Any Public Access Scheme papers will be stored and retained for 7 years and then destroyed.

ANNEX:

Appropriate Policy Document

The Data Protection Act 2018 (DPA 2018) outlines the requirement for an Appropriate Policy Document (APD) to be in place when processing special category (SC) data under certain specified conditions. Any details about your health or employment may be classified as SC data.

In accordance with that requirement this document is intended to demonstrate that the processing of SC is compliant with the requirements of the General Data Protection Regulation (GDPR) Article 5 principles.

 
 Description of data processed

 The data we shall be collecting and processing includes SC data relating to matters concerning your health and employment.

 
 Schedule 1 GDPR condition for processing

 As specified in the above privacy notice we rely on the lawful processing conditions of legitimate interest and consent.

Procedures for ensuring compliance with the principles

  Accountability principle

  i.           We maintain appropriate documentation of our processing activities

  ii.          We have appropriate data protection policies

  iii.          Where appropriate and necessary we will carry out data protection impact assessments (DPIA) for uses of personal                 data that are likely to result in high risk to individuals’ interests

Principle (a): lawfulness, fairness and transparency

We will identify an appropriate lawful basis for processing and a further Schedule 1 condition for processing SC/CO data

1. We will make appropriate privacy information available with respect to the SC/CO data
2. We are open and honest when we collect the SC/CO data and do we ensure we do not deceive or mislead people about its use
   

 Principle (b): purpose limitation

           i.           We clearly identify our purpose(s) for processing the SC/CO data

ii.          We include appropriate details of these purposes in our privacy information for individuals

iii.          Where we plan to use personal data for a new purpose (other than a legal obligation or function set out in law), check                that this is compatible with our original purpose or get specific consent for the new purpose

 Principle (c): data minimisation

           i.           We are satisfied that we only collect SC/CO personal data we actually need for our specified purposes

ii.           We are satisfied that we have sufficient SC/CO data to properly fulfil those purposes

iii.          We periodically review this particular SC/CO data, and delete anything we don’t need

Principle (d): accuracy

           i.           We have appropriate processes in place to check the accuracy of the SC/CO data we collect, and we record the source of that data

ii.           We have a process in place to identify when we need to keep the SC/CO data updated to properly fulfil our purpose,                and we update it as necessary

iii.          Where appropriate and necessary we will have a policy or set of procedures which outline how we keep records of                    mistakes and opinions, how we deal with challenges to the accuracy of data and how we ensure compliance with the                individual’s right to rectification

Principle (e): storage limitation

           i.           We carefully consider how long we keep the SC/CO data and can justify this amount of time

ii.           We regularly review our information and erase or anonymise this SC/CO data when we no longer need it

iii.          We clearly identify SC/CO data that we need to keep for public interest archiving, scientific or historical research, or                  statistical purposes

Principle (f): integrity and confidentiality (security)

           i.           We analyse the risks presented by our processing and use this to assess the appropriate level of security we need                              for this data

ii.           We will have an information security policy (or equivalent) regarding this SC/CO data and take steps to make sure                    the policy is implemented? This will be regularly reviewed.

iii.           We will put other technical measures or controls in place because of the circumstances and the type of SC/CO data                 we are processing

APD review date: 31st Jan 2025