This Privacy Notice describes the ways in which we, 36 Group (‘Chambers’) and our Barristers (‘Members’) collect, manage, process, store and share information about You as a result of You visiting this site or using our services, and your rights regarding it. The privacy notice also provides you with information about how you can have control over the use of your data.
The Data Protection Act requires us to process personal data fairly and lawfully and this Notice explains how we will comply with this requirement.
The 36 Group provides legal services to national and international organisations and institutions, small and medium-sized businesses and private individuals. As an essential part of our services, we collect and manage client and non-client data. In doing so, we observe the UK data protection legislation, and are committed to protecting and respecting clients’ and non-clients’ privacy and rights.
Specifically, we, and each of our Members, act as a “Data Controller” in respect of the information collected and processed by each of us. In addition Chambers is a “Data Processor” for information collected by our Members under a data sharing agreement.
This Notice does not apply to You directly if You are a company. But whether You are a company or individual, it will apply to the persons employed, engaged or associated by You, and whose data You give to us or our members.
We will be guided by the information and guidance provided by the Information Commissioner’s Office and in particular, the Guide to Data Protection.
Terms that are italicised are defined in the General Data Protection Regulation.
We are registered with the Information Commissioner’s Office (ICO) as a Data Controller for the Personal Data that we hold and process. Our registered address is 36 Bedford Row, London, WC1R 4JH; our ICO registration number is ZA073925.
Our Members are also, individually, registered as Data Controllers for the personal data that they hold and process on your behalf. Please consult the Member or the Member’s webpage (or contact the Data Protection Officer) for his or her registration details. Where You give personal data to a Member in order for him/her to provide services to you, it we process it as a Data Processor on behalf of that Member.
Data Protection Officer
Separation of Functions
Within Chambers we have staff that are employed who handle the controlling and processing of data. Staff are supervised and report to an Executive Board of Members and the Data Protection Officer who oversee policies and management for the controlling and processing of personal data by Chambers staff. The Executive Board also set general policies for controlling data by Members but do not supervise and manage the controlling of that data, except when it is processed by Chambers on their behalf.
In order to provide services to You, but depending upon the nature of the services requested, we / our Members will need to collect personal data and we or our Members may need to collect some special categories of personal data about You. All the information that we hold about you is provided to us by yourself[MC1] or by someone on your behalf when you seek to use our services.
The personal data and special categories of personal data that we will collect include:
- Customer/client data
- Barrister Data
- Member Data
- Independent Consultants Data
- Pupillage Data
- Employee Data
Chambers processes data that is collected by each of our Members. We process your data for the purposes of administering the Member’s cases in which he or she is engaged to advise or assist howsoever this comes about. This relationship is governed by a data processing agreement entered into by us, and each of our members, individually. The Member directs and supervises the processing of data in accordance with the Bar Code of Conduct and the constitution of chambers. If You have an issue with processing of your data by us then you may contact the Member concerned or the Data Protection Officer.
Our Lawful Basis for processing your information
The Lawful Bases permitted in the GDPR upon which we process your information are:
- Your Consent
- Performance of a contract with You or to take steps to enter into a contract
- Compliance with a legal obligation e.g. anti-money laundering, Legal Services Regulation or the Bar Code of Conduct
- To protect Your vital interests in connection with the matters about which you have asked our Members to provides services to You
- Our or our Members’ legitimate interests of ourselves, to the extent that they are not overridden by Your interests, rights or freedoms.
Our and our Members’ legitimate interests include:
- Matters connected to You being a client;
- Transmission between Chambers and the Member or between Members when consent is given to transmission;
- Processing necessary to ensure network and information security, including preventing unauthorised access;
- Processing for direct marketing purposes, or to prevent fraud; and
- Reporting possible criminal acts or threats to public security.
We do not use automated decision-making in the processing of your personal data.
We or our Members use your information to:
- Provide services to You;
- Process or support payments for services;
- Direct your enquiries to the appropriate Member or member of staff;
- Investigate and address your concerns;
- Communicate with you about services;
- Investigate or address legal proceedings relating to your use of our services/products;
We may share your personal data with:
Companies, professional advisers and persons appointed or engaged by You in respect of the same matter that we or our Members are appointed or engaged by You
- Our legal advisors in the event of a dispute or other legal matter;
- Law enforcement officials, government authorities, or other third parties to meet our legal obligations;
- Any other party where we ask you and you consent to the sharing.
Transfers to third countries and international org
We do not transfer any personal data to third countries or international organisations.
We retain your personal data while you remain a client/pupil/employee, unless you ask us to delete it. Our Retention and Disposal Policy is available on request and this sets out details how long we hold data for and how we dispose of it when it no longer needs to be held. We will delete or anonymise your information at your request unless:
- The Lawful Basis for collecting your data is continuing.
- We or our Members are presently engaged with you in relation to a matter, or that matter has not yet finally completed or there is an unresolved issue, such as claim or dispute;
- We are legally required to; or
- There are overriding legitimate business interests, including but not limited to fraud prevention and protecting customers'; safety and security.
Retaining Your Personal Data
We will retain your personal data while you remain a client/pupil/employee, unless you ask us to delete it.
Our Retention and Disposal Policy details how long we hold data for and how we dispose of it when it no longer needs to be held. We will delete or anonymise your information at your request unless:
· The Lawful Basis for collecting your data is continuing;
· We or our Members are presently engaged with you in relation to a matter, or that matter has not yet finally completed or there is an unresolved issue, such as claim or dispute;
· We are legally required to; or
· There are overriding legitimate business interests, including but not limited to fraud prevention and protecting customers' safety and security.
Security of Data and Privacy
Data protection is a key consideration of all new and existing IT systems that hold personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure privacy and security of data.
We aim to:
· Protect against potential breaches of confidentiality;
· Ensure all IT facilities are protected against damage, loss or misuse;
· Increase awareness and understanding of the requirements of information security, and the responsibility of our Members to protect the confidentiality and integrity of the information that they handle; and
· Ensure the optimum security of our website.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer when you visit our website.
We use the following cookies:
Strictly necessary cookies: These are cookies that are required for the operation of a website.
Analytical/performance cookies: These allow us to measure the number of visitors to our site and to see how visitors move around the pages when they are using it. These cookies collect information in an anonymous form.
Functionality cookies: These are used to recognise you when you return to our website. This enables us to personalise our content for you.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
The General Data Protection Regulation and the Data Protection Act give you specific rights around your personal data.
The Data Protection Act gives you rights in respect of the personal data that we hold about you. In particular, your rights are:
· a right of access to a copy of the information comprised in your personal data;
· a right to object to processing that is likely to cause or is causing damage or distress;
· a right to prevent processing for direct marketing;
· a right to object to decisions being taken by automated means;
· a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and
· a right to claim compensation for damages caused by a breach of the Act.
You may request access to, correction of, deletion of, or anonymisation or a copy of your information data held by us or our Members by contacting us at 0207 421 8000. Further information is available in our Subject Access Request Policy.
If you would like further clarification on the nature and scope of your rights in respect of the data that we hold about you, you can contact our Data Processing Officer by emailing email@example.com or at Mr Rowan Caffull, Data Protection Officer, 36 Group, 36 Bedford Row, London WC1R 4JH.
Marketing Opt-Outs and Website Tracking
You may opt out of receiving emails and other messages from our organisation by following the instructions in those messages.
Geo-location tracking, which shows us where you are in the UK, is not used on this website.
If you believe we have done something irregular or improper with your personal data you can make a Complaint to the Data Protection Officer. You are entitled to seek compensation for any distress you are caused or loss you have incurred or seek the imposition of penalties for a data breach.
You can find out more information from the ICO’s website and this is the organisation that you can complain to if you are unhappy with how we deal with you.
We will occasionally update our Privacy Notice.
21st May 2018