Policy reviewed July 2022.
Under Data Protection Legislation we are required to explain why and how we ask for information about individuals, how we intend to use the information provided, and whether we share this information with anyone else. This document sets out our general policy in this regard - a copy can be obtained upon request.
Who are we?
Drystone Chambers (‘Chambers’) is the administrative support for a number of barristers. It is not required to be registered as a data controller in its own right.
However, each individual barrister is self-employed and is an individual data controller for the purposes of the legal services that they provide to professional and lay clients. The policy that is adopted in relation to the provision of legal services is dealt with pursuant to our ‘client data protection policy’. (CDPP)
How do we apply the data protection principles?
In dealing with personal data we are conscious of the need to:
- Ensure lawfulness, fairness and transparency
- Collect data for lawful purposes and to process data in a manner compatible with this
- Only collect data that is reasonably necessary for the purpose in question
- Ensure that data collected is accurate
- Place appropriate limits on storage and access to data
- Maintain appropriate levels of security
When do we collect information?
We may be provided with information when contacted by you (whether through telephone, email, through the website, or in meeting us).
What type of information do we collect?
We may collect personal information including:
- Job title and company name
- Email address
- Telephone number(s)
- Mailing address
- Bank details
- Marketing and communications data (including your preferences to receive marketing data and communication preferences)
Is information collected from third parties?
Ordinarily this is not the case but we may collect information from public sources (e.g. The Legal Directories, social media platforms) and third parties.
Information we may collect online
We may collect, store and use information about visits to our website and about the device which is used to access the website. This may include technical information including matters such as the IP address, browser type, internet service provider and your location as well as the manner and content of accessing material on the site.
Sensitive Personal Information/Children
We do not seek to collect sensitive personal information through our website or generally. Our website is not aimed at children and we do not knowingly collect any information to children under 16 through it.
How do we use information?
Chambers will only use personal information if there is a legal basis for doing so. The lawful purposes for which we collect use and process information are:
- To provide information requested from us
- In the course of any contractual relationships we may have
- To send alerts, newsletters, bulletins, announcements and other communications concerning Chambers, legal developments or other related topics we may believe are of interest to you
- To invite you to Seminars, events or functions we believe may be of interest to you
- For the purposes of market research and to understand the effectiveness of marketing or client relationships
- To advise you of changes to relevant policies and/or administrative changes
- In support of our obligations to realise diversity and/or access
- To administer, improve and analyse our website
- To keep our website safe and secure
We will only ever use personal information for a purpose compatible with the original purpose for which data was obtained. Information in relation to diversity is analysed anonymously wherever possible.
If, in the future, an entirely new purpose should arise we will notify you in a timely manner and explain the basis upon which we may do so.
What are my rights in relation to data?
Generally, you have a right to see personal information held about you, but:
- Please note that this extends to information relating to you and it may not extend to the whole of the document in which it was held or created
- Exemptions may apply in certain instances
However, the law provides that generally a person whose data is held (the subject) may make a request to:
- See their personal data and require it to be up-to-date and accurate
- Update their details and personal information
- Opt out of receiving any marketing communications
- Object to any processing of your data for direct marketing
- Withdraw their consent to the future processing of data at any time (this does not affect processing before that date)
Although requests do not have to be made in writing- it is easier to manage requests if they are made in this way. When we receive a request, we will acknowledge it within 7 days, and we will respond within 40 days.
How do I exercise these rights?
By contacting Ryan Thompson (Chambers’ Data Protection Officer) at 35 Bedford Row, London, WC1R 4JH or via email to Ryan.Thompson@drystone.com.
Please note, before providing information we may take further steps in order to ensure the identity or entitlement of the person making the request.
We do not make a charge in relation to the exercise of your legal rights as described in this policy, however a request which is manifestly unfounded or excessive (which includes repetition) may incur a fee taking into account the associated administration costs or be refused.
Who may see the data you hold?
Access to your data is limited to Chambers’ Members (Barrister and Pupil), Staff and Consultants. It may be utilized in conjunction with those who provide marketing services or our service providers (website and IT (including email, diary management, accounts and backup/storage) as well as our accountancy and banking services).
We require of third party contractors that they have and adhere to a policy for data protection as is required by the standard we must apply.
Please note: we may disclose information to a third party if required to by a legal or regulatory obligation; if it is in the vital interests of a third party; to enforce contractual rights or to protect the position of Chambers, its staff or members.
We do not store information outside of the European Union, however, should this eventuality arise, we will put in place measures to ensure that storage is at a level equivalent to the EU or UK
Regulatory Requirement as will from time to time apply.
Chambers has and implements IT Security measures as is required to support this policy. These include firewalls, encryption, access controls policies and other procedures.
Chambers cannot and does not provide security for users who access Chambers’ website through the internet, or receive email through third party servers.
We retain information for as long as is necessary for Chambers to support the realization of any professional or regulatory obligation associated with the practice of a barrister (whether a member of Chambers or formerly so), and to maintain marketing, taxation and accounting records. After such period personal data will be destroyed securely.
I have a complaint, what do I do?
Please address your complaint to Ryan Thompson at 35 Bedford Row, London, WC1R 4JH or via email to Ryan.Thompson@drystone.com.
Alternatively you have the right to complain to the Information Commissioner’s Office (ICO), about our data processing activities. The ICO provides a helpline on 0303 123 1113 as well as maintaining a website: https://ico.org.uk
This policy is available to download here.