General Information Protection Regulation (“GDPR”)
Privacy Notice of Helen Galley
This privacy notice applies in relation to all personal data provided to any barrister (including for the purposes of this notice any pupil) or arbitrator (each a “Member”) practising from the XXIV Old Buildings (“Chambers”) (collectively, “we”, “us” and “our”, as applicable).
Please note that professional advice can only be given by a Member. Chambers is not responsible for, nor can it be liable in respect of, any advice given by any such Member.
This notice (together with any terms of use on our website (“our site”), any contracts between you and us and any other documents referred to in this notice) sets out the basis on which any personal data we collect from you, that you provide to us, or that we obtain about you from other sources, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our site, or by providing us with any personal data, you are accepting and agreeing to the practices described in this notice.
Personal data that we process falls into one of two categories:
(a) General personal data relating to enquiries or instructions that we receive, such as contact details and other attributes of individuals relevant to those enquiries or instructions, fee information and other information that is necessary for the management of our cases or other matters and clients or for the management or promotion of the Member and/or Chambers as a whole (“Management Data”); and
(b) Specific personal data relating directly to a case or other matter on which one or more Member(s) is/are acting which is processed in relation to the conduct of such case or other matter (“Case Data”)
For the purpose of the retained law version of the European General Data Protection Regulation (Regulation (EU) 2016/679) (the “UK GDPR”) and the Data Protection Act 2018 (“DPA”), both as amended or replaced from time to time (together “Data Protection Law”), the Member(s) dealing with the case or other matter in relation to which personal data is provided or obtained are the data controller(s) in relation to all Case Data. The relevant Member(s) and Chambers as a whole are each controllers in relation to Management Data. Each such data controller is a separate data controller and not a joint data controller. The Member(s) and Chambers are contactable at XXIV Old Buildings, Lincoln’s Inn, London WC2A 3UP, United Kingdom.
Our point of contact for the purposes of Data Protection Law is Victoria Milligan, GDPR Manager (privacy@xxiv.co.uk)
1. Information we collect from you
We will collect and process the following data about you:
1.1. Information you give us.
This is information about you that you give us, for example by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise, or by providing us with documents. It includes information you provide when you provide instructions to us or when you submit enquiries via our site. The information you give us may include your name, address, e-mail address or phone number, and details regarding or relating to your matter or enquiry. If you provide any information about any other individuals such as colleagues or people involved in a legal matter (for example if you are a solicitor or another person involved in a matter), you warrant to us that you are entitled to provide that information to us and to authorise us to process it on the same basis as we will process the rest of the data you provide about yourself, and you confirm that you have provided such individuals with the information required by Data Protection Law (including but not limited to this private notice).
1.2. Information we collect about you.
With regard to each of your visits to our site we may automatically collect the following information:
• technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, location, device type, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and service provider; and
• information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), items you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call us.
1.3. Information we receive from other sources.
This is information we receive about you from sources other than directly from yourself, which may include solicitors or other barristers involved in a case in which you are involved, witnesses, experts, members of the public, your family and friends, witnesses, courts and other tribunals, suppliers of goods and services, customers, investigators, government departments, regulators, public records, registers and sources available over the internet including social media such as LinkedIn, Facebook, Twitter and Instagram.
2. Cookies
Our site uses cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.
3. Purposes for which we may process the information
We may use information held about you in the following ways:
3.1. Information you give to us.
In general terms:
(a) Management Data is used for the administration and management of matters that Members may be acting on, for the management of clients of Chambers generally, for the management and promotion of Members and Chambers as a whole, for conflict checking and for other general purposes relating to the business of the Member and Chambers as a whole.
(b) Case Data is used for the provision of the relevant Member’s professional services.
More specifically, we will use the relevant data:
• for the Member to perform the Member’s services, and for Chambers to provide such support as the Member may require in relation to those services;
• to carry out our obligations arising from any contracts entered into between you and a Member and to provide you with the information and services that you request from us;
• for the establishment, exercise or defence of legal claims;
• respond to complaints or make complaints
• to provide you with information about other services we offer that are similar to those that you have already purchased or enquired about;
• to notify you about changes to our services;
• to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to improve our site and services to ensure that content is presented in the most effective manner for you and for your computer;
• as part of our efforts to keep our servers and information safe and secure;
• for our own legal and risk management purposes;
• train barristers, pupils and employees of Chambers;
• to publish articles, commentaries, case summaries, legal judgments and decisions of courts and tribunals;
• to measure or understand the effectiveness of marketing we serve to you and others, and to deliver relevant marketing communications to you; and
• and otherwise required or permitted by law.
Please note that, where you are asked to provide information to us which is of a sort that is necessary to enable us to perform a contract or fulfil a request that you make (eg contact, delivery or payment information) it is a requirement for us to enter and perform such a contract or fulfil your request that you provide that information – if you do not do so, we may not be able to perform your contract or fulfil your request.
3.2. Information we receive from other sources.
We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
4. Disclosure of your information
4.1. You agree that we have the right to share your personal information with:
4.1.1. Other members of Chambers to the extent that another Member may be proposed or requested to act in relation to a particular matter, upon which that other Member will also be a data controller in relation to your information;
4.1.2. Selected third parties including:
• Other parties involved in matters in relation to which we are involved, including other solicitors or barristers, witnesses, experts and the parties themselves;
• Participants in relevant judicial, arbitral or other such systems;
• suppliers and sub-contractors for the performance of any contract we enter into with you;
• in the event of complaints, other members of Chambers who deal with complaints, the Bar Standards Board and the Legal Ombudsman; and
• Other parties so that they can assist us with any obligations relating to money laundering, terrorist financing checks or to perform or assist with other related client due diligence.
4.2. Additionally, we may disclose your personal information to third parties:
4.2.1. If we outsource any aspect of our business or systems, then we may disclose your personal data to our service provider(s).
4.2.2. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms of any agreement or policy to which we are a party, or to protect the rights, property, or safety of us, our clients, or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
5. Legal basis of processing
5.1. Data Protection Law requires us to meet at least one “legal ground” for processing, currently set out in Article 6 of the UK GDPR. The grounds applicable to the personal data to which this notice relates are:
5.1.1. Where the processing is necessary for us to perform a contract that you are party to, or to take steps at your request prior to entering a contract, that is the ground on which we are processing that data;
5.1.2. Where the processing is necessary for compliance with a legal obligation to which we are subject, that is the ground on which we are processing that data;
5.1.3. Where processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, that is the ground on which we are processing that data, provided that your fundamental rights and freedoms which require protection of your data override those legitimate interests (our legitimate interests comprise the management, marketing and provision of the services of members of Chambers);
5.1.4. If you have given your consent to our processing the data, that is the basis on which we are processing that data.
It is likely that more than one of the above grounds applies to our processing of your data.
5.2. Special categories of personal data
If you provide us with any special categories of personal data (that is to say information as to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life or sexual orientation or genetic or biometric data) or personal data relating to criminal convictions and offences, it is a condition of us receiving that information that:
5.2.1. our processing of such data is necessary for the establishment, exercise or defence of legal claims; or
5.2.2. you expressly consent (and if 5.2.1 is not applicable, you hereby do expressly consent) to us processing that personal data for the purposes set out in section 3.
If we receive any such categories of personal data about you from a source other than you, we will process that data to the extent that such processing is necessary for the establishment, exercise or defence of legal claims.
6. Where we store your personal data
6.1. The data that we collect from you will be stored on our computers and servers or those of our service providers. It will not be transferred to a third party outside the United Kingdom unless to a processor acting on our behalf which is either (i) in a country that the UK has decided has adequate data protection laws in place, or (ii) has provided appropriate data protection safeguards of the sort approved by the UK and provide effective rights and remedies for you.
6.2. We may take data outside the UK to the extent necessary for the establishment, exercise or defence of legal claims, or to allow Members to perform legal services whilst travelling outside the UK.
6.3. All information you provide to us is stored on our secure servers.
6.4. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. Length of data storage
7.1. Our policy is to ensure that personal data is only stored for as long as is necessary for the purposes set out at section 3 above. This may vary according to the type of information and the specific applicable purpose(s). If you would like to know what that means in respect of your personal data, please contact us (see section 8.2 below). In determining how long we retain your information we take into consideration the following criteria: our legal obligations, claim limitation periods, good industry practice, the guidance of relevant UK authorities and bodies such as HM Revenue & Customs (HMRC) and the Bar Standards Board, and also tax, accounting, health and safety, and employment rules, guidance and practice.
8. Your rights
8.1. You have various rights under Data Protection Law. These include:
8.1.1. The right to ask us not to process your personal data for direct marketing purposes, even if you have given consent;
8.1.2. If our processing is based on your consent, the right to withdraw any consent you may have given for our processing of your data – if you exercise this right, we will be required to stop such processing if consent is the sole lawful ground on which we are processing that data;
8.1.3. The right to ask us for access to the data we hold about you (see section 9 below for further details);
8.1.4. The right to ask us to rectify any data that we hold about you that is inaccurate or incomplete;
8.1.5. The right to ask us to delete your data in certain circumstances;
8.1.6. The right to ask us to restrict our processing of your data in certain circumstances;
8.1.7. The right to object to our processing of your data in certain circumstances;
8.1.8. In certain circumstances, the right to require us to give you the data we hold about you in a structured, commonly used and machine-readable format so that you can provide the data to another data controller.
8.2. You can exercise any of the rights set out above, free of charge, by using any applicable methods set out in our communications with you, or by contacting us at the address set out at the beginning of this notice or by emailing privacy@xxiv.co.uk In respect of most of the rights referred to above, your right may be qualified by Data Protection Law, for example where our processing of data is for the purposes of the establishment, exercise or defence of legal claims or where legal privilege applies. We may therefore not be able or required to fulfil your request, but we will discuss this with you following your request if necessary. Also, we may need more information from you, which we will ask you for following your request. We may ask you to provide further information in order to confirm your identity. Please also note that if you submit unfounded or excessive (for example repetitive) requests to exercise any of these rights, we reserve the right to make a reasonable charge for providing the requested information or taking the requested action, or to decline your request.
8.3. You also have the right to lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk) if you are concerned that we are not respecting your rights under Data Protection Law. The Information Commissioner’s Office is the authority in the UK which is responsible for overseeing the application of, and enforcing, Data Protection Law.
9. Accessing your data
You have the right to obtain from us:
9.1. Confirmation as to whether we are processing (including holding) personal data about you; and
9.2. If we are processing personal data about you, you are entitled to be provided with:
9.2.1. Information as to the purposes for which we process the data;
9.2.2. Information as to the categories of the data that we are processing;
9.2.3. Information as to the recipients or categories of recipients to whom the data has or will be disclosed;
9.2.4. Information as to the envisaged period for which we will store the data, or if the basis on which that period will be determined;
9.2.5. A copy of the data (further copies are available at a reasonable charge, which we will inform you of should you request further copies). Please note that this right is subject to the rights of others in relation to their own personal data, meaning that we cannot disclose data to you if it would involve disclosing data about someone else.
9.3. Please see section 8.2 above as to how to exercise your rights under this section 9. Section 8.2 applies in full to the exercise of these rights.
10. Other websites
Our site may, from time to time, contain links to and from the websites of other useful entities or information sources. If you follow a link to any of these websites, please note that these websites should have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.
11. Changes to this privacy notice
This privacy notice was last updated on 13th July 2023.
Any changes we make to our privacy notice in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy notice.
12. Contact
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to our GDPR Manager Victoria Milligan, XXIV Old Buildings, Lincolns Inn, London, WC2A 3UP or privacy@xxiv.co.uk at either of the above addresses.