Privacy Notice

PRIVACY POLICY OF:  

Kathryn Arnot Drummond

39-40 Cloth Fair, London, EC1A 7NT

ICO Reg No. Z2441973

17 March 2021

Policy became operational on: 24 March 2021

 

Privacy Policy 
In order to provide legal services to my clients, including advice and representation services, I need to collect and hold personal information. This may be my client’s personal data and the personal data of others who feature in the matters in which I provide legal services.
I am committed to protecting and respecting your privacy. This privacy notice describes the information I collect about you, how it is used and shared, and your rights regarding it.  

Data controller 
I am a member of Cloth Fair Chambers. I am registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that I hold and process as a barrister. My registered address is 39-40 Cloth Fair, London EC1A 7NT and my ICO registration number is Z2441973. If you need to contact me about your data or this privacy notice, you can reach me at kathrynarnotdrummond@clothfairchambers.com

Data collection 
The vast majority of the personal data that I collect is provided to me by on behalf of my clients for the purposes of enabling me to provide legal services to them. I may also obtain information from other sources as follows: 

  • Information that is available publicly in registers, searches or in the media 
  • Other legal professionals including solicitors and barristers and their associates, trainees and staff 
  • Chambers staff 
  • Expert witnesses 
  • Prosecution bodies 
  • Regulatory, public or administrative bodies 
  • Court staff & officials 
  • Clients 
  • References 

Whose personal data do I process? 
I process personal data about my lay and professional clients, potential clients, about individuals who feature in the mattes in respect of which I am asked to provide legal services, witnesses and experts, opponents, other lawyers with whom I am working, court staff and members of the judiciary and others connected to the matters I am working on.

What data do I process about you?  
In the course of my work providing legal services I collect and process both personal data and special categories of personal data as defined in the UK GDPR. This may include: 

  • Name 
  • Email address 
  • Phone number 
  • Address 
  • Payment or bank details 
  • Date of birth 
  • Next of kin details 
  • Details pertaining to education and employment 
  • Information on your background & current circumstances 
  • Financial information. 

Where relevant, I may also need to process special category personal data that reveals your:  

  • Racial or ethnic origin 
  • Political opinions 
  • Religious and philosophical beliefs 
  • Trade union membership 
  • Genetic data 
  • Biometric data for the purpose of uniquely identifying a natural person 
  • Data concerning health 
  • Sex life and sexual orientation. 

On occasion, I may also process personal data relating to criminal records, arrests, charges, convictions and offences. 

My lawful basis for processing your information  
In order that I can provide legal services and representation for you, I must process your personal data. The UK General Data Protection Regulation (the UK GDPR) requires that where I process personal data, I must have a lawful basis for doing so. I set out my lawful reasons to process data below. More than one reason may apply at any given time.

  • Consent 

Where this is my lawful reason for processing, I will ensure that I have your specific consent for processing your data for the specified purposes. You will also have the right to withdraw your consent at any time. Where you do so this will not affect the legality of data processing which had taken place prior to your withdrawal of consent. 

  • Contractual necessity

I will process your personal data on the basis that it is necessary to enable me to fulfil my contractual duties to you or to take steps to enter into a contract with you. 

  • Compliance with a legal obligation

I process personal data to enable me to comply with applicable laws. These include

  • To make statutory VAT and tax returns to HMRC
  • To comply with to comply with various regulatory and professional obligations
  • Legitimate interests

I process personal data for my legitimate business interests which include

  • Provision of legal services and advice. 
  • For purposes of practice administration and management, accounting, fee collection, banking and debt recovery.
  • For completion of professional regulatory requirements.
  • Processing for marketing purposes.
  • Processing to prevent fraud.
  • To ensure my network and systems are secure.
  • Reporting threats to public security. 

Special category processing 
The UK GDPR specifies that where I process special category data, I must rely upon certain exemptions in order to do so lawfully. The following exemptions are applicable in my practice:

  • I have your explicit consent to do so.
  • It is necessary for the exercise or defence of legal claims or judicial acts. 
  • For reasons of substantial public interest.

Criminal data processing 
On occasion, I process data relating to criminal offences where it is necessary for: 

  • The purpose of, or in connection with, any legal proceedings (including prospective legal proceedings); 
  • The purpose of obtaining legal advice; or 
  • The purposes of establishing, exercising or defending legal rights 
  • Where I have your explicit consent to do so.

Purposes: 
I use your personal information for the following purposes: 

  • Provide legal advice and representation;
    • Investigate and address your concerns; 
  • Communicate with you about news, updates and events; 
  • Investigate or address legal proceedings relating to your use of my services, or as otherwise allowed by applicable law; 
  • Make any required statutory returns; 
  • Assist in any tendering or panel membership applications; 
  • Assist in any other applications for the purpose of professional development or career progression; 
  • Communicate legal updates and judgments to other legal professionals; 
  • For marketing purposes. 
  • For the management and administration of my practice 
  • To recover debt 
  • To manage complaints with regulators 
  • Communications with regulators 
  • Where relevant to conduct anti money laundering, terrorist financing or conflict of interest checks 

Sharing your personal data
For the purposes set out in this notice, and subject to my professional obligations of confidentiality and the legal professional privilege of my clients, I may provide your personal data to the following: 

  • Instructing solicitors or other lawyers involved in your case, including those with whom I am working
  • Opposing legal representatives 
  • Members of the Judiciary and court official
  • Opposing lay clients 
  • My chambers’ management and staff who provide administrative services for my practice
  • My chambers IT providers
  • Expert witnesses and other witnesses
  • My regulator and/or legal advisors in the event of a dispute, complaint or other legal matter 
  • Head of Chambers or complaints committee within my chambers, in the event of a complaint 
  • Law enforcement officials, government authorities, or other third parties, to meet any legal obligations 
  • Legal directories, for the purpose of professional development 
  • Any relevant panel or tendering committee, for the purpose of professional development
  • Accountants and banking officials 
  • Regulators or arbitrators, where complaints or disputes arise 
  • Any other party where I ask you for consent, and you consent, to the sharing
  • I may also be required to disclose your information to the Police or Intelligence services where required by law or pursuant to a court order 

How long will your personal data be retained for?
I will not keep your personal data in a form that identifies you for longer than is necessary for the purposes set out in this notice or as required by applicable law. Unless specific circumstances require me to keep it (e.g. for maintaining conflict checks) I will delete, destroy or anonymise your information around 10 years after the end of the matter in which it featured, i.e. the conclusion of a case/matter or receipt of final payment, or writing off of fees, whichever is the latest. 

Transfers of personal data outside the EEA
I may transfer your data to a location (for example to a secure server) outside the UK, if I consider it necessary or desirable for the purposes set out in this notice. This may include circumstances where I am instructed to act on a case by or involving lawyers located outside of the UK.

In such cases, to safeguard your privacy rights, transfers will be carried out with appropriate safeguards to ensure the safety and security of your information. This may include transfers to recipients to which a European Commission ‘adequacy decision’ applies or the transfers will be carried out under standard contractual clauses that have been approved by the European Commission as providing appropriate safeguards for international personal data transfers.
           
Your rights 
The UK GDPR gives you specific rights in terms of your personal data.
For example, you have the right of access to the information I hold and what I use it for and
you can ask for a copy of the personal information I hold about you.
You can ask me to correct any inaccuracies with the personal data I hold.
You can ask me to stop sending you direct mail or emails or, in some circumstances, ask me to stop processing your details.  

You will not have to a pay a fee to access your personal data (or to exercise any other rights). However, I may charge a reasonable fee if you request is clearly unfounded, repetitive or excessive. I may, alternatively, refuse to comply with your request in these circumstances. These rights are also subject to certain limitations that exist in law.

You can find out more information about your information rights from the ICO’s website: 

http://ico.org.uk/for_the_public/personal_information
   
You may request access to, correction of, or a copy of your information by contacting me at the email address set out above.

Marketing opt-outs 
You may opt out of receiving emails and other messages from my practice by following the instructions in those messages.  

Changes to my privacy notice. 
When I make significant changes, I will notify you of these through email. I will also publish the updated notice on my chambers’ webpage. 

What should you do if you have a complaint
I hope you will be satisfied with the way in which I approach and use your personal data, however if you have a concern or complaint about the way in which I handle your personal data please contact me at the email address above.
Should you find it necessary, you have a right to raise a concern or with or make a complaint to the information regulator, the Information Commissioner’s Office: https://ico.org.uk

End of Privacy Notice