Privacy Notice
PRIVACY POLICY OF:
RACHEL KAPILA
39-40 Cloth Fair, London, EC1A 7NT
ICO Reg No. Z1036349
29 March 2021
Version 2.0
Policy became operational on: 29 March 2021
Next review date: 28 March 2022
Privacy Policy
In order to provide legal services to my clients, including advice and representation services, I need to collect and hold personal information. This may be my client’s personal data and/or the personal data of others who feature in the matters in which I provide legal services.
I am committed to protecting and respecting your privacy. This privacy notice describes the information I collect about you, how it is used and shared, and your rights regarding it.
Data controller
I am a member of Cloth Fair Chambers. I am registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that I hold and process as a barrister. My registered address is 39-40 Cloth Fair, London EC1A 7NT and my ICO registration number is Z1036349. If you need to contact me about your data or this privacy notice, you can reach me at rachelkapila@clothfairchambers.com.
Data collection
The vast majority of the personal data that I collect is provided to me by or on behalf of my clients for the purposes of enabling me to provide legal services to them. I may also obtain information from other sources, including:
- Information that is available publicly in registers, searches or in the media;
- Other legal professionals including solicitors and barristers and their associates, trainees and staff;
- Chambers staff;
- Expert witnesses;
- Prosecution bodies;
- Regulatory, public or administrative bodies;
- Court staff & officials;
- References.
Whose personal data do I process?
I process personal data about my lay and professional clients, potential clients, individuals who feature in the matters in respect of which I am asked to provide legal services, witnesses and experts, opponents, other lawyers with whom I am working, court staff and members of the judiciary and others connected to the matters on which I am working.
What data do I process about you?
In the course of my work providing legal services, I collect and process both personal data and special categories of personal data as defined in the UK General Data Protection Regulation (‘the UK GDPR’).
Personal data may include:
- Name;
- Email address;
- Phone number;
- Address;
- Payment or bank details;
- Date of birth;
- Next of kin details;
- Details pertaining to education and employment;
- Information on your background & current circumstances;
- Financial information.
Where relevant, I may also need to process ‘special category personal data’, which may reveal your:
- Racial or ethnic origin;
- Political opinions;
- Religious and/or philosophical beliefs;
- Trade union membership;
- Genetic data;
- Biometric data for the purpose of uniquely identifying a natural person;
- Data about your health;
- Data about your sex life and/or sexual orientation.
I may also process personal data relating to criminal records, arrests, charges, convictions and offences.
My lawful basis for processing your information
In order that I can provide legal services and representation for you, I must process your personal data. The UK GDPR requires that where I process personal data, I must have a lawful basis for doing so. I set out my lawful reasons to process data below. More than one reason may apply at any given time.
- Consent
Where this is my lawful reason for processing, I will ensure that I have your specific consent for processing your data for the specified purposes. You will also have the right to withdraw your consent at any time. Where you do so, this will not affect the legality of data processing prior to your withdrawal of consent.
- Contractual necessity
I will process your personal data on the basis that it is necessary to enable me to fulfil my contractual duties to you or to take steps to enter into a contract with you.
- Compliance with a legal obligation
I process personal data to enable me to comply with applicable laws. These include:
- Compliance with VAT and tax return requirements;
- Compliance with various regulatory and professional obligations.
- Legitimate interests
I process personal data for my legitimate business interests, which include:
- Provision of legal advice and services;
- Practice administration and management, accounting, fee collection, banking and debt recovery;
- Compliance with professional regulatory requirements;
- Processing for marketing purposes;
- Processing to prevent fraud;
- Ensuring my network and systems are secure;
- Reporting threats to public security.
Special category data processing
The UK GDPR specifies that where I process special category data, I must rely upon certain exemptions in order to do so lawfully. The following exemptions are applicable in my practice:
- I have your explicit consent to do so;
- It is necessary for the exercise or defence of legal claims or judicial acts;
- For reasons of substantial public interest.
Criminal offence data processing
On occasion, I process data relating to criminal offences, where it is necessary to do so, or where I have your explicit consent to do so, for the purposes of, or in connection with:
- Any legal proceedings (including prospective legal proceedings);
- Obtaining legal advice; or
- Establishing, exercising or defending legal rights.
Purposes:
I use your personal information for the following purposes:
- Providing legal advice and representation;
- Investigating and addressing your concerns;
- Communicating with you about news, updates and events;
- Investigating or addressing legal proceedings relating to your use of my services, or as otherwise allowed by applicable laws;
- Making any required statutory returns;
- Assisting in any tendering or panel membership applications;
- Assisting in any other applications for the purpose of professional development or career progression;
- Communicating legal updates and judgments to other legal professionals;
- Marketing purposes;
- Management and administration of my practice;
- Recovering debt;
- Managing complaints with regulators;
- Communicating with regulators;
- Anti money laundering, terrorist financing or conflict of interest checks.
Sharing your personal data
For the purposes set out in this notice, and subject to my professional obligations of confidentiality and the legal professional privilege of my clients, I may provide your personal data to the following:
- Instructing solicitors or other lawyers involved in your case, including those with whom I am working;
- Opposing legal representatives;
- Members of the Judiciary and court officials;
- Opposing lay clients;
- My chambers’ management and staff who provide administrative services for my practice;
- My chambers’ IT providers;
- Expert witnesses and other witnesses;
- My regulator and/or legal advisors in the event of a dispute, complaint or other legal matter;
- Head of Chambers or complaints committee within my chambers, in the event of a complaint;
- Law enforcement officials, government authorities, or other third parties, to meet any legal obligations;
- Legal directories, for the purpose of professional development;
- Any relevant panel or tendering committee, for the purpose of professional development;
- Accountants and banking officials;
- Regulators or arbitrators, where complaints or disputes arise;
- Any other party where you consent to the sharing;
- The Police or intelligence services where required by law or pursuant to a court order.
How long will your personal data be retained for?
I will not keep your personal data in a form that identifies you for longer than is necessary for the purposes set out in this notice or as required or permitted by applicable law. I will usually delete, destroy or anonymise your information approximately 7 years after the end of the matter in which it featured, i.e. the conclusion of the case/matter or receipt of final payment, or writing off of fees, whichever is the latest.
A longer period of retention will apply in the following circumstances:
- If you consent in writing to the data being held for a longer period, records will be retained until the end of that period;
- In criminal cases where custodial sentences longer than 7 years have been passed, records will be retained until the end of the sentence;
- In extradition cases records will be retained until the case is finally concluded and/or there is no realistic prospect of renewed proceedings involving the same requested person commencing;
- In any case, I may retain certain case documents for longer than 7 years where there is good reason for doing so, for example data held for maintaining conflict checks, skeleton arguments which can be used as precedents in subsequent cases, or case documents which contain the results of research into the law.
Transfers of personal data outside the EEA
I may transfer your data to a location (for example to a secure server) outside the UK, if I consider it necessary or desirable for the purposes set out in this notice. This may include circumstances where I am instructed to act on a case by or involving lawyers located outside of the UK.
In such cases, to safeguard your privacy rights, transfers will be carried out with appropriate safeguards to ensure the safety and security of your information. This may include transfers to recipients to which a European Commission ‘adequacy decision’ applies or the transfers will be carried out under standard contractual clauses that have been approved by the European Commission as providing appropriate safeguards for international personal data transfers.
Your rights
The UK GDPR gives you specific rights in terms of your personal data.
For example, you have the right of access to the information I hold and what I use it for and
you can ask for a copy of the personal information I hold about you.
You can ask me to correct any inaccuracies with the personal data I hold.
You can ask me to stop sending you direct mail or emails or, in some circumstances, ask me to stop processing your details.
You will not have to a pay a fee to access your personal data (or to exercise any other rights). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. I may, alternatively, refuse your request in these circumstances. These rights are also subject to certain limitations that exist in law.
You can find out more information about your information rights from the ICO’s website:
http://ico.org.uk/for_the_public/personal_information
You may request access to, correction of, or a copy of your information by contacting me at the email address set out above.
Marketing opt-outs
You may opt out of receiving emails and other messages from my practice by following the instructions in those messages.
Changes to my privacy notice
When I make significant changes, I will notify you of these through email. I will also publish the updated notice on my chambers’ webpage.
What should you do if you have a complaint?
I hope you will be satisfied with the way in which I approach and use your personal data, however if you have a concern or complaint about the way in which I handle your personal data please contact me at the email address above.
Should you find it necessary, you have a right to raise a concern with or make a complaint to the information regulator, the Information Commissioner’s Office: https://ico.org.uk
End of Privacy Notice