QEB Privacy Notice

This Privacy notice explains what information Queen Elizabeth Building Chambers “QEB” (‘we’, ‘us’, and ‘our’) gather about you, what we use that information for, and who we give that information to. It also sets out your rights in relation to your information and who you can contact for more information or queries.

We take safeguarding online privacy seriously. Please read the following to understand our privacy practices.

From time to time, we may need to change our privacy statement because of changes in our organisation, legislation or in our attempts to serve your needs better. We will use reasonable efforts to publish any changes to our privacy statement.

QEB is responsible for collecting, processing, storing and safe-keeping personal and other information as part of providing a service and carrying out our regular business activities. We manage personal information in accordance with the Data Protection Act 2018 and the General Data Protection Regulation 2016.

We take your privacy rights and the security of your information very seriously. This fair processing notice is supported by a more detailed policy statement which we can send on request.

Who are we? 

Queen Elizabeth Building Chambers collects, uses and is responsible for personal information about you. When Chambers does this, it is the ‘controller’ of this information for the purposes of the GDPR and the Data Protection Act 2018.

If you need to contact Chambers about your information or the processing carried out, you can use the contact details at the end of this document.

Scope 

This policy applies to all personal information collected by QEB, our subsidiaries and partners, and contractors acting on our behalf. This Privacy notice describes how we use personal information that we obtain by:

  • Acting for you in connection with the matter(s) identified in an Engagement Letter that we have provided to you
  • Through our website and
  • By any other means.

Personal information we may collect about you and others could include, but is not limited to:

  1. personal details
  2. family details
  3. lifestyle and social circumstances
  4. goods and services
  5. financial details
  6. education, training and employment details
  7. physical or mental health details
  8. racial or ethnic origin
  9. political opinions
  10. religious, philosophical or other beliefs
  11. trade union membership
  12. sex life or sexual orientation
  13. genetic information
  14. biometric information for the purpose of uniquely identifying a natural person
  15. criminal proceedings, outcomes and sentences, or related security measures
  16. other personal information relevant to instructions to provide legal services, including information specific to the instructions in question.

Information collected from other sources

The same categories of information may also be obtained from third parties, such as members of Chambers, experts, members of the public, your family and friends, witnesses, courts and other tribunals, suppliers of goods and services, investigators, government departments, regulators, public records and registers.

We will not collect information about you for any purpose other than specified within our contract with you. QEB will ensure that the personal information we collect is updated to our systems in a timely and accurate manner.

We may apply markers to your information on our systems to allow us to tailor and deliver services to you and/or if required as we have a need to protect the vital interests of our staff, contractors and customers.

The legal basis for processing your personal information 

Chambers relies on the following as the lawful bases to collect and use your personal information:

  •  If you have consented to the processing of your personal information, then Chambers may process your information for the Purposes set out above to the extent to which you have consented to Chambers doing so.
  • In relation to information in categories (g) to (o) above these being categories which are considered to include particularly sensitive information, and which include information about criminal convictions or proceedings, Chambers is entitled by law to process the information where the processing is necessary for legal proceedings, legal advice, or otherwise for the establishment, exercise or defence of legal rights.
  • In relation to information which is not in categories (g) to (o) above, Chambers relies on its legitimate interests and/or the legitimate interests of a third party in carrying out the processing for the purposes set out above.
  • In relation to information which is in categories (g) to (o) above these being categories which include particularly sensitive information, and which include information about criminal convictions or proceedings, Chambers relies on your consent for any processing for the purposes set out in purposes (i), (ii), (vi) and (viii) above. However, if you do not consent to processing for the purpose of providing a reference Chambers will be unable to take or provide a reference. This is because Chambers needs to be able to retain all information about you to provide an informed and complete reference.
  • The processing is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on Chambers or you in connection with employment, national insurance or social protection – DPA Bill sch. 1 Part 1. para. 1(1) (b).
  • The processing is necessary for the assessment of your working capacity or health or social care purposes.
  • The processing of information in categories (g), (h), (j) and (l), is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between members of staff, tenants, pupils and mini-pupils with a view to enabling such equality to be promoted or maintained– DPA Bill sch 1 Pt 2 para. 5(1) & Para. 39 in Pt 4.
  •  The processing is necessary to prevent or detect unlawful acts where it is in the substantial public interest and it must be carried out without consent so as not to prejudice those purposes.
  • In certain circumstances processing may be necessary in order that Chambers can comply with a legal obligation to which it is subject including carrying out anti-money laundering or terrorist financing checks.
  • Who will Chambers share your personal information with? It may be necessary to share your information with the following:
    • information processors, such as IT support staff, email providers, information storage providers
    • in the event of complaints, the Head of Chambers and members of Chambers who deal with complaints, the Bar Standards Board and the Legal Ombudsman
    • other regulatory authorities
    • current, past or prospective employers or employees
    • in the case of recruitment of barristers to or from other chambers, your current, past and prospective chambers
    • education and examining bodies
    • legal professionals
    • experts and other witnesses
    • prosecution authorities
    • courts and tribunals
    • Chambers’ staff
    • trainee barristers
    • lay and professional clients of Members of Chambers
    • family and associates of the person whose personal information Chambers is processing
    • education and examining bodies
    • business associates, professional advisers and trade bodies, e.g. the Bar Council
    • the intended recipient, where you have asked Chambers to provide a reference
    • the general public in relation to the publication of legal judgments and decisions of courts and tribunals – DPA Bill sch. 1 Part 2. para. 5(1).

Chambers may be required to provide your information to regulators, such as the Bar Standards Board, the Financial Conduct Authority or the Information Commissioner’s Office. In the case of the Information Commissioner’s Office, there is a risk that your information may lawfully be disclosed by them for the purpose of any other civil or criminal proceedings, without Chambers’ consent or your consent, which includes privileged information.

Chambers may also be required to disclose your information to the police or intelligence services, where required or permitted by law.

How Chambers uses your personal information

Chambers may use your personal information for the following purposes:

  1. To provide legal advice and services
  2. to confirm and authenticate your identity
  3. to update and enhance our records
  4. to manage our practice, statutory returns and legal and regulatory compliance
  5. to conduct quality and risk management reviews;
  6. to monitor and enforce compliance with our Terms of Business;
  7. to promote and market the services of the Barristers
  8. to train barristers
  9. to recruit staff and pupils
  10. to assess applications for tenancy, pupillage, mini-pupillage and work-shadowing opportunities
  11. to fulfil equality and diversity and other regulatory requirements,
  12. to procure goods and services,
  13. to manage matters relating to employment, including payroll [and pensions]
  14. to respond to requests for references 6. to publish legal judgments and decisions of courts and tribunals
  15. to respond to potential complaints or make complaints
  16. to carry out anti-money laundering and terrorist financing checks
  17. as otherwise required or permitted by law.

Processing of personal data for the administration of QEB

Chambers is the data controller for data that is processed for the purposes of administering QEB. This includes data that is processed for billing purposes and for marketing purposes. In relation to marketing data, Chambers will not send marketing emails except where we are permitted under the Privacy and Electronic Communications Regulations 2003 or any successor legislation.

Chambers is the data controller in respect of all data relating: to staff employed by Chambers, contract workers who provide services to QEB (e.g. cleaners and plumbers), and mini-pupils and pupils at QEB.

Processing of personal data to assist Barristers in conducting their practices

  • Chambers employs staff members (including barristers’ clerks) to assist Barristers in conducting their practices, and to deal with the administration of QEB
  • Chambers is the data controller for electronic personal data held by staff members (e.g. in the staff member’s email accounts and on their work devices) for the purposes of helping Barristers run their practices.
  • Chambers is also the data controller in respect of any electronic personal data processed in connection with any unallocated case (i.e. a case that has been sent to QEB but has not been allocated to a particular Barrister).
  • Chambers is the data controller in respect of any hard copy files which fall within the scope of the GDPR and which relate to a case which is unallocated

Marketing and promotion 

In relation to personal information collected for marketing purposes, the personal information consists of;

  • names, contact details, and name of organisation
  • the nature of your interest in Chambers’ marketing
  • your attendance at Chambers events.

This will be processed so that you can be provided with information about Chambers and the Barristers/Mediators/Arbitrators and to invite you to events.

You may contact Chambers using the contact details at the end of this document if you no longer wish to receive such invitations or information.

Whether information has to be provided by you, and why

If you apply to Chambers for a position or are seeking a reference or are a member of staff, your personal information has to be provided to Chambers, so that your application/reference can be properly assessed/your employment records, pay and pensions can be administered and to enable Chambers to comply with its regulatory obligations, and to keep accounting records.

If you are offering or providing Chambers with goods or services, your information may be processed in relation to such offers or contracts.

Sources of information

The personal information Chambers obtains may include information obtained from:

  • legal professionals
  • experts and other witnesses
  • prosecution authorities
  • courts and tribunals
  • trainee barristers
  • lay and professional clients of members of Chambers
  • family and associates of the person whose personal information Chambers is processing
  • in the event of complaints, the Head of Chambers, other members of Chambers who deal with complaints, the Bar Standards Board, and the Legal Ombudsman
  • other regulatory authorities
  • current, past or prospective employers
  • education and examining bodies
  • business associates, professional advisers and trade bodies, e.g. the Bar Council
  • the intended recipient, where you have asked Chambers to provide a reference.
  • the general public in relation to the publication of legal judgments and decisions of courts and tribunals, this requires the production of a policy document to comply with this obligation – DPA Bill sch. 1 Part 2. para. 5(1).
  • data processors, such as IT support staff, email providers, data storage providers
  • public sources, such as the press, public registers and law reports.

Security of personal information

  • We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction.
  • Only authorised persons are provided access to personally identifiable information we have collected, and such individuals have agreed to maintain the confidentiality of this information.
  • Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure.
  • We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to or by us.

Transfer of your information outside the European Economic Area (EEA) 

This privacy notice is of general application and as such it is not possible to state whether it will be necessary to transfer your information out of the EEA in any particular case or for a reference. However, if you reside outside the EEA or your case or the role for which you require a reference involves persons or organisations or courts and tribunals outside the EEA then it may be necessary to transfer some of your information to that country outside of the EEA for that purpose. If you are in a country outside the EEA or if the instructions, you provide come from outside the EEA then it is inevitable that information will be transferred to those countries. If this applies to you and you wish additional precautions to be taken in respect of your information, please indicate this when providing initial instructions.

Some countries and organisations outside the EEA have been assessed by the European Commission and their information protection laws and procedures found to show adequate protection. The list can be found here. Most do not. If your information has to be transferred outside the EEA, then it may not have the same protections and you may not have the same rights as you would within the EEA.

Chambers may transfer your personal information to the following which are located outside the European Economic Area (EEA):

  • cloud information storage services based in the USA who have agreed to comply with the EU-U.S. Privacy Shield, in order to enable me to store your information and/or backup copies of your information so that Chambers may access your information when they need to. The USA does not have the same information protection laws as the EU but the EU-U.S. Privacy Shield has been recognised by the European Commission as providing adequate protection. To obtain further details of that protection see https://ec.europa. eu/info/ law/law-topic/information-protection/information-transfers-outside-eu/eu-usprivacyshield_en.
  • cloud information storage services based in Switzerland, in order to enable me to store your information and/or backup copies of your information so that Chambers may access your information when it needs to. Switzerland does not have the same information protection laws as the EU but has been recognised by the European Commission as providing adequate protection; see https://ec.europa.eu/info/law/law-topic/informationprotection/ information-transfers-outside-eu/adequacy-protection-personal-informationnon-eucountries_en

If Chambers decides to publish a judgment or other decision of a Court or Tribunal containing your information, then may be published to the world.

Chambers will not otherwise transfer personal information outside the EEA except as necessary for the conduct of any legal proceedings.

If you would like any further information, please use the contact details at the end of this document.

How long will Chambers store your personal information? 

Chambers will normally store all your information:

  • for at least 10 years after the expiry of any relevant limitation period, from, for example the date on which your employment terminates, the date of the last provision of service or goods, the date of the last payment made or received or the date on which all outstanding payments are written off, whichever is the latest/whatever other end point is chosen. This is because it may be needed for potential legal proceedings or other legal period requirements. At this point any further retention will be reviewed and the information will be marked for deletion or marked for retention for a further period. The latter retention period is likely to occur only where the information is needed for legal proceedings, regulatory matters or active complaints. Deletion will be carried out as soon as reasonably practicable after the information is marked for deletion.
  • Equality and diversity pupil data may be retained for 1 year for the purpose of research and statistics and complying with regulatory obligations in relation to the reporting of equality and diversity data.
  • Names and contact details held for marketing purposes will be stored indefinitely or until Chambers becomes aware or is informed that the individual has ceased to be a potential client.
  • Personal information held for recruitment purposes or in relation to pupillage or mini pupillage will be stored for 1 year.

Consent

As explained above, Chambers is relying on your explicit consent to process your information in categories (g) to (o) above. You provided this consent when you applied to become a member of staff, tenant, pupil or mini-pupil /you asked Chambers to provide a reference.

You have the right to withdraw this consent at any time, but this will not affect the lawfulness of any processing activity carried out prior to you withdrawing your consent. However, where Chambers also relies on other bases for processing your information, you may not be able to prevent processing of your information.

If there is an issue with the processing of your information, please contact Chambers using the contact details below.

Under the GDPR, you have a number of rights that you can exercise in certain circumstances. These are free of charge. In summary, you may have the right to:

  • Ask for access to your personal information and other supplementary information;
  • Ask for correction of mistakes in your information or to complete missing information Chambers holds on you;
  • Ask for your personal information to be erased, in certain circumstances;
  • Receive a copy of the personal information you have provided to me or have this information sent to a third party. This will be provided to you or the third party in a structured, commonly used and machine-readable format, e.g. a Word file;
  • Object at any time to processing of your personal information for direct marketing;
  • Object in certain other situations to the continued processing of your personal information;
  • Restrict the processing of your personal information in certain circumstances;
  • Request not to be the subject to automated decision-making which produces legal effects that concern you or affects you in a significant way.

If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR.

If you want to exercise any of these rights, please:

  • Use the contact details at the end of this document;
  • Chambers may need to ask you to provide other information so that you can be identified;
  • Please provide a contact address so that you can be contacted to request further information to verify your identity;
  • Provide proof of your identity and address;
  • State the right or rights that you wish to exercise.
  • Chambers will respond to you within one month from when it receives your request.

Requesting a copy of your personal information

As part of our service to you, we will supply you with copies of specific pieces of information, for example a copy of your rent statement. If you want a copy of information we have received or shared with third parties or a copy of everything we have on record relating to you, you will be required to put this in writing. This is called a ‘subject access request’.

If you make a subject access request, we will provide you with a readable copy of the personal information we hold about you. To make a subject access request you must:

  • make your request in writing
  • complete the subject access request form
  • provide proof of your identity

Download QEB’s Subject Access Request Form here and please send your request to our DPO Officer:

Name: Ian Bernhardt

Address: QEB, Queen Elizabeth Building, Temple, London, EC4Y 9BS

Email address: [email protected]

Retention Period QEB’s Retention Period has been set to 10 years. In practice, there are several reasons for retaining documents/information beyond the end of a case. These include:

  1. Case documents may be relevant to an appeal out of time (especially in criminal cases).
  2. Anonymised case documents can be used as precedents.
  3. Case documents may contain the results of research into the law, which may be relevant to a current case. These should be anonymised once any need to retain the data for other purposes has disappeared (e.g. “7” below).
  4. Instructions, facts or expert opinions in a previous case may be relevant to a current case. These should be anonymised once any need to retain the data for other purposes has disappeared (e.g. “7” below).
  5. Correspondence or instructions contain contact details which may be useful. These should be transposed from the correspondence and instructions to a list of contacts e.g. in Outlook, once the need to retain the documents for other reasons has disappeared (e.g. “7” below), so that the documents can then be deleted.
  6. Case documents or records may be important when carrying out a conflict search. It will not usually be necessary to retain substantial numbers of case files for this purpose, and you may find that it is sufficient for the necessary information to be retained on the Chambers’ system, for those who normally carry out these searches.
  7. Case documents must be retained in the event that a complaint is made against a barrister, or a barrister makes a claim against his or her insurers or solicitors. The limitation period for such claims should provide guidance as to the period of retention. In addition, an extended retention period may be required where clients are minors.

Destruction of records

When records are identified for disposal, QEB’s responsibility is to delete these records in a secure manner. QEB use a third-party company (Provide company name) who collect the case files weekly and dispose of them securely.

Applications for Employment at QEB

All applications for employment with QEB will be used to process your application and to produce and monitor recruitment statistics. References will not be requested without your prior permission. QEB will not share or disclose your information unless you have given us your consent, or we are required to by law. Where QEB is required to carry out a Disclosure, we will comply with the law and your rights when carrying out these checks.

QEB retains personal information relating to unsuccessful applicants for no longer than a year for use in the event of an appeal. We produce statistical information to assist with recruitment analysis. We may collect additional information when an offer of employment is made to the successful applicant. This could include requesting and holding a copy of your passport or national insurance number.

Our legal obligations

We will share specific and relevant information with law enforcement and government agencies or public bodies where we are legally required to do so. Examples may include:

  • The prevention or detection of crime and fraud
  • The apprehension or prosecution of offenders
  • The assessment or collection of tax or duty owed to customs and excise
  • Sharing in connection with legal proceedings
  • Sharing in relation to the physical or mental health of an individual, where disclosure is required to protect them or others from serious harm
  • Research and statistical purposes

We may also share your information with emergency services and local authorities, where this is necessary to help them respond to an emergency that affects you.

Video Conferencing 

QEB Chambers is the Data Controller responsible for the personal information you may provide when using video conferencing technology, such as Zoom.

Why we need your personal data When using video conferencing technology staff and members may use either their Chambers provided devices when in chambers or a personal device when working from home. The lawful basis for processing is under GDPR, where special category data is discussed, this is processed in particular with regard to the health of staff affected by the Coronavirus under Article 9.2(b) Employment, social security and social protection and/or Article 9.2(g) Reasons of substantial public interest (Contingencies Act 2004).

How your data is used

Your data will be used during the use of the Video Conferencing facility and users are requested not to record meetings.

The meeting organiser should monitor to ensure only invited attendees join the meeting and use the password facility where available to prohibit access by others.

Our video conferencing application does not monitor meetings or store them after the meeting ends unless they are requested to record and store them by the meeting host. If there were a need to record a meeting, this would be alerted to the participants via both audio and video when joining the meeting and participants have the option to leave the meeting.

The Video Conferencing facility may record names and emails for login and IP addresses, but there is no need to retain this data and the users are requested to delete this following use.

Chambers will not disclose your personal information to third parties for marketing or sales purposes or for any commercial use, and we will not use your personal data in a way which may cause you harm.

Zoom’s privacy policy confirms that they “only collect the user data that is required to provide Zoom services. This includes technical and operational support and service improvement. For example, we collect information such as a user’s IP address and OS and device details to deliver the best possible Zoom experience to you regardless of how and from where you join”.

They also state that they “do not use data we obtain from your use of our services, including your meetings, for any advertising. We do use data we obtain from you when you visit our marketing websites, such as zoom.us and zoom.com. You have control over your own cookie settings when visiting our marketing websites”.

How long the information is kept for 

The user also can delete any data (such as names and emails for login and IP addresses) after meetings have concluded and at the end of the use of the application.

Zoom has stated that; any data stored on US servers is minimal and relates only to the users of the application.

Recordings will be kept for no more than 6 months

Your rights

You have the right to access your data and correct any inaccuracies. For further details of your rights please contact the Data Protection Officer or go to our website for a more detailed explanation.

Keeping your information secure 

We store personal information both electronically and in paper form. We implement security policies, processes, and technical security solutions to protect the personal information we hold from:

  • unauthorised access
  • improper use or disclosure
  • unauthorised modification
  • unlawful destruction or accidental loss.

When you contact us, we may ask you to provide us with some information so that we can confirm your identity. If other people (e.g. family members, support workers, solicitors) act on your behalf, we will take steps to make sure that you have agreed for them to do so. This may include asking them to provide us with supporting information to indicate your consent. We do this to protect you and to make sure that other people cannot find things out about you that they are not entitled to know.

Employees and third parties who have access to, or are associated with the processing of, your personal information will be required to ensure compliance with the GDPR Regulation and make reasonable efforts to safeguard it.

Future processing

Chambers does not intend to process your personal information except for the reasons stated within this privacy notice. If this changes, this privacy notice will be amended and placed on the Chambers’ website at www.qeb.co.uk

Changes to this privacy notice 

This privacy notice was published on 30th July 2021

Chambers continually reviews its privacy practices and may change this policy from time to time. When it does an amended privacy notice will be placed on Chambers’ website, www. qeb.co.uk

Exemptions 

In some circumstances, the DPA 2018 provides an exemption from UK GDPR provisions. If an exemption applies, chambers may not have to comply with all the usual rights and obligations.

The exemptions are detailed in Schedules 2-4 of the DPA 2018. They add to and complement a number of exceptions already built into certain UK GDPR provisions.

As such chambers may rely on one the following exemptions when processing personal data:

  • Crime, law and public protection
  • Crime and taxation: general
  • Crime and taxation: risk assessment
  • Information required to be disclosed by law or in connection with legal proceedings
  • Legal professional privilege
  • Self incrimination
  • Disclosure prohibited or restricted by an enactment
  • Immigration
  • Functions designed to protect the public
  • Audit functions
  • Bank of England functions
  • Regulation, parliament and the judiciary
  • Regulatory functions relating to legal services, the health service and children’s services
  • Other regulatory functions
  • Parliamentary privilege
  • Judicial appointments, independence and proceedings
  • Crown honours, dignities and appointments
  • Journalism, research and archiving
  • Journalism, academia, art and literature
  • Research and statistics
  • Health, social work, education and child abuse
  • Health data – processed by a court
  • Health data – an individual’s expectations and wishes
  • Health data – serious harm
  • Health data – restriction of the right of access
  • Social work data – processed by a court
  • Social work data – an individual’s expectations and wishes
  • Social work data – serious harm
  • Social work data – restriction of the right of access
  • Education data – processed by a court
  • Education data – serious harm
  • Education data – restriction of the right of access
  • Child abuse data
  • Finance, management and negotiations
  • Corporate finance
  • Management forecasts
  • Negotiations
  • References and exams
  • Confidential references
  • Exam scripts and exam marks
  • Subject access requests – information about other people
  • Protection of the rights of others

How to make a complaint? 

If you are concerned about how we are collecting, using and/or sharing your personal information, you can contact our Data Protection Officer ([email protected]). You can also obtain more information on your rights and our obligations as a Data controller by contacting the Information Commissioner. You can also apply to the Court for compensation for distress and/or damages due to non-compliance of the Data Protection Act 2018 or GDPR 2016.

We keep our privacy policy under regular review. This privacy notice was last updated in April 2021.