Millennium Chambers Privacy Notice
We want you to know that when you use our organisation you can trust us with your information. We are determined to do nothing that would infringe your rights or undermine your trust. This Privacy Notice describes the information we collect about you, how it is used and shared, and your rights regarding it.
We are registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that we hold and process. Our registered address is Suite 207, Kala Studios, The Biscuit Factory, 100 Drummond Road, London SE16 4DG, our registration number is ZA702429, and our Data Protection Officer/Lead (DPO/DPL) is Nathan Lee-Walsh. Our Data Protection Officer/Lead can be contacted at 020 3179 2023.
Why we process personal data?
All or the vast majority of the information that we hold about you is provided to us by yourself when you seek to use our services, or you are employed by us or work within various capacities. We will tell you why we need the information and how we will use it.
Personal data is any information that can be used to identify an individual, and it can range from the most basic of details such as contact information through to more complex data.
Identification can be by the information alone or in conjunction with any other information. The processing of personal data is governed by both the UK General Data Protection Regulation (the GDPR) and the Data Protection Act 2018.
However, not all personal data is considered equal. There are two different categories: ‘personal data’ and ‘special categories of personal data’.
We collect and process both personal data and special categories of personal data as defined in the GDPR. This includes:
- Personal and family information, including names, dates of birth, and personal contact details;
- Financial details such as financial status and bank details;
- Records of goods and services relevant to Chambers;
- Records of education, training, and employment;
- Other personal information relevant to the provision of legal services, including information relevant to the specific instructions given in a case.
Sensitive and special data including:
- Information about physical and mental health, including any relevant Covid-19 Track and Trace information;
- Racial or ethnic origin;
- Political opinions;
- Religious, philosophical, or other beliefs;
- Trade union membership;
- Sex life or sexual orientation;
- Genetic and biometric information of natural persons.
How Do We Collect Information?
In most circumstances, you will provide us with personal data when you get in touch with us whether this is to assist your barrister in the provision of legal services or when you are employed by us or are a member of chambers or provide services to us.
Millennium Chambers may also obtain information from third parties, parties involved in legal proceedings, such as witnesses, courts, tribunals. In addition, we may obtain information from other employees, contractors and referees and individual members of chambers. Information may also be supplied by suppliers of goods and services, government departments, and public records including the media.
Millennium Chambers complies with its obligations under the GDPR:
- by collecting and retaining only data necessary to pursue Chamber’s legitimate business interests;
- by ensuring that appropriate technical measures are in place to protect personal data;
- by keeping personal data up to date;
- by storing and destroying data securely;
How Millennium Chambers Uses Your Personal Information?
Millennium Chambers may use your personal information for the following purposes:
- Direct your enquiries to the appropriate barrister;
- Process or support payments for goods and services;
- Maintain the safety, security and integrity of our services;
- Investigate and address your concerns or any complaints relating to our services;
- Communicate with you about services, news, updates, and events;
- Investigate or address legal proceedings relating to your use of our services or as otherwise allowed by applicable law;
- Make statutory returns as required by law;
- To promote and market the services of the Barristers;
- to assess applications for and provide: tenancy, pupillage, mini-pupillage, and work-shadowing opportunities;
- to facilitate work experience;
- to fulfil all regulatory and operational obligations as employers;
- to publish legal judgments and decisions of courts and tribunals;
- to carry out anti-money laundering and terrorist financing checks;
- to comply with COVID-19 Track and Trace regulations;
- as otherwise required or permitted by law.
We do not use automated decision-making in the processing of your personal data.
Legal Basis for Processing Your Personal Information
The GDPR requires all organisations that process personal data to have a Lawful Basis for doing so. The Lawful Bases identified in the GDPR are:
- Consent of the data subject;
- Performance of a contract with the data subject or to take steps to enter into a contract;
- Compliance with a legal obligation;
- To protect the vital interests of a data subject or another person;
- Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- The legitimate interests of us, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
Our Lawful basis
Millennium Chambers is required to process information to comply with various legal obligations including record keeping, administration and regulatory activities. As an employer, we also have additional employment-related legal obligations.
We are required to process personal information to enter into and fulfil various obligations for contracted services or relating to employment contracts.
The processing is necessary to prevent or detect unlawful acts where it is in the substantial public interest, and it must be carried out without consent so as not to prejudice those purposes. In addition, it may be necessary to process relevant Covid-19 Track and Trace information.
We will rely on the legitimate interest of Millennium Chambers when processing information for the purposes set out above to include the management, administration and operation of Chambers, for all business development and marketing purposes, to conduct all employment functions and obligations, to comply with all regulatory functions required by professional regulators.
On occasion, we may rely upon your consent, particularly in relation to our marketing activity. At all times you retain the right to withdraw your consent. Where we have relied upon your consent, and you opt to withdraw it this does not invalidate our lawful basis for processing data historically.
Special category processing
If we are processing special categories of data such as medical records, we are entitled by law to do so where it is necessary for the purposes of employment law and to support individuals with a particular disability or medical condition. We may also obtain your consent to process this type of data.
If we are processing any special category of data such as any Covid-19 related data, including Track and Trace information, we are entitled by law to do where the collecting the data is likely to be in the interests of the individual, the organisation, and the public health, in the efforts to tackle COVID-19.
Criminal data processing
On occasion, Millennium Chambers may process data relating to criminal offences where it is necessary for the purpose of, or in connection with, any legal proceedings; obtaining legal advice; or establishing, exercising or defending legal rights. We may also request your specific consent to process this type of data.
Who Will Millennium Chambers Share Your Personal Information With?
It may be necessary to share your information with the following:
- Delivery partners;
- Our business partners;
- Any other party where we ask you and you consent to the sharing;
- Our legal advisors in the event of a dispute or other legal matter;
- Law enforcement officials, government authorities, or other third parties to meet our legal obligations;
- IT Support services;
- Professional advisers and consultants engaged in the course of running of Millennium Chambers;
- Regulatory bodies including the Bar Standards Board and the Legal Ombudsman;
- Recruitment agencies;
- Other barrister’s chambers;
- Prosecution authorities;
- Courts and tribunals;
- Members of Millennium Chambers including Barristers and trainee Barristers;
- Advisers and other parties involved in any matter you discuss with us, or engage a member of Millennium Chambers to act on, such as professional clients, lay clients and professional clients;
- Next of kin for employees and members;
- The intended recipient, where you have asked Millennium Chambers to provide a reference;
- The general public in relation to the publication of legal judgments and decisions of courts and tribunals;
- Any Public Health Authority in relation to any Covid-19 Track and Trace information.
Except for the reasons set out above Millennium Chambers will not share your personal data with third parties without obtaining your prior consent. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide on our behalf.
Transfer Of Your Information Outside the UK/ European Economic Area (EEA)
We do not transfer any personal data to third countries or international organisations.
How Long Do We Keep Your Personal Data?
We retain your personal data while you remain a client, member, pupil or employee unless you ask us to delete it. Our Retention and Disposal Policy (copy available on request) details how long we hold data for and how we dispose of it when it no longer needs to be held. We will delete or anonymise your information at your request unless:
- There is an unresolved issue, such as a claim or dispute;
- We are legally required to retain the data to meet our legal, statutory and regulatory obligations;
- There are overriding legitimate business interests, including but not limited to fraud prevention and protecting clients’ safety and security.
Under the GDPR, you have several rights that you can exercise in certain circumstances. Where those circumstances are established, you may have the right to:
- Ask for access to your personal information and other supplementary information;
- Ask for correction of mistakes in your data or to supplement information Millennium Chambers holds on you;
- Ask for your personal information to be erased;
- Receive a copy of the personal information you have provided or have this information sent to a third party.;
- Object at any time to processing of your personal information for direct marketing;
- Object to the continued processing of your personal information;
- Restrict Millennium Chambers’ processing of your personal information.
If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR.
If you want to exercise any of these rights, or for any further enquiries relating to data protection at Millennium Chambers please contact Data Protection Officer Nathan Lee-Walsh
You may also raise a complaint directly with the Information Commissioners’ Office at 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
You may opt out of receiving emails and other messages from our organisation by following the instructions in those messages.
- Validate users;
- Remember user preferences and settings;
- Determine the frequency of accessing our content;
- Measure the effectiveness of advertising campaigns; and
- Analyse site visits and trends.
Millennium Chambers does not intend to process your personal information except for the reasons stated within this privacy notice. In the event of changes, this privacy notice will be updated.
We will occasionally update our Privacy Notice. We will publish the updated Notice on our website.