KCH Garden Square and its members are committed to protecting the privacy and personal data of our clients and we recognise the importance of being clear about how we intend to use any personal data that is provided to us.
All personal data provided to KCH Garden Square will be held by Chambers.
Our main site address is 1 Oxford Street, Nottingham NG1 5BH.
Our Information Commissioners Office (ICO) data protection registration number is 9191510. Full details of data protection entry can be viewed at the website of the ICO .
Data Subject – A natural person to whom personal data relates.
Data Controller – The natural or legal person which alone or jointly with others determines the purposes and means of the processing of personal data. In most cases, this is a Barrister.
Data Processor – The natural or legal person which processes data on behalf of, and in line with the instructions of, a data controller. In most cases, this is Chambers.
How we intend to use your personal data
We intend to use any data received by Chambers to provide legal services. We may contact the data subject for reasons relating to the legal services required and we would use the contact details for the data subject to manage this. We will inform the data subject of the lawful basis (or bases if more than one) in a privacy notice. This document will set out the intended purposes for processing the personal data; and the lawful basis for processing.
Data collected via our website
If we are contacted via our website we may ask for personal data to allow us to provide the services required. This could include providing us with:
• Full name
• Email address
• Telephone Number
• Details of the case or enquiry
Although we will use our best efforts to ensure the security of our website, we cannot fully guarantee the security of personal data transmitted to us through our website or by email and any transmission is at the data subject’s own risk.
The sharing of personal data
Personal data provided by individuals via our website will only be used by KCH Garden Square and its members. We may also need to pass personal data to one or more of our Barristers in order to allow us to provide the legal services required. Each Barrister at KCH Garden Square is registered with the Information Commissioner’s Office and adhere to strict security standards.
In exceptional circumstances such as dealing with fraud, to enforce rights, to protect property, to protect human safety or if the law requires it we may pass personal data to another person or organisation to use for their own purposes.
We will not otherwise disclose personal data to anyone outside KCH Garden Square to use for their own purpose without telling the data subject.
We will retain personal data for as long as is necessary for the required services to be provided and in accordance with both our professional conduct rules and by The General Data Protection Regulation. The retention and disposal of all personal data is subject to the controls of our Data Protection Policy and Data Archiving and Retention Policy.
Storage of Personal Data
Once we have received personal data we will use recognised industry standard procedures and security features to try to prevent unauthorised access. Your personal data will be under the control of KCH Garden Square. It will be held on our computer system which has an automated document archiving system with encryption. If we print personal data this will be in the possession and control of our staff and Barristers at all times and will be securely disposed of in accordance with our Data Archiving and Retention Policy.
We would like to contact our clients for marketing purposes and in the promotion of new services. Contact may be by email, post or telephone. A data subject may indicate a preference as to which of these methods they are prepared to be contacted by. Under no circumstances will personal data be sold or used by any other organisation.
Data Subjects’ Rights
Data subjects have the right, under The General Data Protection Regulation to know the personal information, as defined by The General Data Protection Regulation, held by Chambers in relation to them. In addition to the reason for processing it and how the data was obtained.
In order to see this information, a data subject can send a subject access request in writing to The Data Controller, KCH Garden Square, 1 Oxford Street, Nottingham NG1 5BH. Subject access requests will be dealt with within 30 days of receiving the written request.
Under The General Data Protection Regulation, dependent on the lawful basis for processing date, a data subject’s rights may include:
– Right To Rectification
Data subjects have the right to obtain, without undue delay, the rectification of inaccurate personal data from the Data Controller. A request for rectification will be dealt with by the Data Controller within 14 days of receipt of the request.
– Right To Erasure
Data subjects have the right to request that the data controller erases personal data concerning them without undue delay and the controller is obliged to erase the data where one of the following grounds applies:
a) The personal data is no longer necessary in relation to the purposes for which it was collected or processed;
b) The data subject withdraws the consent upon which the processing is based and there is no other legal ground for processing that data;
c) The data subject objects to the processing and there are no overriding legitimate grounds for processing;
d) The data has been unlawfully processed;
e) The data has to be erased in order to comply with a legal obligation;
f) The data has been collected in relation to the offering of information society services, in relation to a child over the age of 13, Article 8.1.
Data does not have to be erased where processing is necessary:
a) For exercising the right of freedom of expression and information;
b) For compliance with a legal obligation;
c) For reasons of public interest in the area of public health Article 9.2 (h) and (i) and Article 9.3;
d) For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in accordance with Article 89.1;
e) For the establishment, exercise or defence of legal claims.
– Right To Restriction
Data Subjects have the right to restrict a Data Controller’s processing of their personal data where:
(a) The accuracy of the personal data is contested by the data subject;
(b) The processing is unlawful but the Data Subject opposes erasure and requests restriction instead;
(c) The Data Controller no longer needs to process the personal data but the data is required by the Data Subject for the establishment, exercise or defence of legal claims;
(d) The data subject has objected to processing pursuant to Article 21.1, pending verification whether the legitimate grounds of the controller override those of the Data Subject.
– Right To Portability
Data Subjects have the right to receive their personal data (where they have provided it to the Data Controller) in a structured, readable format and to have the data transmitted to another Data Controller without hindrance, where:
(a) Processing is based on consent
(b) Processing is carried out by automated means.
This right depends on the transfer between the Data Controllers being technically feasible. The right won’t apply to processing necessary for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller. This right cannot be exercised if it will adversely affect the rights and freedoms of others.
The right to portability does not apply where the basis for processing is to comply with a legal obligation, based on vital interests, or based on legitimate interests.
– Right To Object
Data Subjects have the right to object (on grounds relating to their situation) at any time to processing of their personal data which is based on either:
a) Necessity for the performance of a task carried out in the public interest
b) In exercise of official authority vested in the Data Controller Article 6.1.e
c) Necessity for the purposes of legitimate interests pursued by the data controller or other third party, except where this overrides the interests and fundamental freedoms of the Data Subject Article 6.1.f.
The Data Controller will have to stop processing the personal data unless they can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
Where the processing is based on consent of the data subject does not have the right to object, but does have a right to withdraw that consent.
Third Party Organisations
There are hyperlinks within our Chambers website which link to external sites owned and operated by third parties. These third parties have their own privacy policies and we recommend that you consider those when using their websites. We do not accept any liability or responsibility in terms of the privacy and security practices of these third party organisations and their websites.
If we have been supplied with personal data for recruitment purposes, we will only use this data to process an application, monitor recruitment and provide statistics. Data concerning unsuccessful candidates will be retained for six months after the recruitment process is completed, at which point it will be erased or otherwise permanently disposed of.