General Data Protection Regulations

CHAMBERS OF MR KEITH PITTS

 

GDPR

 

Privacy Notice

 

Chambers is the workplace of Mr Keith Pitts, Barrister and sole practitioner.

 

I am:

 

Authorised to provide legal services by the Bar Standards Board;

Authorised to offer Licensed Access and Direct Access to the Public; and

Authorised to conduct litigation.

 

I am a Data Controller registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that I hold and process, under the ICO registration number ZA774002

 

This privacy policy applies to my practice and explains: when and why I collect personal information; what information I collect; how I use it; when and why I may disclose it to others ; and how I keep it securely.

 

PERSONAL DATA

 

Personal data is any information that can be used to identify an individual. Collecting personal data is subject to the Data Protection Act 2018 and the UK-General Data Protection Regulations (“GDPR”). Guidance on the GPDR is available on the Information Commissioner’s  Office (“ICO”) website.

 

There are two categories: 'personal data' and 'special categories of personal data'.

 

Personal Data

 

I can collect personal data for any lawful reason set out in the GPDR.

 

I collect and process personal data including:

 

• Personal  information, including names, dates of birth (if relevant), and personal contact details (e.g.: postal address(s), email address(s), phone numbers); and financial details such as financial status and bank details.
• Other personal information relevant to the provision of legal services.

 

Special category processing 

 

I do not collect special category personal data, save in exceptional circumstances  If I intend to process any special categories of data I shall  explain why and ask for your consent to process this type of data unless one of the exemptions in Article 9.2 of the GPDR applies.

 

Criminal data processing 

 

I process data relating to criminal offences with official authority only.

 

MY LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

 

The GDPR permits me to process personal data if I have a Lawful Basis for doing so. The Lawful Bases identified in the GDPR are:

 

• Consent of the data subject [GDPR Article 6.1.a];
• Performance of a contract with the data subject or to take steps to enter into a contract [GDPR Article 6.1.b];
• Compliance with a legal obligation[GDPR Article 6.1.c];
• To protect the vital interests of a data subject or another person[GDPR Article 6.1.d];
• Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller [GDPR Article 6.1.e];
• My legitimate interests, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject [GDPR Article 6.1.f].

 

LAWFUL BASES

 

Consent

 

On occasion I may ask for your consent to use personal information. On each and every occasion I shall explain why and you have the right to refuse and you retain the right to withdraw your consent.

 

Legal Contract 

 

I can process your personal information to enter into and fulfil various obligations for contracted services.

 

Legal Obligation 

 

I can process your personal information to comply with various legal obligations including but not limited to record keeping, administration and regulatory activities.

 

Vital Interest

 

I can process your personal information whenever it is in your vital interest or that/those of another natural person.

 

Public Interest 

 

I can process your personal information if it is necessary to prevent or detect unlawful acts where it is in the substantial public interest and it must be carried out without consent so as not to prejudice those purposes.

 

Legitimate Interest 

 

I can rely on my legitimate interest when processing information for the purposes set out above to include the management, administration and operation of my practice, and to comply with all regulatory functions required by professional regulators  

 

HOW DO I COLLECT INFORMATION?

 

In most circumstances you will provide me with personal data when you get in touch with me or if I ask for it. I may also obtain information from third parties and I will tell you if I obtain such information and what information I have obtained. When collecting information, I comply  with its obligations under the GDPR by:

 

• Collecting only such data necessary to pursue my legitimate business interests;
• Ensuring that appropriates measures are in place to protect personal data;
• Keeping personal data up to date;
• Storing and destroying data securely.

 

You are entitled to refuse to let me have this information but if you do, I may have to refuse to accept your instructions or my services may be curtailed.

 

STORAGE

 

Your information is securely stored locally, on the ‘cloud’ and with third party accounting providers. All data is password protected and with limited access to computers/servers.

 

FOR HOW LONG DO I KEEP YOUR PERSONAL DATA? 

 

I keep your personal data while you remain a client, and for a period thereafter to comply with statutory and/or regulatory requirements. There are, in addition, overriding legitimate business interests, including but not limited to fraud prevention and protecting clients' safety and security.

I dispose of your information by shredding, which is carried out by a secure data destruction company,  when it no longer needs to be held.

 

I will delete or anonymise your information at your request unless:

 

• There is an unresolved issue, such as claim or dispute;
• I am legally required to retain the data to meet out legal, statutory and regulatory obligations;

 

HOW I USE YOUR PERSONAL INFORMATION? 

 

I can use your personal information if I have a lawful reason for doing so. I use your information to enable me to provide my services; including but not limited to the following purposes.

 

 To:

 

• Communication with you about my services;
• Management of my practice;
• Accounting for fees and payments;
• Investigation and resolution of any  concerns or complaints about my service;
• Compliance with all regulatory, legal  and operational obligations
• Make statutory returns as required by law;
• Carrying out anti-money laundering and terrorist financing checks;

 

Or as otherwise required or permitted by law.

 

I may, in addition, use your personal information for marketing purposes. Before doing so, however, I shall ask for your specific consent.

 

WHO WILL I SHARE YOUR PERSONAL INFORMATION WITH? 

 

It may be necessary to share your information with the following:

 

• Any party where I ask you and you consent to the sharing;
• My legal advisors in the event of a dispute or other legal matter;
• Law enforcement officials, government authorities or other third parties to meet my legal obligations;
• Professional advisers and consultants engaged in the course of running my practice;
• Regulatory bodies including the Bar Standards Board and the Legal Ombudsman;
• Other barristers/barristers’ chambers;
• Courts and tribunals;
• Advisers and other parties involved in any matter you discuss with me;
• The intended recipient, where you have asked me to provide a reference;

 

Except for the reasons set out above I will not share your personal data with third parties without obtaining your prior consent. Any third parties that I may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide on my behalf. 

 

YOUR RIGHTS

 

Under the GDPR, you have a number of rights that you can exercise in certain circumstances. Where those circumstances are established, you may have the right to: 

 

Access

 

• Ask for access to your personal information and other supplementary information;
• Ask to receive a copy of the personal information you have provided or have this information sent to a third party;

 

Rectification

 

• Ask for correction of mistakes in your data or to supplement information I may hold on you;

 

Erasure

 

• Ask for your personal information to be erased;

 

Objection

 

• Object at any time to processing of your personal information;
• Object to the continued processing of your personal information;
• Restrict processing of your personal information.

 

These are conditional rights but their exercise may mean that I cannot continue to provide any part of my service that is facilitated by your information

 

Portability

 

• I will transfer any data that I have collected to you or another organisation of your choosing; subject to conditions.

 

If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual's rights under the GDPR. 

 

If you want further explanation of or wish to exercise any of these rights, please contact me.

 

If you have a complaint that I cannot answer to your satisfaction, may raise it directly with the Information Commissioners Office.

 

CHANGES TO THIS PRIVACY NOTICE

 

Any changes to this privacy notice will be published on my website from time to time.

 

Keith Pitts

Counsel

Regulated by the Bar Standards Board

 

22^nd March 2023