What is the scope of this policy?

This privacy policy applies to our use of any and all personal data collected by CCTC including clients, website users and any third party to whom this policy has been communicated.

Personal data means any information relating to an identified and identifiable natural person (‘data subject’).

This policy covers all personal data and special categories of personal data, processed on computers or stored in manual (paper based) files.

This policy aims to protect and promote the data protection rights of individuals and of CCTC and to ensure compliance with the General Data Protection Regulation.

CCTC is required to comply with the law governing the management and storage of personal data, which is outlined in the General Data Protection Regulation 2016 (GDPR) and the Data Protection Act.

Compliance with the GDPR is overseen by the UK data protection regulator which is the Information Commissioner’s Office (ICO). CCTC is accountable to the ICO for its data protection compliance.

What information do we collect?

CCTC is required to comply with legislative and regulatory provisions governing the management and storage of personal information, most notably the GDPR. All personal data is processed in a manner that is compliant with the GDPR and in accordance with the CCTC Data Protection Policy.

Data Protection Principles

The GDPR is based around 8 principles which are the starting point to ensure compliance with the Regulation. We adhere to these principles when performing day-to-day duties. The principles require CCTC to ensure that all personal data and sensitive personal data are:

  1. Processed lawfully, fairly and in a transparent manner in relation to the subject (‘lawfulness, fairness and transparency’)
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’)
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
  4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which personal data are processed (‘storage limitation’)
  6. Processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures (‘integrity and confidentiality’)

We collect and maintain personal data in respect of those individuals who seek to be, are, or were clients of members of CCTC.

We collect personal data from you, when you provide it to us either directly or indirectly from a third party such as a lawyer and we may collect your information when you use our website through the use of cookies and other technologies.

How do we use your personal data?

Before we undertake any work on your behalf we may ask for information about you, including name, address (and date of birth where appropriate) together with some identification, for example, passport and proof of residence and we will keep a copy of this data. We may use the data to undertake a search. We will keep a copy of any searches made and the result which may be used for internal decision-making purposes.

We may use data and other information obtained as a result of work we do to provide legal services and to administer your account with us including tracing and collecting debts. We may also use it for fraud prevention (for example by verifying your identify to comply with our money laundering obligations), to ensure client satisfaction and to improve services and for the safety and security of our offices and staff.

We may monitor website and email traffic to detect unauthorised or illegal use of our electronic systems. As a result, we may collect personal data about those sending and or receiving electronic communications or which is contained in an email. Any personal data collected in this way will be held in accordance with the provisions of the GDPR.

Who do we share your personal data with?

Our people and staff are under an obligation not to disclose any confidential information to third parties without consent. This applies to most client personal data, as well as the reports, letters, documents, emails, information and advice we provide to you.

We are required to comply with the Bar Standards Board and we may be required to make disclosure of certain information to comply with professional rules or the general law.

We only share personal information with other individuals or organisations where we are permitted to do so in accordance with data protection law. Wherever, possible we will ensure that we have the data subject’s consent before sharing their personal data, although, it is accepted that this will not be possible in all circumstances, for example if the disclosure is required by law.

Barristers are under a professional and legal obligation to keep the affairs of clients confidential. This obligation, however is subject to a statutory exception: recent legislation on money laundering and terrorist financing had placed barristers under the legal duty in certain circumstances to disclose information to the National Crime Agency / Serious and Organised Crime Agency. Where a barrister knows or suspects that a transaction on behalf of a client involves money laundering, the barrister may be required to make a money laundering disclosure. If this happens, we may not be able to inform you that a disclosure has been made or of the reasons for it. You agree to such disclosure being made in circumstances where we believe we are under a duty to make such a disclosure and to the transfer of any relevant personal data as a result.

How do we keep your information secure?

We implement appropriate technical and organisational measures to ensure the highest level of security for your personal data.

We ensure that those who have access to personal data or are responsible for processing it are trained in accordance with the CCTC Information Management Policy.

We use technical measures to safeguard your data designed to protect your personal information from loss and unauthorized access, copying, use, modification or disclosure. Whilst we take reasonable precautions against viruses by use of a firewall and virus checking software, we do not guarantee that information sent electronically will be free from viruses.

If you suspect any misuse or loss or unauthorised access to your data, please let us know by contacting us via this email address [email protected].

How long do we retain your information?

Our policy is to archive personal data files and documents for a period of at least seven years after they are regarded as closed by us. We keep client files and documents on the understanding that we can destroy them seven years after the file date of the final bill.

We accept no responsibility or liability for any loss or damage caused by our failure to retain such files and documents for any period after such closure and are authorised by you to destroy the files and documents after such time.

If you wish to retain your papers then please ask for them. Many papers on our files constitute our working papers or emanate from you or record what has already been sent to you and as such belong to us and are not papers to which you are entitled. We may retain information and documents indefinitely so as to protect us and you in the event of future legal action.

 

Updating your personal information

It is important that the personal data we maintain is accurate and current. Please keep us informed of any changes to your personal information by emailing [email protected].

Right of access to your personal data

The GDPR gives rights to individuals in respect of the personal data that any organisation holds about them. We are familiar with these rights and adhere to CCTC procedures to uphold these rights.

These rights include:

  • Right of information and access to confirm details about your personal data that is being processed and to obtain a copy;
  • Right to rectification of any inaccurate personal data;
  • Right to erasure of personal data held (in certain circumstances);
  • Right to restriction on the use of personal data held (in certain circumstances);
  • Right to portability – right to receive data processed by automated means and have it transferred to another data controller;
  • Right to object to the processing of personal data.

If you wish to exercise any of these rights, please send your request to [email protected] Where legally permitted to do so, CCTC may refuse your request, however we will explain the reasons why.

Cookies

Cookies are small text files that are saved to your website browser that help identify who you are or how you use a website. This website does not use any cookies.

 

We have instructed Joseph Howard on a number of occasions in relation to complex high value matters. His advice is always clear and comprehensive and he cuts quickly to the essence of any matter. Not only does he identify issues but is always on hand with practical workable solutions.
James Ward
Partner and Head of Private Client, Kingsley Napley