|
|
DESIGN CHAMBERS |
Design Chambers'
Privacy, Equality & Diversity, Recruitment and E-Mail Attachment policies
Website Privacy and the Use of
"Cookies"
Design Chambers' website does not
collect, capture or store any personal information other than IP (Internet
Protocol) addresses, nor does it place any tracking "cookie" or
similar “software device” on a viewer's computer. Design Chambers’ web-hoster and
their secure servers (and web-page "forwarders") are physically
located in the UK, and at most:
· Download a purely load-balancing “session
cookie” for the sole purpose of carrying out efficient transmission of
our website to a viewer’s computer.
This technical session cookie is used only for the duration of any
browsing session on www.designchambers.com and will always be deleted once the
viewer closes their web browser. It
is not tracking cookie. This
session cookie is required to allow Design Chamber’s web-hoster’s
servers to enable server load balancing so that if one server were to fail, our
website would then be served from a backup server of our web-hoster.
·
May, from time to
time, simply log the users' IP address and details of any referring web-page in
the usual industry-accepted manner.
Such logs are routinely deleted on an automatic basis, typically when
the log file reaches a pre-determined size. Design Chambers currently does not
regularly carry out analytics nor does it allow others to carry out any
analytics or any other similar exercise on these logs if collected in the first
place.
· Page counters (if any) are set only to log the number of times a given page has been accessed.
Privacy Notices
· Each member of chambers is his or her own Controller
(formerly known as Data Controller) for the purposes of the Data Protection Act
2018 and the underlying General Data Protection Regulation - commonly referred
to as “The GDPR”.
· Design Chambers and its members of chambers operate in
and are concerned with the provision of legal services and legal continuing
professional development.
The following set out the Privacy
Notices of both Design Chambers and its individual members:
Design Chambers Privacy
Notice
IMPORTANT: As each member
is his or her own clerk/practice manager, Design Chambers itself is most likely
to be only processing minimal, if any, personal data in the greater majority of
instances.
Typically the personal information that
Design Chambers itself may process will include the name, e-mail address,
contact details and content of any message of any person making an e-mail
request to pass on a message to a member of chambers or enquire about that
member’s availability, and/or whether that member is instructed in a particular
matter or case, and/or ask that member’s areas of legal practice, and/or
whether they can present legal continuing professional development courses.
Design Chambers does not buy, hire or otherwise make use of
any third party lists of individuals.
Unless arising in the context of the
provision of legal services to a client or required by any applicable law,
Regulation, court or tribunal rules, procedures or orders, or by any Regulator
of competent jurisdiction (such as the Bar Standards Board - www.barstandardsboard.org.uk),
Design Chambers will not pass personal information to any third party without
that person’s prior, freely given and informed consent (so-called opt-in
basis”).
· If an individual member of Chambers’ sends an
e-mail, SMS text message or equivalent to another member of Chambers as a
result of a telephone or other verbal enquiry or request, then the making and
contents of that e-mail will be covered by that member’s own Privacy Notice.
Basis of Processing by Design
Chambers
· The basis of processing by Design Chambers itself will
usually be the legitimate interest of a set of Barristers’ Chambers to
operate in an as efficient way as possible when requested to forward a message
to or when responding to e-mailed enquiries about members of Chambers in
relation to the provision of legal services and legal continuing professional
development courses.
· Whilst Design Chambers itself is most unlikely to process
Special Information, which includes information relating to health, racial or
ethnic origin, religious beliefs, biometric data, and sex life and orientation,
if it were to do so, the basis will be that the processing is necessary for the
establishment, exercise or defence of legal claims.
· Marketing: Design Chambers itself only very rarely
carries out any marketing, mailshot or publicity exercises. To the extent that it may do so, it will
rely on the prior informed and freely given consent (so-called
“opt-in”) basis for processing. If a duly opted-in person were to
receive any marketing or publicity material from Design Chambers itself as
opposed from its individual members, he or she will be offered a simple,
effective, rapid and no-cost means of being removed from any future marketing,
mailshot or publicity exercises.
The Data Protection Principles
When processing personal data, Design
Chambers will abide by the Six Principles of the General Data Protection
Regulation as set out in its Article 5 as may at any time be modified by the
Data Protection 2018 and or any regulations made under that Act or any
successor.
The six “Principles”
under GDPR Art.5 - Personal data shall be [Art.5(1)]:
(a) processed lawfully,
fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and
transparency’);
(b) collected for
specified, explicit and legitimate purposes and not further processed in a
manner that is incompatible with those purposes; further processing for archiving
purposes in the public interest, scientific or historical research purposes or
statistical purposes shall, in accordance with Art.89(1) [archiving purposes],
not be considered to be incompatible with the initial purposes (‘purpose limitation’);
(c) adequate, relevant and
limited to what is necessary [not excessive in the Bill] in relation to the
purposes for which they are processed (‘data minimisation’);
(d) accurate and, where
necessary, kept up to date; every reasonable step must be
taken to ensure that personal data that are inaccurate, having regard to the
purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
(e) kept in a form which
permits identification of data subjects for no longer than is necessary for the
purposes for which the personal data are processed; personal data may be stored for longer
periods insofar as the personal data will be processed solely for archiving
purposes in the public interest, scientific or historical research purposes or
statistical purposes in accordance with Art.89(1) [archiving purposes] subject to implementation of the appropriate
technical and organisational measures required by this
Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
(f) processed in a manner
that ensures appropriate security of the personal data, including protection
against unauthorised or unlawful
processing and against accidental loss, destruction or damage, using
appropriate technical or organisational measures (‘integrity and
confidentiality’).
Retention Period of Design Chambers
Design Chambers will typically retain personal
information for which it is responsible for a primary period not exceeding 6
years from date of receipt.
Voicemails and the equivalent, however, will be routinely deleted. In certain circumstances, where personal
information might be required to be held for a greater period for
“evidentiary or regulatory” purposes only, personal data may then
be retained on a “Restricted Basis” for a longer period for such
purposes. The use that can be made
of personal information stored as “Restricted” is strictly limited
by law.
The greater period will typically be
the maximum periods provided in limitation and statutory retention periods
(including the Limitation Act 1980 as may be amended or replaced). However, Design Chambers can give no
guarantee nor warranty that information stored electronically and/or digitally
will be recoverable if it has been stored for an extended period due to
hardware and storage media deterioration and failures, as well the usually
occasional difficulty in being able to read a file saved in long-discontinued
file format.
Security of Processing; Communication encryption
policy; and transfers of
information out of the EEA
· IMPORTANT: As regards the Security of Processing,
communication encryption policy and transfers of information out of the EEA of individual members of Design Chambers,
please refer to their individual policies set out a little way below
Design Chambers itself uses or might
use, with appropriate contracts in place, conforming web-hosting providers,
e-mail providers and cloud-based storage providers (also known as
“Processors”) who are “based and located” within the
EEA (The European Economic Area which presently includes the EU and UK). To the extent that it may become
relevant in the future, the primary e-mail provider is based in Scotland.
If Design Chambers itself were to use
any such providers who were not based and/or located in the EEA, it will select
an appropriate Processor and keep under review the safeguards in place to
protect any personal data being processed in such overseas countries and
territories. This would include the
use of appropriate/updated Information Commissioner (“ICO”) or EC
approved Data Protection Standard Contractual Clauses; the use of any successor to the
EU-US Privacy Shield or any other ICO or EC successor mechanism for transfers
to the USA; or specific prior and
freely given informed consent.
Further, encryption will be used where there were to be a real (as
opposed to fanciful) likelihood of damage, suffering, harm or distress being
arising from the transfer of personal data out of the EEA.
Similarly, if Design Chambers itself
were to transfer any personal information to a Controller out of the EEA,
typically a non-EEA based professional or lay client, it will rely in contentious
issues, cases and matters on the transfer being necessary for the establishment, exercise
or defence of legal claims. For purely non-contentious issues Design
Chambers itself will rely on specific and freely given informed consent. In
any event, for transfers to non-EEA countries and international organisations,
Design Chambers will abide by Articles 44 to 50 GDPR as may at any time be
modified by the Data Protection 2018 and or any regulations made under that Act
or any successor.
Encryption and communications: If there
were to be a real (as opposed to fanciful) likelihood of damage, suffering,
harm or distress being caused by a misaddressed or inappropriately addressed
e-mail, usb memory stick, external hard or flash drive or the equivalent, the
“sensitive parts” of any personal information will be encrypted
before being sent by Design Chambers.
The encryption key or “password” will be communicated to the
intended recipient by a separate communication means. Typically, in respect of e-mails, an
unencrypted e-mail with an encrypted attachment will be used. The titles and subject matters of such
e-mails will be agreed in advance so as to appear neutral and not enable
identification of the subject matter of any encrypted attachments.
· Whilst Design Chambers is not responsible for the use by
others of unsecure incoming communications, it will endeavour to let any such
sender on a prompt basis that they must use secure means of transmission.
· In any event, if sending an unsecure communication to Design
Chambers or to its individual members, you must satisfy yourself that the
communication is one that can be sent in an unsecure way, such as by open
unencrypted e-mail with or without unencrypted attachments, or is a
communication that can posted or couriered by a service that does not meet the
equivalent standards of the Royal Mail Special Delivery service.
YOUR RIGHTS - including the right to
know what information Design Chambers is processing about you: “Subject Access
Requests”
You have the following important rights
under the GDPR and Data Protection Act 2018 and or any regulations made under
that Act or any successor:
Subject Access Requests -
“SARs”
You can ask, in by e-mail or in
writing, to see what personal data Design Chambers holds about you by
contacting Design Chambers’ Controller, Richard Hodgson, 24 Arterberry
Road, London, SW20 8AH, UK,. Design Chambers will respond within one
month. Design Chambers will not be
able to charge you any fee save in exceptional circumstances.
· If you any questions about how to make a request, you are
most strongly encouraged to contact the Controller who will do his best to
assist you. Please do not hesitate
to make informal contact by telephone or e-mail in the first instance.
· IMPORTANT: Given the limited role of Design
Chambers itself in processing personal information, you are strongly advised,
if considering making a subject access request to Design Chambers, to make
another request to the relevant individual member of Design Chambers as well.
You should be aware that there are a
number of limitations and exemptions to disclosure under an SAR, many of which
may be applicable in the legal services sector.
· If you are unhappy with the Reply to an SAR, you have the
right to contact the Information Commissioner’s Office - www.ico.org.uk, Wycliffe House Water Lane
Wilmslow Cheshire SK9 5AF to request a review (assessment) of the adequacy of
the Reply that you received.
Other Rights you may have
· You have the right to withdraw any consent that you have
given
· You are entitled to request that your personal
information be deleted
· You are entitled to request that some or all of your
personal information be erased
· You are entitled to request that some or all of your
personal information be amended
· You are entitled to object to processing carried out
under the legitimate interest basis
· You are entitled to object to automated decision making (which
is not carried out by Design Chambers)
· You may have the right to data portability
You should be aware that there are a
number of limitations and exemptions to these rights, many of which are
applicable in the legal services sector.
To see if you are able to exercise any
of these rights, please contact in writing to Design Chamber’s
Controller, Design Chambers, of 24 Arterberry Road, London, SW20 8AH, UK.
· You are again most strongly encouraged to contact the Controller who will do his best to assist you. Please do not hesitate to make informal contact by telephone or e-mail in the first instance.
Design Chambers Controller: Richard Hodgson
of Design Chambers, of 24 Arterberry Road, London, SW20 8AH, UK.
· For details of the Controllers and policies of the Individual Members of
Design Chambers, please see just below
Privacy Notice of Richard Hodgson, member of Design Chambers
Richard
Hodgson provides both legal services and legal continuing professional
development courses (CPD). He is
his own Data Controller for the services he provides.
As
regards his CPD services, he provides them either on his own behalf or is
retained on a professional basis by MBL Seminars Ltd - www.mblseminars.com
Richard Hodgson does not buy, hire or otherwise make use of
any third party lists of individuals in the course of
the provision of his services. When
presenting a legal CPD course organised by MBL Seminars Ltd, he will be
provided with a list of attendees by MBL Seminars Ltd. Richard Hodgson acts a Controller in
respect of personal information communicated to him by MBL Seminars. The only use he makes of such
information is for the administrative purposes of and arising from presenting a
given course.
Unless arising in the context of the
provision of legal services or Legal CPD courses or required by any applicable
law, Regulation, court or tribunal rules, procedures or orders, or by any
Regulator of competent jurisdiction (such as the Bar Standards Board - www.barstandardsboard.org.uk),
Richard Hodgson will not pass personal information to any third party without
that person’s prior, freely given and informed consent (so-called
“opt-in basis”).
In respect of the provision of Legal
CPD courses for MBL Seminars, Richard Hodgson will communicate any signed
attendance forms and completed feedback forms to MBL Seminars Ltd by adequately
secure means.
Basis of Processing by Richard
Hodgson
· The basis of processing by Richard Hodgson will be the
legitimate interest in the provision of both legal services and legal CPD
courses by a barrister in private practice, regulated by the Bar Standards
Board, to professional and lay clients or those attending his CPD courses.
· Whilst Richard Hodgson is unlikely to process Special
Information, which includes information relating to health, racial or ethnic
origin, religious beliefs, biometric data, and sex life and orientation, if he
were to do so, then the basis will usually be that the processing is necessary
for the establishment, exercise or defence of legal claims.
However, in giving legal advice on any public interest matter or case which may
bring in “Special information”, and which advice is not directly
related to the establishment, exercise or defence of legal claims, the basis would
be that the processing is necessary for reasons of substantial public interest
on the basis of UK [or EU] law and which processing is proportionate to the aim
pursued and which contains appropriate safeguards”
· Richard Hodgson himself only rarely carries out any
marketing, mailshot and publicity exercises. To the extent that he may do so, he will
rely on the legitimate interest basis in respect of his regular and/or long
standing professional clients or colleagues and/or recent professional clients
or colleagues, otherwise he will rely on the prior informed and freely given
consent (so-called “opt-in”) basis for such processing in all other
cases. If a person were to receive
any marketing or publicity material from Richard Hodgson, he or she will be offered
a simple, effective, rapid and no-cost means of being removed from any future
marketing, mailshot or publicity exercises.
The Data Protection Principles
When processing personal data, Richard
Hodgson will abide by the Six Principles of the General Data Protection
Regulation as set out in its Article 5 as may at any time be modified by the
Data Protection 2018 and or any regulations made under that Act or any
successor.
The six “Principles”
under GDPR Art.5 - Personal data shall be [Art.5(1)]:
(a) processed lawfully,
fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and
transparency’);
(b) collected for
specified, explicit and legitimate purposes and not further processed in a manner
that is incompatible with those purposes;
further processing for archiving purposes in the public interest,
scientific or historical research purposes or statistical purposes shall, in
accordance with Art.89(1) [archiving purposes], not be considered to be
incompatible with the initial purposes (‘purpose
limitation’);
(c) adequate, relevant and
limited to what is necessary [not excessive in the Bill] in relation to the
purposes for which they are processed (‘data minimisation’);
(d) accurate and, where necessary,
kept up to date;
every reasonable step must be taken to ensure that personal data
that are inaccurate, having regard to the purposes for which they are
processed, are erased or rectified without delay (‘accuracy’);
(e) kept in a form which
permits identification of data subjects for no longer than is necessary for the
purposes for which the personal data are processed; personal data may be stored for longer
periods insofar as the personal data will be processed solely for archiving
purposes in the public interest, scientific or historical research purposes or
statistical purposes in accordance with Art.89(1) [archiving purposes] subject to implementation of the appropriate
technical and organisational measures required by
this Regulation in order to safeguard the rights and freedoms of the data
subject (‘storage
limitation’);
(f) processed in a manner
that ensures appropriate security of the personal data, including protection
against unauthorised or unlawful
processing and against accidental loss, destruction or damage, using
appropriate technical or organisational measures (‘integrity and
confidentiality’).
Retention Period of Richard Hodgson
Richard Hodgson will typically retain
personal information for which he is responsible for a primary period not
exceeding 6 years from date of payment of the last fee note relating to that
case or matter. Voicemails and the
equivalent, however, will be routinely deleted. In certain circumstances, where personal
information might be required to be held for a greater period for
“evidentiary or regulatory” purposes only, personal data may then
be retained on a “Restricted Basis” for a longer period for such
purposes. The use that can be made
of personal information stored as “Restricted” is strictly limited
by law.
The greater period will typically be
the maximum periods provided in limitation and statutory retention periods
(including the Limitation Act 1980 as may be amended or replaced). However, Richard Hodgson can give no
guarantee nor warranty that information stored electronically and/or digitally
will be recoverable if it has been stored for many years due to hardware and
storage media deterioration and failures, as well the usually occasional difficulty
in being able to read a file saved in long-discontinued file format.
Security of Processing; Communication encryption
policy; and transfers of
information out of the EEA
Richard Hodgson uses or might use, with
appropriate contracts in place, conforming web-hosting providers, e-mail
providers and cloud-based storage providers (also known as
“Processors”) who are “based and located” within the
EEA (The European Economic Area which presently includes the EU and UK). To the extent that it may become
relevant in the future, his primary e-mail provider is based in Scotland.
If Richard Hodgson were to use any such
providers who were not based and/or located in the EEA, he will select an
appropriate Processor and keep under review the safeguards in place to protect
any personal data being processed in such overseas countries and territories. This would include the use of
appropriate/updated Information Commissioner (“ICO”) or EC approved
Data Protection Standard Contractual Clauses; the use of any successor to the
EU-US Privacy Shield or any other ICO or EC successor mechanism for transfers
to the USA; or specific prior and
freely given informed consent.
Further, encryption will be used where there were to be a real (as
opposed to fanciful) likelihood of damage, suffering, harm or distress being
arising from the transfer of personal data out of the EEA.
Similarly, if Richard Hodgson were to
transfer any personal information to a Controller out of the EEA, typically a
non-EEA based professional or lay client, he will rely in contentious issues,
cases and matters on the transfer being necessary for the
establishment, exercise or defence of legal claims. For purely non-contentious issues, he
will rely on the transfer being necessary for the either the performance of a
contract between the client and himself, or for the implementation of pre-contractual
measures taken at the client’s request. In
any event, for transfers to non-EEA countries and international organisations,
he will abide by Articles 44 to 50 GDPR as may at any time be modified by the
Data Protection 2018 and or any regulations made under that Act or any
successor.
Encryption and communications: If there
were to be a real (as opposed to fanciful) likelihood of damage, suffering,
harm or distress being caused by a misaddressed or inappropriately addressed
e-mail, usb memory stick, external hard or flash drive or the equivalent, the
“sensitive parts” of any personal information will be encrypted
before being sent by Richard Hodgson.
The encryption key or “password” will be communicated to the
intended recipient by a separate communication means. Typically, in respect of e-mails, an
unencrypted e-mail with an encrypted attachment will be used. The titles and subject matters of such
e-mails will be agreed in advance so as to appear neutral and not enable
identification of the subject matter of any encrypted attachments.
· Whilst Richard Hodgson is not responsible for the use by
others of unsecure incoming communications, he will endeavour to let any such
sender know on a prompt basis that they must use secure means of
transmission. Further, depending on
the nature of any set of instructions, Richard Hodgson may require the
professional or lay client to use secure means of communications as a basis for
accepting instructions, or continuing to accept instructions
· In any event, if sending any unsecure communication to
Richard Hodgson, Design Chambers or to its other individual members, you must
satisfy yourself that the communication is one that can be sent in an unsecure
way, such as by open unencrypted e-mail with or without unencrypted
attachments, or is a communication that can be posted or couriered by a service
that does not meet the equivalent standards of the Royal Mail Special Delivery
service.
YOUR RIGHTS - including the right to
know what information Richard Hodgson is processing about you: “Subject Access Requests
You have the following important rights
under the GDPR and Data Protection Act 2018 and or any regulations made under
that Act or any successor:
Subject Access Requests -
“SARs”
You can ask in writing to see what
personal data Richard Hodgson holds about you by contacting Richard Hodgson,
Data Controller, Design Chambers, 24 Arterberry Road, London, SW20 8AH, UK,. Richard
Hodgson will respond within one month.
Richard Hodgson will not be able to charge you any fee save in
exceptional circumstances.
· If you any questions about how to make a request, you are
most strongly encouraged to contact the Controller who will do his best to
assist you. Please do not hesitate
to make informal contact by telephone or e-mail in the first instance.
You should be aware that there are a
number of limitations and exemptions to disclosure under an SAR, many of which
may be applicable in the legal services sector.
· If you are unhappy with the Reply to an SAR, you have the
right to contact the Information Commissioner’s Office - www.ico.org.uk, Wycliffe House Water Lane
Wilmslow Cheshire SK9 5AF to request a review (assessment) of the adequacy of
the Reply that you received.
Other Rights you may have
· You have the right to withdraw any consent that you have
given
· You are entitled to request that your personal
information be deleted
· You are entitled to request that some or all of your
personal information be erased
· You are entitled to request that some or all of your
personal information be amended
· You are entitled to object to processing carried out
under the legitimate interest basis
· You are entitled to object to automated decision making
(which is not carried out by Richard Hodgson)
· You may have the right to Data Portability
You should be aware that there are a
number of limitations and exemptions to these rights, many of which are
applicable in the legal services sector.
· If you any questions about your other rights, you are
most strongly encouraged to contact the Controller who will do his best to
assist you. Please do not hesitate
to make informal contact by telephone or e-mail in the first instance.
To find out if you are able to exercise
any of these rights, please contact in writing to Richard Hodgson, Data
Controller, Design Chamber, 24 Arterberry Road, London, SW20 8AH, UK.
Privacy
Notice of Owen Keane, member of Design Chambers
Owen
Keane provides legal services. He
is his own Data Controller for the services he provides.
Owen Keane does not buy, hire or otherwise make use of
any third party lists of individuals in the course of
the provision of his services.
Unless arising in
the context of the provision of legal services or required by any applicable
law, Regulation, court or tribunal rules, procedures or orders, or by any
Regulator of competent jurisdiction (such as the Bar Standards Board - www.barstandardsboard.org.uk), Owen Keane will not pass
personal information to any third party without that person’s prior,
freely given and informed consent (so-called “opt-in basis”).
Basis of Processing by Owen Keane
· The basis of processing by Owen Keane will be the
legitimate interest in the provision of legal services by a barrister in
private practice, regulated by the Bar Standards Board, to professional and lay
clients.
·
Whilst
Owen Keane is unlikely to process Special Information, which includes
information relating to health, racial or ethnic origin, religious beliefs,
biometric data, and sex life and orientation, if he were to do so, the basis
will then usually be that the processing is necessary for the establishment,
exercise or defence of legal claims.
However, in giving legal advice on any public interest matter or case which may
bring in “Special information”, and which advice is not directly
related to the establishment, exercise or defence of legal claims, the basis
would be that the processing is necessary for reasons of substantial public
interest on the basis of UK [or EU] law and which processing is proportionate
to the aim pursued and which contains appropriate safeguards”
·
Owen
Keane himself only rarely carries out any marketing, mailshot and publicity
exercises. To the extent that he
may do so, he will rely on the legitimate interest basis in respect of his
regular and/or long standing professional clients or colleagues and/or recent
professional clients or colleagues, or on the prior informed and freely given
consent (so-called “opt-in”) basis for processing in all other
cases. If a duly opted-in person
were to receive any marketing or publicity material from Owen Keane, he or she
will be offered a simple, effective, rapid and no-cost means of being removed
from any future marketing, mailshot or publicity exercises.
The Data Protection Principles
When processing personal data, Owen
Keane will abide by the Six Principles of the General Data Protection
Regulation as set out in its Article 5 as may at any time be modified by the
Data Protection 2018 and or any regulations made under that Act or any
successor.
The six “Principles”
under GDPR Art.5 - Personal data shall be [Art.5(1)]:
(a) processed lawfully,
fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and
transparency’);
(b) collected for
specified, explicit and legitimate purposes and not further processed in a
manner that is incompatible with those purposes; further processing for archiving
purposes in the public interest, scientific or historical research purposes or
statistical purposes shall, in accordance with Art.89(1) [archiving purposes],
not be considered to be incompatible with the initial purposes (‘purpose limitation’);
(c) adequate, relevant and
limited to what is necessary [not excessive in the Bill] in relation to the
purposes for which they are processed (‘data minimisation’);
(d) accurate and, where
necessary, kept up to date; every reasonable step must be
taken to ensure that personal data that are inaccurate, having regard to the
purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
(e) kept in a form which
permits identification of data subjects for no longer than is necessary for the
purposes for which the personal data are processed; personal data may be stored for longer
periods insofar as the personal data will be processed solely for archiving
purposes in the public interest, scientific or historical research purposes or
statistical purposes in accordance with Art.89(1) [archiving purposes] subject to implementation of the appropriate
technical and organisational measures required by
this Regulation in order to safeguard the rights and freedoms of the data
subject (‘storage
limitation’);
(f) processed in a manner
that ensures appropriate security of the personal data, including protection
against unauthorised or unlawful
processing and against accidental loss, destruction or damage, using
appropriate technical or organisational measures (‘integrity and
confidentiality’).
Retention Period of Owen Keane
Owen Keane will
typically retain personal information for which he is responsible for a primary
period not exceeding 6 years from date of receipt. Voicemails and the equivalent, however,
will be routinely deleted. In
certain circumstances, where personal information might be required to be held
for a greater period for “evidentiary or regulatory” purposes only,
personal data may then be retained on a “Restricted Basis” for a
longer period for such purposes.
The use that can be made of personal information stored as
“Restricted” is strictly limited by law.
The greater period
will typically be the maximum periods provided in limitation and statutory retention
periods (including the Limitation Act 1980 as may be amended or replaced). However, Owen Keane can give no
guarantee nor warranty that information stored electronically and/or digitally
will be recoverable if it has been stored for many years due to hardware and
storage media deterioration and failures, as well the usually occasional
difficulty in being able to read a file saved in long-discontinued file format.
Security of Processing; Communication encryption
policy; and transfers of information
out of the EEA
Owen Keane uses or
might use, with appropriate contracts in place, conforming web-hosting
providers, e-mail providers and cloud-based storage providers (also known as
“Processors”) who are “based and located” within the
EEA (The European Economic Area which presently includes the EU and UK).
If Owen Keane were
to use any such providers who were not based and/or located in the EEA, he will
select an appropriate Processor and keep under review the safeguards in place
to protect any personal data being processed in such overseas countries and
territories. This would include the
use of appropriate/updated Information Commissioner (“ICO”) or EC
approved Data Protection Standard Contractual Clauses; the use of any successor to the
EU-US Privacy Shield or any other ICO or EC successor mechanism for transfers
to the USA; or specific prior and
freely given informed consent.
Further, encryption will be used where there were to be a real (as
opposed to fanciful) likelihood of damage, suffering, harm or distress being
arising from the transfer of personal data out of the EEA.
Similarly, if Owen Keane
were to transfer any personal information to a Controller out of the EEA,
typically a non-EEA based professional or lay client, he will rely in
contentious issues, cases and matters on the transfer being necessary
for the establishment, exercise or defence of legal claims. For purely non-contentious issues, he
will rely on the transfer being necessary for the either the performance of a
contract between the client and himself, or for the implementation of pre-contractual
measures taken at the client’s request. In any event, for transfers to non-EEA countries and
international organisations, he will abide by Articles 44 to 50 GDPR as may at
any time be modified by the Data Protection 2018 and or any regulations made
under that Act or any successor.
Encryption and
communications: If there were to be a real (as opposed
to fanciful) likelihood of damage, suffering, harm or distress being caused by
a misaddressed or inappropriately addressed e-mail, usb memory stick, external
hard or flash drive or the equivalent, the “sensitive parts” of any
personal information will be encrypted before being sent by Owen Keane. The encryption key or
“password” will be communicated to the intended recipient by a
separate communication means.
Typically, in respect of e-mails, an unencrypted e-mail with an
encrypted attachment will be used.
The titles and subject matters of such e-mails will be agreed in advance
so as to appear neutral and not enable identification of the subject matter of
any encrypted attachments.
·
Whilst
Owen Keane is not responsible for the use by others of unsecure incoming
communications, he will endeavour to let any such sender know on a prompt basis
that they must use secure means of transmission. Further, depending on the nature of any
set of instructions, Owen Keane may require the professional or lay client to
use secure means of communications as a basis for accepting instructions, or
continuing to accept instructions
· In any event, if sending any unsecure communication to
Owen Keane, Design Chambers or to its other individual members, you must
satisfy yourself that the communication is one that can be sent in an unsecure
way, such as by open unencrypted e-mail with or without unencrypted
attachments, or is a communication that can be posted or couriered by a service
that does not meet the equivalent standards of the Royal Mail Special Delivery
service.
Your Rights - including the right to
know what information Owen Keane is processing about you: “Subject Access
Requests”
You have the following important rights
under the GDPR and Data Protection Act 2018 and or any regulations made under
that Act or any successor:
Subject Access Requests -
“SARs”
You can ask in writing to see what personal
data Owen Keane holds about you by contacting Owen Keane, Data Controller, of
Design Chambers, 24 Arterberry Road, London SW20 8AH. Owen Keane will respond within one
month. Owen Keane will not be able
to charge you any fee save in exceptional circumstances.
· If you any questions about how to make a request, you are
most strongly encouraged to contact the Controller who will do his best to
assist you. Please do not hesitate
to make informal contact by telephone or e-mail in the first instance.
· You should be aware that there are a number of
limitations and exemptions to disclosure under an SAR, many of which may be
applicable in the legal services sector.
· If you are unhappy with the Reply to an SAR, you have the
right to contact the Information Commissioner’s Office - www.ico.org.uk, Wycliffe House Water Lane
Wilmslow Cheshire SK9 5AF to request a review (assessment) of the adequacy of
the Reply that you received.
Other Rights you may have
· You have the right to withdraw any consent that you have
given
· You are entitled to request that your personal
information be deleted
· You are entitled to request that some or all of your
personal information be erased
· You are entitled to request that some or all of your
personal information be amended
· You are entitled to object to processing carried out
under the legitimate interest basis
· You are entitled to object to automated decision making
(which is not carried out by Owen Keane)
· You may have the right to Data Portability
You should be aware that there are a
number of limitations and exemptions to these rights, many of which are
applicable in the legal services sector.
· If you any questions about your other rights, you are
most strongly encouraged to contact the Controller who will do his best to
assist you. Please do not hesitate
to make informal contact by telephone or e-mail in the first instance.
To see if you are able to exercise any
of these rights, please contact in writing to Owen Keane, Data Controller of 24
Arterberry Road, London, SW20 8AH.
You are again most strongly encouraged to contact the Controller who
will do his best to assist you. Please do not hesitate to make informal
contact by telephone or e-mail in the first instance.
Michael Stephens, Door Tenant - Privacy
Notice
As
Michael Stephens is a door tenant, you are respectfully referred to the Privacy
Notice - https://www.kingschambers.com/privacy-policy
- of his principal chambers, Kings Chambers of Embassy House,
60 Church Street, Birmingham, B3 2DJ - www.kingschambers.com
-----------------------------------------------------------
Equality and
Diversity Notice and other Policies of Design Chambers - including Complaints
Design Chambers is an equal
opportunities chambers, in respect of its members [there are no staff],
its lay and professional clients, and those who provide services to chambers,
such as couriers and IT services. In practice, this means that as regards
the selection of its members, those who provide services to chambers as well as
the way members deliver their service to lay and professional clients, there is
and will be no discrimination, either direct or indirect, on the following
grounds:
· Age
· Race (including colour, nationality and ethnic or national origins)
· Sex
· Pregnancy and maternity
· Disability - members of chambers will make reasonable adjustments at all material times, such as, but not limited to, not charging for travelling time to see a disabled lay or professional client. Members of Chambers are always willing to discuss and agree suitable and appropriate measures and actions at any time.
· Sexual orientation
· Marriage and civil partnership
· Religion or belief
· Gender assignment
The above includes the need to ensure that
members of chambers do not harass, act to the detriment of ,
nor victimise potential applicants, clients, and those who provide services to
chambers. Harassment and victimisation will not be tolerated nor
condoned, and anyone who considers that they have been subject to such
behaviour has a right to involved the complaints
procedure, very preferably on a prompt basis.
At all times, chambers will act in
accordance with the Equality and Diversification Rules of the Bar Standards
Board's Code of Conduct (in particular r.305.1, r.408 and r.409 as may be
updated and applicable to the size and nature of chambers at any given
time). Further, chambers similarly
adopts the principles set out in the Guidelines of the Bar Standards Board on
the Equality and Diversity Provisions of the Code of Conduct - including the
model policies in section 12 (as may be updated) as to harassment; parental
leave; and reasonable adjustments
for those with disabilities, as well as the replies given by the Bar Standards
Board in its "New Equality Provisions of the Code of Conduct - Frequently
asked Questions". Yet further, chambers also similarly adopts the principles of the Bar Standards Board Guidance on
the Diversity Collection Rules.
Equality and Diversity Officer, and
Data Diversity Officer: Richard
Hodgson of Design Chambers
Link to Design Chambers Complaints Procedure
Recruitment: Design Chambers will act fairly and in line with the current laws, regulations and codes in training and making any arrangements to advertise, interview and select any new member of chambers or pupil. Please note that Design Chambers does not presently intend to recruit any staff, pupils or mini-pupils for the period 2020 - 2022. If there were to be change, an announcement will be made on this website.
Some
Anonymised Diversity Data in respect of Design Chambers members
All members are male (in the past - but prior to her planned retirement - there has been a female member of chambers)
1 member is in the 49 to 54 year old age group
1 member is in the 55 to 59 year old age group
1 member is in the 60-64 year old age group
1 member is White British
1 member is White British/Irish
1 member is White British/Other European
Unsolicited e-mail attachments
Design Chambers' general policy is not to open e-mail attachments (even though virus-checked on receipt), save those that are expected or are from sources well known to Chambers. Please note that this policy very much includes ".txt", ".axles", ".pot", ".off", ".doc"; ".docks"; and ".PDF" attachments as well as any unsolicited curriculum vitae ("co").
Please use your Browser's "BACK" button to return to page you came from or use the links below:
·
Design
Chambers' Introduction Page