PRIVACY NOTICE FOR JONATHAN GOLDBERG KC

Introduction

Thank you for choosing to instruct me in your case. I will need to collect and hold your personal information in order to represent you. In this privacy notice I explain my approach to your personal information and your rights in relation to it.

I am a barrister practising from North Square Chambers, PO Box 61360, N6 6DH (my “Chambers”).

I am registered with the Information Commissioner’s Office (“ICO”) as a Data Controller for the personal information that I hold and process as a barrister.

Processing personal information

The General Data Protection Regulation (“GDPR”) only allows processing of personal information when there is a lawful basis for doing so. The principal lawful bases identified in the GDPR are:

  • The data subject has given consent to the processing of his or her personal information for one or more specific purposes;
  • Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Processing is necessary for compliance with a legal obligation to which the controller is subject;
  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
 Examples of a legitimate interest for processing personal information include:
  • Where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller;
  • Processing for direct marketing purposes;
  • Processing to prevent fraud;
  • Transmitting personal data within a group of undertakings for internal administrative purposes, including the processing of clients’ or employees’ personal data;
  • Where necessary and proportionate for the purposes of ensuring network and information security;
  • Reporting possible criminal acts or threats to public security.
Certain categories of personal data are more sensitive, and so they require more protection. These are known as Special Categories under the GDPR and are: 
  • Personal data which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership;
  • Genetic data or biometric data for the purpose of uniquely identifying an individual; and
  • Data concerning health or data concerning a person’s sex life or sexual orientation.

Processing of Special Categories of personal data may be permitted under the GDPR where, for example:

  • The Data Subject has given explicit consent to such processing for one or more specified purposes;
  • Processing is necessary to protect the vital interests of the Data Subject or of another individual where the Data Subject is physically or legally incapable of giving consent.
  • The Data Subject has manifestly made such data public;
  • Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
  • Processing is necessary for reasons of substantial public interest;
  • Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the Data Controller or of the Data Subject in the field of employment law.

I may use your personal information for a number of purposes including, but not limited to:

  • Communicating with you;
  • Providing you with legal advice and representation;
  • Investigating and addressing your complaints;
  • Responding to legal proceedings relating to your use of my services.

One or more lawful bases, legitimate interests or purposes may apply when I process your personal information.

As my client, examples of lawful bases may be performance of a contract between us for the provision of legal services, consent and/or a legitimate interest in processing their personal information for the purposes of providing you with legal advice and/or representation. Processing may also be necessary for the exercise or defence of legal claims.

If you use my Chambers’ website, examples of lawful bases may be consent and/or direct marketing purposes and/or for ensuring network and information security.

What information I collect

I may collect a variety of personal information, including but not limited to:

  • Name;
  • Telephone number;
  • Address;
  • Email;
  • Date of birth.

Please note it is up to you to choose how much personal information you disclose to me. However, if you do not provide certain information, this may limit the legal services which I am able to provide to you.

Retention of personal information

I retain personal information for as long as I need it, which in most cases will be a minimum of seven years. When I no longer need it, your personal information will be securely destroyed.

Data transfers

I list below common examples of people with whom I may share your personal information, where it is proper to do so:

  • Chambers’ clerking and administrative staff;
  • Other barristers who may be instructed to cover a case;
  • Instructing solicitors;
  • Opposing counsel and the court, for the purposes of resolving a case, for example;
  • Regulatory authorities in the event of a complaint; and
  • Anyone you ask me to share your information with.

I do not transfer personal data outside the European Economic Area unless I am satisfied that there are appropriate safeguards in place.

Your rights

In this section I summarise your rights as a Data Subject under the GDPR. You can find out more about your rights from the Information Commissioner’s Office’s website at https://ico.org.uk.

Data Subjects have the following rights under the GDPR:

·         A right to be informed about the personal information held by a third party about them and the purposes for which they process it;

·       A right to access a copy of any information processed by a third party which contains their personal data – this is known as a Subject Access Request;

·         A right to object to the processing of personal data, for example, for direct marketing;

·         A right to object to decisions being taken solely by automated means by third parties who hold their personal data;

·         A right in certain circumstances to have inaccurate personal data held by a third party rectified, blocked, erased or destroyed;

·         A right to claim compensation for damages suffered by the Data Subject as a result of a breach of the GDPR; and

·         A right to move their data from one Data Controller to another.

 

Your Information

 

Right to Complain

I take any complaints about my collection and use of personal information very seriously.

If you think that my collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about my data processing, please raise this with me in the first instance.

Alternatively, you can make a complaint to the Information Commissioner’s Office:

  • By Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • By Email to: This email address is being protected from spambots. You need JavaScript enabled to view it.
  • By Phone at: 0303 123 1113 (Local rate) or 01625 545 745 (National rate).

Review of this Notice

I may review and update this notice from time to time by publishing a new version on my Chambers’ website. 

You should check this page occasionally to ensure you are happy with any changes to this notice.