Privacy Policy

General Data Protection Regulation (“GDPR”)

 

Please read the following information carefully. This privacy policy contains information about the information collected, stored and otherwise processed about you and the reasons for the processing. It also tells you who I share this information with, the security mechanisms I have put in place to protect your information and how to contact me in the event you need further information.

 

Who Am I?

I am Patrick Cannon. I collect, use and am responsible for personal information about you (personal information being any information about an individual from which that person can be identified). When I do this I am the ‘controller’ of this information for the purposes of the GDPR and the Data Protection Act 2018.

I am registered with the Information Commissioners Office with registration number Z8380762

If you need to contact me about your information or the processing carried out you can use the contact details at the end of this document.

What do I do with your information?

I collect personal information that you provide that includes, but is not limited to, the following:

  1. personal details
  2. family details
  3. goods and services
  4. financial details
  5. education, training and employment details
  6. physical or mental health details
  7. racial or ethnic origin
  8. religious, philosophical or other beliefs
  9. sex life or sexual orientation
  10. criminal proceedings, outcomes and sentences, or related security measures
  11. other personal information relevant to, or included in, instructions to provide legal services, including information specific to the instructions in question.

Information collected from other sources.

Personal information about you may also be obtained from third parties, such as members of Cannon Chambers Limited, experts, members of the public, your family and friends, witnesses, courts and other tribunals, suppliers of goods and services, investigators, government departments, regulators, public records and registers.

How I use your personal information: Purposes

I may use your personal information for the following purposes:

    1. to promote and market my services
    2. to train other barristers
    3. to recruit staff and pupils
    4. to assess applications for tenancy, pupillage, mini-pupillage and work-shadowing opportunities
    5. to fulfil equality and diversity and other regulatory requirements,
    6. to procure goods and services,
    7. to manage matters relating to employment, including payroll and pensions
    8. to respond to requests for references
    9. to publish legal judgments and decisions of courts and tribunals
    10. to respond to potential complaints or make complaints
    11. to carry out anti-money laundering and terrorist financing checks
    12. as otherwise required or permitted by law.

Marketing and promotion

In relation to personal information collected for marketing purposes, the personal information consists of

  • names, contact details, and names of organisations
  • the nature of your interest in my marketing
  • your attendance at events in which I am involved.


This will be processed so that you can be provided with information about me and to invite you to events. You may contact me using the contact details at the end of this document if you no longer wish to receive such invitations or information.

 

Whether information has to be provided by you, and why

If you apply to me for a position or are seeking a reference your personal information has to be provided to me, so that your application or reference (as appropriate) can be properly assessed and to enable me to comply with my regulatory obligations.

If you are a member of my staff, your personal information has to be provided to me, so that your employment records, pay and pensions can be administered and to enable me to comply with its regulatory obligations, and to keep accounting records.

If you wish to receive information about me or request to attend events in which I am involved your personal information has to be provided to me so that you can benefit from that information or be invited to events. 

If you are offering or providing me with goods or services your information may be processed in relation to such offers or contracts. If you do not provide that data, I will not be able to perform the contract I have or am trying to enter into with you.

 

The legal basis for processing your personal information

I rely on the following as the lawful bases to collect and use your personal information:

  • If you have consented to the processing of your personal information, then I may process your information for the Purposes set out above to the extent to which you have consented to me doing so.
  • In relation to information that is “sensitive information” for GDPR purposes (which includes information in categories (f) to (i) above, I am entitled by law to process the information where the processing is necessary for legal proceedings, legal advice or otherwise for the establishment, exercise or defence of legal rights.
  • In relation to information which is not sensitive information, I rely on its legitimate interests and/or the legitimate interests of a third party in carrying out the processing for the Purposes set out above.
  • In relation to information which is sensitive information), I rely on your consent for any processing for the purposes set out in purposes (i), (ii), (vi) and (viii) above. However, if you do not consent to processing for the purpose of providing a reference I will be unable to take or provide a reference. This is because I need to be able to retain all information about you to provide an informed and complete reference.
  • The processing is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on me or you in connection with employment, social security or social protection.
  • The processing is necessary for the assessment of your working capacity or health or social care purposes.
  • The processing of information in certain sensitive information (being information in categories (f), (g), (h), and (i)) , is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between members of staff, tenants, pupils and mini-pupils with a view to enabling such equality to be promoted or maintained.
  • The processing is necessary to prevent or detect unlawful acts where it is in the substantial public interest and it must be carried out without consent so as not to prejudice those purposes.
  • In certain circumstances processing may be necessary in order that I can comply with a legal obligation to which it is subject (including carrying out anti-money laundering or terrorist financing checks).

 

Who will I share your personal information with?

It may be necessary to share your information with the following:

  • Information processors, such as IT support staff, email providers, practice management system providers, information storage providers.
  • in the event of complaints, the Bar Standards Board and the Legal Ombudsman
  • other regulatory authorities
  • current, past or prospective employers or employees in the case of recruitment of barristers to or from other chambers, your current, past and prospective chambers
  • in the case of recruitment generally, anyone who is involved in assessing applications in relation to the recruitment of pupils, your current or past chambers
  • education and examining bodies
  • legal professionals
  • experts and other witnesses
  • prosecution authorities
  • courts and tribunals
  • my staff
  • trainee barristers
  • lay and professional clients of mine
  • family and associates of the person whose personal information I am processing
  • education and examining bodies
  • business associates, professional advisers and trade bodies, e.g. the Bar Council
  • the intended recipient, where you have asked me to provide a reference
  • the general public in relation to the publication of legal judgments and decisions of courts and tribunals

I may be required to provide your information to regulators, such as the Bar Standards Board, the Financial Conduct Authority or the Information Commissioner’s Office. In the case of the Information Commissioner’s Office, there is a risk that your information may lawfully be disclosed by them for the purpose of any other civil or criminal proceedings, without my consent or your consent, which includes privileged information.

I may also be required to disclose your information to the police or intelligence services, acting in good faith, it considers it required or permitted by law.

 

Sources of Information

The personal information I obtain may include information obtained from:

  • members of Cannon Chambers Limited
  • legal professional and other professional services providers
  • experts and other witnesses
  • prosecution authorities
  • courts and tribunals
  • trainee barristers
  • lay and professional clients of mine
  • family and associates of the person whose personal information I am processing
  • in the event of complaints, the Bar Standards Board, and the Legal Ombudsman
  • other regulatory authorities
  • current, past or prospective employers
  • education and examining bodies
  • business associates, professional advisers and trade bodies, e.g. the Bar Council
  • the intended recipient, where you have asked me to provide a reference.
  • the general public in relation to the publication of legal judgments and decisions of courts and tribunals
  • data processors, such as IT support staff, email providers, data storage providers
  • public sources, such as the press, public registers and law reports.

 

Data Processing

I use a number of different service providers (acting as ‘data processors’) who provide administration and IT-related services to enable me to operate my business and provide services to clients. Your personal information is transferred to (and stored by) these data processors, who generally fall under the following categories:

  • Document and data storage service providers
  • Practice Management Service providers
  • IT service providers (which may include cloud-based storage providers)
  • Accounting service providers
  • Email providers

Please contact me using the details at the end of this document if you want further information on specific data processors or the types of personal data they process for us.

 

Transfer of your information outside the European Area (EEA)

This privacy policy is of general application and as such it is not possible to state whether it will be necessary to transfer your information out of the EEA in any particular case or for a reference. However, if you reside outside the EEA or your case or the role for which you require a reference involves persons or organisations or courts and tribunals outside the EEA then it may be necessary to transfer some of your information to that country outside of the EEA for that purpose. If you are in a country outside the EEA or if the instructions you provide come from outside the EEA then it is inevitable that information will be transferred to those countries. If this applies to you and you wish additional precautions to be taken in respect of your information please indicate this when providing initial instructions.

Some countries and organisations outside the EEA have been assessed by the European Commission and their information protection laws and procedures found to show adequate protection. Most do not. If your information has to be transferred outside the EEA, then it may not have the same protections and you may not have the same rights as you would within the EEA.

I may transfer your personal information to the following which are located outside the European Economic Area (EEA):

  • cloud information storage services based in the USA who have agreed to comply with the EU-U.S. Privacy Shield, in order to enable me to store your information and/or backup copies of your information so that I may access your information when they need to. The USA does not have the same information protection laws as the EU but the EU-U.S. Privacy Shield has been recognised by the European Commission as providing adequate protection.
  • cloud information storage services based in Switzerland, in order to enable me to store your information and/or backup copies of your information so that I may access your information when it needs to. Switzerland does not have the same information protection laws as the EU but has been recognised by the European Commission as providing adequate protection.

If I decide to publish a judgment or other decision of a Court or Tribunal containing your information then may be published to the world.

I will not otherwise transfer personal information outside the EEA except as necessary for the conduct of any legal proceedings.

If you would like any further information please use the contact details at the end of this document.

 

How long will I store your personal data?

I will normally store all your information:

  • until at least 1 year after the expiry of any relevant limitation period, from (for example the date on which your employment terminates, the date of the last provision of service or goods, the date of the last payment made or received or the date on which all outstanding payments are written off, whichever is the latest. This is because it may be needed for potential legal proceedings. At this point any further retention will be reviewed and the information will be marked for deletion or marked for retention for a further period. The latter retention period is likely to occur only where the information is needed for legal proceedings, regulatory matters or active complaints. Deletion will be carried out as soon as reasonably practicable after the information is marked for deletion.
  • Equality and diversity data may be retained for in pseudonymised form for the purpose of research and statistics and complying with regulatory obligations in relation to the reporting of equality and diversity data.
  • Names and contact details held for marketing purposes will be stored indefinitely or until I become aware or am informed that the individual has ceased to be a potential client.
  • Personal information held for recruitment purposes or in relation to pupillage or mini-pupillage will be stored for as long as necessary in connection with completing the recruitment process and will be deleted no later than one month after the end of the recruitment process for the relevant role.

 

Consent

As explained above, I am relying on your explicit consent to process your information in categories (f) to -(j) above. You provided this consent if you applied to become a member of staff, tenant, pupil or mini-pupil or, where you are seeking a reference you asked me to provide that reference.

You have the right to withdraw this consent at any time, but this will not affect the lawfulness of any processing activity carried out prior to you withdrawing your consent. However, where I also rely on other bases for processing your information, you may not be able to prevent processing of your information.

If there is an issue with the processing of your information, please contact me using the contact details below.

To withdraw consent, you should notify me using the contact details set out at the end of this document.

 

Your Rights

Under the GDPR, you have a number of rights that you can exercise in certain circumstances. These are free of charge. In summary, you may have the right to:

  • Ask for access to your personal information and other supplementary information;
  • Ask for correction of mistakes in your information or to complete missing information I hold on you;
  • Ask for your personal information to be erased, in certain circumstances;
  • Receive a copy of the personal information you have provided to me or have this information sent to a third party. This will be provided to you or the third party in a structured, commonly used and machine-readable format, e.g. a Word file;
  • Object at any time to processing of your personal information for direct marketing;
  • Object in certain other situations to the continued processing of your personal information;
  • Restrict the processing of your personal information in certain circumstances;
  • Request not to be the subject to automated decision-making which produces legal effects that concern you or affects you in a significant way.

If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR.

If you want to exercise any of these rights, please use the contact details at the end of this document;

  • Please provide a contact address so that you can be contacted to request further information to verify your identity;
  • Provide proof of your identity and address (Please note that I may need to ask you to provide other information so that you can be identified)
  • State the right or rights that you wish to exercise.

I will try to respond to all legitimate requests within one month from when it receives your request. If your request is particularly complex or you have made a number of requests, it may take me longer than one month. In this case, I will notify you and keep you updated.

 

Keeping your information secure

I will take reasonable technical and organisational precautions to prevent unauthorised access, disclosure, modification, or unauthorised destruction of your personal data.

 

How to make a complaint?

The GDPR also gives you the right to lodge a complaint with the Information Commissioners’ Office if you are in the UK, or with the supervisory authority of the Member State where you work, normally live or where the alleged infringement of information protection laws occurred. The Information Commissioner’s Office can be contacted at http://ico.org.uk/concerns/.

 

Future Processing

I do not intend to process your personal information except for the reasons stated within this privacy policy. If this changes, this privacy policy will be amended and placed on this website.

 

Changes to this privacy policy

This privacy policy was published on 30 May 2018 and last updated on 30 May 2018.

I review my privacy practices and may change this policy from time to time. When I do an amended privacy policy will be placed on this website.

 

Contact Details

If you have any questions about this privacy policy or the information I hold about you, please contact me using the contact details below.

The best way to contact me is to write to Patrick Cannon at:

Cannon Chambers Limited

64 New Cavendish Street,

London,

England,

W1G 8BT,

or by email at email address [email protected]

or by telephone at (+44) 020 7846 0034