- Please read the following information carefully. This privacy notice contains information about the information collected, stored, and otherwise processed about you and the reasons for the processing. It also tells you who I share this information with, the security mechanisms I have put in place to protect your data and how to contact me in the event you need further information.
- To provide legal advice and representation, I need to collect and hold personal information. This may be your personal data or information relating to other parties involved in the matter. I will take all possible steps to protect personal information. I will ensure that I do not do anything that may infringe your rights or undermine your trust. This privacy notice describes the information I collect about you, how it is used and shared, and your rights regarding it.
- I, Teniola Onabanjo, am a member of 3 Verulam Buildings. I am registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that I hold and process as a barrister. My registered address is 3 Verulam Buildings, Gray’s Inn, London, WC1R 5NT and my ICO registration number is Z2882791. If you need to contact me about your data or this privacy notice, you can reach me via my clerks at firstname.lastname@example.org, in writing to 3 Verulam Buildings, Gray’s Inn, London, WC1R 5NT or by telephone at +44 (0)20 7831 8441.
- When carrying out the provision of legal services or providing a reference I may collect some or all the personal information listed below that you provide. Most of the information that I hold about you is provided to, or gathered by, me during your case and/or proceedings. Your solicitor and/or I will tell you why we need the information and how we will use it. In addition to the information you may provide to me or your solicitor, I may also obtain information from other sources as follows:
- Information that is available publicly in registers, searches or in the media
- Other legal professionals including solicitors and barristers and their associates, trainees, and staff
- Chambers staff
- Expert and other witnesses
- Prosecution bodies
- Regulatory, public, or administrative bodies
- Court staff & officials
What data do I process about you?
- Depending on the type of work, I collect and process both personal data and special categories of personal data as defined in the UK GDPR. This may include:
- Email address
- Phone number
- Payment or bank details
- Date of birth
- Next of kin details
- Details pertaining to education and employment
- Information on your background & current circumstances
- Financial information.
- Where relevant, I may also need to process special category personal data that reveals your:
- Racial or ethnic origin
- Political opinions
- Religious and philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data for the purpose of uniquely identifying a natural person
- Data concerning health
- Sex life and sexual orientation.
- On occasion, I may also process personal data relating to criminal convictions and offences.
My lawful basis for processing your information
- In order that I can provide legal services and representation for you, I must process your personal data. The UK General Data Protection Regulation (the UK GDPR) requires that where I process personal data, I must have a lawful basis for doing so. The lawful bases identified in the UK GDPR that I seek to rely upon are as follows:
- Consent of the data subject – where this required, I will ensure that I have your specific consent for processing your data for the specified purposes. You will also have the right to withdraw your consent at any time. Where you do so this will not affect the legality of data processing which had taken place prior to your withdrawal of consent.
- Performance of a contract with the data subject, or to take steps to enter a contract.
- Compliance with a legal obligation – to comply with various regulatory and professional obligations, e.g., filing tax returns with HMRC.
- The legitimate interests of my business or a third party, except where such interests are overridden by the interests, rights, or freedoms of the data subject.
- Examples of legitimate interests include but are not limited to:
- Provision of legal services and advice.
- For purposes of practice management, accounting, and debt recovery.
- For completion of professional regulatory requirements.
- Processing for direct marketing purposes, or to prevent fraud.
- Reporting threats to public security.
- Such other purposes as may be set out below.
Special category processing
- The UK GDPR specifies that where I process special category data, I must rely upon certain exemptions to do so lawfully. The following exemptions are applicable in my practice:
- I have your explicit consent to do so; or
- It is necessary for the exercise or defence of legal claims or judicial acts.
Criminal data processing
- On occasion, I process data relating to criminal offences where it is necessary for:
- The purpose of, or in connection with, any legal proceedings
- The purpose of obtaining legal advice; or
- The purposes of establishing, exercising, or defending legal rights
- Where I have your explicit consent to do so.
- I use your personal information for the following purposes:
- Provide legal advice and representation in Courts, tribunals, arbitrations, and mediations
- Assist in training other Barristers, pupils, and mini pupils
- Investigate and address your concerns
- To check for potential conflicts of interest in relation to future potential cases
- Communicate with you about news, updates, and events
- Investigate or address legal proceedings relating to your use of my services, or as otherwise allowed by applicable law
- Make statutory returns as required
- Assist in any tendering or panel membership applications
- Assist in any other applications for the purpose of professional development or career progression
- Communicate legal updates and judgments to other legal professionals
- For marketing purposes
- To respond to requests for references
- For the management and administration of my practice
- To recover debt
- To manage complaints with regulators
- Communications with regulators
- Where relevant to conduct anti-money laundering, terrorist financing or conflict of interest checks
- When procuring goods or services
- If you are a client, some of the information you provide will be protected by legal professional privilege unless and until the information becomes public during any proceedings or otherwise. As a barrister I have an obligation to keep your information confidential, except where it otherwise becomes public or is disclosed as part of the case or proceedings. While processing your information to provide legal services to you, I may share your personal data with:
- Instructing solicitors or other lawyers involved in your case
- A pupil or mini pupil, under my training
- Opposing counsel, for the purposes of resolving the case
- Court Officials, including the Judiciary and prosecuting authorities
- Opposing lay clients
- My chambers’ management and staff who provide administrative services for my practice
- Expert witnesses and other witnesses
- My regulator (the Bar Standards Board) or legal advisors in the event of a dispute, complaint, or other legal matter
- Head of Chambers or complaints committee within my chambers, the Bar Standards Board, or the Legal Ombudsman in the event of a complaint
- Law enforcement officials, government authorities, or other third parties, to meet any legal obligations
- Legal directories, for the purpose of professional development
- Any relevant panel or tendering committee, for the purpose of professional development
- Accountants and banking officials
- Regulators or arbitrators, where complaints or disputes arise
- Any other party where I ask you for consent, and you consent, to the sharing.
- I may also be required to disclose your information to the Police or Intelligence Services where required by law or pursuant to a court order.
Transfers to third countries and international organisations
Our data is stored only in the UK. However, it may occasionally be necessary to transfer personal data outside the UK or EEA using appropriate safeguards. If you are in a country outside the EEA or if the instructions you provide me come from outside the EEA then it is inevitable that information will be transferred to those countries. If this applies to you and you wish additional precautions to be taken in respect of your information, please indicate this in your further instructions to us.”
- We have satisfied ourselves that the conditions laid down in the Regulations are complied with by the controller and processor by:
- An adequacy decision, or
- Binding corporate rules, or
- Model contract clauses, or
- You have explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers due to the absence of an adequacy decision and appropriate safeguards:
- the transfer is necessary for the performance of a contract between the you and the controller, or the implementation of pre-contractual measures taken at your request;
- the transfer is necessary for the conclusion or performance of a contract concluded between the controller, you and ant other natural or legal person:
- the transfer is necessary for important reasons of public interest:
- the transfer is necessary for the establishment, exercise, or defence of legal claims; and/or
- the transfer is necessary to protect your vital interests or of other persons, where you are physically or legally incapable of giving consent.
- If I decide to publish a judgment or other decision of a Court or Tribunal containing your information then this will be published to the world. I will not otherwise transfer personal information outside the EEA except as necessary for providing legal services or for any legal proceedings.
- I am satisfied that such transferred data is fully protected and safeguarded as required by the UK General Data Protection Regulation.
Retention and Disposal of Data
- I retain your personal data while you remain a client unless you ask me to delete it. My Retention and Disposal Policy (copy available on request) details how long I hold data for and how I dispose of it when it no longer needs to be held. I will delete or anonymise your information at your request unless:
- There is an unresolved issue, such as a claim or dispute
- I am legally required to; or
- There are overriding legitimate business interests to do so.
- I will typically retain case files for a period of 16 years following the conclusion of a case/matter or receipt of final payment, whichever is the latest. This reflects the period required by the Bar Mutual Indemnity Fund relating to potential limitation periods. This may be longer where the case includes information relating to a minor
- Information related to anti-money laundering checks will be retained until five years after the completion of the transaction or the end of the business relationship, whichever is later.
- Where various pleadings and documents have been drafted, they may be retained for learning purposes and legal research. Where this is the case, I will anonymise the personal information/redact information which may identify an individual/risk assess the continued retention of the documents.
- The UK GDPR gives you specific rights in terms of your personal data. For example:
- You have the right of access to the information I hold and what I use it for.
- You can ask for a copy of the personal information I hold about you.
- You can ask me to correct any inaccuracies with the personal data I hold.
- You can ask me to stop sending you direct mail or emails.
- You can, in some circumstances, ask me to stop processing your details.
- Finally, if I do something irregular or improper with your personal data, you can complain to the ICO if you are unhappy with how I have processed your information or dealt with your query. You may also seek compensation for any distress you are caused or loss you have incurred.
- You can find out more information from the ICO’s website.
Accessing and correcting your information
- You may request access to, correction of, or a copy of your information by contacting me at email@example.com, in writing to 3 Verulam Buildings, Grays Inn, London, WC1R5NT or by telephone at +44 (0) 20 7831 8441.
- You may opt out of receiving emails and other messages from my practice by following the instructions in those messages.
- I will occasionally update my privacy notice. When I make significant changes, I will notify you of these through either mail or email. I will also publish the updated notice on my website profile.
- This Privacy Notice was published on 1 January 2024 and replaces my previous Privacy Notice, published on 1 January 2023.