Purpose of the policy
The members of Bretton Woods Law are committed to respecting your privacy and protecting confidential and privileged information. We take our professional, regulatory and legal obligations in relation to personal data seriously.
For the purposes of the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and other applicable data protection law, this privacy notice contains information about what personal data we collect and store, how we collect your data, who we share this information with, the measures we have put in place to protect your data, the rights and options that you have, and how to contact us if you have a complaint.
Bretton Woods Law is not a firm, nor are its members partners or employees. Rather, it is a Chambers comprised of individual barristers qualified in England and Wales, as well as various other jurisdictions, each of whom is a self-employed sole practitioner. The individual members of Bretton Woods Law (referred to collectively as “we”/”us”) collect, use and are responsible for personal information about you and each of us is regarded as an independent data controller of your personal data. Your data will be controlled by the individual member or members of Chambers you have instructed, or that is providing services to you.
We collect personal data when:
- You or your organisation seek legal services from us.
- We provide you or your organisation with legal services.
- You or your organisation provide, or offer to provide, services to us.
- You correspond with us in any manner.
- You or your organisation interacts with our website or makes an enquiry through our website.
- You attend our seminars, training or other events or sign up to receive communications from us, including newsletters.
- We make enquiries from third party sources such as regulatory agencies, government agencies, online information service providers or from publicly available records.
- We view or consider information that you or your organisation make available publicly, for example on a firm’s website or LinkedIn.
As part of providing or carrying out legal services, we collect personal information such as name, telephone number and contact details, job title or role, employment history, educational or professional background, and nationality. Depending on the nature of the relevant legal case or issue, we may request special category data from you, including personal information relating to racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences, or genetic or biometric data. We may collect this information about you or other members of your organisation or in relation to third parties relevant to the provision of legal services.
We may also collect some or all of the following personal information:
- Financial and payment information necessary for administering payment to us and our accounting systems.
- Business information, including information provided in the course of the contractual or client relationship between you or your organisation and us, or otherwise voluntarily provided by you or your organisation.
- Diary and appointment data relating to details of your visits to our premises or visits by members of chambers to your premises or other meetings or appointments relevant to the provision of legal services (e.g. attendance details at tribunal hearings);
- Data from third party sources such as regulatory agencies, government agencies, online information service providers or from publicly available records and personal data that is available publicly, for example on a firm’s website or LinkedIn.
When carrying out very limited marketing (such as events and newsletters), we collect information such as your name, address, telephone number, email address or contact details and job title, including from publicly available sources.
Use of personal data
We use your personal information for the following purposes:
- To carry out conflict checks.
- To offer you or your organisation legal services.
- To register you or your organisation as a client.
- To provide and administer legal services, as instructed by you or your organisation.
- To administer and manage our relationship with you, including billing, processing payments, accounting, and fee collection and activities linked to the professional relationship with your or your organisation.
- To comply with our legal obligations, including maintaining records, or conducting any necessary checks (e.g. anti-money laundering, fraud and crime prevention and detection, or in relation to international or trade sanctions).
- To manage access to our premises and for security purposes (including at any events that we organise).
- To protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities.
- To exercise or defend our legal rights, or to comply with the order of any court or other judicial authority or arbitral body.
- To communicate with you to invite you to our events and to keep you up-to-date on legal developments and topics of interest or announcements about members of Bretton Woods Law, and for other marketing and information purposes.
- For other purposes ancillary to any of the above or any other specific purposes for which your personal data was provided to us.
Please note that the majority of our processing of personal data will be covered by legal professional privilege.
Where we rely on your explicit consent to the processing of your personal data, this is contained in any contractual terms agreed with a member or members of chambers or other explicit privacy consent obtained during the process of instructing us to provide or carry out legal services.
You have the right to withdraw this consent at any time, but this will not affect the lawfulness of any processing activity we have carried out prior to you withdrawing your consent. In order to request to withdraw your consent, please contact us with relevant details at firstname.lastname@example.org.
Sharing your personal data
We may share your personal data:
- With our service company (Bretton Woods Law Services Limited – Company number 08078311) and its employees or third party contractors.
- We have relationships with certain third parties that we routinely share data with in connection with the legal services we provide or the marketing of Bretton Woods Law or the provision of legal updates (such as our newsletters) and training. A list of these third parties can be provided on request.
- With law enforcement authorities and regulators if required by applicable law.
Transfers of Personal Data out of the European Economic Area
You should be aware that we operate on a worldwide basis and some of our members frequently work or are based overseas. In the course of providing legal services or administering our practices, it may be necessary to transfer your personal information out of the European Economic Area (“EEA”) when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims. We will take appropriate measures to safeguard the security of any information transferred out of the EEA and to protect your privacy rights.
If you would like any further information please contact us at email@example.com.
Length of retention
We will hold your personal data for as long as necessary to fulfil the purposes that it was collected it for. In general, that means that personal data in relation to any specific legal case or legal service provided will be retained for a period long enough to satisfying any legal, accounting, or reporting requirements or to provide protection for us in relation to any complaint or legal claim, or as necessary in relation to any past, ongoing or potential dispute which is the subject of the legal service.
In relation to the very limited information necessary to conduct conflict checks, we are required to retain this data indefinitely in order to comply with our professional, regulatory and legal obligations. Such data is limited to your name (only if you were an individual client) or the name of your organisation (which is not personal data in any event).
For marketing purposes we retain limited information (name, job title, and contact details) for longer periods.
We periodically review our retention of personal data. In relation to specific cases or legal services we consider any departure from our general policy on a case by case basis. In order to decide on the appropriate period to retain any personal data, we take into account the nature, extent and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the data, the purposes for which it was collected and will be processed and whether there is an appropriate way of achieving our legitimate purpose through other means.
At the end of the retention period we will securely destroy your personal data in accordance with our obligations under applicable laws and in accordance with any relevant guidance.
Under the GDPR, you are entitled to:
- Transparency over how we use your personal data and fair processing of it.
- Request to view, amend, or delete the personal data that we hold, unless there is a legal reason for non-disclosure, or disclosure would reveal the personal data of a third party.
- Request that we correct any mistakes or incomplete personal data we hold about you.
- Object to your personal data being used in direct marketing, and opt out. In certain circumstances you may ask for your personal data to be erased.
- Receive a copy of the personal information you have provided to us or have this information sent to a third party.
- Restrict our processing of your personal information in certain circumstances.
If you want to exercise any of these rights, unsubscribe from any of our communications, or inform us of any changes to your personal data, please email firstname.lastname@example.org stating the right or rights that you wish to exercise.
If you want more information about your rights under the GDPR, please see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR and more generally, the ICO website.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We do not intend to process your personal information for any reason other than stated within this privacy notice. If this changes, this notice will be updated.
We periodically review our internal privacy practices and may change this policy from time to time. Any changes to the policy will be updated on our website.
If you have any questions about this privacy notice or the information we hold about you, please contact us on email@example.com.
The General Data Protection Regulation gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) State where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority is the Information Commissioner’s Office.