We want you to know that when you use our organisation you can trust us with your information. We are determined to do nothing that would infringe your rights or undermine your trust. This Privacy Notice describes the information we collect about you, how it is used and shared, and your rights regarding it.
We are registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that we hold and process. Our registered address is: Griffin Building, Gray’s Inn, London, WC1R 5LN, our registration number is Z4990253. Our Data Protection Lead can be contacted at the above address or on firstname.lastname@example.org.
The vast majority of the information that we hold about you is provided to us by yourself when you seek to use our services. We will tell you why we need the information and how we will use it.
Our lawful basis for processing your information
The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018) require all organisations that process personal data to have a lawful basis for doing so. The lawful bases identified in the GDPR are, in outline:
- Consent of the data subject
- Performance of a contract with the data subject or to take steps to enter into a contract
- Compliance with a legal obligation
- To protect the vital interests of a data subject or another person
- Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
Examples of legitimate interests include:
- Where the data subject is a client or in the service of the controller;
- Transmission within a group of undertakings for internal administrative purposes;
- Processing necessary to ensure network and information security, including preventing unauthorised access;
- Processing for direct marketing purposes, or to prevent fraud; and
- Reporting possible criminal acts or threats to public security.
The lawful bases that Matrix relies on to process data are: consent, performance of a contract (or taking steps to enter into a contract), compliance with a legal obligation, and legitimate interests (as outlined in the examples above).
We use your information to:
- Provide goods, services, deliveries, quotations, and information, for example, newsletters;
- Communicate with you about products, services, promotions, studies, surveys, news, updates and events;
- Process or support payments for goods and services;
- Conduct data analysis, testing, and research (including for product development), and to monitor and analyse usage and activity trends;
- Maintain the safety, security and integrity of our services;
- Direct your enquiries to the appropriate member of staff;
- Investigate and address your concerns;
- Investigate or address legal proceedings relating to your use of our services/products, or as otherwise allowed by applicable law;
- Meet our legal obligations and regulatory requirements;
- Carry out activities necessary for the performance of employment or other contracts to which Matrix Chambers Ltd and the relevant data subjects are parties.
Except as provided for in this privacy notice, we will not provide your personal data to third parties.
We do not use automated decision-making in the processing of your personal data.
We collect and process both personal data and special categories of personal data as defined in the UK GDPR. This includes:
- Phone number;
- Payment or bank details;
- Location details;
- RSVPs to Matrix events;
- CCTV images of visitors to our buildings;
- Device IP address and logs of phone calls.
Employee, barrister, job/traineeship/work experience application data
- Phone number;
- Home Address;
- Payment or bank details;
- Date of birth;
- Equality and Diversity data;
- Any application or expression of interest in job/work experience/traineeship;
- Family & next-of-kin details.
We may share your personal data with:
- Third party contractors and suppliers, necessary to administer Matrix Chambers Ltd
- Our legal advisors in the event of a dispute or other legal matter;
- Law enforcement officials, government authorities, or other third parties to meet our legal obligations;
- Any other party where we ask you and you consent to the sharing.
Transfers to third countries and international organisations
We do not transfer any personal data to third countries or international organisations.
Although based in England, we may transfer your personal information to a location (for example, to a secure server) outside the United Kingdom, if we consider it necessary or desirable for the purposes set out in this notice.
In such cases, to safeguard your privacy rights, transfers will be made to recipients to which a European Commission “adequacy decision” applies (this is a decision from the European Commission confirming that adequate safeguards are in place in that location for the protection of personal data), or will be carried out under standard contractual clauses that have been approved by the European Commission as providing appropriate safeguards for international personal data transfers, and/or any transfers of personal information will be carried out with appropriate safeguards to ensure the safety and security of your information. Any transfer of your personal data to and within the EU will itself be subject to the General Data Protection Regulation (EU) 2016/679 (GDPR).
Please do ask if you have seek further information about any particular concerns or particular transfers.
We retain your personal data while you remain a customer/client/supplier/trainee/employee or work experience student, unless you ask us to delete it. Our Retention and Disposal Policy (copy available on request) details how long we hold data for and how we dispose of it when it no longer needs to be held. We will delete or anonymise your information at your request unless:
- There is an unresolved issue, such as claim or dispute;
- We are legally required to; or
- There are overriding legitimate business interests, including but not limited to fraud prevention and protecting customers’ safety and security.
The UK GDPR and DPA 2018 give you specific rights around your personal data:
- right to be informed about the collection and use of your personal data
- right of access to your personal data, and the right to request a copy of the information that I hold about you and supplementary details about that information – you will be asked to provide proof of your identify and residential address, and you may be asked to provide further details to assist me in the provision of such information
- right to have inaccurate personal data that I process about you rectified
- right of erasure – in certain circumstances you have the right to have personal data that I process about you blocked, erased or destroyed
- the right to object to, or restrict:
- processing of personal data concerning you for direct marketing
- continued processing of your personal data
- the right of portability of your data in certain circumstances.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Please note that these rights are subject to certain limitations that exist in law. In particular, a number of rights are not exercisable in relation to personal data:
- that consists of information in respect of which a claim to legal professional privilege could be maintained in legal proceedings
- where disclosure of the data:
- is necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings)
- is necessary for the purpose of obtaining legal advice, or
- is otherwise necessary for the purposes of establishing, exercising or defending legal rights
to the extent that the exercise of those rights would prevent me from making the disclosure.
Please contact us using the contact details below if you would like to exercise any of these rights or to find out more about them. You can find out more information from the ICO’s website http://ico.org.uk/for_the_public/personal_information and this is the organisation that you can complain to if you are unhappy with how we deal with you.
Accessing and correcting your information
You may request access to, correction of, or a copy of your information by contacting our Data Protection Lead at Matrix Chambers Ltd, Griffin Building, Gray’s Inn, London, WC1R 5LN or on email@example.com.
You may opt out of receiving emails and other messages from our organisation by following the instructions in those messages. You can remove yourself from the Matrix mailing list at any time by clicking the “unsubscribe” button at the bottom of our emails.
Cookies are small pieces of data which are stored for you on your computer by your web browser or device by websites, apps, online media, and advertisements. They are used to improve your online experience by almost every website. If you do not know what cookies are, or how to control or delete them, detailed guidance can be found by visiting www.aboutcookies.org.
We aim to keep cookies to a minimum, and we only use the following cookies:
Google Analytics: these cookies are called __utma __utmb __utmc and __utmz.
We use Google Analytics cookies to understand how our website is being used in order to improve the user experience. All information is collected in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they have visited. More information on how to reject or delete these cookies can be found at: www.google.com/intl/en/policies/privacy.
If you are not happy with the cookies that we use, you should either not use this website, or you should delete cookies after having visited the site. Alternatively, you should browse this website using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” for Internet Explorer, “Private Browsing” in Firefox and Safari etc).
In addition, our International page and archives of the International page use software that detects visitor IP addresses and uses this to offer regionally-specific content within the page. The detected IP address is used only to identify the visitor’s country and match this to a country code within a database supplied by MaxMind Inc. This is in turn matched to website content associated with the visitor’s country, where applicable. The IP address information is not retained or recorded and is detected upon each visit to those pages.
We will occasionally update our privacy notice
When we make significant changes, we will notify you of these directly if possible. We will also publish the updated Privacy Notice on our website.
Date of last revision: [2 April 2021]