Law Tribe's Privacy and Transparency Policy

You will be notified of any updates to this policy.

The Data Controller: Law Tribe is a Solicitors Regulation Authority (“SRA”) regulated entity registered under SRA number 60719. Law Tribe is also regulated by the Financial Conduct Authority. Barristers and solicitors may work under the Law Tribe banner. Though the SRA is the prime regulator, members of Law Tribe who are barristers are also partially regulated by the Bar Standards Board. For the purposes of data protection, including under the General Data Protection Regulation (“GDPR”) published by the EU, Law Tribe is regulated by the UK Information Commissioners Office (“ICO”), which is the lead authority in respect of Law Tribe’s activities within the European Economic Area (“EEA”).  The GDPR is retained in UK law following Brexit.

The Data Protection Officer: Stephen John Meachem, Barrister and Solicitor is Law Tribe’s Data Protection Officer. Email address: stephen.meachem@lawtribe.co.uk 

His address for correspondence is: Stephen Meachem, Law Tribe, 5th Floor, 20 Old Bailey, London EC4M 7AN. Further details can be obtained online at: https://lawtribe.co.uk Tel: 0203 375 3971

The Purposes of Processing: Your data will be processed to:

1. determine whether we can provide services to you or enter into a contract with you;

2. provide services to you on a pro bono or contractual basis;

3. provide services to others (in so far as this does not breach client confidentiality);

4. comply with regulatory and other legal obligations;

5. protect Law Tribe against claims or potential claims;

6. market services to you via our website, by email and by use of cookies;

7. consider job or work experience applications to Law Tribe;

8. to ensure that we are complying with the Equality Act 2010.

Legal Basis - Your data will be processed on the basis that Law Tribe has a legitimate interest in being able to achieve the aims of processing set out at 1-5 above. In relation to 1- 5 and 7-8 above where special category data is provided, the provider of the data warrants that they consent to Law Tribe processing that data or that they have obtained written consent from the data subject. In relation to 6 above processing will be based on specifically obtained consent.

In relation to 7-8 above processing of special category data may also be based: (i) on the carrying out of obligations and the exercise of the rights of the data controller or data subject arising from employment, social security and social protection law; (ii) on personal data which are made public by the data subject; (iii) on the establishment, exercise or defence of legal claims or whenever acting under a Court order; (iv) where proportionate for reasons of substantial public interest on the basis of EU or EU member state law as implemented in the UK.

Personal Data Held: As a minimum, Law Tribe is required to positively identify its clients. This also includes positively identifying a director in the case of a corporate client. In addition, Law Tribe holds whatever information is provided to it by its clients and others.

Client Failure to Provide Data: If you fail to provide Law Tribe with data it requires for the above purposes you will not receive services, or consideration for work experience or employment.

Data Sources: Law Tribe obtains most personal data from its clients and from opposed litigation parties. Personal data is also obtained from those who express an interest in Law Tribe’s services. Special category data medical records are obtained for use in advancing client’s cases and the written consent of the client is obtained prior to Law Tribe seeking them.

Recipients: Any data provided by a client, a pro bono client, a work experience or job applicant is treated as confidential and will only be shared with others in so far as this is necessary to provide pro bono services or to fulfil a contract to provide services to a client, to comply with regulatory and other legal obligations or to protect Law Tribe against a claim or potential claim.

To provide its services, Law Tribe relies on the services of certain data processors. These include Microsoft and Google secure cloud storage of files and emails, which may be stored on servers outside the EEA. The ICO has confirmed that the Microsoft and Google cloud services we use comply with the GDPR. In all cases, Law Tribe ensures that data is processed in compliance with this policy.

Transfers to outside the EEA and Safeguards: - Other than Law Tribe’s use of cloud storage and where required to provide services in individual client matters, data is rarely sent outside the UK and it is extremely rare for data to be sent outside the EEA. Where it is, the relevant devices are password protected and equipped with tracking and remote wipe software. The devices are personally accompanied. Portable disk storage is password protected and encrypted.

Retention Period: Data is held for ten years from the end of the relevant matter or for ten years where it is not associated with a matter.

Data Subject’s Rights: Where relevant, you have the right (subject to client confidentiality) to:

• withdraw consent to the processing of your data;

• complain to a supervisory authority regarding the processing of your data (https://ico.org.uk/); and

• obtain a copy of the data held on you and to correction of any errors in that data.

Automated Decision Making: None.

Further Details: The Data Controller will provide further details of any of the above on request.

Definitions:

Personal Data: Any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier.

Special Category Data: Data of a sensitive nature, e.g. race, ethnic origin, politics, religion, TU membership, genetics, biometrics, health/medical records, sex life, sexual orientation.

Data Controller: A controller determines the purposes and means of processing personal data.

Data Processor: A processor is responsible for processing personal data on behalf of a controller.

General Data Protection Regulation: This is a data protection and privacy law published by the EU which had direct legal effect in EU member states from 25 May 2018. The GDPR is retained as enacted in UK law following Brexit. The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.