Privacy Policy
We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
This notice was last updated on Tuesday April 6th, 2021 and complies to the UK GDPR, underpinned by the UK law the Data Protection Act (2018), and regulated by the UK ICO (Information Commissioners Office).
Scope & Responsibilities
Our scope is all data subjects, whose personal data is collected, in line with the requirements of the UK GDPR.
The Data Protection Officer (DPO) is responsible for ensuring that this notice is made available to data subjects prior to Philip Shepherd KC collecting and/or processing their personal data.
All associates and employees of Philip Shepherd KC who interact with data subjects are responsible for ensuring that this privacy notice is drawn to the data subject’s attention and their consent to the processing of their personal data is secured.
Who we are?
Philip Shepherd KC specializes in commercial litigation and arbitration often involving International aspects. The practice focuses on private international law, particularly aviation, conflicts of law, international jurisdiction disputes, product liability and cases involving the application of foreign laws.
Philip Shepherd KC collects and processes certain personal information about you.
When we do so we are regulated under the UK General Data Protection Regulation, which is underpinned by the Data Protection Act (2018)
We are responsible as the data controller & data processor (UK GDPR Article 30) for all personal information collected for the purposes of those laws. The Data Protection Officer (DPO) is Kevin Moore of Philip Shepherd KC , 5 Chancery Lane, London, England, WC2A 1LG.
Philip Shepherd KC can be contacted via email kevin@shepherdqc.com or by phone on 020 7855 3535.
The personal information we collect and use.
Lawful bases for processing of personal data:
The lawful bases for processing are set out in Article 6 of the UK GDPR. At least one of these must apply whenever Philip Shepherd KC processes your personal data:
- Legitimate Interests – the processing is necessary, as Philip Shepherd KC has ascertained the legitimate interest of the individual and/or organisation and explained why the processing of personal data is required to action the legitimate interest. Philip Shepherd KC reviews our legitimate interest to hold personal data annually via a Legitimate Interests Assessment (LIA)
You can find more about the UK GDPR lawful bases here or by visiting www.ico.org.uk
How we use your personal information
Philip Shepherd KC uses your personal information to:
- administer your case: to contact you, to obtain or provide additional information; to check our records are correct and up-to-date and to check every now and then that you are happy and satisfied.
- as is necessary to perform a contract between you and us and/or as is necessary, in accordance with our legitimate interests.
- carrying out anti-fraud and anti-money laundering checks and verifying your identity (as is necessary for compliance with our legal obligations and/or as is necessary in accordance with our legitimate interests).
- using your payment details to process payments relating to your instruction, including fees and refunds (as is necessary to perform a contract between you and us and/or as is necessary in accordance with our legitimate interests).
- carrying out client conflict checks in relation to a potential new instruction(s) on our databases (as is necessary for the performance of a contract between you and us and/or as is necessary for compliance with our legal obligations and / or as is necessary in accordance with our legitimate interests).
- communicating with you about your instruction(s), including responding to your enquiries (as is necessary for the performance of a contract between you and us and/or as is necessary in accordance with our legitimate interests).
- administering debt recovery processes, where you owe us money under a contract or otherwise (as is necessary for the performance of a contract between you and us and/or as is necessary in accordance with our legitimate interests).
- fulfilling our obligations owed to a relevant regulator, tax authority or revenue service (as is necessary for compliance with our legal obligations and/or as is necessary in accordance with our legitimate interests).
- notify you about changes to our services, including sending you information about upcoming events and services related to our and / or your professional areas of expertise (as is necessary in accordance with our legitimate interests).
- monitor the analysis/usage of our website (e.g., non-personal data via Google Analytics and Yandex Metrica in relation to the Philip Shepherd KC website)
What information we collect about you.
The personal data you have provided, we have collected from you, or we have received from third parties includes:
- contact details (e.g., contact names, email addresses, contact numbers)
- addresses (e.g., business addresses & other nominated addresses)
- photographic ID, such as a driving licence or passport for the purposes of carrying out anti-fraud and anti-money laundering checks and verifying your identity.
- details of services we have been instructed to carry out for you and/or on your client’s behalf including written legal opinions, other written work and correspondence, previous and forthcoming conference arrangements, hearing bookings and mediation dates.
- information received within papers relating to existing and previous legal proceedings.
- financial information such as invoices, payments, and receipts.
- identifiers assigned to your computer or other devices, including your Internet Protocol (IP) address, which is used for fraud prevention and to improve customer experience.
Who we share your personal information with?
Where relevant, given the nature of the products and services provided to you by Philip Shepherd KC, we may also share your personal data with the following categories of third parties:
- third party service providers who we instruct for the purposes of handling cases, including solicitors, surveyors, experts, insurers, third parties involved in a claim, medical agencies (as is necessary for the performance of a contract between you and us).
- third party service providers who support the operation of our business, such as IT and marketing suppliers, financial service providers, and debt collection agencies (as is necessary for the performance of a contract between you and us and/or as is necessary in accordance with our legitimate interests).
- the operators of claims/instructions related databases (as is necessary for the performance of a contract between you and us and/or as is necessary in accordance with our legitimate interests);
- fraud prevention agencies and associations, (as is necessary for compliance with our legal obligations).
- regulators and law enforcement agencies, including the police, HM Revenue and Customs or any other relevant authority who may have jurisdiction (as is necessary for compliance with our legal obligations and/or as is necessary in accordance with our legitimate interests).
We would always inform you ahead of acting on any instructions to proceed with any of our services, should this be the case.
This data sharing enables Philip Shepherd KC to supply the above documented services to you in a professional and timely manner, whilst undertaking quality control & regulatory compliance procedures. Furthermore, it ensures compliance with all necessary UK GDPR & Data Protection Act (2018) lawful requirements.
Philip Shepherd KC will share personal information with law enforcement or other authorities if required by applicable law.
Processing personal data outside of the UK
The personal information that we collect from you may be transferred to and processed in a destination outside of the UK. It may also be processed by staff operating outside the UK who work for one of our suppliers.
In these circumstances, your personal information will only be transferred on one of the following bases:
- the country that we transfer the data to is approved by the UK as providing an adequate level of protection for personal information; or
- the recipient has agreed with us standard contractual clauses that guarantee the same levels of data protection as are required under our national legislation (including the UK GDPR); or
- there exists another situation where the transfer is permitted under applicable data protection legislation (for example, where a third-party recipient of personal data in California in the United States has registered under the California Consumer Privacy Act or other such legislation).
To find out more about how your personal information is protected when it is transferred outside the UK you can read more here on International Data Transfers, including the relevant safeguards to which Philip Shepherd KC adheres.
Whether information must be provided by you, and if so why?
The provision of certain personal data including (but not limited to) contact name, registered address, email address, telephone number & certain financial information is required from you. This enables Philip Shepherd KC to provide our commercial litigation legal services to you.
We will inform you at the point of collecting information from you, whether you are required to provide this and any other additional information to us.
How long your personal information will be kept?
- We will retain your personal information for several purposes, as is necessary to allow us to carry out our business in accordance with our legitimate interests and / or as is necessary for compliance with our legal obligations.
- Any retention of personal data will be carried out in compliance with legal and regulatory obligations and with industry standards. These data retention periods are subject to change without further notice because of changes to associated laws or regulations.
- Your information will be kept for up to 7 years on our main systems, after which time it will be archived, deleted, or anonymised depending on the content of the material and whether there is any continuing need for it to be retained. For example, some of the archived information may be retained for a further period to allow us to process your existing or future instructions.
- We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
- Details of retention periods for different aspects of your personal data are available in our Document Destruction & Retention Policy which you can request from us by contacting us.
- Any personal data held in hard document copy is securely stored pre-destruction after use and is destroyed with a Certificate of Destruction in line with our UK GDPR Document Destruction & Retention
Your rights
Under the UK GDPR, Data Protection Act (2018) and ICO guidance you have several important rights free of charge. At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the Information Commissioner’s Office (ICO) on individuals rights under the UK General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- call, email, or write to us in the first instance.
- let us have enough information to identify you,
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates?
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator (e.g., ICO) of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses, and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
Cookies
We use cookies to collect, store and share bits of information about your activities when you use our website.
Cookies do different things, like letting you navigate between pages quickly and generally improving your experience of a website. If a website does not use cookies it will think you are a new visitor every time you move to a new page on the website – for example, when you enter your login details and move to another page it will not recognise you and it will not be able to keep you logged in.
Philip Shepherd KC only use non-personal data essential cookies on this website to track the performance of the website via Google Analytics and Yandex Metrica. This non personal data helps us to understand how to improve the website content for the benefit of all users. If you want to block cookies, then you can do this through your browser via the help function. You can also visit www.aboutcookies.org for further guidance.
How to complain
We hope that we can resolve any query or concern you raise about our use of your personal data.
The UK General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioners Office (ICO) who may be contacted here or by telephone on 0303 123 1113.
Changes to this privacy notice
This privacy notice was last reviewed and published on Tuesday April 6th, 2021.
Philip Shepherd KC is a barrister’s chambers, practicing as a sole trader, based within the UK.
We may change this privacy notice from time to time, when we do, we will inform you via email and/or our company website.
How to contact us
Please contact us if you have any questions about this privacy notice or the information, we hold about you.
The Data Protection Officer (DPO) is Kevin Moore.
If you wish to contact us, please send an email to kevin@shepherdqc.com or write to Philip Shepherd KC, 5 Chancery Lane, London, England, WC2A 1LG or call 020 7855 3535.