Data Protection Policy

Data Protection Policy for Mint Legal

We want you to know that when you use our organisation you can trust us with your information. We are determined to do nothing that would infringe your rights or undermine your trust. This Data Protection Policy describes the information we collect about you, how it is used and shared, and your rights regarding it.

Part One: Introduction 

1. General Statement of Duties and Scope: 

Mint Legal is required to process relevant personal data regarding members of staff, volunteers, applicants, and clients (lay and professional) as part of its operation and we will take all reasonable steps to do so in accordance with this Data Protection Policy. 

Mint Legal is registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that we hold and process. Our registered address is: Cirencester Growth Hub, Royal Agricultural University, Stroud Road, Cirencester GL7 6JR, our registration number is Z4990253. Our Data Protection Lead can be contacted at the above address or on info@mintbis.uk

Mint Legal is a “data controller” for the information which it collects for marketing, recruitment and employment purposes. Mint Legal also acts as a “data processor” on behalf of our barristers who provide legal services, which includes both advice and representation. 

Our barristers are also “data controllers” for the purpose of the General Data Protection Regulation (‘GDPR’) in respect of personal data supplied in order to provide legal services. 

This Data Protection Policy serves as Mint Legal’s Privacy Notice and is adopted by each Barrister at Mint Legal as their individual Privacy Notice 

2. Data Protection Management: 

Mint Legal shall endeavour to ensure that personal data is processed in compliance with this Policy and all relevant legislation. To that end, Mint Legal will endeavour to ensure compliance with The General Data Protection Regulation (GDPR). 

Each individual Barrister shall also endeavour to ensure compliance and has been provided with an internal policy on best practice and a summary of relevant guidance from external agencies and regulators. 

3. The Principles: 

Mint Legal will, so far as is reasonably practicable, comply with the following principles in respect to your personal and sensitive data: 

• that is it fairly and lawfully processed;
• that it is processed only for the purpose known to you (the data subject);
• that the data retained is adequate, relevant and not excessive;
• that the data is not kept for longer than necessary;
• that the data is processed in accordance with the data subject’s rights
• that the data is maintained, stored, transferred and destroyed in a secure fashion 

It is important to remember why we have Data Protection laws, and what they represent. The true spirt of this sphere of data regulation is about the protection of people. The aim is to ensure personal information about all of us, remains private, secure, and cannot be sold or misused without control or consequence. Data breaches are not only a matter for the Information Commissioner: they are also a disciplinary matter. Mint Legal takes the issues of compliance seriously, as do each of our barristers. We hope to be transparent in our approach to data and hope that this document provides you with the necessary reassurance. However, if any issues or questions flow, then in keeping with our principles of integrity, transparency and accessibility, please do not hesitate to contact us by email info@mintbis.uk

Part Two: Mint Legal and our Barristers as a collective: 

4. What information do we as an organisation collect? 

In respect to Mint Legal and our Support Staff, all personal information that we receive about you will be recorded, used and protected by us in accordance with applicable data protection legislation, including the General Data Protection Regulation and any internal policy. 

We may collect the following information about you when you enquire about our services in respect of instructing a barrister or attending/requesting one of our functions, events, lectures or talks:

  • Name
  • Name of your organisation (if applicable)
  • Address
  • Email address
  • Telephone number
  • Information for the purpose of money laundering regulation and/or confirming identification
  • Details of your enquiry 

Similar information may also be collected if you apply for a job or work experience at Mint Legal or wish to offer your corporate services to us. In some circumstances the following information may also be provided to us:

  • personal details
  • family details
  • lifestyle and social circumstances
  • goods and services
  • financial details
  • education, training and employment details
  • physical or mental health details
  • racial or ethnic origin
  • political opinions
  • religious, philosophical or other beliefs
  • trade union membership
  • sex life or sexual orientation
  • genetic information
  • biometric information for the purpose of uniquely identifying a natural person
  • criminal proceedings, outcomes and sentences, or related security measures 

5. How do we collect and use that information? 

We may collect this information from you directly through our staff, barristers or via our Direct Access enquiries forms or pupillage/staff application forms: 

We use your data for the following purposes:

  • to administer and provide services that you request or have expressed an interest in
  • to enable us to communicate with you about events or services that you have requested or expressed an interest in
  • for record keeping purposes
  • for compliance and regulatory purposes
  • to recruit staff and pupils
  • to assess applications for tenancy, pupillage, mini-pupillage and work-shadowing opportunities
  • to fulfil equality and diversity and other regulatory requirements
  • to procure goods and services
  • to manage matters relating to employment, including payroll [and pensions]
  • to respond to requests for references 

Clients who instruct our barristers please refer to part three below for further information. 

6. Marketing: 

You can update your marketing preferences or unsubscribe from any communications from us, including our newsletter, at any time by emailing on: info@mintbis.uk 

7. Sharing information: 

We will only use your data for purposes that are explained to you when such information is provided. It may be necessary to share your information with the following people:

  • information processors, such as IT support staff, email providers, information storage providers 
  • in the event of complaints, barristers who deal with complaints, the Bar Standards Board and the Legal Ombudsman 
  • other regulatory authorities 
  • current, past or prospective employers or employees
  • in the case of recruitment of barristers to or from other chambers, your current, past and prospective chambers 
  • education and examining bodies
  • legal professionals
  • experts and other witnesses
  • prosecution authorities
  • courts and tribunals 
  • Mint Legal’s staff
  • trainee barristers
  • lay and professional clients
  • family and associates of the person whose personal information Mint Legal is processing
  • current, past or prospective employers
  • education and examining bodies
  • business associates, professional advisers and trade bodies, e.g. the Bar Council
  • the intended recipient, where you have asked Mint Legal to provide a reference 

We will not disclose your data outside of Mint Legal except in limited circumstances which are outlined below: 

  • we are under a legal or regulatory obligation to do so
  • it is necessary to do so to enforce our contractual rights
  • to lawfully assist the police or security services with the prevention and detection of crime or terrorist activity
  • such disclosure is necessary to protect the safety or security of any persons
  • otherwise as permitted under applicable law. 

Clients who instruct our barrister please refer to part three below for further information. 

8. Transfer of data outside the EEA: 

Please note that Mint Legal does on occasions transfer data outside of the EEA, for example where we are instructed in international matters. In the event there is a requirement to transfer data outside of the EEA we will take appropriate steps to ensure the data is afforded similar safeguards and controls as those applied within the EEA. 

Further you shall be notified of such of any such transfer outside of the EAA, prior to it occurring. 

9. Data retention: 

Mint Legal will retain your data for as long as is reasonably necessary for the required services to be provided to you and will not be retained indefinitely or for reasons incompatible with relevant data protection legislation, including the General Data Protection Regulation. 

Clients who instruct our barrister please refer to part three below for further information. 

Part Three: Our Individual Barristers 

10. What information we may collect: 

In order to allow us to provide legal advice and representation, our barristers may collect the following information from our professional and lay clients which relates to the legal matter that they are instructed on:

  • Name of client
  • Client’s organisation or business name 
  • Contact information for client (e.g. address, email address, telephone number)
  • Identification documents
  • Biometric details
  • Case name / Parties’ names 
  • Case details (which may include, by way of example: personal information relating to third parties involved in the case; further personal information relating to the client; special categories of data, such as medical, rehabilitation, sexual orientation, social care history and records; immigration history and records; work history and records; biometric details; details of religious or other beliefs, details of any relevant criminal convictions and details about actual and potential witnesses in the case)
  • Fee and/or billing details. 

The client will usually be the source of any personal information that we hold. We may however learn personal information from the opposing party or the Court. 

11. How your barrister may use the data: 

The primary use of the data will be to provide legal services, advice and representation.

Your barrister will not use personal data for purposes that are not clear at the time the information was provided and personal data will not be disclosed outside of Mint Legal except where necessary for the provision of legal services and in discharge of professional obligations. 

The barrister may also use the data in the following way:

  • to respond to potential complaints or make complaints
  • to carry out anti-money laundering and terrorist financing checks
  • as otherwise required or permitted by law. 

12. Personal data may be shared with the following: 

In addition to the matters raised in paragraph 7 above, your personal information may be shared with:

  • courts and other tribunals
  • representatives of other parties, in accordance with our instructions
  • the professional client
  • ombudsmen and other regulatory authorities
  • potential witnesses, including experts, where we are authorised to do so and in accordance with our instructions 

We may share your data with third parties where:

  • we are under a legal or regulatory requirement to do so
  • it is necessary to do so to enforce our contractual rights
  • to lawfully assist the police or security services with the prevention and detection of crime or terrorist activity
  • such disclosure is necessary to protect the safety or security of any persons
  • otherwise as permitted under applicable law. 

We will only share your personal data in these circumstances in accordance with our professional obligations as set out by the Bar Standards Board or the Bar Council.

13. Retention of Data: 

Mint Legal and your barrister may retain data for differing periods of time as required by statute or regulation. Other obligations, legal processes and enquiries may also necessitate the retention of certain data. 

Your barrister will retain your personal information for no longer than is reasonably necessary for the provision of the Legal Services and personal information will not be retained indefinitely or for reasons incompatible with relevant data protection legislation, including the General Data Protection Regulation and the requirements of other regulatory bodies. 

Our barrister’s standard data retention period for personal information provided for the purpose of providing legal advice and/or representation is 15 years from the date last worked on a case, at which point the data will be securely deleted or destroyed, unless the case remains outstanding in some material respect after that period has expired. 

The Lay Client’s name and contact information may however be retained beyond this period until the same is no longer needed for conflict checking. 

Part Four: Legal Basis, Rights and Obligations 

14. In the case of personal data, including sensitive personal data, please note the following with care as it forms the legal basis of the processing and retention of your data: 

The processing of your data is necessary for the performance of our contractual and/or professional obligations to provide you with legal services, or employment, or training or to deal adequately with your enquiry. Mint Legal, our staff and our barristers shall rely on your explicit consent to process your information where appropriate. You have the right to withdraw this consent at any time, but this will not affect the lawfulness of any processing activity carried out prior to you withdrawing your consent.

However, where Mint Legal, our staff and/or our barristers also rely on other bases for processing your information, you may not be able to prevent processing of your information. Such bases may include situations where:

  • we consider that the processing of your data is necessary in order to comply with legal obligations to which the barrister and/or Mint Legal is subject, such as, complying with court directions, or discharging our professional obligations, including those obligations as set out. by the Bar Standards Board, the Information Commissioner’s Office, the Legal Ombudsman or any other statutory regulator
  • the processing is necessary for reasons of substantial public interest
  • the processing is necessary for the purposes of legitimate interests pursued by the barrister and/or Mint Legal, such as for the purpose of conflict-checking, for use in the defence of potential complaints, legal proceedings or fee disputes or fee recovery, for keeping anti-money laundering records, for training pupils and mini-pupils in confidence, for exercising a lien, or for otherwise complying with our professional obligations as set out by the Bar Standards Board or the Bar Counsel 

In the case of criminal convictions, we will only use or process this information in order to properly represent you either in connection with legal proceedings (including prospective legal proceedings), providing legal advice, or for the purpose of establishing, exercising or defending legal rights including claims brought on behalf of the client or also against ourselves. 

15. Your rights: 

Under the General Data Protection Regulation, you have a number of important rights regarding your personal information. In summary these rights are as follows and include the right to:

  • request access to your personal information
  • request inaccurate information to be reviewed and corrected
  • request a restriction to the processing of personal information
  • request personal information held by Mint Legal to be erased in certain circumstances
  • request a copy of the personal information that has been provided to us
  • object to the processing of personal information or the continued processing of personal information
  • request not to be subject to automated decision making which produces legal effects that concern or affect you in a significantly similar way; 

Further information regarding the rights under the General Data Protection Regulation can be found by visiting https://www.ico.org.uk. These rights are subject to the conditions and restrictions set out in the General Data Protection Regulation and the Data Protection Act as amended. 

16. Data Access Request: 

Should you wish to make a request to exercise any of the above rights or simply wish to discuss a data protection issue you should contact us by email: info@mintbis.ukor by post: Mint Legal, Cirencester Growth Hub, Royal Agricultural University, Stroud Road, Cirencester GL7 6JR

When contacting Mint Legal please ensure that you provide relevant information to allow us to identify you and state the right or rights that you wish to exercise. We may need to contact you to request further information to verify your identity and the nature of your request. 

Mint Legal will endeavour to respond to any such written requests as soon as is reasonably practicable and, in any event, within 28 days. The information will be imparted to you (the data subject) as soon as is reasonably possible after it has come to Mint Legal’s attention and in compliance with the relevant Acts and Regulations, and in any event within 56 days of the request being received and acknowledged by Mint Legal. 

17. Keeping your personal information secure: 

We take the security of personal information extremely seriously and Mint Legal has therefore instigated the appropriate measures, safeguards and protocols to ensure that data

  • is kept secure
  • is only accessed by those individuals authorised to do so
  • is only accessed where there is a legitimate need to do so. 

Appropriate and reasonable steps are in place to reduce the risk of unauthorised access to personal data held by Mint Legal (either through accidental disclosure or deliberate act) and in line with Mint Legal’s obligations under applicable data protection legislation and regulation. 

Mint Legal, and therefore all staff, barristers, door tenants and pupils are required to respect the personal data and privacy of others and must ensure that appropriate protection and security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to your personal data. An appropriate level of data security is deployed for the type of data and the data processing being performed. In most cases, personal data must be stored in appropriate systems and be protected when transported offsite. 

Mint Legal has issued the Bar Standard Board’s Guidance, ‘GDPR and Data Protection, Bar Council Guide for Barristers and Chambers 12.10.2017’ to our barristers. 

18. Secure Destruction: 

When data held in accordance with this policy is destroyed, it will be destroyed securely. 

19. Website: 

Please note that our website may contain links to third party websites which are provided for your convenience. We are only responsible for the privacy practices and security of our own digital platforms and therefore we recommend that you check the privacy and security policies of each and every other website that you visit. 

In common with many other website operators, we use standard technology called ‘cookies’ on our website. Cookies are small pieces of information that are stored by the browser on your computer’s hard drive and they are used to record how you navigate websites on each visit. 

20. Data Breach: 

Mint Legal has a separate Data Breach Policy outlining the steps Mint Legal and/or our barristers shall take if there is an actual, potential or suspected Data Breach. 

21. Complaint: 

The General Data Protection Regulation gives you the right to lodge a complaint with the Information Commissioners’ Office if you are in the UK, or with the supervisory authority of the Member State where you work, normally live or where the alleged infringement of information protection laws occurred. The Information Commissioner’s Office can be contacted at https://ico.org.uk/concerns/.   

Policy Date: 18thApril 2019