This policy describes
- • the information that Members of Faculty collect about data subjects;
- • how such data may be processed, used and shared; and
- • the rights of data subjects regarding such data.
In each instance, the relevant data controller is the Member of Faculty instructed to act.
Data held by Members of Faculty is provided to Members in the course of their instructions to act for or advise a given client or clients. In most cases, the Member of Faculty will have been instructed by a solicitor, who will in turn have provided all or most of the information relevant to the instructions.
Use of Information
Members of Faculty may use your information to:
- • Provide legal advice and representation
- • Assist in training devils and and mini-devils
- • Investigate and address any concerns expressed by data subjects, whether clients or otherwise
- • Investigate or address claims or legal proceedings relating to practice as an Advocate;
- • Communicate about news, updates and events
- • Keep accounting records and carry out general administration
- • Check for potential conflicts of interest in relation to future potential cases
- • Promote and market their services
- • Carry out anti-money laundering and terrorist financing checks
- • Respond to requests for references
- • Publish details of legal judgments and decisions of courts and tribunals
- • Make such disclosure as required or permitted by law.
Members of Faculty do not use automated decision-making in the processing of personal data.
Members of Faculty collect and process both personal data and special categories of personal data as defined in the GDPR. This includes:
- • personal details
- • family details
- • lifestyle and social circumstances
- • goods and services
- • financial details
- • education, training and employment details
- • physical or mental health details
- • racial or ethnic origin
- • political opinions
- • religious, philosophical or other beliefs
- • trade union membership
- • sex life or sexual orientation
- • genetic data
- • biometric data for the purpose of uniquely identifying a natural person
- • criminal proceedings, outcomes and sentences, and related security measures
- • other personal data relevant to instructions to provide legal services, including data specific to the instructions in question.
This information will usually be obtained from the instructing solicitor. The same categories of information may also be obtained from third parties, such as other legal professionals or experts, members of the public, family and friends of the data subject, witnesses, courts and other tribunals, investigators, government departments, regulators, public records and registers.
In the case of clients, some of the data provided to or generated by Members of Faculty will be protected by legal professional privilege, unless and until the information becomes public in the course of any proceedings or otherwise. Members have an obligation to keep client information confidential, except where it otherwise becomes public or is disclosed as part of the case or proceedings.
Members may share personal data with:
- • Instructing solicitors;
- • Devils or mini-devils under the training of the member of Faculty;
- • Other counsel involved on the same side of an instruction;
- • Opposing Counsel;
- • Courts or tribunals or the staff thereof;
- • Advocates’ Clerks;
- • Faculty Services Ltd or staff employed thereby;
- • Office bearers of the Faculty of Advocates or devilmasters, in order to obtain guidance on professional or ethical matters;
- • Members of staff of the Faculty of Advocates;
- • The Scottish Legal Complaints Commission, in the event of a complaint thereto;
- • Law enforcement officials, government authorities, or other third parties to meet any legal obligations;
- • any other party where the data subject consents to the sharing.
The Lawful Basis for processing information
All Members of Faculty that process personal data require to have a Lawful Basis for doing so, as a result of the General Data Processing Regulations (“GDPR”). The Lawful Bases identified in the GDPR are:
- • Consent of the data subject
- •Performance of a contract with the data subject or to take steps to enter into a contract
- • Compliance with a legal obligation
- • Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- • The legitimate interests of Members of Faculty, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
The Lawful Bases upon which Members of Faculty process personal data are:
- • compliance with the obligations to act reasonably and professionally in advising a client or acting for that client;
- • acting in the legitimate interests of Members of Faculty and their clients in complying with those obligations.
- • in the case of persons who have consented to the processing of their personal information, then Members may process that information for the Purposes set out above to the extent to which they have consented to that being done.
- • processing is necessary for the provision of legal services, legal proceedings, legal advice, or otherwise for establishing, exercising or defending legal rights.
- • processing may be necessary in order that Members may comply with a legal obligation to which they are subject (including carrying out anti-money laundering or terrorist financing checks).
- • processing may be necessary to publish judgments or other decisions of courts or tribunals.
Transfers to third countries and international organisations
Members of Faculty do not transfer personal data to third countries or international organisations. They may, however, when travelling abroad, carry data in hard copy form or on electronic devices. In such instances, the professional obligations incumbent on Members require safeguards to be taken in the form of (a) taking care to ensure safe custody of all such items, and (b) security measures such as encryption of such devices.
Members will retain personal data of data subjects unless asked to delete it. Standing the vicennial prescription period applicable under Scots law, such retention may be for periods of up to 21 years from the date of the last item of work carried out. This is because it may be needed for potential legal proceedings. At this point any further retention will be reviewed and the data will be marked for deletion or marked for retention for a further period. The latter retention period is likely to occur only where the information is needed for legal proceedings, regulatory matters or active complaints. Deletion will be carried out (without further notice to you) as soon as reasonably practicable after the data is marked for deletion.
Members will delete or anonymise information at the request of clients unless:
- • There is an unresolved claim or dispute;
- • They are legally required to refrain from doing so; or
- • There are overriding legitimate business interests for so refraining.
Data Subjects’ Rights
GDPR gives all data subjects specific rights regarding their personal data.
These are free of charge. In summary, data subjects may have the right to:
- • Ask for access to their personal information and other supplementary information;
- • Ask for correction of mistakes in their data or to complete missing information held on them;
- • Ask for personal information to be erased, in certain circumstances;
- • Receive a copy of the personal information provided to the Member, or have this information sent to a third party. This will be provided to the data subject or the third party in a structured, commonly used and machine readable format, e.g. a Word file;
- • Object at any time to processing of personal information for direct marketing;
- • Object in certain other situations to the continued processing of personal information;
- • Restrict processing of personal information in certain circumstances;
A data subject wishing to exercise any of these rights should:
- • Use the contact details for the Member of Faculty available on www.advocates.org.uk ;
- • Provide proof of identity and address;
- • State the right or rights that it is wished to exercise.
Members will respond to such requests within one month of receipt.
More information can be found at the website of the Information Commissioner’s Office (“the ICO”): https://ico.org.uk/
Data subjects may complain to the ICO if they are unhappy with how a Member of Faculty deals with their data.
Accessing and Correcting Your Information
Data subjects may request access to, correction of, or a copy of their information by contacting the Member who is controlling their data. Contact details are available on this website. Such requests are subject to legal professional privilege, which may entitle or require the Member to decline same.
Insofar as clients are concerned, Members rely in part on explicit consent to process information being provided when the client agrees (in person or via his solicitor as agent) to the instruction of that Member.
Clients have the right to withdraw this consent at any time, but this will not affect the lawfulness of any processing activity Members have carried out prior to withdrawal of such consent. Moreover, where Members also rely on other bases for processing information, clients may not be able to prevent processing of data.
- • Validate users;
- • Remember user preferences and settings;
- • Determine frequency of use;
- • Measure the effectiveness of advertising campaigns;
- • Analyse site visits and trends.