Privacy Policy
JCKC Law and Chambers of James Corbett KC
1. Introduction
1.1 Advocate James Corbett KC the principal of JCKC Law (JCKC Law) and, as James Corbett KC, is the head of the Chambers of JCKC Law, a set of barristers’ chambers (Chambers). In this Privacy Policy, JCKC Law, Chambers, Advocate James Corbett and James Corbett KC are together referred to as we, us and our.
1.2 The information set out in this Privacy Policy is provided to individuals whose personal data we process (you or your), in compliance with our obligations under Articles 13 and 14 of the General Data Protection Regulation 2016/679 (GDPR).
2. Data controller details
2.1 James Corbett KC is the data controller in relation to the processing of the personal information that is referred to in paragraph 3.2.1 below. He can be contacted using the details below:
2.1.1 Address: FAO: [Advocate James Corbett] or [James Corbett KC], [JCKC Law or Chambers of James Corbett KC], 1 West’s Centre, St Helier, Jersey JE2 4ST.
2.1.2 Telephone number: +44 (0)1534 858532.
2.1.3 Email address: gm@jamescorbettkc.com (please include “Personal Data Request – [insert name of relevant Member]” in your subject heading to ensure it receives the correct attention).
2.2 James Corbett KC is the data controller in relation to the processing of the personal information that is referred to in paragraph 3.2.3 below. JCKC Kaw and/or Chambers can be contacted using the details below:
2.2.1 Address: Chambers of James Corbett KC, 1 West’s Centre, St Helier, Jersey JE2 4ST.
2.2.2 Telephone number: +44 (0)1534 858532.
2.2.3 Email address: gm@jamescorbettkc.com (please include “Personal Data Request” in your subject heading to ensure it receives the correct attention).
2.3 James Corbett will be the data controller in relation to the processing of the personal information that is referred to in paragraph 3.2.2 below.
2.4 Our Data Protection Officer is James Corbett, whose contact details are as above.
3. Our processing
3.1 As we are providing legal advice and representation, we are not required to give you information in certain circumstances. For more details see the Exemption Page, which can be found at Schedule 1 to this policy below.
3.2 To make this information clear, we have divided the data we receive into the following groups and corresponding Schedules, where each of which refers to: the particular category of information we collect and retain; where we obtain the information from; the purpose and legal basis of processing and whom we will (if applicable) disclose the information to:
3.2.1 for the purposes of Members:
Schedule 2 Data about individuals who are clients (Clients).
Schedule 3 Data about directors, shareholders, consultants, employees or other personnel of Clients.
Schedule 4 Data about third parties who are involved, directly or indirectly, in matters and/or cases in relation to which a Member is asked to advise or represent a Client.
3.2.2 for the purposes of JCKC Law and Chambers and Advocate James Corbett or James Corbett KC respectively:
Schedule 5 Data about individuals who apply for employment, pupillage or work experience with JCKC Law or Chambers.
Schedule 6 Data about Members and staff of JCKC Law or Chambers, consultants, secondees, those on work experience, temporary staff, former Members and staff, next of kin, spouses, beneficiaries.
3.2.3 for the purposes of JCKC Law or Chambers:
Schedule 7 Data about suppliers and supplier personnel.
Schedule 8 Data collected about visitors to Chambers’ offices.
4. International transfers
4.1 We will not transfer personal data relating to you to a country which is outside the European Economic Area (EEA) unless:
4.1.1 the country or recipient is covered by an adequacy decision of the Commission under GDPR Article 45;
4.1.2 appropriate safeguards have been put in place which meet the requirements of GDPR Article 46 (for example using the European Commission’s Standard Model Clauses for transfers of personal data outside the EEA); or
4.1.3 one of the derogations for specific situations under GDPR Article 49 is applicable to the transfer. These include (in summary):
4.2 the transfer is necessary to perform, or to form, a contract to which we (as applicable) are a party:
4.2.1 with you; or
4.2.2 a third party where the contract is in your interests;
4.3 the transfer is necessary for the establishment, exercise or defence of legal claims;
4.4 you have provided your explicit consent to the transfer; or
4.5 the transfer is of a limited nature, and is necessary for the purpose of our (as applicable) compelling legitimate interests.
5. Retention of personal data
5.1 Our retention and deletion policy can be found at Schedule 9.
6. Your rights in respect of your personal data
6.1 You have certain rights under existing data protection laws, including the right to (upon written request) access a copy of your personal data that we (as applicable) are processing. From 25 May 2018, in accordance with the GDPR and subject to the Exemptions:
6.1.1 you will have the following rights:
6.1.1.1 right to access: the right to request certain information about, access to and copies of the personal information about you that we (as applicable) are holding (please note that you are entitled to request one copy of the personal information that we (as applicable) hold about you at no cost, but for any further copies, we (as applicable) reserve the right to charge a reasonable fee based on administration costs); and
6.1.1.2 right to rectification: the right to have your personal information rectified if it is inaccurate or incomplete; and
6.1.2 in certain circumstances, you will also have the following rights:
6.1.2.1 right to erasure/“right to be forgotten”: the right to withdraw your consent to our processing of the data (if the legal basis for processing is based on your consent) and the right to request that we (as applicable) delete or erase your personal information from our systems (however, this will not apply if we are required to hold on to the information for compliance with any legal obligation or if we (as applicable) require the information to establish or defend any legal claim);
6.1.2.2 right to restriction of use of your information: the right to stop us from using your personal information or limit the way in which we (as applicable) can use it;
6.1.2.3 right to data portability: the right to request that we (as applicable) return any information you have provided in a structured, commonly used and machine-readable format, or that we (as applicable) send it directly to another company, where technically feasible; and
6.1.2.4 right to object: the right to object to our use of your personal information including where we (as applicable) use it for our legitimate interests or for marketing purposes.
6.2 Please note that if you withdraw your consent to the use of your personal information for purposes set out in our Privacy Policy, we may not be able to carry out our contractual obligations to you or provide you with access to all or parts of our services.
6.3 If you consider our use of your personal information to be unlawful, you have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office. Please see further information on their website: www.ico.org.uk.
7. Automatic decision making
7.1 We do not make decisions based solely on automated data processing, including profiling.
8. Security
8.1 We keep your information protected by taking appropriate technical and organisational measures to guard against unauthorised or unlawful processing, accidental loss, destruction or damage. For example:
8.1.1 where appropriate, data is encrypted when transiting on our system or stored on our databases;
8.1.2 we have implemented safeguards in relation to access and confidentiality in order to protect the information held within our systems; and
8.1.3 we periodically carry out risk assessments and audits to monitor and review threats and vulnerabilities to our systems to prevent fraud.
8.2 However, whilst we will do our best to protect your personal information, we cannot guarantee the security of your information which is transmitted via an internet or similar connection. It is important that all details of any username, password and/or other identification information created to access our servers are kept confidential by you and should not be disclosed to or shared with anyone.
9. Changes to this Privacy Policy
9.1 We may amend this Privacy Policy from time to time, for example to keep it up to date, to implement minor technical adjustments and improvements or to comply with legal requirements. We will always update this Privacy Policy on our website, so please try to read it when you visit the website (the “last updated” reference below tells you when we last updated our Privacy Policy).
Last updated: 17 April 2023
Schedule 1
Exemptions
1. Article 14 of the GDPR states that it is not necessary to supply information about the data we process where that information has not been received from the individual concerned and “where the personal data concerned must remain confidential subject to an obligation of professional secrecy regulated by [English] law”.
2. In addition, Part 7 of the Data Protection (Jersey) Law 2018 exempts us from providing certain categories of information, including the following:
2.1 disclosures of personal data to us or by us where the disclosure is:
2.1.1 required by an enactment, a rule of law, or an order of a court;
2.1.2 necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings); or
2.1.3 necessary for the purpose of obtaining legal advice or otherwise establishing, exercising or defending legal rights,
2.1.4 and providing such information to you would prevent the disclosure from taking place; and
2.2 processing of personal data that consists of information in respect of which a claim to legal professional privilege could be maintained in legal proceedings.
3. Other exemptions under Part 7 will relate to the matters on which a Member is asked to advise the Client including:
3.1 negotiations or proceedings between the Client and the data subject;
3.2 matters relating to management forecasting or management planning in relation to the Client;
3.3 certain activities relating to corporate finance.
James Corbett KC is registered with the Jersey Data Protection Authority (Registration Number 68589) and, as James Patrick Corbett, with the Information Commissioner’s Office (England and Wales) (Registration reference ZA224765).