The Arbitrators at 24 Lincoln’s Inn Fields are committed to respecting your privacy and protecting confidential and privileged information. We take our obligations in relation to personal data seriously.
For the purposes of the General Data Protection Regulation (EU) 2016/679 (the “GDPR”)) and other applicable data protection law, this privacy notice contains information about what personal data we collect and store, and why. It also tells you how we collect your data, who we share this information with, the measures we have put in place to protect your data, the rights and options that you have, and how to contact us if you have a complaint.
Who we are?
Arbitrators at 24 Lincoln’s Inn Fields is not a company, partnership or firm. Rather, it is a term to describe the individuals who practise as arbitrators from that address. Each individual arbitrator is a self-employed sole practitioner. The individual arbitrators (referred to collectively as “we”/”us”) collect, use and are responsible for personal information about you and each of us is regarded as an independent data controller of your personal data.
Your data will be controlled by the individual arbitrator you have appointed.
When do we collect your personal data?
We collect personal data:
- When you or your organisation appoint an arbitrator.
- When you correspond with us in any manner.
What personal data do we collect?
When appointed we may collect some or all of the following personal information:
- For administrative use during an arbitration, information will be held in a case-management system (Lex): This will generally include your name, address, telephone number, email address or contact details, job title, and other personal data relevant to enable request for payment of fees and expenses.
- Diary and appointment data relating to hearings and other meetings or appointments relevant to the procedural steps of an arbitration (e.g. attendance details at hearings);
- Data from third party sources such as regulatory agencies, government agencies, online information service providers or from publicly available records and personal data that is available publicly, for example on a firm’s website or LinkedIn.
Use of your personal data
We use your personal information for the following purposes:
- To carry out conflict checks relevant to any appointment.
- To sufficiently hold information relevant for billing purposes.
- To comply with our legal obligations, including maintaining records, or conducting any necessary checks (e.g. anti-money laundering, fraud and crime prevention and detection, or in relation to international or trade sanctions).
- To monitor compliance with our policies and standards.
- To manage access to 24 Lincoln’s Inn Fields for security purposes.
- To protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities.
- To exercise or defend our legal rights, or to comply with the order of any court or other judicial authority or arbitral body.
- For other purposes ancillary to any of the above or any other specific purposes for which your personal data was provided to us.
The legal basis we rely on for processing your information is:
- Because it is necessary for us to do so to resolve any dispute in which any one of us is appointed relating to the case in question and/or your organisation.
- To comply with our professional, regulatory and legal obligations as well as to keep records of our compliance processes or other records.
- Because our legitimate interests, or those of a third party recipient of your personal data, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms.
- Because you have expressly given us your consent to process your personal data in that manner.
Please note that the majority of our processing of personal data will be covered by legal professional privilege.
Who will we share your personal data with?
We may share your personal data:
- With law enforcement authorities and regulators if required by applicable law.
Transfers of personal data out of the European Economic Area
You should be aware that we operate on a worldwide basis and some of our members frequently work or are based overseas. In the course of an arbitration, it may be necessary to transfer your personal information out of the European Economic Area (“EEA”) when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims. We will take appropriate measures to safeguard the security of any information transferred out of the EEA and to protect your privacy rights.
If you would like any further information please contact us at firstname.lastname@example.org.
How long will we store your personal data?
We will hold your personal data for as long as necessary to fulfil the purposes that it was collected it for.
In general that means that personal data in relation to any specific legal case or legal service provided will be retained for a period long enough to satisfying any legal, accounting, or reporting requirements or to provide protection for us in relation to any complaint or legal claim, or as necessary in relation to any past, ongoing or potential dispute which is the subject of the legal service.
In relation to the very limited information necessary to conduct conflict checks, we are required to retain this data indefinitely in order to comply with our professional, regulatory and legal obligations. Such data is limited to your name (only if you were an individual client) or the name of your organisation (which is not personal data in any event).
We periodically review our retention of personal data. In relation to specific cases we consider any departure from our general policy on a case by case basis. In order to decide on the appropriate period to retain any personal data, we take into account the nature, extent and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the data, the purposes for which it was collected and will be processed and whether there is an appropriate way of achieving our legitimate purpose through other means.
At the end of the retention period we will securely destroy your personal data in accordance with our obligations under applicable laws and in accordance with any relevant guidance.
Where we rely on your explicit consent to the processing of your personal data, this is contained in any contractual terms agreed with an arbitrator or other explicit privacy consent obtained during the process of instructing us to provide or carry out legal services.
You have the right to withdraw this consent at any time, but this will not affect the lawfulness of any processing activity we have carried out prior to you withdrawing your consent. In order to request to withdraw your consent, please contact us with relevant details at the email address below.
You are entitled to view, amend, or delete the personal data that we hold.
Under the General Data Protection Regulation, you have a number of important rights:
- Transparency over how we use your personal data and fair processing of it.
- To receive a copy of the personal data that we hold about you upon request, unless there is a legal reason for non-disclosure, or disclosure would reveal the personal data of a third party.
- Request that we correct any mistakes or incomplete personal data we hold about you.
- To object to your personal data being used in direct marketing, and opt out. In certain circumstances you may ask for your personal data to be erased.
- Receive a copy of the personal information you have provided to us or have this information sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format.
- Restrict our processing of your personal information in certain circumstances.
If you want to exercise any of these rights, or to inform us of any changes to your personal data, please email email@example.com, stating the right or rights that you wish to exercise. A response will be provided within one month from when we receive your request.
If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR. The ICO website is at [www.ico.org.uk] (https://ico.org.uk).
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We do not intend to process your personal information for any reason other than stated within this privacy notice. If this changes, this notice will be updated.
Changes to this privacy notice
We periodically review our internal privacy practices and may change this policy from time to time. When we do we will inform you by on our website.
If you have any questions about this privacy notice or the information we hold about you, please contact firstname.lastname@example.org.
How to make a complaint?
The General Data Protection Regulation gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) State where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority is the [Information Commissioner’s Office] (https://ico.org.uk/concerns/).