Stephen Coyle

• Lawson Prize – Child Law, University of Manchester

• BVC, Inns of Court School of Law
• LLB Law (Hons), University of Manchester

• FLBA

Data Controller

I am registered with the Information Commissioner’s Office (ICO) as a Data Controller for the personal data that I hold and process as a barrister. My registered address is New Court Chambers, Temple, London EC4Y 9BE and my registration number is Z6998512.

Data Collection

All of the information that I hold about you is provided to or gathered by me in the course of your case and/or proceedings. Your solicitor and I will tell you why we need the information and how we will use it.

Lawful Basis for processing your information

The General Data Protection Regulation (GDPR) requires all organisations / individuals that process personal data to have a Lawful Basis for doing so. The Lawful Bases identified in the GDPR are:

• Consent of the data subject
• Performance of a contract with the data subject or to take steps to enter into a contract
• Compliance with a legal obligation
• To protect the vital interests of a data subject or another person
• Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
• The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

Examples of legitimate interests include:

• Where the data subject is a client or in the service of the controller;
• Transmission within a group of undertakings for internal administrative purposes;
• Processing necessary to ensure network and information security, including preventing unauthorised access;
• Processing for direct marketing purposes, or to prevent fraud; and
• Reporting possible criminal acts or threats to public security.

My Lawful Basis is:

• Your consent
• To protect the vital interests of a data subject or another person
• Compliance with a legal obligation

My Legitimate Interest is:

• You are a client
• The processing is necessary for administering justice
• The processing is necessary in relation to legal proceedings, for obtaining legal advice, or otherwise for establishing, exercising or defending legal rights

I use your information to:

• Provide legal advice and representation
• Communicate with you about services, updates and events

I do not use automated decision-making in the processing of your personal data.

I collect and process both personal data and special categories of personal data as defined in the GDPR. This includes:

Client data

• Name;
• Email;
• Phone number;
• Address;
• Date of birth;
• Location details;
• Medical history and current medical health;
• Criminal convictions;
• Social work involvement;
• Ethnic origin;
• Religious background.

I may share your personal data with:

• Instructing solicitors;
• Pupil or mini pupil, under my training;
• Opposing Counsel, for the purposes of resolving the case;
• My Chambers management and staff who provide administrative services;
• My regulator or legal advisors in the event of a dispute or other legal matter;
• Law enforcement officials, government authorities, or other third parties to meet our legal obligations;
• Any other party where I ask you and your consent to the sharing.

Transfers to third countries and international organisations

I store my case files on Microsoft Onedrive which is a cloud hosted environment service based in the US.

Microsoft relies upon a variety of legal mechanisms for its international transfer of personal data from the EU to the United States. Microsoft is certified under the EU-US and Swiss US Privacy Shield Programs regarding the collection, use and retention of personal data and its transfer from the EU and Switzerland to the United States.

In addition to the Privacy Shield, Microsoft also provides strong contractual guarantees around the privacy of its services and relies on the EU Model Contract Clauses to cover its international transfers of data.

I am satisfied that such transferred data is fully protected and safeguarded as required by the General Data Protection Regulation.

Retention of data

I retain your personal data while you remain a client unless you ask me to delete it save as set out below.

My Retention and Disposal Policy (copy available on request) details how long I hold data for and how I dispose of it when it no longer needs to be held. I will delete or anonymise your information at your request unless:

• There is an unresolved issue, such as claim or dispute;
• My professional obligations require me to do so;
• I am legally required to; or
• There are overriding legitimate business interests, including but not limited to fraud prevention and protecting customers’ safety and security.

Your Rights

The General Data Protection Regulation gives you specific rights around your personal data. For example, you have to be informed about the information I hold and what I use it for, you can ask for a copy of the personal information I hold about you, you can ask us to correct any inaccuracies with the personal data I hold, you can ask us to stop sending you direct mail, or emails, or in some circumstances ask us to stop processing your details. Finally, if I do something irregular or improper with your personal data you can seek compensation for any distress you are caused or loss you have incurred. You can find out more information from the ICO’s website https://ico.org.uk/for_the_public/personal_information and this is the organisation that you can complain to if you are unhappy with how I dealt with you.