Privacy Policy

Effective Date: 30 March 2026
Next Review Date: 30 March 2027

Introduction

I am Racheal Muldoon, a barrister regulating by the Bar Standards Board (BSB) holding a full practising certificate.

I operate as a sole trader (self-employed barrister) and am a data controller under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

My ICO registration number is: ZA243801
My registered practice address is: 53 Davies Street, London, W1K 5JH
Contact email: rachealmuldoon@protonmail.com | Phone: +44 (0)7348950837

This privacy policy explains:

• What personal data I collect about you

• Why I collect it and my lawful basis for processing

• How I use and protect your data

• Who I may share it with

• Your data protection rights

• How long I retain your data

This policy applies to:

• Clients (including Public Access/Lay clients)

• Instructing solicitors and professionals

• Website visitors

• Pupils/mini-pupils (where applicable)

• Correspondents and contacts

Data Controller Information

Data Controller: Racheal Muldoon, Barrister
Practice Type: Sole Trader (Self-Employed Barrister)
Regulator: Bar Standards Board (BSB)
ICO Registration Number: ZA243801
Registered Address: 53 Davies Street, London, W1K 5JH
Contact Email: rachealmuldoon@protonmail.com
Telephone: +44 (0)7348950837

As a barrister, I am required to register with the ICO as a data controller.

What Personal Data I Collect

Personal Data (Standard Categories)

I collect and process the following personal data in the course of providing legal services:

• Name

• Email address

• Phone number

• Postal address

• Date of birth

• Payment/bank details (for fee arrangements)

• Next of kin details (where relevant)

• Education and employment history

• Background and current circumstances relevant to your case

• Financial information

• Correspondence with me (emails, letters, call notes)

• Website usage data (IP address, browser type, pages visited – via cookies)

Special Category Data (Sensitive Personal Data)

Where relevant to my legal services, I may also process special category data as defined in UK GDPR Article 9, which reveals:

• Racial or ethnic origin

• Political opinions

• Religious or philosophical beliefs

• Trade union membership

• Genetic data

• Biometric data (for uniquely identifying a person)

• Data concerning health (including mental health)

• Sex life and sexual orientation

• Sexual orientation

Criminal Convictions Data

I may also process personal data relating to criminal convictions and offences where necessary for:

• Legal proceedings (acting for/prosecuting/defending)

• Obtaining legal advice

• Establishing, exercising, or defending legal rights

Why I Collect and How I Use Your Data

Purposes of Processing

I use your personal data for the following purposes:

• Providing legal services: Legal advice, representation, drafting, advocacy, research

• Case management: Managing your matter, instructing witnesses, filing documents

• Communication: Corresponding with you, solicitors, court, opposing parties

• Fee administration: Invoicing, payment processing, debt recovery

• Regulatory compliance: Meeting BSB obligations, filing tax returns (HMRC), accountability

• Practice management: Accounting, records retention, professional development

• Training: Supervising pupils/mini-pupils (where applicable)

• Redress handling: Investigating complaints, legal proceedings relating to my services

• Professional development: Tendering, panel applications, legal directories

• Marketing: Sending legal updates, judgments (with consent or legitimate interest)

• Website functionality: Cookies for analytics, security, user experience

Automated Decision-Making

I do not use automated decision-making or profiling in relation to your legal matter. All legal decisions are made by me personally as your barrister.

My Lawful Basis for Processing

Under UK GDPR Article 6, I rely on the following lawful bases for processing your personal data:

Performance of a contract (Art 6(1)(b)): To provide legal services under my engagement terms with you
Legal obligation (Art 6(1)(c)): To comply with regulatory duties (BSB, HMRC, court orders)
Legitimate interests (Art 6(1)(f)): Practice management, debt recovery, network security, professional development, preventing fraud
Consent (Art 6(1)(a)): Where required (e.g., marketing emails, certain special category processing)

Special Category Data – Additional Conditions

For special category data (UK GDPR Article 9), I process under:

1. Your explicit consent (where required), OR

2. Necessary for the exercise/defence of legal claims or judicial acts

5.2 Criminal Convictions Data – Additional Condition

For criminal convictions data, I process where necessary for:

• Purpose of, or in connection with, legal proceedings

• Purpose of obtaining legal advice

• Establishing, exercising, or defending legal rights

Who I Share Your Data With

I may share your personal data with the following third parties:

• Instructing solicitors/lawyers: Case collaboration, instructions

• Opposing counsel: Resolving the case, negotiations

• Pupils/mini-pupils: Training supervision (under my responsibility)

• Chambers management/staff: Administrative support (if applicable)

• Court/judicial officers: Filing documents, advocacy

• Witnesses/experts: Case preparation

• Regulators (BSB): Complaints, regulatory obligations, disputes

• Legal advisors: My own legal advice on disputes

• Accountants/banks: Fee processing, tax compliance

• Law enforcement/government: Where legally required

• Legal directories: Professional development (with consent)

• IT/cloud providers: Secure data storage (see Section 8)

I only share data when necessary for your case, with your consent, or where legally required.

International Transfers of Personal Data

General Position

I do not routinely transfer personal data to countries outside the UK or European Economic Area (EEA).

Where Transfers Occur

If I use cloud-based services with data stored outside the UK/EEA (e.g., Microsoft 365, Google Workspace), I ensure:

• The provider offers adequate data protection (UK GDPR Article 45)

• Standard Contractual Clauses (SCCs) are in place (UK GDPR Article 46)

• Data is encrypted in transit and at rest

• The provider has a Data Processing Agreement (DPA) with me

I am satisfied that any transferred data is fully protected and safeguarded as required by UK GDPR.

How I Protect Your Data

I take data protection seriously and implement appropriate technical and organisational measures:

• Encryption: All emails containing client data are encrypted; files stored encrypted

• Access controls: Only I (and authorised staff/pupils) can access client data

• Secure storage: Physical documents locked; digital data on password-protected, encrypted devices

• Anti-virus/malware protection: Up-to-date security software

• Backups: Regular secure backups of client files

• Training: Ongoing data protection training (Bar Council/ICO guidance)

• Data minimisation: Only collect data necessary for your case

• Confidentiality: All staff/pupils bound by confidentiality obligations

This aligns with BSB Core Duty 6 (confidentiality) and UK GDPR Article 32 (security of processing).

Data Retention

Retention Period

I retain your personal data:

• While you remain my client, plus

• Minimum 6 years after the conclusion of your matter (for limitation periods and professional indemnity requirements)

• Longer where:

  • There is an unresolved issue (claim, dispute)

  • I am legally required to retain (e.g., tax records: 6 years for HMRC)

  • There are overriding legitimate interests

Retention and Disposal Policy

My full Retention and Disposal Policy is available on request. I will:

• Delete or anonymise your data at your request unless exceptions above apply

• Securely destroy data when retention period expires (shredding, secure deletion)

Your Data Protection Rights

Under UK GDPR, you have the following rights:

Right to be informed: You have this privacy notice
Right of access: Request a copy of personal data I hold about you (Subject Access Request)
Right to rectification: Ask me to correct inaccurate/incomplete data
Right to erasure: Request deletion ("right to be forgotten"), where applicable
Right to restrict processing: Ask me to limit how I use your data
Right to data portability: Receive your data in a structured, machine-readable format
Right to object: Object to processing based on legitimate interests or direct marketing
Rights regarding automated decision-making: I do not use automated decision-making; this right does not apply
Right to complain: Lodge a complaint with the Information Commissioner's Office (ICO)
Right to compensation: Seek compensation if I improperly process your data causing distress/loss

How to Exercise Your Rights

To exercise any of these rights, contact me at:
Email: rachealmuldoon@protonmail.com
Post: 53 Davies Street, London, W1K 5JH

I will respond within one month (UK GDPR requirement). There is no fee for most requests.

Marketing Opt-Out

You may opt out of receiving marketing emails/messages at any time by:

• Clicking the unsubscribe link in emails

• Contacting me directly

Cookies and Website Tracking

This website uses cookies to improve user experience and analyse traffic.

Essential cookies - Purpose: Website functionality, security - Duration: Session
Analytics cookies - Purpose: Anonymous traffic analysis (e.g., Google Analytics) - Duration: 2 years
Preference cookies - Purpose: Remember your settings/preferences - Duration: 1 year

You can manage cookie preferences through your browser settings. Blocking some cookies may affect website functionality.

BSB Transparency Rules Compliance

In compliance with BSB Handbook Mandatory Rules on Price, Service and Redress (Section 1), this website also includes:

• Link to BSB Barristers' Register: https://www.barstandardsboard.org.uk/barristers-register

• Pricing models

• Services provided

• Redress information:

  • Legal Ombudsman: www.legalombudsman.org.uk

  • Complaints must be made within 6 months of final response from me

This information is prominent, accessible, and accurate as required by BSB rules.

1. Public Access Clients (Lay Clients)

If you are a Public Access (Direct Access) client:

• I am subject to BSB Code of Conduct Rules C119–C131 (Public Access Rules)

• You have the right to receive client care information including:

  • My fees and pricing model

  • How to make a complaint

  • Your right to redress via the Legal Ombudsman

  • Circumstances where I may need to cease acting (Rules C25–C26)

A separate Public Access Client Care Letter will be provided at the start of your engagement.

Changes to This Privacy Policy

I may update this privacy policy periodically:

• Review frequency: At least annually (next review: 30 March 2027)

• Significant changes: I will notify you by email or post and publish updated notice on my website

• Regulatory updates: Updated when BSB/ICO guidance changes

Please check this page periodically for updates.

Contact Details

For questions about this Privacy Policy, data protection, or to exercise your rights:

Racheal Muldoon
Barrister
Address: 53 Davies Street, London, W1K 5JH
Email: rachealmuldoon@protonmail.com
Phone: +44(0)7348950837
ICO Registration: ZA243801

Regulator: Bar Standards Board
Website: www.barstandardsboard.org.uk

Information Commissioner's Office (ICO)
Website: www.ico.org.uk

You may complain to the ICO if you are unhappy with how I handle your data.

Last Updated: 30 March 2026
Policy Version: 1.0
Next Review Date: 30 March 2027