This policy (which does not apply to our employees) was last updated on 1^st May 2025.

Orbach and Chambers Limited(˜Chambers we, us, and our) take data protection very seriously and we are committed to respecting and protecting the privacy of individuals and to fully complying with all the requirements of the UK GDPR, the EU GDPR, and all other applicable data protection laws and regulations.

This Privacy Notice informs you about how we collect and otherwise process personal information when you visit our website www.chambers.com, browse our Rankings Guides, provide information to us which contributes to how we rank lawyers and law firms enquire about or buy one of our products, make a Submission, 

register or attend our events or webinars, visit our offices or media pages, send to, or receive from us, communications, (including marketing messages), and through any other interactions we have with you whereby you choose to share personal information with us, except when you are a job applicant/candidate, or an employee. This Privacy Notice also informs you how you can exercise your rights.

If you have any questions or concerns about our collection and use of personal information, please contact us using the contact details provided elsewhere in this Privacy Notice.

We have appointed a Data Protection Officer (DPO). If you wish to contact our DPO you can do so via: [email protected]. 

This Privacy Notice applies to all our data subjects (an individual about whom we hold personal information) except Job Applicants/Candidates and our employees.

Personal information is anything that enables an individual to be identified or identifiable. Personal information is also called “personal data”. We collectively refer to handling, collecting, protecting, storing or otherwise using your personal information as ‘processing’.

The personal information that we typically collect in the course of our research and other business activities comprises:

Personal information we process may be provided to us directly, for example for one or more of the following reasons:

We may also obtain your personal information indirectly, such as from:

We may collect and otherwise process different kinds of personal data about you which we have grouped together as follows:

Our legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it.

We will normally collect personal data from you on one or more of the following lawful bases:

We have set out below a description of all the ways we plan to use personal information, and which of the lawful bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Please note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. 

And for any other purpose(s) for which personal information has been provided to us.

We will only use your personal information for marketing purposes in accordance with applicable legal requirements. 

If you choose to unsubscribe we may retain some of your personal information to identify you, so that we can continue to honour your request and ensure that we do not continue to provide you with marketing materials.

We will not share your information with any third parties for the purposes of direct marketing.

We may share your personal information with other companies or organisations in our group.

We may share your personal information with third parties (other organisations or individuals) for:

We may share your personal information with third parties who process personal information on our behalf as technical or professional support providers.

We share personal information with third parties that act as data processors to provide elements of our service by processing personal information on our instructions (see ‘Data Processors’ below).

We may share your personal information with third parties in connection with our corporate transactions, (e.g., mergers and/or acquisitions), as a result of which your personal information may be assigned to a third party.

We may share your personal information with law enforcement, regulatory and other government agencies and professional bodies, as required by and/or in accordance with applicable law or regulation.

We may share your information in the event of the non-payment of a debt. As a result, we may share personal data with the litigation and recovery specialists we instruct in order for them to identify assets and undertake recovery action.

In some circumstances we are legally obliged to share information. For example, under a court order. 

It is our policy to only share your personal information with third parties that are legally or contractually bound to protect your personal information to the same standards as we are, and that will flow those same standards to their subcontractors. 

In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share your personal information.

We will not sell your personal information to any third party.

We do not send personal data to servers in China.

For the purposes of this Privacy Notice ‘Referee’ means a person who provides information to us which contributes to how we rank lawyers and law firms. 

Personal data of, and collected from, Referees will be processed in accordance with this Privacy Notice. This means that such data may be shared with third parties (see section ‘Data Processors’) for enhancing our products and services.  

Where we use data processors, we have contracts in place with them to ensure that they cannot do anything with personal information we have shared with them unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct them to.

The data processors we use are often (but not always) organisations whose software and/or platform we utilise to provide or improve our services.

These data processors may use sub-contractors (known as sub-processors) that have access to your personal data. If they do, they are required to have contracts in place with those sub-processors to ensure that they cannot do anything with personal information shared with them beyond what we have instructed our data processors to do with it. 

The data processors which we mainly and routinely use* are:

We use Lamphouse, which is part of the same business group as us, based in the UK, to provide data analysis for Leading Teams product. Here is a link to its Privacy Notice.  

We use SuccessCraft, based in Poland, to provide development on CRM platform Salesforce. Here is a link to its Privacy Notice.  

We use Cognism, based in the UK, to provide for the purpose of obtaining firmographics data for use in our products. Here is a link to its Privacy Notice.   

We use HiTech, based in India, to provide administrative services for our business. Here is a link to its Privacy Notice.  

*The above list identifies those data processors that we routinely use to process personal information on regular occasions or on a large scale. It does not identify each and every data processor we use. 

Your personal information may be transferred (sent to or accessed from) outside the UK. Any such transfer will be only:

The countries/areas to which we routinely transfer personal data to* are:

EU/EEA: To a recipient located in a country which provides an adequate level of protection for your personal information.

USA: To other recipients certified under the UK-US Data Bridge, or to other recipients not certified under the UK-US Data Bridge, in which case the transfer is made using an International Data Transfer Agreement or UK Addendum to EU Standard Contractual Clauses

India: To a recipient using an International Data Transfer Agreement or UK Addendum to EU Standard Contractual Clauses

*This does not mean that your personal data will definitely be transferred to any of these countries. 

We retain personal information only for as long as we need it for the purpose(s) for which it was collected, or as required to do so by law. 

To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of it, the potential risk of harm from unauthorised use or disclosure of it, the purposes for which we process it and whether we can achieve those purposes through other means, as well as applicable legal requirements.

This means that, for law firms, lawyers and referees we retain personal information as required by any applicable statutory retention period, or where no statutory retention period applies, usually up to 6 years from our last date of contact. Information relating to historical rankings will be retained in accordance with our Retention Policy

Further information about our retention of personal information is set out in our Retention Policy. If you would like a copy of this, please contact us.

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

If you wish to exercise any of your rights, please contact us.

We use appropriate technical and organisational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data. Please be aware that, we cannot guarantee the security of all personal information transmitted to or by us.

We use the following social media platform(s):

We may use these social media platform(s) to process your personal data for some of the purposes set out elsewhere in this Privacy Notice.

We use Enterprise grade Artificial Intelligence (AI), which means that AI may be used to process your personal data. Data is not shared to train any models.

When we use AI, we do so in compliance with applicable data protection legislation; and regulatory guidance. The AI tools we use are likely to change regularly. A list of the current AI tools we use is available on request. 

We will not use your personal information for automated decision making or profiling

Profiling is where we look at people’s interests, habits and behaviour, for example, profiling for direct marketing often also involves predictions or assumptions about people. It can help us target our direct marketing messages to people who are more likely to buy our product or support our cause. It can also make our messages more relevant to the people that receive them.

We will use your purchase history of our products/services to tell you about our offers and products/services that we think you will be most interested in.

We do not provide services directly to children or proactively collect their personal information. 

When you visit our premises you may provide your name and other personal information for security and safety reasons. 

We provide Wi-Fi on site for the use of visitors. We’ll provide you with the address and password. We record the device address and will automatically allocate you an IP address whilst on site. We also log traffic information in the form of sites visited duration and date sent/received. The purpose for processing this information is to provide you with access to the internet whilst visiting our site. The lawful basis we rely on to process your personal data is article 6(1)(f) of the UK GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests. 

If you wish to attend one of our events, at our premises or elsewhere, you will be asked to provide your contact information including your organisation’s name and, if offered a place, information about any dietary requirements or access provisions you may need. We may also ask for payment if there is a charge to attend.

We use this information to facilitate the event and provide you with an acceptable service. We also need this information so we can respond to you.

Our purpose for collecting this information is so we can facilitate the event and provide you with an acceptable service. The lawful basis we rely on for processing your personal data is your consent under article 6(1)(a) of the UK GDPR (where given) and (where not given) our legitimate interest When we collect any information about dietary or access requirements we also need your consent (under article 9(2)(a)) as this type of information is classed as special category data.

Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.

We can be contacted as follows: 

We use a cookies tool on our website to gain consent for the optional cookies we use. Cookies that are necessary for functionality, security and accessibility are set and are not deleted by the tool. For information about the cookies and any other similar technologies we use, please see our cookies policy.

We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us and we’ll respond.

If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Information Commissioner’s office (ICO), the UK supervisory authority (data protection regulator). Please follow this link to see how to do that.

We may update this Privacy notice at any time by publishing an updated version here. So that you know when we make changes, we will amend the revision date at the bottom of this page. The new modified or amended privacy policy will apply from that revision date. 

This Privacy Notice was last updated on 1 May 2025