PRIVACY NOTICE – MAY 2018
Who We Are And How We Approach Data Privacy
We are the South Hampshire Junior Lawyers Division (SHJLD), a membership society which is part of the Junior Lawyers Division of the Law Society. We are run by a committee of junior lawyers.
We organise regular social events, networking events and careers training and personal development workshops. We also offer many opportunities for junior lawyers to interact with professionals from non-legal organisations to develop those all important networking skills and to forge business relationships. These are our ‘Services’.
We are the Data Controller for the purposes of the Data Protection Act 2018 and the General Data Protection Regulation (Regulation (EU) 2016/679)).
As a society we are committed to protecting and respecting the privacy of your personal information. We want you to be confident that your information will be properly protected whilst in our possession. If you have any questions about our use of your personal information, or you wish to exercise one of your rights under data protection legislation, please contact us. A summary of your rights is detailed in this notice.
How We Use Your Personal Data
We will only use your personal data when the law allows us to.
- We will process your basic contact details, including your name, email address, the name of your employer and, in limited circumstances, your payment details. This information will predominantly come from you but may come from your employer.
- We process this data for the purposes of maintaining our current membership list and to inform you of, and provide you with, our Services. Where you are our member, it is necessary for us to obtain and process this data in order to enter into, and perform, our contract with you to provide these Services. We also process this data to gather new members and to provide details of our Services to non-members. This is in our legitimate interests and does not undermine your data rights.
- We are currently determining our retention periods but will retain personal data for no longer than is reasonably necessary.
- We may from time to time process your dietary requirements for the purposes of events. This data will be collected from you. This processing is in our legitimate interests and could also be necessary to protect your vital interests. This information will be deleted after the event in question.
Do I Have To Provide This Information?
In most cases the personal information you provide to us is entirely voluntary. You are not under a statutory or contractual obligation to provide it to us.
However, where we need to collect personal data in order to fulfil our contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel the Services you have with us but we will notify you if this is the case at the time.
Providing Us With Personal Information Of Another Person
If you need to provide us with personal information about another person you must obtain that individual’s express consent to pass us their information. You should share this notice with those individuals as it may also apply to them.
We do not envisage that any decisions will be taken about you using automated means; however, we will notify you in writing if this position changes.
We may have to share your personal data with the parties set out below for the purposes set out above:
- the Junior Lawyers Division of the Law Society;
- carefully selected third parties who provide a service to us, such as our events’ venues or suppliers (for example, providing your name to an events company to produce a table plan or name places); and
- other third parties where you have given your express consent or where we reasonably believe a third party is acting on your behalf.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
In common with many other organisations, we make use of a cloud-based solution, using the Google cloud platform, Google Drive. This may involve the transfer of your personal data outside of the European Economic Area (EEA). Google has certification under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and has also gained confirmation of compliance from European Data Protection Authorities for model contract clauses. Further information can be found here.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those individuals who have a need-to-know (for example, members of the SHJLD Committee). We will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Your legal rights in connection with your personal data will always apply, being the right of access, right to rectification, right of erasure, right to object, right to restrict, and rights in relation to transfer.
For further information, please see the ICO website here. If you want to exercise any of these rights, please contact firstname.lastname@example.org in writing.
Changes To This Notice
We keep this notice under regular review. If, in the future, we wish to use your personal information in a way not set out in this notice we will notify you and seek your permission to do so.
If you would like to request further information about this notice or the way in which we handle your personal information, please contact us at: email@example.com.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.