Cornwall Law Society is committed to protecting and respecting your privacy. We want you to understand how we collect and use information about you.
The privacy notice describes to you:
- who we are
- what personal data we collect and store about you and how we collect it
- why we collect personal data and what we do with it
- the categories of third parties with whom we share your personal data
- how we retain your information and keep it secure
- your rights and how to exercise them
- how to contact us
- Who are we?
For the purposes of data protection law, the “controller” is Cornwall Law Society. References to “CLS” or “we” and related words such as “us” and “our” are to the Cornwall Law Society.
Our correspondence address is 2 Wendron Street, Helston, Cornwall TR13 8PP. Correspondence should be addressed to the Secretary, Ms Zoe Lock. Enquiries and/or requests to amend your data should be emailed to the Administrator (Jan.email@example.com)
Our registered VAT number is 828 1207 20.
As controller, we are responsible for, and control the processing of your personal data. We are exempt from registration with the Information Commissioner’s Office as a not-for-profit organisation.
- What information do we collect from you?
In the course of our business, which is a voluntary membership organisation serving the Cornwall legal profession through business networking and social events, training events, and local legal sector jobs advertising, we collect the following personal data when you provide it to us:
- personal details, such as
- name and title
- firm you work for
- job title
- date of admission
- SRA number
- if you hold a current practicing certificate
- legal professional qualifications
- practice areas
- contact data, such as
- delivery address
- billing address
- e-mail address
- telephone and mobile number(s)
- image data, namely
- photographs (if we are taking pictures during an event and you have not objected to us doing so)
- transaction data, such as
- details about payments to and from you
- details of products and services you have received from us
- technical data, such as
- internet protocol (IP) address
- your login data, browser type and version
- time-zone setting and location
- browser plug-in types and versions
- operating system and platform and other technology on the devices you use to access our website
- profile data, such as
- your preferences
- feedback and survey responses
- usage data, such as
- information about how you use our website
We do not knowingly collect “special category” personal data. This is a special type of sensitive data to which more stringent processing conditions apply, and comprises data concerning your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic data and/or biometric data.
We also do not collect information about criminal convictions or offences.
- How do we collect personal data?
We obtain personal data from sources as follows:
- directly from you when you interact with us, for example when you
- join as a member
- attend an event
- request information
- write to us
- phone us
- take part in a survey
- give us feedback or post comments or reviews
- from your employer / firm, if they provide your details to book you on to an event or give us your details on your behalf
- from automated technologies, such as cookies and tags when you use our website – for more information, please see our cookies policy https://cornwalllawsociety.org.uk/cookie-policy/
- How do we use your personal data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- to allow you to receive the benefits and opportunities of your CLS membership
- to provide services to non-members who have consented to be contacted to hear about the services of CLS
- if it is necessary for our legitimate interests as a not-for-profit service provider to the local legal profession and these are not overridden by your own rights and interests
- where we need to comply with a legal or regulatory obligation.
In order to process personal data, we must have a lawful reason (sometimes called a lawful basis). We always ensure that this is the case and we set out our lawful bases below – but please note that more than one may apply at any given time: for example, if we inform you of changes to our privacy notice, we may process your personal data on the ground of complying with law and on the ground of legitimate interests.
We will use your personal data only for the purposes for which we collected it, unless we fairly consider that we need it for another reason that is compatible with the original purpose.
If you are a member, we will process your personal data for the following purposes:
- to enable us to carry out our services as part of your membership
- to identify you
- to respond to your inquiries
- to the extent necessary to provide you with information you have requested in relation to our services before you decide to purchase/receive them
- to carry out billing and administration activities, including annual membership renewals, refunds and credits
- If you have never been a member or used our services; or have not used any of services for a long time; but have given us your explicit consent to hear from us about our services, promotions or events that we consider may be of interest to you, we will contact you by email. You have the right to withdraw consent to marketing at any time.
We process your personal information for our legitimate business purposes, which include the following:
- to conduct and manage our business as a local law society serving the local legal profession by providing training, social events, networking, legal and regulatory updates, and promoting Cornwall as a centre of legal excellence
- to analyse, improve and update our services for the benefit of our members and non-members
- to deal with complaints
Whenever we process your personal data for these purposes, we ensure that your interests, rights and freedoms are carefully considered.
Compliance with laws
We may process your personal data in order to comply with applicable laws (for example, if we are required to co-operate with an investigation pursuant to a court order).
- Do we share your personal data?
We may provide your personal data to the following recipients for the purposes set out in this notice:
- members of the CLS Committee (but only to the extent necessary to carry out the committee governance function (for example, approval of new member applications to be admitted to the society)
- our service providers, including
- e-mail and mail service providers
- technical and support partners, such as the companies who host our website and who provide technical support and back-up services
- our accountants, bankers and lawyers
- training providers and sponsors of seminars (name and firm only excepting where you have opted out)
- hotel/restaurant venues (name, dietary requirements and disabilities only for events you are attending)
- delegate lists (name and firm only) to host venues where required as security lists
- law enforcement agencies, government or public agencies or officials, regulators and any other person or entity that has the appropriate legal authority where we are legally required or permitted to do so, to respond to claims, or to protect our rights, interests, privacy, property or safety
- other members / member firms where we have your specific consent to do so (e.g. where you are offering Locum services)
- any other parties where we have your specific consent to do so.
- Do you have to provide personal data – and, if so, why?
To form a membership contract with you, we will need some or all of the personal data described above so that we can perform that membership contract or the steps that lead up to it; this is set out above in this notice. If we do not receive the required data in the membership form, we will not be able to admit you as a member and the membership contract could not be performed.
- For how long will your personal data will be kept for?
We carefully consider the personal data that we store, and we will not keep your information in a form that identifies you for longer than is necessary for the purposes set out in this notice or as required by applicable law.
Where you have been a member of CLS and after the period of 1 year after your membership has lapsed (so as to allow us to contact you after the initial lapse) we will remove your data from our records save to note that we will retain your name and the last date of your membership of CLS as a record that you are no longer a member or similarly where a request to delete information has been made as a record of us carrying out that request.
In some instances, we are required to hold data for minimum periods: for example, UK tax law currently specifies a six-year period for retention of some of your personal data.
- Do we transfer personal data outside the EEA?
Although we are based in England, your personal information may be transferred and stored via our regular IT system backups to a secure online cloud backup provider that is based in the United States of America. The data is fully encrypted and is kept in a state of the art data centre with a provider that has committed to meeting GDPR compliance obligations. We do not process your information outside of the EEA in any other respect than via this online cloud back-up.
- How do we keep your personal data secure?
CLS has security measures in place designed to prevent data loss, to preserve data integrity and to regulate access to the data. Only authorised CLS personnel and third parties processing data on our behalf have access to your personal data.
The security measures we have in place include:
- regular reviews of information collection, storage and processing practices to protect against unauthorised access
- restriction of access to personal information
- monitoring of systems storing and processing information
- use of secure technologies (e.g. SSL, encryption)
We take all reasonable steps to keep your data safe and secure and to ensure the data is accessed only by those who have a legitimate interest to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us. Any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
- Your information rights
We draw your attention to your following rights under data protection law:
- right to be informedabout the collection and use of your personal data
- right of accessto your personal data, and the right to request a copy of the information that we hold about you and supplementary details about that information – you will be asked to provide proof of your identify, and we may ask you to provide further details to assist us in the provision of such information
- right to have inaccurate personal data that we process about you rectified– we want to ensure that the personal information that we process and retain about you is accurate, so please do remember to tell us about any changes, for example if you have changed your contact details. It is your responsibility to ensure you submit true, accurate, and complete information to us; please also update us in the event this information changes.
- right of erasure– in certain circumstances you have the right to have personal data that we process about you blocked, erased or destroyed
- the right to object to, or restrict:
- processing of personal data concerning you for direct marketing
- decisions being taken by automated means which produce legal effects concerning you or that similarly significantly affect you
- in certain other situations, to our continued processing of your personal data
- the right of portabilityof your data in certain circumstances.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Please contact us using the details in section 1 of this notice if you would like to exercise any of these rights or know more about them.
These rights are subject to certain limitations that exist in law. Further information about your information rights is available on the ICO’s website: https://ico.org.uk/.
- Changes to this privacy notice
We may change this notice from time to time. You should check this notice on our website occasionally, in order to ensure you are aware of the most recent version.
- What should you do if you have a complaint?
We hope that you will be satisfied with the way in which we approach and use your personal data.
We ask that, if you have a complaint about the way we handle your personal data, you contact us in the first instance using the contact details in section 1 above, so that we have an opportunity to resolve it.
Should you find it necessary, you have a right to raise a concern with the information regulator, the Information Commissioner’s Office: https://ico.org.uk/.