Introduction

This Privacy Policy describes how and why The Legal Education Foundation ("TLEF", "we", "us" or "our") collects and uses personal data in the course of its business. It applies to personal data provided directly to us by the individuals concerned and to personal data provided to us by companies and other organisations. The term "Personal Data" refers to data which identifies a living individual, such as name, birth date, telephone number, e-mail address or mailing address.

Data controller

TLEF is a charity registered in England and Wales, registration number: 279217. Our registered address can be found here. We are registered with the ICO as a data controller under registration number Z5743510.

Information about this Policy

We have policies, procedures and training in place in respect of data protection, confidentiality and information security. We regularly review such measures with the objective of ensuring their continuing effectiveness. We may therefore update this Privacy Policy from time to time. This version was updated on 15th May 2018 and sets out your rights under the new General Data Protection Regulation ("GDPR") which comes into force on 25th May 2018.

International transfers of personal data

We, and our service providers who process your information on our behalf, may not transfer your information outside of the EEA unless the European Commission has decided that a country (or territory or one or more specified sectors within that third country as the case may be) ensures an adequate level of protection; or we, or our service providers, have provided appropriate safeguards as required under GDPR for such processing or transfers.

Provision of personal data to third parties

We will only share personal data with third parties where we are legally permitted to do so. We do not provide information to third parties for their own marketing purposes Where we transfer personal data to third parties, we will put in place appropriate contractual arrangements to protect personal data.

Your Rights (data subject requests)

You have the right to:

  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to ask for a copy of the personal data we hold about you and to check that we are lawfully processing it.

  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have legitimate grounds to process your information which override your rights and freedoms.

  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
    • if you want us to establish the data’s accuracy;
    • where our use of the data is unlawful but you do not want us to erase it;
    • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    • you have objected to our use of your data but we need to verify whether we have legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

Governing Law

This privacy policy shall be governed by and construed in accordance with the laws of England & Wales. You agree to submit any dispute arising out of your use of this to the exclusive jurisdiction of the courts of England & Wales.

Complaints

Should you wish to complain about our use of your personal data, please contact us using the Contact Form. We will investigate all complaints received and will endeavor to respond to complaints promptly.

You may also complain about our use of personal data to the Information Commissioner’s Office. For further information on your rights and the complaints process, please visit the Information Commissioner’s Office website: https://ico.org.uk/for-the-public/raising-concerns.

Data Retention

We will only keep personal data for as long as necessary for the purposes for which it was collected, or as required by applicable law or regulation.

Unless there are any legal, regulatory or contractual requirements, we will retain records (which may include personal data) in accordance with our Data Retention Policy.

What personal data we collect, why and how we use it

We will only use your personal data when the law allows us to. Most commonly we will use one of the following lawful bases:

  • Execution of a contract with you
  • Necessary for our legitimate interests
  • After obtaining consent from you
  • Necessary to comply with a legal obligation

To find out more about how and why we process personal data for different purposes, please refer to the relevant section below (click the button for information on each):

What data do we collect?

We automatically collect data about visitors to our website (for example on browsing patterns) by using cookies. (See Cookie Policy).

How do we use your data?

This data is used only in an anonymous form; no individual is identified.

What personal data do we collect?

Your,

  • name,
  • organisation name (if applicable) and
  • email address.
  • You may optionally provide your phone number.
How do we use your personal data?

We use your personal data only for the purpose of responding to your query using your email address (or your phone number if you have provided it).

To whom might we disclose your personal data?

We will not disclose personal data received through a website enquiry to any third parties unless you have given us consent to do so.

What personal data do we collect?

We collect personal data about Grant and JFF Host Applicants to manage our relationship with them. This would normally include contact names, email addresses and phone numbers that have been provided.

How do we use your personal data?

We use personal information from Grant Applications to contact Applicants regarding their Application including requesting additional information and, if successful in drafting a Grant Agreement.

Once a Grant Agreement is in place we will use your personal information to manage the Agreement and our relationship with the Grantee or JFF Host Organisation, including requesting reports, providing access to our contact management system, managing payments and keeping records for accounting and audit purposes.

We will occasionally send information about TLEF, news/events or other items of interest to your email address. We will only do so if you have consented to receive these, and we will provide the opportunity to change your preferences at any time.

To whom might we disclose your personal data?

We may disclose personal data to our auditors and advisors as required by law or as reasonably required in the management of our charity. We may disclose personal data to third parties, such as Regulators, where required by applicable law and regulation.

Updating your records

If a contact at a Grantee or JFF Host changes role or ceases to work for that organisation we ask that TLEF is informed of the change so that we can update our records. This can be done via our Contact Form.

What personal data do we collect?

If you apply to be a Justice First Fellow we will ask you to provide additional personal information when completing the online application form.

This may include some or all of:

  • Name
  • Address
  • Phone number(s)
  • Email address
  • Educational background
  • Diversity information including gender, date of birth, ethnicity, disabilities.

Certain personal data is referred to as Special Categories’ of personal data under the GDPR. These include information about ethnicity, nationality and disabilities. Where we collect such information, we collect it for equality and diversity monitoring purposes. This information is not mandatory.

Successful candidates may be asked to provide bank details for the payment of expenses.

How do we use your personal data?

Access to the application form will be provided to the third-party organisation to which you have applied to (referred to as "JFF Host Organisations").

Successful candidates will become members of the Justice First Fellowship Scheme and their contact details will be used to keep them informed of events relating to the Fellowship Scheme during the period of their training contract. Data will also be retained to keep you informed of events relating to the JFF after you have qualified unless you ask us to remove your contact details from our records.

To whom might we disclose your personal data?

Applicants’ personal data and application will be passed to the JFF Host Organisation(s) you have selected and, subject to your consent, to other Hosts.

Fellows’ contact details will not be passed to other Fellows or Hosts without their specific consent.

What personal data do we collect?

We aim to collect personal data about our suppliers, consultants and professional advisors only to the extent necessary for us to receive good and services, manage our relationship with them.

How do we use your personal data?

We use the personal data in managing and administering our business, and to comply with contractual, legal and regulatory obligations. This will include managing payments and keeping records for accounting and audit purposes.

To whom might we disclose your personal data?

We may disclose personal data to our auditors and advisors as required by law or as reasonably required in the management of our charity. We may disclose personal data to third parties, such as Regulators, where required by applicable law and regulation.

What personal data do we collect?

When we recruit for a new member of staff we will request a copy of a Curriculum Vitae and any additional personal information we require for the application process.

This may include some or all of:

  • Name
  • Address
  • Phone number(s)
  • Email address
  • Diversity information including gender, date of birth, ethnicity, disabilities
  • Educational background
  • Previous work experience
  • Previous employers

Certain personal data is referred to as Special Categories’ of personal data under the GDPR. These include information about ethnicity, nationality and disabilities. Where we collect such information, we collect it for equality and diversity monitoring purposes. Data relating to disabilities is also collected so that any reasonable adjustments can be made to accommodate applicants at interview and, if successful, in the workplace.

We may use a recruitment agency and or selection consultants to assist in this process and will ask and expect them to follow the GDPR guidelines in dealing with applications.

How do we use your personal data?

Your personal data is only used for the purpose of the recruitment process for the role for which you applied.

To whom might we disclose your personal data?

Your data may be disclosed to a recruitment agency or selection consultant if we contract with one or more to assist in the recruitment process.

What personal data do we collect?

We also collect contact details from publicly available sources, such as organisation websites, to enable us to contact people who we believe may have an interest in the information we provide and events we may hold.

How do we use your personal data?

We may contact you in relation to an event or activity of TLEF which we believe will be of interest to you. You will be provided with a mechanism to opt in to any such contact and the ability to state your preferences in relation to such communications.

To whom might we disclose your personal data?

We will not disclose your data to any third parties unless we first obtain your consent.

Provision of general information regarding the work of TLEF

We may send information relating to the work of TLEF, documents it publishes and events it runs or participates in to Contacts (including but not limited to suppliers, Grantees, JFF Hosts and Fellows).

Before sending such information, we will ask for your consent and you will be provided with a mechanism to opt in to any such contact and the ability to state your preferences in relation to such communications.

© 2013 - 2018 The Legal Education Foundation
Registered charity 271297 (England/Wales)