Privacy

Under UK data protection law, you have rights over personal information that we hold about you. You can find out more via the Information Commissioners Officer – A guide to individual rights | ICO.

There are many instances in which we may collect information about you.

• When you sign up to our mailing list 
• When you make a donation to us 
• When you apply for a job 
• When you ask whether we can assist you with a legal matter (a client enquiry) 
• When you contact us 
• When you use our website (see our Cookies policy) 
• Other times you interact with us 
• Publicly available information 
• Checking our information is accurate 

We will process your personal data as is necessary for the contract we have to run the event and for you to attend. We process the name and contact details of delegates, the person who is paying for the delegate as well as the name and address of the organisation. We process sensitive personal data including delegate accessibility and special dietary requirements.   

We will email you in the run up to the event with information about the event as necessary. 

We share information you provide us on booking with third parties as necessary for the purposes of the event, e.g. giving dietary requirements to caterers; delegate and organisational names to printers or the venue for name badges. We share detail with speakers, so they know their audience. We will share delegate details, but not contact e-mail addresses, with other delegates, sponsors and hosts.  

We will keep these full booking details for as long as is necessary to run the event and for no longer than six months after the date of the event.

Making payments
If you choose to pay for your booking by card, you will be directed to PayPal.com who will process your payment on our behalf. PLP will not access, use or keep your card details and we will not ask for them through our website nor by phone or email. In order for PayPal to take your card payment we will share some of the information you have provided such as the name of the person making the payment, the amount to be paid and the details of your order (for example the name of the event and number of delegates). PayPal will provide you with a privacy notice detailing how they process your data. PayPal will usually share information with us including as the name of the person making the payment (typically the cardholder) and payment type (eg mobile payment), they will also give us details you provide to them such as a contact name, address and phone number. 

If you choose to pay by invoice, the details you provide will be used to create and send you the invoice, to send further payment requests and to recognise and process your payment.  

Financial records
We will keep copies of invoices, PayPal statements, and a record of your name and purchase as part of our financial records. We keep financial records for six years in order to produce financial information about our charity and comply with our legal obligations for example regards taxation. We may share financial records with third parties such as our IT supplier, accounting software provider, auditors, our archive company and HMRC.  

By registering for the event you confirm that you agree to this policy. You can contact us at any point if you do not agree to this, at bookings@publiclawproject.org.uk. 

We may also use your attendance at an event for the purposes of understanding our supporters.

As part of our diversity charters we aim to ensure PLP’s events are diverse and equitable, and that programmes both reflect and promote diversity in our professional communities, and the wider community.  To ensure this, speakers at our events are asked to share certain characteristics with us, though this is non-compulsory.  This data and the exchanges concerning the data are subject to strict control and usage.  Speaker’s characteristics are kept on record for proactive programming and monitoring.  Access to these records is limited to those that need access to them for events programming and monitoring purposes.

If you sign up to our mailing list, we will email you to let you know about up-coming courses, conferences, fundraising events, new resources and our significant casework. These updates are usually every two weeks, often less frequently. If you receive an email, open it, don’t open it, select a link or browse our website, we collect this information so we can see which stories are popular and which aren’t. This helps us do better with the content we provide in the future. We rely on your consent to process this data and you can withdraw your consent by ‘unsubscribing’ from our email or by contacting PLP at any time. If you do unsubscribe Campaign Monitor will keep your email address on record to ensure we do not email you again. 

We share your personal data with our email software provider Campaign Monitor. Campaign Monitor is a popular and widely used email marketing provider. Campaign Monitor are based in the United States and your data will therefore be transferred outside of the European Union and fall under the EU-US Privacy Shield which provides protection for the rights of anyone in the EU whose data is transferred to the US for commercial purposes. There is debate about whether the EU-US Privacy shield provides as high a standard of protection of data rights as applies to data held within the EU but PLP are satisfied that Campaign Monitor and the arrangement provide adequate protection for the purposes we are using it. You can find out more by reviewing Campaign Monitor’s privacy statement. 

We may also use the data we collect through our mailing list for the purposes of better understanding our supporters. 

PLP’s LearnDash portal is a private web area where PLP store recordings of webinars, associated materials and iwhere we will develop online courses.  In order to maintain the security of our training products PLP require those accessing courses to create an account, with First name, last name and e-mail address as mandatory fields. Users will also need to set their own password for the site.

We (PLP) effectively authorise three third parties (Staxoweb, LearnDash and WordPress) to processes data  for PLP under article 6 GDPR as you will, by signing up, be giving consent for us to process that data. The portal and data is kept on a separate WordPress website, employing both WordPress’ own security system and Wordfence, a further level of protection against hacking.  If accounts are not accessed by users for a specific period we will write to those users asking if they still want access, and delete users details if they do not reply or indicate they donl;t want to use the account.

PLP use the Charities Aid Foundation (CAF) or Virgin Money Giving to process donations on our behalf. For larger donations, this may include due diligence and ethical screening.  

CAF and Virgin Money Giving provide us with information about our donors if you opt for them to share it with us. In the case of a suspected fraudulent transaction, card details may be disclosed to PLP for the sole purpose of performing further checks. 

When you make a donation, you are able to opt-in to receive further updates from us to keep you informed about our work and upcoming fundraising opportunities. You will not be automatically added to our mailing list. 

We may also use the data we collect through our donations for the purposes of better understanding our supporters.

When you email PLP to apply for a job we will need to collect information about you including your employment history and contact details so that we can assess your suitability for the role and inform you about the progress of your application. 

Your records will be kept securely whilst we consider your application. If your application is unsuccessful, we will keep your data until 6 months after the decision was made. If successful, your recruitment information will be kept for 6 years after your last day working with us. 

If you opt to provide equal opportunity data to PLP this will be anonymised and retained only as long as is necessary to record the recruitment decision against the anonymised data and no longer than six months. 

We do not share recruitment information with third parties unless you have applied for the role via that third party recruiter or to demonstrate to such a third party recruiter any pre-existing interest in the role where they believe that they have put you in touch with us.

We do not use recruitment information for the purposes of understanding our supporters. 

If you contact us about helping with a casework matter, we will need to collect your information in order to respond to your enquiry and to decide whether we can take on your case and to sign-post or refer you to somewhere that can help. 

We will record your name, contact details and details about your enquiry including information about your income so we can assess whether you are eligible for legal aid. We then usually retain your information for 12 months in case you contact us again, wish to complain or appeal against our decision or to defend ourselves against a claim. If we consider it necessary to enable us to continue to deal with your enquiries in a proportionate manner, we will retain your details for up to 24 months.  

If we are able to assist you with your case, we will usually retain your information for six years after we close your case. We will send you further information about how we will handle your data before you agree to become our client. 

We do not use details obtained through client enquiries for the purposes of better understanding our supporters.

If you contact us by email or if you call us and to deal with your call we need to email colleagues, your personal data will be stored on our secure email servers (provided by Microsoft and hosted within the EU). We may share your email within PLP to direct your enquiries appropriately. Staff may save your name and contact details in our electronic contact directory if we believe that it would be in our joint interests to do so due to your interest in PLP or public law.

Third parties such as our IT support provider may have access to your data for the in order to maintaining our IT systems but we will not otherwise share your data with third parties without your consent.

Emails will be archived so that PLP staff can only access them on request after 12 months and permanently deleted after 24 months.

What Are Cookies? 

As is common practice with almost all professional websites our site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This policy describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or ‘break’ certain elements of the sites functionality. 

For more general information on cookies see the Wikipedia article on HTTP Cookies. 

How We Use Cookies 

We use cookies for a variety of reasons detailed below. Unfortunately in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not, in case they are used to provide a service that you use. 

Disabling Cookies 

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore it is recommended that you do not disable cookies. 

The Cookies We Set 

Forms 

When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence. 

Customisation 

In order to provide you with a great experience on this site we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page is affected by your preferences. 

Third Party Cookies 

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site. 

Google Analytics 

This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page. 

Social media 

We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; Facebook, X; will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.

Depending on your settings or the privacy policies for social media and messaging services like Facebook or X, you might give us permission to access information from those services, for example when you publicly tag us in an event photo. 

We may use such information for the purposes of understanding our supporters. 

Embedded content 

Some of the content on our site may be provided by third parties. This includes but is not limited to: Google Maps for interactive mapping, YouTube or Vimeo for hosted video and Flickr for images. When you visit a page containing content from one of these sites a cookie may be set. We do not have any control over these cookies and you should check the relevant third party website for more information about these. 

More Information 

Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren’t sure whether you need or not it’s usually safer to leave cookies enabled in case it does interact with one of the features you use on our site.

PLP will issue you additional privacy notices with further information specific to you if you: 

• Become a PLP client – http://www.publiclawproject.org.uk/client-privacy-information 
• Become a PLP member of staff, trustee or volunteer 
• Share data with us as part of a PLP research project 
• Agree that PLP can share your story (become a case-study) 

We may use very limited information about such interactions, for example the fact you volunteered for us, for the purposes of better understanding our supporters.  

In so far as a bespoke privacy notice suggests we will treat your information differently to this privacy notice please assume the bespoke privacy notice is correct or contact us to clarify. 

Why do we need to understand our supporters? 

PLP works with marginalised people to hold the state to account. We rely on the incredibly generous support of our donors to be able to continue our work. This support relies on us having effective communication and fundraising activities.  

It is important that we understand our supporters. If we don’t understand you, then we cannot communicate with you in a way which will be meaningful, engaging and interesting. This also helps us safeguard your donations and ensure value for money across our communication and fundraising activities.  

As a supporter, we can share key messages generically, for example through social media, but by communicating with you directly, we are able to keep you up to date with our activities, and any key appeals as they happen.  By understanding more about how our supporters engage with us, we can continue to improve. 

We never do anything without carefully considering how much it costs. Collecting information about you and what interests you allows us to work out the most efficient way to do things to ensure we are using our precious funds effectively and can spend even more on holding the state to account with marginalised people.  

When and how we collect supporters’ data 

We do not undertake this activity on all of our supporters; it takes place on a limited basis which depends upon the level of your donations and engagement. We might also obtain personal data about individuals who may be interested in giving large gifts to organisations like ours (for example name and contact information).  

Through your interactions with us 

Unless explicitly stated otherwise in the detailed list above, we may use our knowledge of the interactions you have had with us alongside publicly available information to help us to understand you better. In particular, we use analysis, research, profiling and we may customise our marketing as detailed in this policy.

Publicly available information 

We may use desktop research, profiling and screening techniques to analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you, to be prepared when we meet you, or to help us find others like you who might like to show their support. We may include information found in places such as Companies House, LinkedIn and information that has been published in articles/newspapers.  

We may also carry out research using publicly available information to identify individuals who may have an affinity to our cause but with whom we are not already in touch 

Information through third parties 

To ensure we use our charitable resources effectively and to maintain compliant records we need to keep our records up to date. Where possible we use publicly available sources to keep your records up to date; for example, the Royal Mail’s National Change of Address Database (NCOA) if you have checked the box when signing up to the Database to say third parties can see your updated information.  

We also use deceased and ‘gone away’ records to manage our supporter relationships and ensure data remains accurate, up to date and compliant. We may use an external agency, like Mortascreen, to manage such checks for us. If administering a legacy we may rely upon information provided to us by Executors and Administrators appointed in a Will, and where appropriate, we may use the government’s probate search to obtain a copy of the Will. We may also be informed by third parties of the death of supporters, particularly if we are a named beneficiary in the Will. 

If you use a third-party site such as JustGiving, CAF or Virgin Money Giving we may collect personal information from you indirectly. 

Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or X, you might give us permission to access information from those services, for example when you publicly tag us in an event photo.  

If we are introduced to you as a potential supporter by an existing supporter PLP may retain the information they give us and undertake background research prior to getting in touch. We aim to get in touch and then share our privacy policy with you within 30 days of such an introduction and will do so as soon as possible after that if it has been necessary to delay. 

What information we collect about supporters 

• Basic information including your name, address, phone numbers and email addresses, along with your preference as to how we should contact you in the future.  
• We may collect your year of birth or date of birth in order to verify you are an adult.  
• Financial information which you give to us, including your gift aid status (we do not store any credit/debit card information). 
• Records of your donation history, correspondence and other activities taken with us. 
• Details of your visit to our websites, and emails you have opened, including technical information and what links you have used. 
• Notes of our meetings or correspondence and any actions arising. 
• Information about potential major donors from publicly available sources such as your work or interests, any other details which you give to us including your reasons for supporting us. 

What we use supporter information for 

• Asking for financial or non-financial support  
• Keeping a record of your relationship with us so that we ensure you receive information and communications from us that are relevant to that relationship  
• Responding to or fulfilling any requests, complaints or queries you make to us using traditional methods and via social media platforms.  
• Sending you marketing materials which may include information about fundraising, and our campaigns.  
• Inviting you to and managing our events and to invite you to take part in our advocacy work or participate in consultations to help us improve the services we provide.  
• Analysing our database and seeing what has worked and what hasn’t worked. This helps us develop our products and services, and helps inform our marketing strategy so we only send you information that we think will be of interest to you, and so that we understand the effectiveness of the marketing we serve you.  
• Researching your interests – we want to utilise your donations in the most cost-effective way and so we don’t send blanket messages to the entirety of our database. Rather, we deliver content that we think will be relevant to you and personalised when appropriate.
• In limited circumstances, analysing the personal information we collect about you and using the publicly available information to better understand your interests, preferences and level of potential donations so that we can contact you more effectively.  

Building profiles of supporters and potential supporters  

We use profiling to help us understand our supporters better. This is so we can send you information that you are interested in and is relevant to you and predict how you might be able to help us in the future. This ensures we don’t send marketing to vulnerable individuals, and means we raise more funds, sooner, and more cost-effectively than we otherwise would. 

Like many charities, PLP intends to undertake research and screening techniques to engage with suitable high value donors. We do that by reviewing publicly available information to create a profile of your interests, preferences and your ability to support us, including the amount or level of potential donations or legacies you may be able to give. That research may be undertaken for both existing and prospective high value donors. We may also carry out research using publicly available information to identify individuals who may have an affinity to our cause but with whom we are not already in touch. 

Such information is compiled using publicly available data about you, for example addresses for house price data, listed Directorships, social media posts, newspaper articles or typical earnings in a given industry. We may use additional information such as geographical information for measures of affluence where available. We only use reputable sources, where someone would expect their information may be read by the public. Examples of our sources include Companies House, Mosaic (an Experian tool), Insight Hub by woodfortrees, Zoopla, search engines and your donation history. We avoid any data that we believe has not been lawfully or ethically obtained, and we do not use information sources which have not been made public. Collating this publicly available information helps us better understand your motivations and preferences enabling us to deliver a more targeted and relevant donor experience, as well as raising more funds sooner and more cost-efficiently.  

We might also ask our existing supporters, volunteers or trustees whether they would be prepared to open their networks up to us, and if we discover that someone in our network knows a potential donor that we have identified, we might ask them to facilitate an introduction. Here, we would advise the individual facilitating the introduction about our data responsibilities and ask them to ensure that the potential supporter in question is happy for an introduction to take place. Following the introduction, we would direct the potential supporter to this privacy notice and confirm their marketing and communication preferences.  

Lawful basis and retention (understanding our supporters)

We believe it is in our legitimate interest to process your data in this way and that it does not unfairly impact your rights and freedoms – you may opt out at any time and, if you do, we will not process your information in this way. 

Being able to contact you is vital to the way we operate. We want to keep in touch with you and, along with telling you how your support is helping and what we have achieved together, we also want to keep you up to date with the numerous activities you can get involved with. We believe it is in our legitimate interest to send you such materials by post and to speak to you by phone, unless you have told us you would prefer us not to.

Whatever your relationship with us, we will only store your information for a specified amount of time as set out in our internal data retention policy. With respect to understanding our supporters our retention policy is based on whether that reason is ongoing and whether you are an active supporter or not. We consider you to be an active supporter if you have interacted with us, including interacting with an electronic mailing we have sent you, and/or financially supported us at any time within the preceding three years. For larger donations this is extended to the preceding ten years.

Who do we share your data with? 

We never sell or share personal details with third parties so they can market to you. 

As with other organisations, we do not undertake all of our processing activities ourselves and we appoint suppliers to help us out. In these cases, we ensure we have a contract with the supplier and as part of that agreement the supplier agrees to respect the security of your personal data and to treat it in accordance with the law. We only permit suppliers to process your personal data for specified purposes and in accordance with our instructions.  

The main suppliers we share your data with are: 

Process/Activity	Class	Location	Reason
Financial	Banks/HMRC	UK	To process direct debits and other donations. To process Gift Aid.
Data Analysis	Data analysis	UK	To use our database in the most efficient way possible.
Cloud hosting/IT services	IT service providers	UK/EEC/US	Provision of cloud storage and software
Other support	Legal/ auditors/ insurers	UK	Provision of the relevant services

 

We have appropriate physical, technical and managerial controls in place to protect your personal details; for example, our online forms are always encrypted, and our network is protected and routinely monitored. Within our offices, your information is only accessed by those employees who have a business need to access it and who are trained in handling personal data securely.   

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Whilst we hope it will never happen, we have procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are required to do so.  

When we use external companies to collect or process personal data on our behalf, we undertake due diligence on these companies before we work with them and put a contract in place that sets out our expectations and requirements, including keeping and using your data securely.  

Our website may, from time to time, contain links to third party websites. If you follow a link to any of these websites, please note that these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check those policies before you submit any personal data to those websites.  

Despite all of our precautions, however, no data transmission over the internet can be guaranteed to be 100% secure. So, whilst we strive to protect your personal information, we cannot guarantee the security of any information which you disclose to us and therefore we advise you to be mindful of this when disclosing personal data.