Privacy

The General Data Protection Regulation, or GDPR for short, is one of the biggest changes to data privacy law in recent years. It is designed to put you in control of how your information is collected and used by organisations.

Your data matters – the Information Commissioner’s Office has information to help you to understand your rights here https://ico.org.uk/your-data-matters/

We want to help you exercise your rights as easily as possible. Below are a list of headings letting you know what happens to your information – this is to help with your right to be informed.  If you would like help exercising any of your rights please contact PLP’s Data Protection Lead, Christopher Igoe by emailing practice@publiclawproject.org.uk.

• When you register for an event
• When you sign up to our mailing list
• When you login to use our Learning portal (Learning Management System or LMS)
• When you make a donation to us
• When you speak at a PLP event (see ‘Ensuring events are diverse and equitable’, below)
• When you apply for a job
• When you use our website (see our Cookies policy)
• When you ask whether we can assist you with a legal matter (a client enquiry)
• When you contact us
• Other times when PLP will collect your data (and give you a further privacy notice)

We will process your personal data as is necessary for the contract we have to run the event and for you to attend. We process the name and contact details of delegates, the person who is paying for the delegate as well as the name and address of the organisation. We process sensitive personal data including delegate accessibility and special dietry requirements.

We will email you in the run up to the event with information about the event as necessary.

We share information you provide us on booking with third parties as necessary for the purposes of the event, e.g. giving dietary requirements to caterers; delegate and organisational names to printers or the venue for name badges. We share detail with speakers, so they know their audience. We will share delegate details, but not contact e-mail addresses, with other delegates, sponsors and hosts.

We will keep these full booking details for as long as is necessary to run the event and for no longer than six months after the date of the event.
Making payments
If you choose to pay for your booking by card you will be directed to PayPal.com who will process your payment on our behalf. PLP will not access, use or keep your card details and we will not ask for them through our website nor by phone or email. In order for PayPal to take your card payment we will share some of the information you have provided such as the name of the person making the payment, the amount to be paid and the details of your order (for example the name of the event and number of delegates). PayPal will provide you with a privacy notice detailing how they process your data. PayPal will usually share information with us including as the name of the person making the payment (typically the cardholder) and payment type (eg mobile payment), they will also give us details you provide to them such as a contact name, address and phone number.

If you choose to pay by invoice, the details you provide will be used to create and send you the invoice, to send further payment requests and to recognise and process your payment. 

As part of our diversity charters we aim to ensure PLP’s events are diverse and equitable, and that programmes both reflect and promote diversity in our professional communities, and the wider community.  To ensure this, speakers at our events are asked to share certain characteristics with us, though this is non-compulsory.  This data and the exchanges concerning the data are subject to strict control and usage.  Speaker’s characteristics are kept on record for proactive programming and monitoring.  Access to these records is limited to those that need access to them for events programming and monitoring purposes.

We will keep copies of invoices, PayPal statements, and a record of your name and purchase as part of our financial records. We keep financial records for six years in order to produce financial information about our charity and comply with our legal obligations for example regards taxation. We may share financial records with third parties such as our IT supplier, accounting software provider, auditors, our archive company and HMRC.

By registering for the event you confirm that you agree to this policy. You can contact us at any point if you do not agree to this, at bookings@publiclawproject.org.uk 

If you sign up to our mailing list we will email you to let you know about up-coming courses, conferences, fundraising events, new resources and our significant casework. These updates are usually every two weeks, often less frequently. We rely on your consent to process this data and you can withdraw your consent by ‘unsubscribing’ from our email or by contacting PLP at any time. If you do unsubscribe MailChimp will keep your email address on record to ensure we do not email you again.

We share your personal data with our email software provider Campaign Monitor. Campaign Monitor is a popular and widely used email marketing provider. Campaign Monitor are based in the United States and your data will therefore be transferred outside of the European Union and fall under the EU-US Privacy Shield which provides protection for the rights of anyone in the EU whose data is transferred to the US for commercial purposes. There is debate about whether the EU-US Privacy shield provides as high a standard of protection of data rights as applies to data held within the EU but PLP are satisfied that MailChimp and the arrangement provide adequate protection for the purposes we are using it. 

PLP’s LearnDash portal is a private web area where PLP store recordings of webinars, associated materials and iwhere we will develop online courses.  In order to maintain the security of our training products PLP require those accessing courses to create an account, with First name, last name and e-mail address as mandatory fields. Users will also need to set their own password for the site. 

We (PLP) effectively authorise three third parties (Staxoweb, LearnDash and WordPress) to processes data  for PLP under article 6 GDPR as you will, by signing up, be giving consent for us to process that data. The portal and data is kept on a separate WordPress website, employing both WordPress’ own security system and Wordfence, a further level of protection against hacking.  If accounts are not accessed by users for a specific period we will write to those users asking if they still want access, and delete users details if they do not reply or indicate they donl;t want to use the account.

PLP use the Charities Aid Foundation (CAF) or JustGiving to process donations on our behalf.

CAF and JustGiving provide us with information about our donors if you opt for them to share it with us. In the case of a suspected fraudulent transaction, card details may be disclosed to PLP for the sole purpose of performing further checks.

When you make a donation you are able to opt-in to receive further updates from us to keep you informed about our work and upcoming fundraising opportunities. We will not contact you without your consent to do so. 

When you email PLP to apply for a job we will need to collect information about you including your employment history and contact details so that we can assess your suitability for the role and inform you about the progress of your application.

Your records will be kept securely whilst we consider your application. If your application is unsuccessful, we will keep your data until 6 months after the decision was made. If successful your recruitment information will be kept for 6 years after your last day working with us.

If you opt to provide equal opportunity data to PLP this will be anonymised and retained only as long as is necessary to record the recruitment decision against the anonymised data and no longer than six months.

We do not share recruitment information with third parties. 

If you contact us about helping with a legal matter we will need to collect your information in order to respond to your enquiry and to decide whether we can take on your case and to sign-post or refer you to somewhere that can help.

We will record your name, contact details and details about your enquiry including information about your income so we can assess whether you are eligible for legal aid. We then usually retain your information for 12 months in case you contact us again, wish to complain or appeal against our decision or to defend ourselves against a claim. If we consider it necessary to enable us to continue to deal with your enquiries in a proportionate manner we will retain your details for up to 24 months.

If we are able to assist you with your case, we will usually retain your information for six years after we close your case. We will send you further information about how we will handle your data before you agree to become our client. 

If you contact us by email or if you call us and to deal with your call we need to email colleagues, your personal data will be stored on our secure email servers (provided by Microsoft and hosted within the EU). We may share your email within PLP to direct your enquiries appropriately. Staff may save your name and contact details in our electronic contact directory if we believe that it would be in our joint interests to do so due to your interest in PLP or public law.

Third parties such as our IT support provider may have access to your data for the in order to maintaining our IT systems but we will not otherwise share your data with third parties without your consent.

Emails will be archived so that PLP staff can only access them on request after 12 months and permanently deleted after 24 months. 

What Are Cookies 

As is common practice with almost all professional websites this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or ‘break’ certain elements of the sites functionality.

For more general information on cookies see the Wikipedia article on HTTP Cookies.

How We Use Cookies

We use cookies for a variety of reasons detailed below. Unfortunately in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.

Disabling Cookies

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the this site. Therefore it is recommended that you do not disable cookies.

The Cookies We Set

Forms

When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.

Customisation

In order to provide you with a great experience on this site we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page is affected by your preferences.

Third Party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.

Google Analytics

This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.

Social media

We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; Facebook, Twitter; will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.

Embedded content

Some of the content on our site may be provided by third parties. This includes but is not limited to: Google Maps for interactive mapping,YouTube or Vimeo for hosted video and Flickr for images. When you visit a page containing content from one of these sites a cookie may be set. We do not have any control over these cookies and you should check the relevant third party website for more information about these.

More Information

Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren’t sure whether you need or not it’s usually safer to leave cookies enabled in case it does interact with one of the features you use on our site. 

PLP will issue you additional privacy notices with further information specific to you if you:

• Become a PLP client – http://www.publiclawproject.org.uk/client-privacy-information
• Become a PLP member of staff, trustee or volunteer
• Share data with us as part of a PLP research project
• Agree that PLP can share your story (become a case-study)

In so far as a bespoke privacy notice suggests we will treat your information differently to this privacy notice please assume the bespoke privacy notice is correct or contact us to clarify. 

All the details you provide to us on our website are taken and held securely using SSL encryption. You can tell the page you are entering details on is secure because ‘https’ will replace the ‘http’ at the front of the www.publiclawproject.org.uk. A small padlock will also appear in your browser window.

All personal information stored electronically is kept on secure servers, with access restricted to relevant staff and, if appropriate, volunteers.