CILEX (Chartered Institute of Legal Executives) Privacy Notice

CILEX (Chartered Institute of Legal Executives) takes your privacy and your rights to your Personal Data extremely seriously and we are committed to protecting the privacy of all Personal Data obtained about individuals. Data is held in compliance with the UK Data Protection Legislation and other applicable Data Privacy Laws.

We are committed to protecting the privacy of all Personal Data obtained about individuals through, but not limited to, personal contact, email enquiries, newsletter sign up forms, event registrations and membership forms.

Data will be collected and used only for the purposes for which it was originally submitted or in accordance with your preferences.

For more information about how we collect and use your data, please read our Privacy Statement which can be found on our website.

Who We Are

CILEX (Chartered Institute of Legal Executives) is the governing body for the Chartered Legal Executives, Paralegals and other Legal Professionals. CILEX, as a professional association provides professional development, support and guidance to its members. It delivers legal education and training through CILEX Law School (CLS), qualifications through its Awarding Body function and independent regulation through CILEX Regulation (CRL).

If the user does not agree to their Personal Data being used, in accordance with this Privacy Policy, they are advised not to submit Personal Data to CILEX through the Website or any other means.

How and Why, We Obtain Personal Data

CILEX only processes Personal Data, where we have a lawful basis to do so. This will depend on the activity that we collect it for e.g., to provide membership services. In some instances, there may be more than one lawful basis for which we process your Personal Data. We obtain Personal Data from you for a variety of purposes including, but not limited to, managing your membership and providing other member services. The lawful bases for processing Personal Data can include Consent of the Data Subject, Contractual Necessity, Compliance with a Legal Obligation, Vital Interests, Public Interest and Legitimate Interest. The lawful bases for Sensitive Personal Data can include Explicit Consent, Employment Law, Charity or Not-for-Profit Bodies, Vital Interests, Data manifestly made Public by the Data Subject, Legal Claims, Reasons of Substantial Public Interest, Medical Diagnosis or Treatment, Public Health, Historical, Statistical or Scientific Purposes, processing for New Purposes and processing not requiring Identification.

The Personal Data We Collect, How We Collect It and Where Is It Stored

CILEX is committed to respecting the Personal Data that you supply to us. The Personal Data that we collect will be relevant to the purposes for which it is to be used and we will do our utmost to ensure that such Personal Data will be accurate, complete and kept up-to-date. Whenever Personal Data is obtained from you, you will have access to information explaining how that Personal Data will be used.

How We Communicate With You

CILEX respects the privacy of the Personal Data that we hold.

During the year, there are updates that CILEX needs to communicate to members, students and stakeholders, in relation to the Institute and CILEX Membership and Qualifications (Administration and Development). We use direct communications, e-shots, newsletters, technical bulletins and other mediums for this purpose. You may also receive surveys regarding our service provision, with regard to our continuous improvement and to further ascertain our students’ requirements. You can control what you would like to receive at any time in your User Account Preference Centre or by clicking on the unsubscribe email link. Unless you advise otherwise, we will continue to send updates about CILEX and CILEX products and services to you via email.

For more information about how we collect and use your Personal Data, please refer to our Privacy Statement.

Sharing Personal Data

The Personal Data that we collect will only be used for the purposes for which they are originally submitted. We will not disclose your details to any third parties, except for where we are required to do so or we are permitted to do so by law (for example, to regulators or to law enforcement agencies) or where those parties are conducting CILEX activities on our behalf, including with other entities in CILEX.

In circumstances, where we engage a service provider or a CILEX entity to provide services to us, we ensure that the Personal Data is only processed in a manner compliant with UK Data Protection Legislation, subject to a formal Data Processing Agreement, the data processing activity has been assessed by a DPIA (Data Protection Impact Assessment) and it is only used for the purposes for which the Personal Data was originally collected. In the event of any International Data Transfers, we would also put in place the applicable EC SCCs (European Commission’s Standard Contractual Clauses), IDTA (International Data Transfer Assessment) or ICO Addendum documentation.

We may need to share your Personal Data with our professional advisers, including auditors, lawyers and insurers, who provide professional advice, accounting, banking, legal, insurance and pension services or to meet our audit responsibilities. However, we do not allow our third-party service providers to use your Personal Data for their own purposes. They can process your Personal Data for specific purposes and under our instructions.

We may share your personal information with Government Agencies, their Partners and other Third-Parties, such as The Office of Qualifications and Examinations Regulation (Ofqual), Department for Education (DfE), Qualification Wales and CCEA, among others.

Personal information may be shared with a third-party, who has a legitimate interest in the data, where disclosure is necessary, lawful and the processing is aligned with the purpose for which the Personal Data was originally collected. CILEX may share your Personal Data with your employer, where they have paid for your course fees on a distance learning course.

We also might share your personal information with the Police or other organisations that have a crime prevention or law enforcement function. UK Data Protection Legislation allows organisations to share personal information, if it is needed to prevent or detect a crime or to catch and prosecute a suspect.

CILEX is committed to keeping children and vulnerable adults safe, when its employees and representatives come into contact with them during the course of their work. Where there is a safeguarding concern of a serious and/or urgent nature, confidential information related to the affected individual may be disclosed to emergency services or an external agency.

If we undergo a merger or re-organisation, in doing so, we may acquire or transfer Personal Data as part of that transaction, but your Personal Data would continue to be used for the same purposes. CILEX’s recent acquisitions in 2023 have included the IOP (Institute of Paralegals) and PPR (Professional Paralegal Register).

You may choose not to receive CILEX Marketing Communications by managing your Communication Preferences.

Users 16 and Under

We do not knowingly collect or solicit Personal Data from anyone aged 16 or under or knowingly allow such persons to provide us with their Personal Data without Parental or Guardian consent. If you are aged 16 or under, please do not provide us with your Personal Data without first asking your Parent or Guardian for permission. In the event, that we learn that we have collected Personal Data from anybody aged 16 or under and we do not have the consent of a Parent or Guardian, we will delete that Personal Data as quickly as possible. If you believe that we might have any Personal Data from or about anyone aged 16 or under without the consent of a parent or guardian, please contact us by logging in to myCILEX Portal and go to Contact Us, then select ‘Data Protection: Query and Request’ on ‘My Query Relates to’ section. If you do not have access to the myCILEX Portal or you do not wish to log your details on the system, please contact us by email at privacyofficer@cilex.org.uk.

The Rights of the Individual

The Rights of the Individual include:

  • The Right to be Informed
  • The Right of Access
  • The Right to Rectification
  • The Right to Erasure
  • The Right to Restrict Processing
  • The Right to Data Portability
  • The Right to Object
  • Rights concerning Automated Decision-Making and Profiling

If you would like to exercise any of your rights under the UK Data Protection Legislation, then please log in to myCILEX Portal and go to Contact Us, then select ‘Data Protection: Query and Request’ on the ‘My Query Relates to’ section. If you do not have access to the myCILEX Portal or you do not wish to log your details on the system, please contact us by email at privacyofficer@cilex.org.uk.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Their contact details are:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel No: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

Website: www.ico.org.uk

How Long Do We Keep Your Personal Data

In general, CILEX only retains Personal Data for as long as it is necessary to fulfil the purposes for which it is being processed (including to comply with the relevant UK legislation or regulatory requirements and to resolve legal disputes).

The length of time may vary depending on the reasons for which we are processing the Personal Data and whether we have a legal, a regulatory (for example, under financial regulations) or contractual obligation to keep it for a certain amount of time.

Once data the retention period has expired, Personal Data will be confidentially disposed of or permanently deleted. If you object to further contact from us, we will keep some basic information about you, in order to avoid sending you unwanted communications in the future.

Legislation

“UK Data Protection Legislation” means All applicable UK Data Protection and Privacy legislation in force from time-to-time, including the General Data Protection Regulation (EU) 2016/679, the UK Data Protection Act 2018 and the Privacy and Electronic Communications (EU Directive) Regulations 2003 (as amended) (PECR) and any superseding legislation and all other applicable laws, regulations, statutory instruments and/or any codes, practice or guidelines issued by the relevant data protection or supervisory authority in force from time to time and applicable to a Party, relating to the processing of Personal Data and/or governing individual’s rights to privacy.

Contacting Us

If you have any questions about how CILEX processes your Personal Data or you would like to exercise any of your rights under the UK Data Protection Legislation, then please log in to myCILEX Portal and go to Contact Us, then select ‘Data Protection: Query and Request’ on ‘My Query Relates to’ section. If you do not have access to the myCILEX Portal or you do not wish to log your details on the system, please contact us by email at privacyofficer@cilex.org.uk.

Statement Approval
Date of Issue:February 2023
Review Date:December 2024
Version:1.4
Procedure Owner:Corporate Compliance Manager
Approved By:Corporate Policy Review Panel (CPRP)