PRIVACY NOTICE – MAY 2018
Who We Are And How We Approach Data Privacy
We are Surrey Junior Lawyers Division (Surrey JLD), a membership organisation which is part of the Junior Lawyers Division of the Law Society. We are run by a voluntary committee of junior lawyers.
We organise social events, networking events, and careers training and personal development workshops. We also offer many opportunities for junior lawyers to interact with each other to develop networking skills and forge relationships. These are our ‘Services’.
We are the Data Controller for the purposes of the Data Protection Act 2018 and the General Data Protection Regulation (Regulation (EU) 2016/679)).
As a society we are committed to protecting and respecting the privacy of your personal information. We want you to be confident that your information will be properly protected whilst in our possession. If you have any questions about our use of your personal information, or you wish to exercise one of your rights under data protection legislation, please contact us. A summary of your rights is detailed in this notice.
How We Use Your Personal Data
We will only use your personal data when the law allows us to.
Do I Have To Provide This Information?
In most cases the personal information you provide to us is entirely voluntary. You are not under a statutory or contractual obligation to provide it to us.
However, where we need to collect personal data in order to fulfil our contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel the Services you have with us but we will notify you if this is the case at the time.
Providing Us With Personal Information Of Another Person
If you need to provide us with personal information about another person you must obtain that individual’s express consent to pass us their information. You should share this notice with those individuals as it may also apply to them.
We do not envisage that any decisions will be taken about you using automated means; however, we will notify you in writing if this position changes.
We may have to share your personal data with the parties set out below for the purposes set out above:
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
In common with many other organisations, we make use of a cloud-based solution, using the Google cloud platform, Google Drive. This may involve the transfer of your personal data outside of the European Economic Area (EEA). Google has certification under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and has also gained confirmation of compliance from European Data Protection Authorities for model contract clauses. Further information can be found here.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those individuals who have a need-to-know (for example, Surrey JLD committee members). We will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Your legal rights in connection with your personal data will always apply, being the right of access, right to rectification, right of erasure, right to object, right to restrict, and rights in relation to transfer.
Changes To This Notice
We keep this notice under regular review. If, in the future, we wish to use your personal information in a way not set out in this notice we will notify you and seek your permission to do so.
If you would like to request further information about this notice or the way in which we handle your personal information, please contact us at: firstname.lastname@example.org.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.