Purpose of the policy
The International Administrative Law Centre of Excellence (“IAL COE” or “Centre”) is committed to respecting your privacy and protecting confidential and privileged information. It takes its professional, regulatory and legal obligations in relation to personal data seriously.
For the purposes of the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and other applicable data protection law, this privacy notice contains information about what personal data the Centre collects and stores, how it is collected, who it is shared with, the measures in place to protect your data, the rights and options that you have, and how to contact the Centre if you have a complaint.
The IAL COE is a community interest company that has been created in order to assist in the global development and improvement of International Administrative Law. It is comprised of individual members and has a Secretariat that is responsible for day-to-day administration. The Secretariat of the Centre (referred to collectively as “we”/”us”) collects, uses and is responsible for personal information about you and is regarded as an independent data controller of your personal data.
We collect personal data when:
- You or your organisation provide, or offer to provide, services to us;
- You correspond with us in any manner;
- You or your organisation interacts with our website or makes an enquiry through our website;
- You attend our seminars, training or other events or sign up to receive communications from us, including newsletters.
As part of providing or carrying out IAL COE’s activities, we collect personal information such as name, telephone number and contact details, job title or role, employment history, educational or professional background, and nationality.
We may also collect some or all of the following personal information:
- Financial and payment information necessary for administering payment to us and our accounting systems.
Business information, including information provided in the course of your dealings with the Centre, or otherwise voluntarily provided by you or your organisation.
- Data from third party sources such as government agencies, online information service providers or from publicly available records and personal data that is available publicly, for example on a firm’s website or LinkedIn.
- When carrying out very limited marketing (such as promotion of events and dispatch of newsletters), we collect information such as your name, address, telephone number, email address or contact details and job title, including from publicly available sources.
Use of personal data
We use your personal information for the following purposes:
To register you or your organisation with IAL COE.
To communicate with you to invite you to our events and to keep you up-to-date on legal developments and topics of interest or announcements about IAL COE, and for other marketing and information purposes.
For other purposes ancillary to any of the above or any other specific purposes for which your personal data was provided to us.
We will seek your consent for obtaining any personal data in connection with your affiliation or interaction with the Centre. You have the right to withdraw this consent at any time, but this will not affect the lawfulness of any processing activity we have carried out prior to you withdrawing your consent. In order to request to withdraw your consent, please contact us with relevant details at firstname.lastname@example.org.
Sharing your personal data
We may share your personal data with certain third parties in relation to the marketing of IAL COE or the provision of updates, newsletters and training. A list of these third parties can be provided on request.
Length of retention
We will only hold your personal data for as long as necessary to fulfil the purposes that it was collected it for, and we periodically review our retention of personal data. At the end of the retention period we will securely destroy your personal data in accordance with our obligations under applicable laws and in accordance with any relevant guidance.
Under the GDPR, you are entitled to:
- Transparency over how we use your personal data and fair processing of it.
- Request to view, amend, or delete the personal data that we hold, unless there is a legal reason for non-disclosure, or disclosure would reveal the personal data of a third party.
- Request that we correct any mistakes or incomplete personal data we hold about you.
- Object to your personal data being used in direct marketing, and opt out. In certain circumstances you may ask for your personal data to be erased.
- Receive a copy of the personal information you have provided to us or have this information sent to a third party.
Restrict our processing of your personal information in certain circumstances.
If you want to exercise any of these rights, unsubscribe from any of our communications, or inform us of any changes to your personal data, please email email@example.com stating the right or rights that you wish to exercise.
If you want more information about your rights under the GDPR, please see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR and more generally, the ICO website.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We do not intend to process your personal information for any reason other than stated within this privacy notice. If this changes, this notice will be updated.
We periodically review our internal privacy practices and may change this policy from time to time. Any changes to the policy will be updated on our website.
If you have any questions about this privacy notice or the information we hold about you, please contact us on firstname.lastname@example.org.
The GDPR gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) State where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority is the Information Commissioner’s Office.