We will ensure that we use your data in accordance with all relevant legislation.
This Policy has been written in line with the Data Protection Act 1998, and the EU General Data Protection Legislation (GDPR) 2016/679, and will explain;
– How we may collect your personal information
– The legal basis for us collecting data
– How we will use your data
– How and when we may disclose your details to others
– How your data is stored
– How your data is retained
– How your data is disposed of after use
– Your rights regarding the data we hold about you
Periodically it may be necessary for us to amend or update this Policy, an up to date version will always be made available to you via our website https://midlandsasianlawyers.org/.
1.1 Personal Data
Personal data is any information relating to a natural person who can be directly or indirectly identified through that data.
1.2 Natural Person
Is an individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.3 Data Subject
A data subject is an individual who is the subject of personal data. In other words, the data subject is the individual whom particular personal data is about. Individuals who have died do not count as data subjects, nor does anyone who cannot be identified or distinguished from others via the data in question.
1.4 Sensitive Data
Sensitive Data is a special category of information concerning a data subject, and includes; racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences.
1.5 Legal Bases
According to the GDPR personal data may only be collected and processed if you have a legal basis for doing so. The possible legal bases for data collection and processing are; consent, contract, legitimate interest, legal obligation, vital interest, or public task.
You should be aware on which legal bases your personal data is being collected and processed.
You have given clear consent for us to process your personal data for a specific purpose.
The processing of your data is necessary for a contract you have entered into with us, or because you have asked us to provide you with a service or product for which it is necessary to process your personal data.
1.5.3 Legitimate Interest
The processing is necessary for the legitimate interests of MALA or the legitimate interests of others unless there is a reason to protect your personal data which overrides this.
1.5.4 Legal Obligation
The processing is necessary for us to comply with the law.
1.5.5 Vital Interest
The processing is necessary to protect someone’s life
1.5.6 Public Task
The processing is necessary for you us perform a task in the public interest, and it has a clear basis in law.
2. How we may collect your personal information:
MALA may collect your personal data in a range of ways, and for a number of reasons (outlined below), however we are committed to only gathering personal data which is necessary for us to be able to provide you with best service.
2.1. Direct Information collection
You may choose to provide your personal information directly to us, which can happen either face to face, in writing, by phone or electronically. This may include; when you apply for a role to join the committee, register /book/attend an event, offer us feedback, make a complaint or enter into a contract with us.
As we do not have a membership system we do not hold a membership database. We hold some personal information provided to us from previous information gathered during previous event bookings. This is to ensure that that we can contact you in relation to future events. Most of our advertising is conducted via social media.
The data information collected and retained by MALA usually comprises your name, your email address, your telephone number, the name of your organisation, guest names for bookings and table plans, sponsorship and promotional material details for brochures and digital marketing.
2.2. Indirect Information Collection
You may interact with us through some of our social media accounts using platforms such as; Twitter and LinkedIn, and through this we may obtain some personal information about you.
The information we receive through social media is controlled by the privacy settings on your own social media accounts. To control the information we receive about you through social media, you should review your settings and refer to the privacy policies of the social media sites you use.
2.3. Collecting Information Through Third Parties
MALA often delivers services with the aid of partners, subcontractors and other selected third parties. This means that sometimes your data will be collected by someone else who is working with us or under our instruction. If you are sharing personal data in this way you will be made aware of how your information is being collected and used by all parties concerned.
As well as applying directly, it is also possible to be referred to some of our services by third parties, in this instance someone who is known to you provides us with your personal information in order for us to be able to offer you any services which may be available and suitable for you. The person who is referring you to MALA will be responsible for letting you know how and why they are gathering your data, and for telling you that they will be providing this information to us.
2.4. Data Collected Via Our Websites
– Account Registration
– Login Features
– Form Submissions
– Site preferences
2.5 Collecting Data from Children and Young People
If you are aged 16 or under we will always require you to provide us with permission from a parent/guardian before we collect any of your personal data.
3. Legal Bases for Collecting and/or Processing Your Personal Data
In line with GDPR, MALA recognises that it is only right and proper for us to collect and/or process your personal data if we have the legal grounds to do so.
GDPR sets out 6 legal grounds upon which your personal data can be processed, they are;
- Legitimate Interest
- Legal Obligation
- Vital Interest
- Public Task
In order for us to collect and/or process your personal data, we must first identify which legal bases apply, and this must be recorded formally.
Most commonly the data collection and processing undertaken by MALA will fall under the categories of Consent & Contract.
More information about each of the legal bases can be found in the definitions section of this policy.
4. How we Use Your Personal Data
The methods of data collection, and the ways in which MALA will use your data will vary depending on how we are working with you, the most common ways we may use your personal data are outlined below, however if we intend to use your data in any other way this will be discussed with you directly.
4.1 Provision of Goods and Services
When you ask us to provide you with good or services (for instance by registering for an event with us), your personal data will be collected in order to help us make sure you are receiving the most appropriate goods and services, and to help us deliver them to you in the most effective manner.
4.2 General Administration
It may be necessary for us to hold and use your personal data to help us to complete some essential administrative functions, such as responding to a complaint or other request you have raised.
4.3 Administration of Transactions
We may need to use our personal data to be able to complete transactions which occur because of your relationship with us, for instance event bookings.
4.4 Processing Applications to Work with Us
If you apply to join the committee in a voluntary capacity, we will collect and process your personal data in order to be able to manage your application, help us assess your suitability for the role applied for, and to respond to you.
4.5 Monitoring and Evaluation
We may use your information, and the feedback you give us to help us improve the services which we provide both now, and in the future.
4.6 Provision of Our Websites and Online Services
We may use your personal information to provide you with access to our website
5. How and When We May Disclose Your Details to others
MALA will never share your information with third parties for their marketing purposes, and we will never sell your data to others for any purpose.
5.1. Keeping you informed
We may use your contact details to keep you informed about the services which you have requested from us, and any of our other products and services which we believe may be of interest to you. In order to do this your contact details may be shared between committee members who are bound by data protection legislation and this policy.
If at any time you would like us to change the way we use your data or contact you have the right to request this (please see sections 9 and 10 of this policy).
5.2 Media, Quotes and Photos
To help celebrate successes, and tell people about our events we offer we may ask you to provide quotes, to feature in a media articles or to be photographed during any events held by us. You can choose if you would like to do this and what information you would like to share if you do so.
Pictures may feature in the media, on our website, in reports and presentations we share, within our marketing materials, or on social media and therefore becomes information ‘in the public domain’ once published.
6. How Your Data is Stored
MALA take appropriate organisational, technological and behavioural steps to keep your information safe however that information is shared with us, and in whatever format.
6.1 Electronic Files
We may retain electronic files (committee meeting minutes, event booking information details ) which are stored locally on committee members laptop and are protected by firewall software. Access is further limited by passwords meaning that your personal information should only be accessible by committee members.
Emails are also sent from laptops. If you wish for sensitive material sent by email to be password protected that can be done. We minimise the need for paper records. If we do make notes on paper those are destroyed promptly. Some electronic communication is conducted from committee members mobile phones, again these are password protected.
7. How Your Data is retained
The specific amount of time your personal data will be retained for is dependent upon the reasons why your data has been collected and stored by us, however we aim to keep your information for no longer than is absolutely necessary.
8. How Your Data is Disposed of After Use
The method which will be used to dispose of your personal data will vary depending on the type of documents stored, the methods by which they have been collected/stored, and the other information held with them.
Where it is possible to undertake electronic deletion of your information we will do so once we feel that information is no longer required.
If your personal data is stored in hard copy it will be physically destroyed in a way which prevents it’s future use or your further identification.
9. Your Rights Regarding the Data We hold About you
Under GDPR individuals have a number of rights regarding their personal data, some of these are general rights which apply to all of your personal data, and some of these rights vary depending upon which legal bases apply to the processing of your personal data.
9.1 General Rights
In all circumstances you have the right to be informed about the data we hold regarding you (right of transparency), the right to access the data we hold about you (the right of access), and you have the right for the information we hold about you to be accurate, and to be amended to make it accurate if it is not (the right of rectification).
9.2 Right to withdraw consent
If we have used the legal basis of Consent to process your personal data, you are legally able to withdraw your consent at any time meaning that we can no longer use your data for the agreed purposes. Depending on what data is held and how this will result in your data either being archived, destroyed or anonymised to protect your wishes and your identity.
9.3 Right to have your data erased
This is also known as ‘The Right to Be Forgotten’, this applies if your data has been processed on the basis of either Consent or Legitimate Interest, your data is no longer required for the original purposes, or your data is being used for marketing purposes to which you object.
9.4 Right to restrict the use of your data
The right to restrict the use of your data means that you can ask us to hold your information, but not to use it, this would normally be a temporary measure, and only applies to processing of our information under the legal bases of Contract, Consent and Legitimate Interest.
9.5 Right to data portability
If your data is stored in a transferable electronic format you may wish for us to transfer tis information to someone else so that you don’t have to provide the information more than once. You have the right to do this if your personal information has been collected using the legal bases of Consent or Contract, and if it is in a portable format.
9.6 The right to object
If your data has been processed under the legal bases of Legitimate Interest or for the purposes of completing a task in the public interest then you have the right to object to it’s processing. You can also object if your data is processed for research or direct marketing purposes which you do not want to be included in.
9.7 Your rights regarding automated decision making and profiling
Automated profiling and processing refers to computerised assessments of your data which don’t involve a human decision maker, your information can only be processed in this way based on the legal bases of Consent or contract.
10. Contacting us regarding your data
If you would like to know more about our data processes, how we hold or use your information, or if you would like to exercise any of your rights under Data Protection Legislation please contact us.