Last Updated: Jan 2020
Your personal data will be held by us in accordance with the data protection laws of the United Kingdom. For the purposes of data protection laws in the United Kingdom, the controller is The AIRE Centre.
When you visit our website, we may collect the following information from you directly and/or automatically:
We use your personal data for the following non-exhaustive list of purposes:
We may share your personal data with the following categories of recipients:
We may disclose your personal data:
We may disclose your personal data to third party service providers who require access to such information for the purpose of providing specific services to us. These third parties will generally only be able to access your data in order to provide us with their services and will not be able to use it for their own purposes.
We may disclose your personal data to professional advisors (such as legal advisors and accountants) or auditors for the purpose of providing professional services to us.
In the event that we sell or buy any business assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
If AIRE or substantially all of its assets are acquired by a third party, personal data held by us about our clients will be one of the transferred assets.
You have various rights in relation to the data which we hold about you. We have described these below.
To get in touch with us about any of these rights, please contact us at:
Address: Attn: Business & Finance Manager, The AIRE Centre, Room 505, Institute of Advanced Legal Studies, Charles Clore House, 17 Russell Square, London WC1B 5DR
Telephone: +44 20 7831 4276
Email: [email protected]
We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
The General Data Protection Regulation (“GDPR”) gives you the following rights in relation to your personal data:
Right to object
This right enables you to object to us processing your personal data where we do so for one of the following reasons:
Data Subject Access Requests
You may ask us for a copy of the information we hold about you at any time, and request us to modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this unless permitted by law. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
Right to erasure
You have the right to request that we "erase" your personal data in certain circumstances. Normally, this right exists where:
We would only be entitled to refuse to comply with your request for erasure in limited circumstances and we will always tell you our reason for doing so.
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.
Right to restrict processing
You have the right to request that we restrict our processing of your personal data in certain circumstances, for example, if you dispute the accuracy of the personal data that we hold about you or you object to our processing of your personal data for our legitimate interests. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
Right to rectification
You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
Right of data portability
If you wish, you have the right to transfer your personal data between service providers. In effect, this means that you are able to transfer the details we hold on you to another third party. To allow you to do so, we will provide you with your data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the data for you.
Right to complain
You have the right to lodge a complaint with our regulator, who is the Information Commissioner's Office in the UK. You can contact them in the following ways:
Cookies are small data files sent by a website to your computer that are stored on your hard drive when you visit certain online pages of our website.
We will take all reasonable precautions necessary to protect your personal data from misuse, interference and loss; and unauthorised access, modification or disclosure.
This includes, for example, the protection of passwords using industry standard encryption, measures to preserve system security and prevent unauthorised access and back-up systems to prevent accidental or malicious loss of data. We may use third party data storage providers to store personal data electronically. We take reasonable steps to ensure this information is held as securely as information stored on our own equipment.
Unfortunately, there is always risk involved in sending information through any channel over the internet. You send information over the internet entirely at your own risk. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet and we do not warrant the security of any information, including personal data, which you transmit to us over the internet.
The data that we collect from you may be transferred to, and stored at, destinations both within and outside the European Economic Area (EEA). As discussed above, we may disclose your personal data to our service providers, who may be located outside the EEA.
We want to make sure that your personal data is stored and transferred in a way which is secure. We will therefore only transfer data outside of the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data. For example, this could be:
We will not keep your personal data for longer than is necessary for the purposes for which we have collected it, unless we believe that the law or other regulation requires us to keep it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements.
In general, we will retain your personal data for as long as we provide services to you and, following that period, we will only retain your personal data for as long as is reasonably necessary in the circumstances.
When it is no longer necessary to retain your personal data, we will delete the personal data that we hold about you from our systems. While we will endeavour to permanently erase your personal data once it reaches the end of its retention period, some of your personal data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.
There are a number of different ways that we are lawfully able to process your personal data. We have set these out below.
Where using your data is in our legitimate interests
We are allowed to use your personal data where it is in our interests to do so, and those interests aren't outweighed by any potential prejudice to you.
We believe that our use of your personal data is within a number of our legitimate interests, including but not limited to:
Where you give us your consent to use your personal data
We are allowed to use your data where you have specifically consented. In order for your consent to be valid:
As part of our relationship with you, we may ask you for specific consents to allow us to use your data in certain ways. If we require your consent, we will provide you with sufficient information so that you can decide whether or not you wish to consent.
You have the right to withdraw your consent at any time. We have set out details regarding how you can go about this in section 5 above.
Where processing is necessary for us to carry out our legal obligations
As well as our obligations to you under any contract, we also have other legal obligations that we need to comply with and we are allowed to use your personal data when we need to in order to comply with those other legal obligations.
Your data may also be available to our website provider to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us. In the case of this activity the following will apply: