DATA PROTECTION PRIVACY NOTICE
The APL is committed to protecting the privacy and security of the personal information of APL members, subscribers, event attendees, applicants for membership and speakers.
The Association is a data controller under the General Data Protection Regulation (GDPR). This means that we are responsible for deciding how we collect, hold, use and protect your personal information and we are required to give you certain information about how and why we do this.
This privacy notice describes how we collect, hold, use and protect personal information that relates to you both during and after the time when you are a member or applicant for membership of the Association, or subscribe to our mailing list or attend an APL event. We may update this notice from time to time.
In this notice, the terms “APL” or the “Association” refer to the Association of Pensions Lawyers, Pensions Lawyers Services Limited and the Committees of the APL.
1. Personal information we may collect about you
Personal information means, broadly, information that identifies (or that could, with other information that we hold or are likely to hold, identify) a living individual.
We may hold any or all of the following personal information about you.
If we hold information about you which is known as ‘special category’ data, this requires a higher level of protection and we will take appropriate steps to get your consent to our collection and use of this information.
We collect your personal information when you apply to join the Association, join our mailing list or attend or speak at one of our events.
It is important that the personal information we hold about you is accurate and up-to-date. Please let us know if your personal information changes.
2. What we may use your personal information for
We may use your personal information for the following purposes:
complying with any present or future law, rule, regulation, guidance or directive, and complying with any industry or professional rules and regulations or any applicable voluntary codes.
We use your personal information in the ways described above for one or more of the following reasons:
(a) we need to comply with a legal obligation to which we are subject; and/or
(b) it is necessary in our legitimate interests (or those of a third party) to do so, and your interests and fundamental rights do not override those interests.
We will only use your personal information for the purposes for which we collected it, unless we reasonably need to use it for a different reason that is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will explain the legal basis which allows us to do so.
3. Keeping your personal information safe
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also have procedures in place to deal with any suspected data security breach, should one arise.
Transfers of your personal information
We may transfer, store, or process your personal information at a destination outside the European Economic Area (EEA). Where the countries to which your personal information is transferred may not offer an equivalent level of protection for personal information to the laws of the UK, we will take reasonable steps to ensure that your personal information is treated securely and in accordance with this notice. This may include entering into data transfer agreements based on the model clauses approved by the European Commission, to ensure that third parties to whom we transfer personal information in those countries commit to ensuring an adequate level of protection for your personal information.
4. Sharing your personal information
We may share or disclose your personal information to any of the following recipients:
If we share your personal information in this way, we require the transferee to implement appropriate security measures to protect your personal information and to treat it in accordance with the law. Except where the transferee is a data controller in its own right, we only permit the transferee to process your personal information in accordance with our instructions.
5. How long do we retain your personal information?
We will hold your personal information on our systems for as long as necessary to fulfil the purposes for which we collected it. This means that we hold your information while you are a member (or an applicant), subscriber or event attendee and afterwards. We will review how long we hold your information for at periodic intervals and consider whether some of the data we hold is no longer needed and can be destroyed.
6. Your rights regarding the personal information you provide to us
You have the right, in accordance with the law:
If you would like to exercise any of the rights described above, please contact the APL Secretary.
7. What if you do not provide us with your personal information?
We may not be able to perform actions necessary to achieve the purposes set out above and you may not be able to make use of the services offered by us.
8. Changes to our data protection arrangements
From time to time, we may update this privacy notice and the data protection arrangements described above. If we make any substantial changes, we will provide you with a new version of this notice.
9. How to contact us
If you have any questions, comments or requests about this privacy notice, please contact firstname.lastname@example.org.