Law Centre NI is registered with the Information Commissioner’s Office and all personal data we hold is held in accordance with EU General Data Protection Regulation (GDPR). In compliance with GDPR, personal data may only be held and processed where there is a lawful basis for doing so. The lawful basis adopted by Law Centre NI will vary depending on the purpose for which you access our services. We are committed to protecting the privacy and personal data of all those we engage with in the course of our work.
Law Centre NI offers a range of services including providing legal advice and representation, a telephone advice line, training, information and communication, membership, employment and volunteer placements.
What type of data do we hold?
In order for Law Centre NI to carry out the various works within each of our services we are required to collect and process certain personal data that may include but is not limited to:
- Full name
- Address, post code, phone number and email
- National Insurance number
- Employment history
- Monitoring information including: gender; race; ethnicity; religion; age; sexual orientation; trade union membership; criminal convictions (this will apply to recruitment only)
- Bank details
- Medical records
- Healthcare professional records
- Welfare benefit details
Consent may be gained through verbal consent on our telephone advice line or written consent where we are acting on your behalf in court proceedings or representing you at tribunals. Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate over-riding reason to continue processing your personal data. We will inform you if this is the situation.
How do we use your data?
Where you access our services in order to seek legal advice and assistance, we may be required to record details as stated above. In addition we may also need to collect information for the purpose of equality monitoring from those accessing our services. This is known as ‘special category’ data and where it is collected we will always ask for your consent. This monitoring information is kept securely and confidentially and only ever used for statistical and monitoring purposes. When we disclose it we do so anonymously. We never disclose information about your case or you personally.
We may use your data for the purposes of providing you with legal advice, assistance and where appropriate, representation and for reasons directly associated with those services (e.g. providing information to the Legal Services Agency or quality auditors). Where we represent you in court and tribunal proceedings we will use your data, where required for the purposes of these proceedings. The data we collect will only be collected where it is necessary and deemed to be in the legitimate interest of enabling us to progress with your case.
Our advice and legal assistance services, which are free at the point of access, are funded through government departments, statutory bodies and philanthropic organisations. Some of the organisations that fund our services ask us to report to them on how we have used their money. As part of our funding and auditing requirements we may also provide your name and contact details to third parties for the purposes of auditing the quality of our legal services. We will only do so with your consent. This information will only be used for auditing the effectiveness of our legal services.
Law Centre NI is a membership organisation. Data collected for the purposes of availing of our membership will be done so through an application form. We will update this data through the annual renewal process, but if you are a member and your details change we would be grateful if you could let us know.
The data held for membership purposes will be held on the basis of legitimate interest. The data collected (name, address, email, phone number, and organisation) will be processed for the purpose of maintaining your membership. This may include issuing you with updates on the work we are carrying out and to notify you of events or training. We may also contact you in relation to other Law Centre NI activities which we feel you may benefit from as a member. Your data is stored on our internal database and details will not be shared with any third parties.
Where you access our services to attend training we will store the following details: name, address, postcode, telephone, email, invoicing details. These details will be held for the purpose of entering into a contract of service with you to provide training. Where your course is an accredited course we are required to share some of your information with the awarding organisation. This is currently Open College Network Northern Ireland (OCN NI). If your course is being funded by your employer we will also retain details in order to invoice and follow-up once the training is completed.
As a user of our service we may also use this information on a legitimate interest basis to contact you about any future training and events which may be of interest to you.
Information and communications
Where you have subscribed to our newsletters via our website we will store your contact details including your name and email address. This data will be given through a web form and will require your consent. This data will only be used for the purposes of contacting you with newsletters or upcoming training/event bulletins containing updates and other information that may be of interest to you in the context of the work of Law Centre NI. We use a third party service to distribute our e-newsletters – MailChimp.
You may opt out of receiving any, or all, of these communications from us by emailing firstname.lastname@example.org
Information we collect for the recruitment process will be from your application form. The information provided will be used for the purpose of recruitment only. We will never share any of your data with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us. We will use the details you provide to contact you to progress your application and including, where appropriate, Access NI applications. We will use the other information you provide to assess your suitability for the position you have applied for. Where we seek references for your appointment to a post we will seek your consent.
Article 52 of the Fair Employment and Treatment (Northern Ireland) Order 1998 requires registered employers to prepare for each year and serve on the Equality Commission a monitoring return which contains such information about employees of the employer and those applying for employment in the concern as may be prescribed in the Regulations.
The Fair Employment (Monitoring) Regulations (Northern Ireland) 1999 set out in Schedule 1 the prescribed information. Regulation 17 obliges an employer to keep written information relating to monitoring for a period of 3 years after an employee leaves employment. Regulation 18 relates to applicant monitoring information and obliges the employer to retain that information for a period of 3 years after the application is made.
As an employer Law Centre NI must adhere to this lawful basis for its processing of special category information.
How do we store your data?
The various data we store will be held electronically on our own internal servers and may also be held in hard copy. Where data is held in hard copy it will be stored in secure filing systems and no unauthorised personnel will have access to them. Electronic data will be stored in password protected databases on our internal servers. The casework management system we use to store client details is Advice Pro. This is a protected online portal. This data is stored securely in the UK within a robust, secure operations centre compliant with Information Security Code of Practice ISO27001.
How do we protect your data?
We take protecting your data very seriously. The data you give us may be subject to legal professional privilege and is often extremely sensitive and confidential.
With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it. We have clear data protection and information security policies and procedures in place (along with regulatory and other legal obligations to keep your data safe) and these are regularly assessed as part of our quality standards and compliance processes.
We take all necessary measures to protect our IT system to safeguard against potential cyber threats.
How long will we keep your data?
We only keep your data for as long as is necessary for the purpose(s) for which it was provided. For the purposes of providing legal services this is for 6 years after your case or matter ends unless you are a minor in such instances we may keep your data for 6 years after you reach the age of 18. This is because we are required to keep client files for that period by our Regulator and / or by the Law Society of Northern Ireland.
For our training services we will hold data for a period of 3 years after the date of training in accordance with awarding body requirements.
Any data we hold in order to process financial information will be retained for 7 years in accordance with auditing requirements.
All data will be securely deleted/destroyed when we are no longer required to retain it.
Who do we share your personal data with?
We sometimes share your personal data with trusted third parties. We only do this where it is necessary for providing you legal services or for the effective operation of our organisation.
For example, we may share your data with barristers, experts, conciliators, health care professionals, translators, or costs drawing service.
This data will only be shared where there is a legitimate interest to do so. If we do share your information with any of these trusted parties we will do so with your consent and always require that your data and privacy are protected.
We also outsource some of the activities of our organisation which includes IT support, auditors, Access NI Registered Body and data storage. Where we engage the services of other organisations we will always ensure that:
- We provide only the information they need to perform their specific services;
- They use your data for the exact purposes we specify in our contract with them;
- We work closely with them to ensure that your privacy is respected and protected at all times;
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
In respect of Access NI, information is held only for the purpose of decision-making and then securely disposed.
Where is your data processed?
Your data is stored and processed within the European Economic Area (EEA). The EEA includes all EU member countries as well as Iceland, Liechtenstein and Norway. If we ever have to share your personal data with third parties and suppliers outside the EEA we will seek your specific consent to do so.
What are your rights?
You have the right to request:
- Access to the personal data we hold about you;
- The correction of your personal data when incorrect, out of date or incomplete;
- The deletion of your personal data, for example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end; and
- That we stop any consent-based processing of your personal data after you withdraw that consent.
You have the right to request a copy of any of the information that we hold about you at any time.
To request a copy of your information, please contact Director of Law Centre NI, Middleton Building, 10-12 High Street, Belfast, BT1 2BA or telephone 028 9024 4401. Requests will be dealt with within 30 days. If we choose not to action your request, we will explain to you the reasons for our refusal.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1114, or go online to www.ico.org.uk/concerns