This Policy covers the data collected and processed by The National Association of Licensed Paralegals (NALP) who can be contacted at:
National Association of Licensed Paralegals
LG.02 Lincoln House,
1-3 Brixton Road,
Tel: 0207 112 8034
The GDPR relates to ‘personal data’ which covers any information which makes an individual (the Data Subject) identifiable.
Purpose of and Legal Basis for Processing Personal Data
NALP will only process personal data for the purposes of delivering the services contracted by our Centres, Learners and Members, unless we are provided with specific consent to process for other purposes, such as marketing, or for the purpose of complying with local laws or regulations. Personal data will never be processed without the knowledge and/or permission of the Data Subject.
In addition to acting as a self-regulatory body for its Members, NALP is also a Recognised Awarding Organisation under The Office for Qualifications and Examinations in England (Ofqual). Ofqual have been granted its powers by an Act of Parliament, meaning that the regulations they enforce are backed by UK Law. NALP therefore has a Legal Obligation to process certain Personal Data necessary to ensure compliance with those regulations. More information about the powers granted to Ofqual can be found at: https://www.gov.uk/government/organisations/ofqual/about
By using our services, including accessing our website and the forms, etc. therein, you give your agreement to our processing any personal data we may have as described in this policy.
Types of Personal Data Processed
Personal Data is any information which could potentially make an individual identifiable and can include, but may not be limited to, your name, address, date of birth, email address and IP address.
We collect data in a number of ways including, but not necessarily limited to:
Contact forms on our website completed and submitted by a Data Subject, whether in respect of our qualifications or our professional membership body
As part of a Contract for Services, i.e. names and contact information of individuals, including current and former Members of NALP or where the individuals are acting on behalf of an Approved Centre
Provided to us by Approved Centres in order that we can provide the regulated qualifications required by the Learners
Other forms of contact direct from Learners such as for replacement Certificates, complaints, enquiries and Appeals
Our contact forms make it clear that the information will be used for the purposes of the contact (e.g. to respond to a query) but also provide the option for consent to expand the processing of that data for marketing purposes. Similarly, any contract for services will set out what the personal data will be used for.
Personal Data provided to us by our Approved Centres or Members as part of our service provision will be processed only in accordance with the contract for services and no such data will be used for the benefit of NALP.
Our Website and Cookies
- Who manages our website?
Surveys and Live Chat via our Website
NALP uses two different tools embedded in our website to enable users to submit enquiries and ask questions in addition to the contact form mentioned above. These are:
Zendesk, based in San Francisco, California, U.S.A. which is used for our online chat facilities
Typeform, based in Barcelona, Spain, which is used for our surveys
The above companies have access to the data provided, but only for the purposes of administrating the online tools utilised.
Website usage information
If you want to opt out, download and install the add-on for your web browser. The Google Analytics opt-out add-on is designed to be compatible with Chrome, Internet Explorer 11, Safari, Firefox and Opera. In order to function, the opt-out add-on must be able to load and execute properly on your browser. For Internet Explorer, 3rd-party cookies must be enabled. Learn more about the opt-out and how to properly install the browser add-on here.
The type of website usage information that we collect during your visits to our site includes, for example, the date and time, pages viewed or searched for, publications ordered, guides printed, tools used, subscriptions and referrals made, some truncated postcode or telephone area code information entered on forms (which is not traceable back to you) and other information relating to your usage of our website.
Where you are a registered user of our website and have logged in, we may collect web usage information to enable us to build a demographic profile or to improve the services you have requested from us.
We may also use web usage information to create statistical data regarding the use of our website and we may then use or disclose that statistical data to others for marketing and strategic development purposes, however, no individual identities will or can be identified in such statistical data.
Cookies are small pieces of data given to your browser by a website which may be stored as text files in the cookie directory of your computer. Cookies are not programs and cannot collect information from your computer. They do not damage your computer and are defined as "a piece of text stored on a user's computer by their web browser. A cookie can be used for authentication, storing site preferences, shopping cart contents, the identifier for a server-based session, or anything else that can be accomplished through storing text data" (source: Wikipedia, 2011).
Each website may send cookie data to your browser which may save it if your browser's preferences allow it to do so. To protect your privacy your browser only returns a cookie to the website that sent you the cookie and does not send it to any other website. A website cannot access your cookie directory or information on your computer, instead relevant cookies are included by your browser within each request you make to the website. A website can only obtain cookie data that your browser sends to it.
You do not have to accept cookies and you can change the settings within your browser to accept all cookies, reject all cookies, reject cookies from certain websites, notify you if a site is requesting to set a cookie, and set various other options. Please see below in ‘4.4 Further information about cookies’ for more details on how you might do this.
Switching off cookies will still allow you to view the majority of content on our site, however, it may affect your logging in and accessing personalised information, plus it will stop us remembering your login User ID, if you ask us to do so, and may restrict your use of our interactive tools and of some services available through linked sites.
Further information about cookies
You then need to go to “Advanced”, then “Privacy and Security”, then “Content Settings” and “Cookies” and choose the most appropriate setting for yourself.
For further information about cookies, please refer to:
Third party content and linking to other websites
Information sharing and disclosure
Where you are a named individual of an Approved Centre or a Learner who has taken a regulated qualification, we may share your data with Ofqual as part of an audit or during an investigation, etc.
We do not transfer your personal data outside of the UK and the European Economic Area, with the exception of that collected via Zendesk which is based in the USA (see section 4.2 above). Regardless of where the information is held, however, it is all covered by the GDPR and all third party suppliers we use are subject to the principles and regulations therein.
Retention of Data
Personal Data will always be held for the minimum amount of time required. This will depend on a number of factors, such as the terms and length of a contract or a relevant law or regulation based on law. For instance:
Centre details – held for a minimum of 6 years after the Centre has ceased to be approved
Member details – held for a minimum of 6 years after membership has been cancelled/lapsed
Learner details – held indefinitely for the purposes of being able to provide confirmation of a qualification at any time in the future, as required under Ofqual regulation
If you have made an enquiry and have opted in to receiving marketing information, you will continue to receive such communications until you opt out. A reminder of your option to unsubscribe is provided with every communication issued. Once you have opted out, if you do not otherwise fall into the above categories, your data will be deleted 12 months from the date of the opt out.
Information gathered via contact forms is stored on the website for a maximum of 12 months before being deleted by the website hosts, Serif (see section 4.1 above) under their data retention policy.
Information gathered via the tools supplied by Zendesk are deleted after 40 days (see their policy at https://www.zendesk.co.uk/company/policies-procedures/data-deletion-policy/)
Electronic Personal Data is encrypted and held in a secure manner on physical and cloud-based services. The encryption used meets all current requirements for encrypted services and is updated regularly to ensure that it remains fit for purpose. Electronic data is deleted following a secure process to ensure there is no lapse in security at the point of deletion.
Paper based Personal Data is held in secure, fire-proof, locked cabinets. It is destroyed under contract with a secure data destruction company.
Under current legislation, Data Subjects have the following rights:
To be informed – This policy is one of ways in which NALP informs you how and why we process your data
Of Access – All Data Subjects have the right to quest access to all of the data we hold on them. Any Data Subject requests received will be reviewed and responded to within one calendar month of receipt of the request. Most requests will be fulfilled free of charge, however, NALP reserve the right to charge a reasonable administration fee for any requests deemed to be excessive, unfounded or repetitive.
Of rectification – Should you find that any data we hold about you is incorrect, you can ask us to correct it and we will investigate and respond within one calendar month of receipt of the request.
Of Erasure – You can ask for your Personal Data to be erased permanently. All such requests will be responded to within one calendar month of the receipt of a request. Please note that, whilst we will always endeavour to fulfil requests, there may be some instances were this is not possible due to legal or regulatory reasons. We will always provide a full explanation in any such instances.
To restrict processing – If you do not wish for your data to be erased, you may ask for it to be restricted so that we continue to hold it but not process it or use it in any way – we would essentially ‘archive’ your data. This is only applicable in certain circumstances, however we will look at all requests and respond within one calendar month of the receipt of a request.
To data portability – All electronically held data can be transferred to another company in a structured, commonly used and machine readable format on request. Please note that this will only include the data you have provided to us and not any ancillary data produced as a result of the services we have created during the provision of our services or where that data includes information regarding a third party. All requests for moving data will be responded to within one calendar month of a request being received.
To Object – You can object to our processing data for the purposes of marketing, scientific/ historical research and statistics, or legitimate interests or in the performing of a task in the public interest /exercise of official authority (including profiling). All such requests shall be responded to within one calendar month
Rights related to automated decision making, including profiling – The GDPR sets out specific rights in relation to automated decision making. Please note that NALP does not use any form of automated decision making system whilst processing your data.
To complain – You have the right to raise a complaint regarding the processing of your data or our response to a request under the above rights. As part of this, you also have the right to escalate your complaint to a supervisory authority. In respect of data handling, you have the right to escalate your complaint to the Information Commissioners Office (ICO). Please go to https://ico.org.uk/for-the-public/raising-concerns/ for full details.
Data Subjects have the right to withdraw their consent to our processing their data at any time.
In respect of any of the rights indicated above, if you would like to make a request, require further information, or have a complaint regarding our processing of your data please contact us at:
Address: National Association of Licensed Paralegals
LG.02 Lincoln House,
1-3 Brixton Road,
Telephone: 0207 112 8034
Changes to this policy