Last Updated: 14 April 2023
TCLP is responsible for how and why your personal data is collected and used. Therefore, for the purposes of the “UK GDPR” (i.e., the General Data Protection Regulation 2016/679 as it forms part of UK law), TCLP is the ‘controller’ of your personal data.
Please note that this website is not intended for children and we do not knowingly collect data related to anyone under 18 years of age.
What personal data does TCLP collect about you?
Personal data is any information about an individual which can be used to identify that person, whether directly or indirectly.
We may collect and process the following personal data about you when you fill-in the forms on our website or correspond with us by e-mail, participate in our events and online calls or otherwise engage with us in-person or online (including via social media):
- Contact data, including your first and last name, email address and your Slack username if you provide this to us.
- Profile data, including your interests, ideas, comments, past event experience, your drafting and related research, relevant information about your professional work such as job title, practice area, locations, organisation, and use of our clauses, names of other team members you are linked with, any children’s names you use in naming your clause(s), your pledges and photos or screenshots of you attending in-person and virtual TCLP events.
- Communications data, including information that we exchange with you when you contact us with questions or feedback, and regarding your connection to TCLP and your communication preferences.
- Marketing data, including your preferences for receiving our marketing communications and details about your engagement with them.
- Automatically collected data that we log about you, your computer or mobile device, when you visit our website, including your interaction over time with the website and other online activity. We do this through cookies and other similar technologies. Please see our cookies policy for further information.
- Third-party integration data that you have shared via third-party applications such as Slack, Twitter and LinkedIn.
- Publicly available data about you.
- Other data that you provide when you contact us or report a problem with our site.
It is important that the personal data we hold about you is accurate and up-to-date. Please keep us informed if your personal data changes during your relationship with us.
Why does TCLP use your personal data and what is our legal basis for doing so?
We use your personal data for the purposes listed below. In respect of each of the purposes for which we use your personal data, the UK GDPR requires us to ensure that we have a “legal basis” for that use. We rely on the following legal bases:
- Compliance with Law: where we need to comply with a legal or regulatory obligation.
- Consent: where we have your specific consent to carry out the processing for the purpose in question.
- Contractual Necessity: where we need to perform a contract which we are about to enter into or have entered into with you.
- Legitimate Interests: where it is necessary for our legitimate interests and your interests / fundamental rights do not override those legitimate interests.
We use your personal data for the purposes listed in the table below.
|Processing purpose||Personal data involved||Legal basis for each purpose|
|To register your interest in our project and events||
|To respond to your enquiries and provide information that you request from us||
|To administer, coordinate and promote our project and events, including via email updates and marketing communications||
|To thank you for your and your organisation’s participation in our project and/or events on social media||
|To evaluate different levels of participation, agency and impact and analyse how to improve in these respects||
|To manage our relationships with stakeholders and partner organisations||
|To improve our services and our site||
|To conduct due diligence on potential partners, participants and stakeholders||
|To comply with legal obligations and protect our interests||
Note: where Compliance with Law is not applicable, we have a Legitimate Interest in participating in, supporting, and following legal process and requests, including through cooperation with authorities
Special categories of data
Who do we share your personal data with?
We may share your personal data:
- with third-party service providers (see below);
- in order to comply with regulatory and/or legal requirements;
- in order to take legal action; and/or
- otherwise with your consent.
International data transfers
We use cloud-based systems such as Slack, Gmail, Google Drive, Mailchimp, Orbit, Survey Monkey, Airtable and WordPress to deliver our project, as well as Twitter and LinkedIn. Their operations are based outside of the UK, so it is necessary for us to transfer your data outside of the UK from time to time (including by transferring your personal data to further recipients in the U.S.). Whenever we do this, we will make sure that we implement a data transfer mechanism to appropriately safeguard your personal data.
How do we keep your personal data secure?
We have chosen to use suppliers who have put in place suitable technical and organisational procedures to safeguard and secure the information we collect online.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data online.
How long will we keep your personal data for?
What rights do you have in relation to your personal data?
The UK GDPR gives you certain rights regarding your personal data in certain circumstances. These may include:
- The right to request access to your personal data. This is commonly known as a ‘subject access request’.
- The right to request correction of your personal data.
- The right to request erasure of your personal data. This is commonly known as ‘the right to be forgotten’.
- The right to object to the use of your personal data.
- The right to request restriction of use of your personal data.
- The right to request transfer of your personal data.
- The right to opt-out of direct marketing communications. You may continue to receive service-related and other non-marketing emails.
- The right to withdraw consent, where consent is being relied upon to use your personal data.
To exercise your rights, please contact us. Please be aware that we may need to request specific information from you to help us confirm your identity and establish your right to exercise such rights. This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request in order to speed up our response.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
If we cannot adequately resolve any of your concerns regarding our processing of your personal data, you may also submit a complaint to the UK Information Commissioner’s Office (https://ico.org.uk/make-a-complaint).