Privacy policy

Last Updated: 14 April 2023

We believe that you have the right to privacy on the web and we are committed to safeguarding the privacy of our website visitors. This Privacy Policy (“Privacy Policy”) describes the personal data that The Chancery Lane Project, a not-for-profit project operated on a pro-bono basis (“TCLP”, “our”, “us” or “we”) collects about you. Our ICO registration number is ZA209582 and our project grants and funds are managed through the Centre For Innovation in Voluntary Action. For more information about TCLP, please see our Terms of Use.

TCLP is responsible for how and why your personal data is collected and used. Therefore, for the purposes of the “UK GDPR” (i.e., the General Data Protection Regulation 2016/679 as it forms part of UK law), TCLP is the ‘controller’ of your personal data. 

Please note that this website is not intended for children and we do not knowingly collect data related to anyone under 18 years of age.

What personal data does TCLP collect about you?

Personal data is any information about an individual which can be used to identify that person, whether directly or indirectly. 

We may collect and process the following personal data about you when you fill-in the forms on our website or correspond with us by e-mail, participate in our events and online calls or otherwise engage with us in-person or online (including via social media):

  • Contact data, including your first and last name, email address and your Slack username if you provide this to us.
  • Profile data, including your interests, ideas, comments, past event experience, your drafting and related research, relevant information about your professional work such as job title, practice area, locations, organisation, and use of our clauses, names of other team members you are linked with, any children’s names you use in naming your clause(s), your pledges and photos or screenshots of you attending in-person and virtual TCLP events.
  • Communications data, including information that we exchange with you when you contact us with questions or feedback, and regarding your connection to TCLP and your communication preferences.
  • Marketing data, including your preferences for receiving our marketing communications and details about your engagement with them.
  • Automatically collected data that we log about you, your computer or mobile device, when you visit our website, including your interaction over time with the website and other online activity. We do this through cookies and other similar technologies. Please see our cookies policy for further information.
  • Third-party integration data that you have shared via third-party applications such as Slack, Twitter and LinkedIn. 
  • Publicly available data about you.
  • Other data that you provide when you contact us or report a problem with our site.

It is important that the personal data we hold about you is accurate and up-to-date. Please keep us informed if your personal data changes during your relationship with us.

Why does TCLP use your personal data and what is our legal basis for doing so?

We use your personal data for the purposes listed below. In respect of each of the purposes for which we use your personal data, the UK GDPR requires us to ensure that we have a “legal basis” for that use. We rely on the following legal bases:

  • Compliance with Law: where we need to comply with a legal or regulatory obligation.
  • Consent: where we have your specific consent to carry out the processing for the purpose in question.
  • Contractual Necessity: where we need to perform a contract which we are about to enter into or have entered into with you.
  • Legitimate Interests: where it is necessary for our legitimate interests and your interests / fundamental rights do not override those legitimate interests.

We use your personal data for the purposes listed in the table below.

Processing purpose Personal data involved Legal basis for each purpose
To register your interest in our project and events
  • Contact data
  • Communications data
  • Legitimate Interest in registering individuals for our projects and events
To respond to your enquiries and provide information that you request from us
  • Contact data
  • Profile data
  • Communications data
  • Other data
  • Legitimate Interest in communicating with you about your enquiries
  • Contractual Necessity, e.g. where we need to respond about fulfilment of a contractual obligation
To administer, coordinate and promote our project and events, including via email updates and marketing communications
  • Contact data
  • Profile data
  • Communications data
  • Marketing data
  • Other data
  • Legitimate Interest in managing and promoting the use of climate-aligned clauses in legal contracts through our projects and events.
  • Consent
To thank you for your and your organisation’s participation in our project and/or events on social media
  • Contact data
  • Communications data
  • Legitimate Interest in communicating with you publicly about your participation so as to build relationships with our participants and generate further engagement with the project
To evaluate different levels of participation, agency and impact and analyse how to improve in these respects
  • Profile data
  • Marketing data
  • Automatically collected data
  • Other data
  • Legitimate Interest in improving engagement with our projects and events in order to increase the use of climate-aligned clauses in legal contracts
  • Consent
To manage our relationships with stakeholders and partner organisations
  • Contact data
  • Profile data
  • Communications data
  • Marketing data
  • Other data
  • Legitimate Interest in furthering our projects and events through stakeholder and partner-relationship management
  • Contractual Necessity
  • Consent
To improve our services and our site
  • Profile data
  • Automatically collected data
  • Other data
  • Legitimate Interest in optimising our services and site in order to further our projects and events
  • Consent
To conduct due diligence on potential partners, participants and stakeholders
  • Contact data
  • Publicly available data
  • Compliance with Law

We may be obliged to fulfil certain authorities’ requests and to conduct due diligence in order to comply with our anti-money-laundering obligations, in which case we will let individuals know by sharing this Privacy Policy

To comply with legal obligations and protect our interests
  • Any and all data types relevant in the circumstances
  • Compliance with Law

Note: where Compliance with Law is not applicable, we have a Legitimate Interest in participating in, supporting, and following legal process and requests, including through cooperation with authorities

Special categories of data

We ask that you not provide us with any sensitive personal data (e.g. information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometric or genetic characteristics, criminal background or trade union membership). If you provide us with any sensitive personal data, you must consent to our processing and use of such sensitive personal data in accordance with this Privacy Policy. If you do not consent to our processing and use of your sensitive personal data, you must not submit it to us.

Who do we share your personal data with?

We may share your personal data:

  • with third-party service providers (see below);
  • in order to comply with regulatory and/or legal requirements; 
  • in order to take legal action; and/or
  • otherwise with your consent.

International data transfers

We use cloud-based systems such as Slack, Gmail, Google Drive, Mailchimp, Orbit, Survey Monkey, Airtable and WordPress to deliver our project, as well as Twitter and LinkedIn. Their operations are based outside of the UK, so it is necessary for us to transfer your data outside of the UK from time to time (including by transferring your personal data to further recipients in the U.S.). Whenever we do this, we will make sure that we implement a data transfer mechanism to appropriately safeguard your personal data. 

How do we keep your personal data secure?

We have chosen to use suppliers who have put in place suitable technical and organisational procedures to safeguard and secure the information we collect online.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data online.

How long will we keep your personal data for?

We will retain your personal data for as long as is necessary or permitted in view of the purposes for which it was collected, as described in this Privacy Policy. The criteria used to establish our retention periods include but are not limited to: (i) the duration of our project; (ii) the purposes for which we have collected the data; (iii) the potential risk of harm from unauthorised use or disclosure of your personal data; (iv) whether there is a legal obligation to which we are subject; and (v) whether retention is advisable based on our legal position (for example, applicable statutes of limitations, litigation or regulatory investigations).

What rights do you have in relation to your personal data?

The UK GDPR gives you certain rights regarding your personal data in certain circumstances. These may include:

  • The right to request access to your personal data. This is commonly known as a ‘subject access request’.
  • The right to request correction of your personal data.
  • The right to request erasure of your personal data. This is commonly known as ‘the right to be forgotten’.
  • The right to object to the use of your personal data.
  • The right to request restriction of use of your personal data.
  • The right to request transfer of your personal data.
  • The right to opt-out of direct marketing communications. You may continue to receive service-related and other non-marketing emails.
  • The right to withdraw consent, where consent is being relied upon to use your personal data.

To exercise your rights, please contact us. Please be aware that we may need to request specific information from you to help us confirm your identity and establish your right to exercise such rights. This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request in order to speed up our response.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.


If we cannot adequately resolve any of your concerns regarding our processing of your personal data, you may also submit a complaint to the UK Information Commissioner’s Office ( 


If you have any questions about this Privacy Policy or our treatment of your personal data, please contact us at

We may update this Privacy Policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes. We may also notify you of changes to our Privacy Policy by email.