DATA PROTECTION PRIVACY NOTICE 

The APL is committed to protecting the privacy and security of the personal information of APL members, subscribers, event attendees, applicants for membership and speakers.

The Association is a data controller under the General Data Protection Regulation (GDPR). This means that we are responsible for deciding how we collect, hold, use and protect your personal information and we are required to give you certain information about how and why we do this.

This privacy notice describes how we collect, hold, use and protect personal information that relates to you both during and after the time when you are a member or applicant for membership of the Association, or subscribe to our mailing list or attend an APL event. We may update this notice from time to time.

In this notice, the terms “APL” or the “Association” refer to the Association of Pensions Lawyers, Pensions Lawyers Services Limited and the Committees of the APL.

1. Personal information we may collect about you

Personal information means, broadly, information that identifies (or that could, with other information that we hold or are likely to hold, identify) a living individual.

We may hold any or all of the following personal information about you.

  • personal details such as your name, gender, age, date of birth, email address, postal address, telephone or mobile number;
  • employment details and other information you give to us on your membership application form;
  • information such as dietary or access requirements given to us in connection with events you may attend.

If we hold information about you which is known as ‘special category’ data, this requires a higher level of protection and we will take appropriate steps to get your consent to our collection and use of this information.

We collect your personal information when you apply to join the Association, join our mailing list or attend or speak at one of our events.

It is important that the personal information we hold about you is accurate and up-to-date. Please let us know if your personal information changes.

2. What we may use your personal information for

We may use your personal information for the following purposes:

  • to administer membership of the Association;
  • to run events hosted by the Association and/or jointly with other organisations;
  • to communicate with you about the Association’s activities;


complying with any present or future law, rule, regulation, guidance or directive, and complying with any industry or professional rules and regulations or any applicable voluntary codes.

We use your personal information in the ways described above for one or more of the following reasons:

(a) we need to comply with a legal obligation to which we are subject; and/or

(b) it is necessary in our legitimate interests (or those of a third party) to do so, and your interests and fundamental rights do not override those interests.

We will only use your personal information for the purposes for which we collected it, unless we reasonably need to use it for a different reason that is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will explain the legal basis which allows us to do so.

3. Keeping your personal information safe

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also have procedures in place to deal with any suspected data security breach, should one arise.

Transfers of your personal information

We may transfer, store, or process your personal information at a destination outside the European Economic Area (EEA). Where the countries to which your personal information is transferred may not offer an equivalent level of protection for personal information to the laws of the UK, we will take reasonable steps to ensure that your personal information is treated securely and in accordance with this notice. This may include entering into data transfer agreements based on the model clauses approved by the European Commission, to ensure that third parties to whom we transfer personal information in those countries commit to ensuring an adequate level of protection for your personal information.

4. Sharing your personal information

We may share or disclose your personal information to any of the following recipients:

  • the Association’s service providers;
  • other organisations with whom the APL may organise events;
  • hotels and conference suppliers in connection with the APL conferences; and
  • other third parties as required by law – for example, local or foreign regulators, governments and law enforcement authorities; local and foreign courts, tribunals and arbitrators or other judicial committees.

If we share your personal information in this way, we require the transferee to implement appropriate security measures to protect your personal information and to treat it in accordance with the law. Except where the transferee is a data controller in its own right, we only permit the transferee to process your personal information in accordance with our instructions.

5. How long do we retain your personal information?

We will hold your personal information on our systems for as long as necessary to fulfil the purposes for which we collected it. This means that we hold your information while you are a member (or an applicant), subscriber or event attendee and afterwards. We will review how long we hold your information for at periodic intervals and consider whether some of the data we hold is no longer needed and can be destroyed.

6. Your rights regarding the personal information you provide to us

You have the right, in accordance with the law:

  • to withdraw your consent to the processing of your personal information, to the extent it is processed on the basis of your consent;
  • to request a copy of the personal information we hold about you, and to request information regarding the processing of your personal information (this is known as a ‘data subject access request’);
  • to request the correction, completion and/or deletion of your personal information, or to request the restriction of processing of your personal information;
  • in relation to personal information processed on the grounds of the legitimate interest of the Trustee or a third party, to object to the processing of your personal information;
  • to complain to your local data protection authority, or to a court of law, if your data protection rights are violated. You may be entitled to claim compensation as a result of unlawful processing of your personal information.

If you would like to exercise any of the rights described above, please contact the APL Secretary.

7. What if you do not provide us with your personal information?

We may not be able to perform actions necessary to achieve the purposes set out above and you may not be able to make use of the services offered by us.

8. Changes to our data protection arrangements

From time to time, we may update this privacy notice and the data protection arrangements described above. If we make any substantial changes, we will provide you with a new version of this notice.

9. How to contact us

If you have any questions, comments or requests about this privacy notice, please contact membership@apl.org.uk.