Privacy Policy

1. Introduction

LegalCPD is a continuing professional development accreditation body operating in England and Wales. This privacy policy explains how personal data is collected, used, stored, and protected in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to all individuals whose personal data is processed by LegalCPD, including applicants for accreditation, providers of accredited training, participants in accredited activities, and visitors to the LegalCPD website. By engaging with LegalCPD services, individuals acknowledge that their personal data will be processed in accordance with the terms set out in this policy.

2. Data Collected

LegalCPD collects personal data that is necessary for the operation of its accreditation functions. This includes contact details (name, email address, postal address, and telephone number) provided through accreditation enquiries and applications, organisational information from training providers seeking accreditation, and professional details relevant to the assessment of CPD activities.

Website usage data is collected automatically through server logs, including IP addresses, browser type, and pages accessed. This technical data is used for system administration and to improve website functionality. Feedback data may also be collected from participants in accredited activities for quality assurance purposes, where consent has been obtained by the accredited provider in accordance with its own privacy obligations.

3. How Data Is Used

Personal data collected by LegalCPD is used solely for purposes related to the accreditation of continuing professional development activities. This includes processing accreditation applications, assessing the quality and suitability of proposed training activities, communicating accreditation decisions and guidance, maintaining records of accredited activities, and responding to enquiries about the accreditation process.

Data may also be used for quality assurance purposes, including the review of accredited activities to ensure ongoing compliance with LegalCPD standards, and for the improvement of accreditation processes and services. Aggregated and anonymised data may be used for statistical analysis and reporting. Personal data is not used for marketing purposes, and individuals will not receive unsolicited promotional communications from LegalCPD.

4. Legal Basis for Processing

The legal basis for processing personal data varies depending on the nature of the processing activity. LegalCPD relies on legitimate interests as the primary legal basis for processing data in connection with accreditation operations. The legitimate interest pursued is the provision of independent, impartial accreditation services that support professional development and maintain standards within the legal sector. This interest is balanced against the rights and freedoms of individuals, and appropriate safeguards are in place to protect personal data.

Where an accreditation relationship has been established, processing may also be necessary for the performance of a contract, specifically the terms of accreditation agreed between LegalCPD and the accredited provider. In certain circumstances, consent may be sought as the legal basis for processing, particularly where data is to be used for purposes beyond those strictly necessary for accreditation. Where consent is relied upon, it may be withdrawn at any time by contacting LegalCPD.

5. Data Sharing

LegalCPD does not sell personal data to third parties, nor does it share data with third parties for marketing purposes. Personal data is treated as confidential and is disclosed only where necessary for the proper conduct of accreditation activities or where required by law.

In the course of processing accreditation applications, personal data may be shared with independent assessors appointed by LegalCPD to evaluate proposed training activities. All assessors are bound by confidentiality obligations and are required to process personal data in accordance with UK GDPR principles. Data may also be disclosed to legal or regulatory authorities where LegalCPD is under a legal obligation to do so, or where disclosure is necessary for the establishment, exercise, or defence of legal claims.

6. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected. Data relating to accreditation applications and accredited activities is retained for the duration of the accreditation period plus a further two years. This retention period is necessary to support quality assurance processes, to respond to enquiries about accredited activities, and to maintain a record of accreditation history.

Website analytics data, including server logs and IP addresses, is retained for a period of twelve months. After the applicable retention period has expired, personal data is securely deleted or anonymised in accordance with LegalCPD data retention procedures. In certain circumstances, data may be retained for a longer period where required by law or where necessary for the establishment, exercise, or defence of legal claims.

7. Your Rights

Individuals have a number of rights under UK GDPR in relation to their personal data. These include the right to access personal data held by LegalCPD, the right to request rectification of inaccurate or incomplete data, the right to request erasure of data in certain circumstances, and the right to request restriction of processing where there is a dispute about the accuracy or legitimacy of processing.

Individuals also have the right to data portability, which allows them to receive personal data in a structured, commonly used, and machine-readable format, and the right to object to processing based on legitimate interests. Where consent is the legal basis for processing, individuals have the right to withdraw consent at any time. Requests to exercise these rights should be directed to LegalCPD via the contact details published on the website. LegalCPD will respond to all requests within one month, or within three months where the request is complex or numerous requests have been made.

8. Cookies

The LegalCPD website uses essential cookies that are strictly necessary for the operation of the website. These cookies enable basic functions such as page navigation and access to secure areas of the website. The website does not use tracking cookies, advertising cookies, or third-party analytics cookies.

Website analytics are conducted via server-side logging only, which does not require the use of cookies or client-side tracking scripts. This approach ensures that visitor privacy is protected while allowing LegalCPD to monitor website performance and identify technical issues. Essential cookies are set automatically and do not require user consent under UK data protection law. Users may disable cookies through their browser settings, although this may affect the functionality of the website.

9. Security

LegalCPD implements appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include the use of secure communication channels, access controls to limit data access to authorised personnel only, regular security assessments, and staff training on data protection obligations.

All personal data is stored securely, with access restricted to individuals who require the data to perform their duties in relation to accreditation activities. While LegalCPD takes all reasonable steps to protect personal data, no method of transmission over the internet or method of electronic storage is completely secure. Individuals should be aware that the transmission of data via the internet carries inherent security risks, and LegalCPD cannot guarantee the absolute security of data transmitted to or from its website.

10. Changes to This Policy

This privacy policy may be updated from time to time to reflect changes in legal requirements, changes in data processing practices, or improvements in data protection procedures. Any changes to this policy will be published on this page, and the “Last updated” date at the top of the policy will be revised accordingly.

Where changes are material and affect the way personal data is processed, LegalCPD will take appropriate steps to notify individuals whose data is affected. Continued engagement with LegalCPD services following the publication of an updated privacy policy constitutes acceptance of the revised terms. Individuals are encouraged to review this policy periodically to remain informed about how their personal data is being protected.

11. Contact and Complaints

Questions, comments, or requests regarding this privacy policy or the processing of personal data by LegalCPD should be directed to LegalCPD via the contact details published on the website. LegalCPD will respond to all enquiries within a reasonable timeframe and will address any concerns raised about data processing practices.

Individuals who are dissatisfied with the way their personal data has been processed have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. The ICO can be contacted via its website at ico.org.uk, by telephone on 0303 123 1113, or by post at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. LegalCPD encourages individuals to raise concerns directly in the first instance so that they can be addressed promptly and effectively.