Legal Information

Last revised on 8th May 2018, effective as of 25th May, 2018

This website is owned and controlled by the IoP. The information and data on this website is subject to revision without notice and IoP may revise this Disclaimer at any time by updating this notice. All material included in our website is intended for information purposes only and does not represent legal advice. Users should take appropriate steps to verify such information. No user should act or refrain from acting on the information contained in this website without first verifying the information and as necessary obtaining legal and/or professional advice.

By using our site, you are agreeing to comply and be bound by all terms and conditions herein. Please review the following terms carefully. If you do not agree to these terms, you should not use this site.

This Agreement is a legal document which sets out your rights and obligations, and those of IoP, a IoP whose Registered Number is 04919219 in relation to the IoP website (the “Site”, “Website” or “Service”) and the services offered by IoP through it.

The IoP is registered as a data controller at the UK Information Commissioner’s Office under number Z1496346.

Acceptance of Agreement

You agree to the terms and conditions outlined in this Terms of use Agreement.

We reserve the right to update or revise these Terms without giving you any notice. Please check the Terms periodically for changes. Your continued use of our Website following the posting of any changes to the Terms constitutes acceptance of those changes. Our Terms will be kept up to date at https://theiop.org/legal-information

Copyright

IoP alone shall own all right, title and interest, including all related intellectual property rights, in and to our technology, the content and the service. The IoP name, the IoP logo, and the product names associated with IoP are trademarks of IoP or third parties, and rights granted to use them are with express permission of IoP. The copying, redistribution, use or publication by you of any such matters or any part of the IoP website is strictly prohibited. You do not acquire ownership rights to any content, document or other materials viewed on the IoP website. Any posting of information or materials on the IoP website does not constitute a waiver of any right in such information and materials. The content on the website is the copyrighted work of IoP or third parties.

In the normal course of browsing through the website IoP agree to your printing or downloading to a standalone personal computer, extracts for personal use provided both the IoP is the acknowledged source, including the reference www.theiop.org and that IoP may revoke this permission at any time. Any unauthorised use of material is prohibited. Information contained in the members area is for members use only and should not be copied or distributed to third parties.

Privacy Policy

Privacy and security policies may be viewed on the IoP website. We reserve the right to modify our privacy and security policies at our reasonable discretion from time to time.

Use of your information

The IoP does not own any data, information or material that you or other users submit. You shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use any and all the data that you submit, and IoP shall not be responsible or liable for the deletion, correction, destruction, damage, loss or failure to store any customer data. Upon request by the Head of Membership, the IoP may remove, modify, edit or otherwise alter any applicable member data. The Head of Membership shall also have the power to block, delete or otherwise modify the access of members under its membership account, and shall be solely responsible for the addition and removal of members under its account.

IoP reserves the right to withhold, remove and/or discard member/customer data without notice for any breach of the Agreement. The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with UK data protection law.

Payment, Refunds, Upgrading and Downgrading Terms

Your membership is payable yearly and may be paid by PayPal, Credit/Debit Card, Bank Transfer or yearly Direct Debit. There will be no membership fee refunds available after the 14-day cooling-off period. There are no registration fee refunds. There are no downgrade refunds or refunds for months unused in any one year.

Cancellation and Termination

You are solely responsible for properly cancelling your membership. A phone request to cancel your membership is not considered cancellation. You can cancel your membership at any time by e mail or by letter providing 14 days notice. All of your data will be archived or deleted in accordance with the Privacy Policy.

IoP, in its sole discretion, has the right to suspend or terminate your membership and refuse any and all current or future use of the Service, for any reason at any time. IoP reserves the right to refuse service to anyone for any reason at any time.

Third Party Content

Third party content may appear on the Website or may be accessible via links. Any such activity, and any terms, conditions, warranties or representations associated with such activity, is solely between you and the applicable third-party. IoP shall have no liability, obligation or responsibility for any such correspondence, purchase or promotion between you and any such third-party. We do not endorse any sites on the Internet that are linked through IoP, and in no event shall IoP or its licensors be responsible for any content, products, or other materials on or available from such sites. We provide membership services to you pursuant to the terms and conditions of this Agreement, the terms of your membership contract (Application for membership), acceptance of our Privacy Policy and adherence to the code of conduct and complaints procedure.

Representations and Warranties

Each party represents and warrants that it has the legal power and authority to enter into this Agreement. IoP represents and warrants that it will provide membership services in a manner consistent with general industry standards reasonably applicable to the provision thereof. You represent and warrant that you have not falsely identified yourself nor provided any false information to gain membership of IoP and that your information is correct.

Disclaimer

The IoP expressly disclaims all liability for any direct, indirect or consequential loss, damage or injury occasioned from the use or inability to use this website whether directly or indirectly resulting from inaccuracies, defects, errors, whether typographical or otherwise, omissions, out of date information or otherwise, even if such loss was reasonably foreseeable and the IoP had been advised of the possibility of the same. consequential and indirect loss and damage shall include but not be limited to loss of profits, loss of goodwill, and wasted expenditure.

Internet delays

IoP website and services may be subjected to limitations, delays and other problems inherent in the use of the internet and electronic communications.

IoP IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS.

Changes in terms and conditions

IoP reserves the right to modify the terms and conditions of this Agreement or its policies relating to IoP at any time, effective upon posting of an updated version of this Agreement on IoP website. You are responsible for regularly reviewing this Agreement. Continued use of IoP website after any such changes shall constitute your consent to such changes. Our Terms will be kept up to date at https://theiop.org/legal-information

Assignment

This Agreement may not be assigned by you without the prior written approval of IoP but may be assigned without your consent by IoP to (a) a parent or subsidiary, (b) an acquirer of assets, or (c) a successor by merger. Any purported assignment in violation of this section shall be void.

Definitions

“Consent” of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

By “IoP technology” we mean all of IoP’s proprietary technology (including software, hardware, products, processes, algorithms, user interfaces, know-how, techniques, designs and other tangible or intangible technical material or information) made available to you by IoP.

“Controller” is given the same meaning as in the GDPR, which we summarize as the party that determines the purposes and means of the processing of personal data – the customer is the controller with respect to consumer personal data. Each party may be the controller of personal data it processes about the other’s personnel.

By “Customer data” we mean any data, information or material provided or submitted by you to IoP in the course of using IoP website/services.

“Incident” means: (a) a complaint or a request with respect to the exercise of an individual’s rights under the GDPR; (b) an investigation into or seizure of the personal data by government officials, or a specific indication that such an investigation or seizure is imminent; or (c) any breach of the security and/or confidentiality as set out in this DPA leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the personal data, or any indication of such breach having taken place or being about to take place.

By “Intellectual property rights” we mean unpatented inventions, patent applications, patents, design rights, copyrights, trademarks, service marks, trade names, domain name rights, mask work rights, know-how and other trade secret rights, and all other intellectual property rights, derivatives thereof, and forms of protection of a similar nature anywhere in the world.

“Personnel” refers to those individuals who are employed by or are under contract to perform a service on behalf of one of the parties. Personnel may have rights in their personal data (including business contact information) if they reside in the EU. It is important to be clear about how personnel’s rights are protected.

“Data Subjects” refers to those individuals residing in the EU who are consumers or users of IoP goods or services (also “consumers”), as well as any personnel who reside in the EU.

“Personal Data” is given the same meaning as in the GDPR which we summarize here as: any data relating directly or indirectly to an identifiable data subject. Personal data does not include any data that is anonymized, aggregated, de-identified and/or compiled on a generic basis and which does not name or identify a specific individual, directly or indirectly.

“Processing” is given the same meaning as in the GDPR, which we summarize as including: collecting, recording, using, storing, amending, adapting, disclosing, transferring or transmitting, structuring, using, combining, deleting or destroying, personal data (“Process” and “Processed” shall have similar meanings).

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Pseudonymisation” is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Restriction of processing” is the marking of stored personal data with the aim of limiting their processing in the future.

“Processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Recipient” is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

“Third party” is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

By “User” we mean an individual authorised to use IoP membership services and have been supplied user identifications and passwords (or by IoP at your request or the applicable Administrator’s request).

▸OLD Privacy Policy

Introduction

The IoP takes your privacy seriously. This Privacy Policy outlines when and how we collect data; the type of data we collect; why we collect data; the legal basis for collecting data; how we keep your data secure and your privacy choices and rights.

If you are an IoP member, customer or subscriber, or just visiting our website, this policy applies to you. If you are a member of the IoP then you consent to this privacy policy under your membership contract with us.

This Privacy Policy does not extend to any websites that can be accessed from this Website including, but not limited to, any links we may provide to social media websites and membership benefits offered through third parties.

Our Responsibilities

If you are a member of the IoP or a visitor of the website, we act as the ‘data controller’ of personal data. This means that we determine how and why your data are processed. We are registered as a data controller at the UK Information Commissioner’s Office under number Z1496346.

Your Responsibilities

Read this Privacy Policy.
If you are a member of the IoP please also check the contract between us that may contain further details on how we collect and process your data.
If you provide us with personal information about other people, or if others give us your personal information, we will only use it for the purpose it was provided to us. By submitting the information, you confirm that you have the right to authorize us to process it on your behalf in accordance with this privacy policy.

When and How We Collect Data

We collect data from people browsing our website, customers and members of the IoP. As soon as you interact with the IoP we are collecting data. Sometimes it is provided by you and sometimes it is automatically collected.

Types of Data We Collect

We collect the following types of data:

Contact details
Financial information
Data from your membership application /renewal (your contract with us)
Data that identifies you
Data on how you use IoP

Contact Details

Your name, Address, Telephone, E Mail, Work E Mail, Work Telephone, Work address

Financial Information

Your bank account number, sort code, Credit/debit card details

Data from your contract with us

Your membership application form- contact details as above plus mail addresses, activity on membership, signatures, preferences

Data that Identifies You

Your IP address, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version.

Data on how you use IoP

Your URL clickstreams (the path you take through our site), products/services viewed, page response times, download errors, how long you stay on our pages, what you do on those pages, how often, and other actions.

Sensitive Data

We do not collect data about you like racial or ethnic origin, offences or alleged offences without your specific consent or when we have to comply with the law.

Do you collect my data?

We collect data from people browsing our website, customers and members of IoP and people who view/sign contract with IoP.

Third Parties Who Process Your Data

This includes activities such as:

Payments: Stripe, PayPal, Bank for BACS payments, Gocardless for direct debits
Accounting activities: XERO, Next Level Business
Communications: LeadFreak, Lexology, NYCPA
Analytics: Google, Hotjar, Facebook, LinkedIn
Integrations: Google, ActiveCampaign, ActiveMember360
Infastructure: Wordpress, ActiveMember360
PPR (IF YOU CHOOSE TO BE A MEMBER)

We Use Cookies

We use only necessary cookies to run and improve the membership service. We use cookies to improve your experience of using our website and to improve our range of products and services. We have carefully chosen these Cookies and have taken steps to ensure that your privacy is protected and respected at all times. All Cookies used by our website are used in accordance with current UK and EU Cookie Law.
Before the website places Cookies on your computer, you will be presented with a message bar requesting your consent to set these Cookies. By giving your consent to the placing of Cookies, you are enabling us to provide a better experience and service to you.
The website may place the following Cookies:

Analytical/performance Cookies that allow us to count the number of visitors to our website and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Targeting Cookies that record your visit to the website, the pages you have visited and the links you have followed. We will use this information to make our website and any advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

Our 3rd Party service providers use cookies too, which they control
You can turn off cookies, but this will mean we cannot recognize you in-app messaging etc. and certain features of the website may not function fully or as intended.
It is recommended that you ensure that your internet browser is up to date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.

How We Use Your Data

For the purposes of the Data Protection Act 1998 and the Data Protection Directive (Dir 95/46/EC), the Institute of Paralegals is the ‘’data controller’’.

To operate your membership
To help us improve
To give personalized membership support
To send you marketing that is related to your membership (only if you tell us to)

Data Protection law means that we may only use your data for certain reasons and where we have a legal basis to do so. We process your data for the following reasons:

Membership Services- We manage your membership requests and benefits, authentication, remember your settings, processing payments, hosting and back-end infrastructure.

Legal Basis: Contract; Legitimate Interest

To Improve Membership – To improve membership we test features, interacting with feedback platforms and questionnaires, managing landing pages, heat mapping our site, traffic optimization and data analysis and research, including profiling and other techniques over your data and in some cases using 3rd parties to do this.

Legal Basis for data usage: Contract; Legitimate Interest

Member Support- Notifying you of any changes to our service, e mail, phone or text.

Legal Basis for data usage: Contract; Legitimate Interest

Marketing Purposes- This usage is only with your consent. Sending you e mails and messages about new features, membership benefits or events products and services.

Legal Basis for data usage: Consent

Here is what each of the ‘legal bases’ mean:

Consent

You have given clear consent for us to process your personal data for a specific purpose.

You can change your mind and withdraw consent to our processing your data at any time. You can do this by e mailing us at [email protected].

If you do withdraw consent and we do not have another legal basis for processing your information then we will stop processing your personal data.

Contract

Processing your data is necessary for the membership contract you have with us, to take specific steps before entering into the contract.

Legitimate Interest

Processing your data is necessary for our legitimate interest or the legitimate interests of a third party, provided that those legitimate interests are not outweighed by your rights and interests. These legitimate interests are:

Gaining insights from your behavior on our website
Delivering, developing and improving the IoP service
Enabling us to enhance, customize or modify our services and communications
Determining whether marketing campaigns are effective
Enhancing data security
Growing the membership

In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests.

Your Privacy Choices and Rights

You can choose not to provide us with personal data. If you choose to do this, you can continue to use the website and browse our pages, but we will not be able to process transactions without personal data.

You can turn off cookies in your browser by changing its settings.

You can ask us not to use your data for marketing. You can opt out of marketing by e mailing [email protected].

You have a right to be forgotten by us and to erase any personal data we hold about you, if it is no longer necessary for us to hold the data for the purposes of your membership.

You have a right to ask for a copy of your data held by us (where such data is held).

You have a right to lodge a complaint regarding our use of data, however, please tell us first so we can address your concerns. If we fail to satisfy you, you can address complaints to the UK Information Commissioners Office, by calling their helpline or as directed on their website at www.ico.org.uk

How secure is the data we collect?

We have physical, electronic and managerial procedures to safeguard and secure the data we collect. Please read our data security policy.

Please remember:

You provide personal data at your own risk: no data transmission can be guaranteed 100%.
You are responsible for your username and password: keep them secret and safe

If you believe your privacy has been breached, please contact us immediately on [email protected].

Where do we store the data?

The personal data is processed at our offices and in any data processing facilities operated by third parties identified below.

By submitting your personal data, you agree to this transfer, storing or processing by us.

If we transfer or store your data outside the EEA, we will take steps to ensure your privacy rights continue to be protected as outlined in this privacy policy.

How long do we store your data?

We will archive and stop actively using any personal identifiable data about you within 18 months of the last time you were an active paid up member of the IoP. We will delete your personal data from our archives no later than 3 years from the last date of you being an active paid up member or as agreed with you in writing.

Third Parties who process your data

We use third parties to help host our applications and websites, to communicate with members, power e mails and other integral processes.

When we do this, it may be necessary to share your data in order for these services to work well. Your data is only shared when it is necessary to do so.

Our main third-party service providers are:

Service Provider	Data Collected or Shared	Purpose
PPR	Contact Details, Data such as qualifications that identifies you	For the purpose of obtaining membership of the PPR - only where consent is given
Google Analytics	Technical data regarding site behaviour and usage statistics whilst on the website. IP is tracked.	Google Analytics is a web analytics service; we use it to track your use of the service and prepare reports on user activity
PayPal	Member and customer data including contact details, name, address, email, account details for credit/ Debit card payment	This is a payment method that may be chosen by members or customers
Stripe	Member and customer data including, name, email, account details for credit/ Debit card payment	This is a payment method that can be chosen by members or customers
Gocardless	Member and customer data including, name, email, account details for credit/ Debit card payment	A payment method that can be chosen by members or customers
Xero	Member and customer data including contact details, name, address, email, account details for BACS payments/ credit/ Debit card details	This is Accounting software used by the IoP
Next Level Business	Have access to the data in Xero, Stripe, Gocardless and PayPal as specified above	For the purpose of providing accounting and related services
Leadfreak	Data collected and processed on behalf of IoP marketing activities. Including, survey and questionnaire data, anonymised technical site usage data, membership data (including contact details, email, name, address). Access also to IoP Paypal and Stripe data.	To provide marketing services and analyse user behaviour for improving member experience.
Lexology	Full name, email address, country of residence	Membership benefit
NYCPA	Full name, email address, country of residence	Offers free membership to IoP members; IoP members request this benefit before their details are shared

Change of Business Ownership and Control

The Institute of Paralegals may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of the Institute of Paralegals. Data provided by Users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the Data for the purposes for which it was originally supplied to us.

We may also disclose Data to a prospective purchaser of our business or any part of it.

In the above instances, we will take steps with the aim of ensuring your privacy is protected.

▸Privacy Policy

Introduction

The IoP (Institute of Paralegals) takes your privacy and your rights to your Personal Data extremely seriously and we are committed to protecting the privacy of all Personal Data that we obtain from individuals. Data is held in compliance with current UK Data Protection Legislation and other applicable Data Privacy Laws. This Privacy Policy outlines when and how we collect data; the type of data we collect; why we collect data; the legal basis for collecting data; how we keep your data secure and your privacy choices and rights.

Data will be collected and used only for the purposes for which it was originally submitted or in accordance, with your preferences.

If you are an IoP member, customer, subscriber or just visiting our website, this Privacy Policy applies to you. If you are a member of the IoP, then you consent to this Privacy Policy under your Membership Contract with us.

This Privacy Policy does not extend to any websites that can be accessed from this Website including, but not limited to, any links that we may provide to social media websites and membership benefits offered through third-parties.

For further information on our use of Cookies, please read our Cookies Policy.

Last Review Date: 14/2/2023
Version 2

Our Responsibilities

If you are a member of the IoP or a visitor of the website, we act as the ‘Data Controller’ of Personal Data. This means that we determine how and why your data is processed. We are registered as a Data Controller at the UK Information Commissioner’s Office under the registration number Z1496346.

Your Responsibilities

Read this Privacy Policy.
If you are a member of the IoP, please also check the contract between us that may contain further details on how we collect and process your Personal Data.
If you provide us with personal information about other people or if others give us your personal information, we will only use it for the purpose that it was provided to us. By submitting the information, you confirm that you have the right to authorise us to process it on your behalf, in accordance with this Privacy Policy.

The Personal Data that We Collect

We collect Personal Data from people browsing our website, customers and members of the IoP. As soon as you interact with the IoP, we are collecting data. Sometimes it is provided by you and sometimes it is automatically collected by us.

Examples of Data Provided and Collected include:

Browsing our Website (See our Cookies Policy for further information).
Membership Request.
The IoP contact you or you receive communications from us.
You use IoP.
You sign a Membership Contact.
You communicate with our Membership Support Service.
You connect in Integrations.
You opt-in to Marketing Communications.

Types of Data that We Collect

We collect the following type of Personal Data:

Contact Details (Including Name, Work and Home Addresses, Work and Home Telephone Numbers/Mobile Numbers and Work and Home Email Addresses).
Financial Information (Including your bank account sort code and account number, name of the Bank or Building Society, Account Holder Name/s and Credit or Debit Card Details).
Data from our Membership Contract Application, Renewal and your Contact with us (including the Contact Details, Mail Addresses, Membership Activities, Signatures and Preferences).
Personal Data that identifies you.
Data on how you use IoP.

Lawful Basis for Processing Personal Data

The IoP only processes Personal Data, where we have a lawful basis to do so. This will depend on the data processing activity that we collect it for e.g., to provide membership services. In some instances, there may be more than one lawful basis for which we process your Personal Data.

The lawful bases for processing of Personal Data can include Consent of the Data Subject, Contractual Necessity, Compliance with a Legal Obligation, Vital Interests, Public Interest and Legitimate Interest.

The lawful bases, which are relevant to CILEX are primarily as follows:

Consent of the Data Subject

The IoP processes Personal Data, where you have given consent for us to do so. This includes, but is not limited to, newsletters, surveys, consultations, membership benefits, events, products, services and sending you marketing communications. In relation to marketing communications, you always have the right to withdraw your consent.

You can change your mind and withdraw consent to our processing of your Personal Data at any time. You can do this by emailing us at [email protected]

If you do withdraw consent and we do not have another legal basis for processing your information, then we will stop processing your Personal Data.

2. Compliance with a Legal Obligation

The IoP processes Personal Data, which is necessary for compliance with legal obligations to which IoP is subject. This includes, but is not limited to, providing Personal Data to regulators, law enforcement bodies and statutory bodies.

3. Legitimate Interest

The IoP processes Personal Data, which is necessary for the pursuit of its legitimate interests, as a Professional Membership Body and in pursuing our objectives. This includes, but is not limited to, responding to general enquiries, supporting our members, asking our members about member services that they would like to receive in the future and researching the ongoing relevance of our member services, delivering, developing and improving the IoP service, enabling us to enhance, customise or modify our services and communications, gaining insights from your behaviour on our website and determining, whether marketing campaigns are effective, enhancing Data Security and growing the Membership.

The law allows us to do so provided that the processing is fair, balanced and it does not unduly impact on your rights.

We may also rely on a third party’s legitimate interests, such as, when an organisation has requested information or services from us and your legitimate interests, which may be the case in some of the examples given above (such as where you have made an enquiry).

4. Contractual Necessity

IoP processes Personal Data to fulfil a contract or take steps linked to a contract. IoP relies on contractual obligation to provide the products and/or services, to communicate with its customers, in relation to the provision of the contracted products and services or to provide administrative support.

The following would be further examples of where the lawful bases would be Contractual Necessity and Legitimate Interest:

Membership Services - We manage your membership requests and benefits, authentication, remember your settings, processing payments, hosting and back-end infrastructure.
To Improve Membership - To improve membership we test features, interacting with feedback platforms and questionnaires, managing landing pages, heat mapping our site, traffic optimisation and data analysis and research, including profiling and other techniques over your data and in some cases using 3rd parties to do this.
Member Support - Notifying you of any changes to our service, email, phone or text.

Special Categories of Personal Data

We may collect Special Categories of Personal Data (also known as Sensitive Personal Data), such as gender, ethnicity, whether you have a disability or any other protected characteristics (particularly related to where reasonable adjustments or access arrangements may be needed) and any information relating to a background check.

Such Sensitive Personal Data will only be collected and/or provided to us, if you have provided your explicit consent or if we are otherwise permitted to receive and process it under the UK Data Protection Legislation.

For the processing of Special Categories of Personal Data, we consider whether the risks associated with our use of this type of Personal Data will affect our other obligations around data minimisation and security. A Data Protection Impact Assessment (DPIA) and an appropriate policy document should be completed.

The lawful bases for Special Categories of Personal Data can include one or more of the following lawful bases (and not all of which will be relevant to IoP): Explicit Consent, Employment Law, Vital Interests, Charity or Not for Profit Bodies, Data manifestly made public by the Data Subject, Legal Claims, Reason for Substantial Public Interest, Medical Diagnosis or Treatment, Public Health, Historical, Statistical or Scientific Purposes, processing for new purposes and processing not requiring identification.

How We Use Your Personal Data

For the purposes of the UK Data Protection Legislation, the Institute of Paralegals is the ‘’Data Controller’’.

To operate your Membership
To help us Improve
To give personalised Membership Support
To send you marketing that is related to your membership (only, if you opt-in).

Third Parties Who Process Your Personal Data

This includes activities such as:

Payments: Stripe, PayPal, Bank for BACS payments and Gocardless for Direct Debits.
Accounting Activities: XERO and Next Level Business
Communications: Franticape, Lexology and NYCPA
Analytics: Google, Hotjar, Facebook and LinkedIn
Integrations: Google, ActiveCampaign and ActiveMember360
Infrastructure: WordPress and ActiveMember360
PPR (IF YOU CHOOSE TO BE A MEMBER)
CILEX (Chartered Institute of Legal Executives) following their acquisition in 2023 of the IoP and PPR.

We use third-parties to help host our applications and websites, to communicate with members, to power emails and other integral processes. When we do this, it may be necessary to share your data, in order for these services to work well. Your data is only shared, when it is necessary to do so. We are compliant with PCI-DSS Level 1, with regard to card payments.

Our Main Third-Party Service Providers are:

Service Provider	Data Collected or Shared	Purpose
PPR	Contact Details and Data, such as qualifications that identify you.	For the purpose of obtaining membership of the PPR and only, where consent is given.
Google Analytics	Technical data regarding site behaviour and usage statistics. whilst on the website. The IP is tracked.	Google Analytics is a Web Analytics Service. We use it to track your use of the service and prepare reports on user activity.
PayPal	Member and Customer Data, including contact details, name, address, email and account details for credit/debit card payments.	This is a payment method that may be chosen by Members or Customers.
Stripe	Member and Customer Data, including name, email and account details for credit/debit card payments.	This is a payment method that may be chosen by Members or Customers.
Gocardless	Member and Customer Data, including name, email and account details for credit/debit card payments.	This is a payment method that may be chosen by Members or Customers.
Xero	Member and Customer Data, including contact details, name, address, email, account details for BACS payments and credit/debit card details.	This is Accounting Software used by the IoP and Next Level Business.
Next Level Business	Have access to the data in Xero, Stripe, Gocardless and PayPal, as specified above.	For the purpose of providing accounting and related services.
Franticape	Data collected and processed on behalf of IoP marketing activities. Including, survey and questionnaire data, anonymised technical site usage data, membership data (including contact details, email, name and address). Access also to IoP PayPal and Stripe data.	To provide marketing services and analyse user behaviour for improving Member experience.
Lexology	Full name, email address and country of residence.	Membership Benefit
NYCPA	Full name, email address and country of residence.	Offers free membership to IoP Members. IoP Members can request this benefit, before their details are shared.

Data Storage

Personal Data collected by the IoP is stored on secure IT systems and we have physical, electronic and managerial procedures to safeguard and secure the data that we collect. This Personal Data can generally be accessed throughout the IoP, except where it is unsuitable to do so, in which case appropriate measures are put in place to ensure Personal Data can only be accessed by those with a need to know.

No external person will have access to the IoP records, except in circumstances outlined in the Privacy Policy.

The Personal Data is processed at our offices and in any data processing facilities operated by third-parties. By submitting your Personal Data, you agree to this transfer, storing or processing by us.

Any third party contracted by the IoP to process Personal Data on its behalf will be requested to have security measures in place to protect the Personal Data and to treat such data, in accordance with UK Data Protection Legislation. We also set up Data Processing Agreements with our third party or supplier contracts. In the event of any contract relating to International Data Transfers the additional applicable documents will be in place such as EC SCCs (European Commission’s Standard Contractual Clauses), IDTA (International Data Transfer Assessment) or ICO Addendum. The IoP has put in place procedures to deal with any Potential Data Security Incident (PDSI) and they will notify you and the UK Information Commissioner’s Office (ICO), when appropriate of any data breach, where we are legally required to do so.

Please remember:

You provide Personal Data at your own risk and that no data transmission can be guaranteed 100%.
You are responsible for your username and password, so you need to keep them secret and safe

If you believe your privacy has been breached, please contact us immediately on [email protected]

Data Retention

The IoP will archive and stop actively using any personal identifiable data about you within 18 months of the last time you were an active paid-up Member of the IoP. We will delete your Personal Data from our archives no later than 3 years from the last date of you being an active paid-up Member or as agreed with you in writing.

In general, Personal Data is only retained for as long as necessary to fulfil the purposes for which it is being processed (including to comply with relevant UK Legislation or Regulatory requirements and/or to resolve legal disputes).

That length of time may vary depending on the reasons for which we are processing the Personal Data and whether we have a legal (for example, under financial regulations) or contractual obligation to keep it for a specific time period.

Once the retention period has expired, Personal Data will be confidentially disposed of or permanently deleted. If you object to further contact from us, we will keep some basic information about you, in order to avoid sending you unwanted communications in the future.

If before that date (i) your Personal Data is no longer required, in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure, we will remove it from our records at the relevant time.

Sharing Personal Data

The Personal Data we collect will only be used for the purposes set out in this Statement or otherwise notified to you. We will not disclose your Personal Data to any third parties, except as set out in this Statement, including where required to or are permitted to by law or where those parties are conducting IoP activities on our behalf (For example, to regulators, law enforcement agencies or partner organisations) including with other entities such as in CILEX.

In circumstances, where we engage a service provider or CILEX entity to provide services to us, we ensure that Personal Data is only processed in a manner compliant with the relevant UK Data Protection Legislation, subject to a formal Data Processing Agreement and only used for the purposes for which the Personal Data was originally collected.

We may need to share your Personal Data with our professional advisers including auditors, lawyers and insurers, who provide professional advice, accounting, banking, legal, insurance, and pension services or to meet our audit responsibilities. However, we do not allow our third-party service providers to use your Personal Data for their own purposes. They can process your Personal Data for specific purposes and under our instructions.

Personal information may be shared with a third-party, who has a legitimate interest in the data, where disclosure is necessary and lawful and the processing is aligned with the purpose for which the Personal Data was originally collected.

We also might share personal information with the Police or other organisations that have a crime prevention or law enforcement function. UK Data Protection Legislation allows organisations to share personal information, if it is needed to prevent or detect a crime or to catch and prosecute a suspect.

The IoP is committed to keep children and vulnerable adults safe, when its employees and representatives come into contact with them during the course of their work. Where there is a safeguarding concern of a serious and/or urgent nature, confidential information related to the affected individual may be disclosed to emergency services or an external agency.

If we undergo a merger or re-organisation, in doing so we may acquire or transfer Personal Data as part of that transaction, but your Personal Data would continue to be used for the same purpose. Recent acquisitions by CILEX in 2023 have included the IOP (Insititute of Paralegals) and PPR (Professional Paralegal Register).

International Data Transfers

We may transfer Personal Data to countries outside of the United Kingdom, where Personal Data is not protected in the same way (usually to other businesses, who provide services on our behalf). In such cases, we will make sure that suitable safeguards are in place to protect the Personal Data, such as a signed Data Processing Agreement, EC SCCs, IDTA and ICO Addendum, as applicable. Additional steps are taken to ensure that appropriate measures and controls are in place to protect that data, in accordance with the relevant UK Data Protection Legislation and Regulations.

Neither Party shall transfer Shared Data to any country outside the European Economic Area or the UK, unless that Party ensures that (as required to comply with applicable UK Data Protection legislation):

the transfer is to a country, territory or one or more specific sectors within a country approved by the UK’s Information Commissioner’s Office or the European Commission as providing adequate protection and the prior written consent of the data subject/s;
there are appropriate safeguards in place as required by applicable UK Data Protection Legislation; or
it can rely on a derogation from the relevant obligations under the UK Data Protection Legislation.

From 28th June 2021, the UK has been granted an adequacy decision by the EU, which covers data transfers between the UK and the EU and this adequacy decision is due to be reviewed in four years' time (on 28th June 2025) with a view to this safeguard remaining in place for UK/EU Data Transfers.

Verification Requests

CILEX and the IoP may sometimes respond to verification requests of qualification or membership status from current or prospective employers, employment agencies, regulators or other third-party contacts.

Complaints

Where you lodge a complaint, your Personal Data will be used to correspond with you. A complaint can be made in writing or by telephone. Please contact IoP Customer Service with your complaint by email at [email protected] .

Access to your Personal Data

We take reasonable steps to ensure that the Personal Data that we hold will be accurate and up-to-date. You can check the Personal Data that we hold about you, if you are a member through your myCILEX account or IoP account, depending on the transition stage of your IoP Membership to CILEX Membership.

Users 16 and Under

We do not knowingly collect or solicit Personal Data from anyone aged 16 or under or knowingly allow such persons to provide us with their Personal Data without Parental or Guardian consent. If you are aged 16 or under, please do not provide us with your Personal Data, without first asking your Parent or Guardian for their permission. In the event, that we learn that we have collected Personal Data from anybody aged 16 or under and we do not have the consent of a Parent or Guardian, we will delete that Personal Data, as quickly as possible. If you believe that we might have any Personal Data from or about anyone aged 16 or under without the consent of a Parent or Guardian, please email us at [email protected]

Your Individual Rights

Your Individual Rights are:

The Right to be Informed - Data Subjects have the right to be informed about the collection, sharing, protection and use of their Personal Data.

The Right of Access - Data Subjects have the right to request access to any personal information we hold on them.

The Right to Rectification - Individuals have a right to have inaccurate Personal Data rectified, removed or completed, if it is incomplete. If the Personal Data is found to be incorrect, but is unable to be updated, this should be removed.

The Right to Erasure - Under certain circumstances, a Data Subject may request for us to delete their information that we retain regarding them, with the exception of any information that we are legally required to retain and for the other exemptions set out in UK Data Protection legislation (Your right to get your data deleted | ICO).

The Right to Restrict Processing - Data Subjects have the right to request the restriction or suppression of their Personal Data, in certain circumstances.

The Right to Data Portability - Individuals may request a copy of their data for reuse across different services, which should be provided in a way so that information can be copied or transferred from one IT environment to another safely and securely without affecting tis usability.

The Right to Object – Data Subjects have the right to object to the processing of their Personal Data, in certain circumstances. For example, individuals have an absolute right to stop their data being used for direct marketing.

Rights Concerning Automated Decision Making and Profiling - We may only carry out this type of decision-making, where the decision is either necessary for the entry into or performance of a contract, authorised by EU or UK law applicable to the Data Controller or it is based on the individual's explicit consent.

In certain cases, the IoP can refuse to comply with a request, if it is manifestly unfounded or excessive. In order to decide, if a request is manifestly unfounded or excessive, the IoP must consider each request on a case-by-case basis.

If you have any questions about how IoP process your Personal Data or you would like to exercise any of your rights under the UK Data Protection legislation, please email: [email protected]

You also have the right to lodge a complaint with the UK’s Information Commissioner’s Office (ICO). Their contact details are:

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel No: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
Website: www.ico.org.uk

Legislation

“UK Data Protection Legislation” means All applicable UK Data Protection and Privacy legislation in force from time-to-time, including the General Data Protection Regulation (EU) 2016/679, the UK Data Protection Act 2018 and the Privacy and Electronic Communications (EU Directive) Regulations 2003 (as amended) (PECR) and any superseding legislation and all other applicable laws, regulations, statutory instruments and/or any codes, practice or guidelines issued by the relevant Data Protection or Supervisory Authority in force from time to time and applicable to a Party, relating to the processing of Personal Data and/or governing individual’s rights to privacy.

Freedom of Information Act 2000 (FOIA)

The IoP is not listed as a 'public body' for the purposes of the FOIA and therefore, it is not under a duty to comply with the provisions of the FOIA.

Change of Business Ownership and Control

The Institute of Paralegals may from time to time expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of the Institute of Paralegals. Data provided by Users will, where it is relevant to any part of our business so transferred, can be transferred along with that part and the new owner or newly controlling party will under the terms of this Privacy Policy be permitted to use the Data for the purposes for which it was originally supplied to us.

We may also disclose Data to a prospective purchaser of our business or any part of it.

In the above instances, we will take steps with the aim of ensuring your privacy is protected.

CILEX (Chartered Institute of Legal Executives) acquired the IoP and PPR in 2023.

Reviewing the Privacy Statement

The IoP will review and update this Privacy Policy from time to time, when changes to our processes or procedures and systems are made, if UK legislation and regulations change or if new circumstances require it.

If this Privacy Policy changes in any way, we will put an updated version on the website. Regular review of this page ensures that you are always aware of what Personal Data we collect, how we use it and under what circumstances.

IoP will make reasonable efforts to contact and update those affected, if the changes are significant in nature.

For information on CILEX’s Privacy Notice and Privacy Statement, please visit the CILEX website: https://www.cilex.org.uk/ and click on the links.

▸Cookies Policy

Introduction

Correct as of: February 2023
Next Formal Review Date: January 2024

This Cookies Policy is to help members of the public and our members to understand how we use Cookies on our IoP website. Our Cookies Banner provider is One Trust. For the Cookies Policies, relating to the CILEX, CILEX Law School, CILEX Regulation and PPR websites, please follow the link to the Cookies Policy via that website.

About Cookies

A Cookie is a small file, typically of letters and numbers and downloaded onto a device, when the user accesses certain websites. Cookies are then sent back to the originating website on each subsequent visit. Cookies are useful, because they allow a website to recognise a user’s device.

The main purpose of the IoP Cookies is to provide the user with the best user experience possible. Some of the IoP Cookies are essential for a website (known as Strictly Necessary Cookies) and therefore, they cannot be disabled, while others allow the IoP to provide users with a better service.

In relation to Cookies, the IoP is committed to ensuring that we:

Notify people that the Cookies are there,
Explain what the Cookies are doing and
Obtain their consent to store a Cookie on their device.

For administration of its website the IoP may use Session Cookies; a Session Cookie is a temporary file stored in a web browser that is deleted, when either it expires or the browser is closed. No personal information is stored permanently within a Cookie from this website.

The data that we collect, which identifies you includes your IP address, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, your operating system and its version.

The data that we collect on how you use our website includes your URL clickstreams (the path you take through our site), products/services viewed, page response times, download errors, how long you stay on our pages, what you do on those pages, how often you visit those pages and other actions.

The IoP Cookies Policy

The main purpose of our use of Cookies is to provide you with the most optimised user experience possible.

1. Navigation and Function

The IoP uses Cookies for navigational and functional purposes. When a user accesses the IoP website, encrypted session Cookies are used to validate the Users access to different parts of the website. For example, for IoP Members this relates to items, such as keeping a record of log-in details, so that they do not have to type in their username and password.

2. Analytics

The IoP collects information about how people access and use its websites using an analytics tool. The IoP websites use Google Analytics. This is an analytics service provided by Google, Inc. Google Analytics uses Cookies to help the IoP to understand how users use its websites. This ensures that the IoP can optimise and improve the user experience of the websites. Read more about how Google uses cookies.

3. Cookies used by Analytics Platforms

This category comprises of Cookies used to evaluate site performance, in terms of number of visits, unique visitors, drop-off rate for transactions and so on:

Name	Expiration	Description
_ga	2 years	This Cookie is installed by Google Analytics. The Cookie is used to calculate visitor, session and campaign data and to keep track of the site usage for the site's analytics report. The Cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This Cookie is installed by Google Analytics. The Cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is performing. The data collected, including the number of visitors, the source of where they have come from and the pages visited in an anonymous form.
_gat_*	1 year	Used by Google Analytics to throttle request rate (to limit the collection of data on high traffic sites).
__utma	2 years from set / update	Helps to calculate unique visitor numbers.
__utmb	30 minutes from set / update	Helps to calculate visitor session length.
__utmc	Not set	Helps to calculate visitor session length and whether a session has expired.
__utmz	6 months from set / update	Works out referrals from other domains.
bscookie	2 years	This Cookie is a browser ID Cookie set by LinkedIn share Buttons and ad tags.
bcookie	2 years	This Cookie is set by LinkedIn. The purpose of the Cookie is to enable LinkedIn functionalities on the page.

Considerations about Third-Party Cookies

Whilst IoP takes all reasonable precautions to make sure that other organisations, who it deals with have good security practices, IoP is not responsible for the privacy practices of other organisations, whose websites may be linked to its services or whose contact details it may provide on the website. IoP is not responsible for the Privacy Policies of social media or other Third-Party providers with whom it has pages or accounts.

The Cookies That We Use

The following list gives the details of the Cookies that we use across our IoP website.

1. Strictly Necessary Cookies

These Cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you, which amount to a request for services, such as log-in, saving language preferences, privacy preferences, filling in forms, performance measurement and improvement, routing traffic between web servers, detection of the size of the screen, measuring page load times, improving user experience including relevance, audience measurement, detecting fraud and abuse, securing our product, personalisation essential to the user experience, first party measurement and analytics of site usage. You can set your browser to block or alert you to these Cookies, but some parts of the site will not function, if these are blocked. These Cookies do not store any personally identifiable information.

FIRST PARTY
Host	Cookie Name	Description	Expiry Duration
theiop.org	wordpress_test_cookie	Used on sites built with WordPress. Tests whether or not the browser has Cookies enabled. On login, WordPress uses the wordpress_[hash] Cookie to store your authentication details. Its use is limited to the Administration Screen area, /wp-admin/	0 Days
www.theiop.org	wordpress_test_cookie	Used on sites built with WordPress. Tests whether or not the browser has Cookies enabled. On login, WordPress uses the wordpress_[hash] Cookie to store your authentication details. Its use is limited to the Administration Screen area, /wp-admin/	0 Days

2. Performance Cookies

These Cookies allow us to count visits and traffic sources, so that we can measure and improve the performance of our site. They help us to know, which pages are the most and least popular and see how visitors move around the site. All information these Cookies collect is aggregated and therefore, anonymous. If you do not allow these Cookies we will not know, when you have visited our site and will not be able to monitor its performance.

FIRST PARTY
Host	Cookie Name	Description	Expiry Duration
theiop.org	_ga	This Cookie name is associated with Google Universal Analytics, which is a significant update to Google's more commonly used analytics service. This Cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the site's analytics reports. By default, it is set to expire after 2 years, although this is customisable by website owners._ga	729 Days
theiop.org	_gid	This Cookie name is associated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google. It appears to store and update a unique value for each page visited._gid	0 Days
theiop.org	_gat_UA-115774090-1	This is a pattern type Cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat Cookie, which is used to limit the amount of data recorded by Google on high traffic volume websites.	0 Days
theiop.org	_ga_PS9WWTEX37	_ga	729 Days

3. Functional Cookies

These Cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third-party providers, whose services we have added to our pages. If you do not allow these Cookies, then some or all of these services may not function properly.

FIRST PARTY
Host	Cookie Name	Description	Expiry Duration
theiop.org	__stripe_sid	Stripe is used to making credit card payments. Stripe uses a Cookie to remember, who you are and to enable the website to process payments without storing any credit card information on its own servers.	0 Days
theiop.org	__stripe_mid	Stripe is used to making credit card payments. Stripe uses a Cookie to remember, who you are and to enable the website to process payments without storing any credit card information on its own servers.	364 Days

THIRD PARTY
Host	Cookie Name	Description	Expiry Duration
vimeo.com	vuid	This domain is owned by Vimeo. The main business activity is Video Hosting/Sharing.	729 Days

4. Targeting Cookies

These Cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but they are based on uniquely identifying your browser and internet device. If you do not allow these Cookies, you will experience less targeted advertising.

FIRST PARTY
Host	Cookie Name	Description	Expiry Duration
theiop.org	_gat_gtag_xxxxxxxxxxxxxxxxxxxxxxxxxxx	Google Analytics	0 Days

THIRD PARTY
Host	Cookie Name	Description	Expiry Duration
youtube.com	VISITOR_INFO1_LIVE	This Cookie is used as a unique identifier to track viewing of videos	180 Days
youtube.com	YSC	YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services, in order to display targeted advertising to web visitors across a broad range of their own and other websites.	0 Days
youtube.com	DEVICE_INFO	YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services, in order to display targeted advertising to web visitors across a broad range of their own and other websites.	179 Days
google.com	NID	This domain is owned by Google Inc. Although Google is primarily known as a search engine, the company provides a diverse range of products and services. Its main source of revenue however is advertising. Google tracks users extensively both through its own products and sites, and the numerous technologies embedded into many millions of websites around the world. It uses the data gathered from most of these services to profile the interests of web users and sell advertising space to organisations based on such interest profiles, as well as aligning adverts to the content on the pages, where its customer's adverts appear.	182 Days
youtube.com	CONSENT	YouTube is a Google owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services, in order to display targeted advertising to web visitors across a broad range of their own and other websites.	6073 Days

5. Social Media Cookies

Social Media Plugin

We use services, such as social sharing and these are offered by different companies. These companies may drop Cookies onto your computer, when you use them on our website or if you are already logged in to them.

These Social Media Cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They can track your browser across other sites and build up a profile of your interests. This may impact the content and messages you see on the other websites that you visit. If you do not allow these Cookies, you may not be able to use or see these sharing tools.

Here is a list of places where you can find out more about specific services that we may use and their use of Cookies:

Facebook – Privacy policy
Google +1 – Privacy policy – Privacy & Terms – Google
Twitter – Privacy policy

If you would like to disable “Third-Party” Cookies generated by these providers, you can turn them off by going to the Third-Party’s website and getting them to generate a one-time “Decline All/No Thanks” Cookie that will stop any further Cookies being written to your machine.

6. Other Cookies

FIRST PARTY
Host	Cookie Name	Expiry Duration
theiop.org	temp_cp_id_3b8ae	0 Days
theiop.org	temp_cp_id_ff022	0 Days
theiop.org	cp-impression-added-forcp_id_3b8ae	0 Days
theiop.org	temp_cp_id_86f24	0 Days
theiop.org	cp-impression-added-forcp_id_8c3a8	0 Days
theiop.org	cp-impression-added-forcp_id_ff022	0 Days
theiop.org	temp_cp_id_90f6f	0 Days
theiop.org	cp-impression-added-forcp_id_86f24	0 Days
theiop.org	prism_223584223	29 Days
theiop.org	temp_cp_id_8c3a8	0 Days

THIRD PARTY
Host	Cookie Name	Expiry Duration
m.stripe.com	m	729 Days
prism.app-us1.com	prism_223584223	29 Days
docs.google.com	GFE_RTT	0 Days

Disabling/Enabling Cookies

You have the ability to Accept All, Decline All or Manage Preferences for the use of Cookies from the Cookies Notice that appears when you view the website. However, we would like you to have the best experience of our website and it is likely that disabling cookies will limit the functionality of the IoP website.

In the Manage Preferences section, there is an explanation of each of the Cookies' functions and you can choose to opt in or remain opted out of each Cookie Type listed except for the Strictly Necessary Cookies. The other Cookies are Performance Cookies, Functional Cookies, Targeting Cookies and Social Media Cookies. Please see the Cookies Banner Notice for further information.

If you are concerned about the use of Cookies, in relation to “spyware” you can use anti-spyware software to delete Cookies that may be considered invasive, rather than disabling the Cookies altogether.

Consent

By accepting Cookies with your browser settings and using the IoP website, you consent to the processing of data about you by IoP, its subsidiaries and Google in the manner and for the purposes set out above.

As long as IoP does obtain consent the first time that Cookies are set, IoP does not have to repeat it every time the same person visits the website. However, it is good to keep in mind that devices may be used by different people. If there is likely to be more than one user, so IoP repeats this process at suitable intervals. You can also clear Cookies from your web browser settings prompting all websites to initiate their Cookie Notice consent with a view to actioning your Cookies Preferences and this can be done at any time.

How to Control and Delete Cookies

We will not use Cookies to collect personally identifiable information about you. However, if you wish to restrict or block the Cookies, which are set by our websites or indeed any other website, you can do this through your web browser settings. The ‘Help’ function within your browser, should tell you how to do this. Alternatively, you may wish to visit the following website: https://www.aboutcookies.org/

This website contains comprehensive information on how to manage Cookies across a wide variety of browsers. You will also find details on how to delete Cookies from your device, as well as more general information about Cookies.

A comprehensive set of guidelines for the use of Cookies can be accessed from the UK’s Information Commissioner’s Office: https://ico.org.uk

Information on how to clear Cookies are provided by the ICO here: https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/, as well as further information about cookies can be found here: https://ico.org.uk/for-the-public/online/cookies/

If you wish to view your Cookie Code, just click on a Cookie to open it. You will see a short string of text and numbers. The numbers are your identification card, which can only be seen by the server that provided the Cookie.

For information on how to do this within the web browser of your mobile phone, you will need to refer to your mobile handset manual or visit the help section of your mobile provider’s website.

To opt-out of third-parties collecting any data regarding your interaction on our website, please refer to their websites for further information.

Withdrawing Consent for Cookies

Once consent has been obtained by IoP, users or subscribers may choose to withdraw that consent at any time. They can withdraw the consent by clearing the Cookies via the Internet Browser settings. (Please see the above ICO link for the instructions on how to clear the Cookies). However, if a user decides to disable the Cookies, this may detrimentally affect the general functionality of the IoP website experience.

Contact IoP

If users have any questions about how IoP process their Personal Data, you can email: [email protected]

Contact the ICO (Information Commissioner s Office)

You also have the right to lodge a complaint with the UK’s Information Commissioner’s Office.

Their Contact Details are:

Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire
SK9 5AF.

Tel No: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

Website: www.ico.org.uk

Legal Obligations

The statutory and/or regulatory directives and legislation on which this Policy is based upon is the current UK Data Protection Legislation.

This is all applicable UK Data Protection and Privacy legislation in force from time-to-time, including the General Data Protection Regulation (EU) 2016/679, the UK Data Protection Act 2018 and the Privacy and Electronic Communications (EU Directive) Regulations 2003 (as amended) (PECR) and any superseding legislation and all other applicable laws, regulations, statutory instruments and/or any codes, practice or guidelines issued by the relevant Data Protection or Supervisory Authority in force from time to time and applicable to a Party, relating to the processing of personal data and/or governing individual’s rights to privacy.

From 28th June 2021, the UK has been granted an adequacy decision by the EU, which covers data transfers between the UK and the EU and this adequacy decision is due to be reviewed in four years’ time on 28th June 2025 with a view to this safeguard remaining in place for UK/EU Data Transfers.

IoP complies with its obligations set up in Privacy and Electronic Communications Regulations (PECR) related to the use of Cookies by:

Informing people that its Cookies are there;
Explaining what the Cookies are doing and why; and
Obtaining the person’s consent to store a Cookie on their device.

For further information on Data Protection, please see our Privacy Policy. Our Cookies Policy is reviewed and updated regularly.

▸Data Security Policy

Our Infastructure

IOP operates on servers that comply with strict standards.

The standards include PCI DSS Leve l1.

Access to critical 3rd party software providers used by the IOP are limited to Managerial level staff only and protected by 2 factor authentication.

Data is stored in the EU region by default on Paragon Internet Group servers and is continuously backed up. Our data centres are protected by physical access controls which includes a 3m perimeter fence, 25+ CCTV cameras, 24/7 personnel and electronic access control systems.

Connections to the IOP are encrypted using 256-bit SSL with integrity assured by the SHA2 ECDSA algorithm.

More information on the hosted servers can be found here

This statement is made on behalf of the Institute of Paralegals ( IOP) pursuant to section 54(1) of the Modern Slavery Act 2015 (the 'Act'), and constitutes our organisation's slavery and human trafficking statement for 2018/19.

Mission

As a not-for-profit professional membership body for Paralegals our mission and purpose is the promotion of Paralegals and the Paralegal profession. This legislation (the Act) is of immense important in tackling slavery and human trafficking and we will not trade or partner with any business or organisation which is involved in this practice either remotely or indirectly.

Furthermore, we are the voice of the Paralegal sector and have an obligation to demonstrate and promote fair and reasonable standards in the treatment of people who are operating within our and our member’s sphere of influence.

Our supply chains

Our supply chains include publishing and printing services, IT services, accountancy services, conference and venue suppliers, training providers and consultants, and marketing and PR services. We continually review the risks that these supply chains can present.

We expect our suppliers and contractors to demonstrate a zero-tolerance approach to exploitation. To this end, all new contracts and those renewing from March 2018 will now include a clause requiring that our suppliers, and their subcontractors, comply with the Act, and include IoP’s right to terminate in the instance of any breach of this obligation.

Taking action

We consider our exposure to modern slavery to be limited. Nevertheless, we will ask for specific assurances from those suppliers carrying the highest exposure to risk.

We expect our employees to fully observe and adhere to IoP's policies and procedures. During this financial year, we will ensure that all staff across the entire organisation receive training on the awareness of modern slavery to assist them in their understanding, identification and reporting of these risks.

The IoP website has been developed, in order to promote accessibility, in accordance with W3C Web Content Accessibility Guidelines. The site is constructed, so that screen readers can navigate the site successfully. This includes adding descriptive text to navigable images and summary text in the website code for tables included on the website. Also, the content of the site can be read in a logical manner, even when styles are disabled. We are continually working to improve the accessibility and usability of our website.

STANDARDS COMPLIANCE AND LEGAL OBLIGATIONS

The statutory and/or regulatory directives and legislation on which this statement is based are the Equality Act 2010, W3C Web Content Accessibility Guidelines and Accessibility Regulations 2018.

The website conforms to Level A compliance, as established by the Web Content Accessibility Guidelines.

Details on the World Wide Web Consortium’s Web Accessibility Initiative are available at www.w3.org/WAI and Web Content Accessibility Guidelines. The initiative promotes usability and accessibility for people with disabilities.

Browser Accessibility Options

Each browser has different methods for font size, formatting and screen colour options:

Google Chrome Accessibility Options are under the Chrome Browser Resources section.
Microsoft Edge Accessibility Options: Accessibility with the new Microsoft Edge - Microsoft Support
Mozilla Firefox Accessibility Options: Mozilla Firefox accessibility options.

The BBC also has information on how to customise your computer and your browser, to make them more accessible in their 'My web my way' section.

Headers

We use header elements to structure the pages and to make information clearer.

Navigation

There are several ways to navigate our site, which are via a search engine, the navigation bar or the sitemap.

Most browsers support jumping to specific links by typing keys defined on the website. You can navigate most of the website using the keyboard. The following access keys are available throughout the IoP Website:

ACCESS KEY S – Skip Navigation – Example: ALT + S
ACCESS KEY 1 – Home Page – Example: ALT + 1
ACCESS KEY 2 – Open Search Field – Example: ALT + 2
ACCESS KEY 3 – Site Map – Example: ALT + 3
ACCESS KEY 0 – Accessibility Statement – Example: ALT + 0

These Access Keys have been chosen to follow the UK Government Access Keys Standard. Wherever possible, they do not conflict with the commonly used screen reader and browser keyboard shortcuts.

Access Keys are selected in different ways in different browsers:

Windows 7	Internet Explorer 9, 8, 7	Alt + [the access key]
Windows 7	Chrome 26, 25	Alt + [the access key]
Windows 7	Firefox 20, 19, 18	Shift + Alt + [the access key]
Windows 7	Safari 5.1.2	Alt + [the access key]
Windows/Mac	Opera	Shift + Esc + [the access key]
Mac	Internet Explorer	Ctrl + [the access key]
Mac	Firefox	Cntrl + Alt + [the access key]
Mac	Safari 6	Cntrl + Alt + [the access key]
Mac	Chrome	Ctrl + Opt + [the access key]

Please Note: Some browsers do not support the numbers on the Number Pad being used as Access Keys. Therefore, please use the numbers at the top of the keyboard.

Search Tips

A search box appears at the top of each page. To get the best results follow these tips:

Use keywords. The search will not work well using natural language and keywords will find better results. You can also use quotes to search for an exact phrase.

To Change the Window Size:

On the browser View menu select 'Full screen' or press 'F11'.

Text Size

Some users might find the site easier to read by increasing the size at which the text is displayed. To do this you can adjust your browser's settings by going to the View menu, then selecting either 'text size', 'text zoom' or 'zoom' and then increasing the size of the text.

To enlarge Texts and Images on a Website

On a PC:

Hold down the 'Ctrl' key and press '+' to enlarge.
Hold down the 'Ctrl' key and press '-' to reduce.
To reset hold down 'Ctrl' and press '0'.

On an Apple Macintosh computer hold the 'Cmd' (Apple) key instead of 'Ctrl'.

Colours

The colours of the text and background contrast sufficiently, so that legibility is optimised and navigable links use visual identifiers that are not reliant on the colour alone.

The website design has been tested against colour contrast to ensure that all information is still clear. Most of the text is written as white on grey and is perfectly contrasting. The W3C recommends a standard of 500 or greater for the colour difference and a standard of 125 or greater for colour brightness. Both colour difference and colour brightness of the website meet the recommended standard. A colour code, such as blue text over grey background can be achieved. For further information on how to change the colour combination on a website, please click on the below link:

https://accessibility.blog.gov.uk/2017/03/27/how-users-change-colours-on-websites/

Font Sizes

Relative units have been used in markup language and CSS, therefore, the website layout accommodates resizing text.

Some users might find the site easier to read by increasing the size at which the text is displayed. To do this you can adjust your browser’s settings by going to the View menu, then selecting either ‘text size’, ‘text zoom’ or ‘zoom’ and then increasing the size of the text. If you find the text on this website is too small or too large, you can change it by adjusting your browser’s settings or using the shortcuts below:

Microsoft Internet Explorer	Go to the View Menu, select Text Size and then Larger/Largest or Smaller/Smallest.
Mozilla Firefox	Go to the View Menu, select Text Size and choose Increase or Decrease.
Google Chrome	Click the Chrome Menu on the browser toolbar. Select Settings. Click Show Advanced Settings. In the “Web Content” section, use the “Font size” drop-down menu to make the adjustments.

Alternately you can use the zoom options to make everything on a page larger or smaller.

To Zoom in you can use the keyboard shortcuts Ctrl and + (Windows, Linux, and Chrome OS) and ⌘and + (Mac)
To Zoom out you can use the keyboard shortcuts Ctrl and – (Windows, Linux, and Chrome OS) and ⌘ and – (Mac)

You can change colours, contrast levels and fonts and zoom in and out on both mobile and desktop versions of the website.

To Zoom on a mobile phone, the user can scale the content by using the touchscreen with two fingers to expand and contract the image or by using Ctrl and + or Ctrl and -.

Layout

The site uses Cascading Style Sheets (CSS) to control all the presentation and layout.

Therefore, screen reader users can use the screen reader's navigation key to get around the site. If you are listening to the site, then the menus are grouped together in a more logical fashion.

Images

Descriptive and meaningful text equivalents are provided for all content images, graphical buttons, symbols and objects. Images are not used to represent text and all headings are styled with the help of CSS and can be resized to suit user’s needs.

Content

The content has been written and formatted to make it accessible. For example:

Headings highlight sections of text (a H1 starts the content area of each page).
Links use meaningful text.
Forms can be navigated using the tab key.

Semantic Markup

Structured and semantic markup is used to represent document structure. H1 tags are used for main titles, H2 tags for subtitles and so on. Cascading style sheets are used for visual layout and JavaScript is used to enhance usability and for decorative purposes. Pages are still fully accessible, if these technologies are ignored or unsupported.

Documents

Some of the files on this website are supplied in PDF format. Other documents are supplied in the Microsoft Office Word format.

PDF Downloads:

There are PDF documents available to download from the website. For further information on the Accessibility Features of Adobe Reader (that can be used to view the PDFs), please click on the below link:

Accessibility features in PDFs (adobe.com)

If you are using an alternative PDF Reader, please see the provider’s website for their Accessibility information.

Our aim is to ensure that all our documents are accessible.