GDPR – CrimeLine Data Protection Policy and Privacy Notice

This page details how we process the personal data we hold about you, and how you can control the retention and use of that data. When you begin a business relationship with us, the data you provide may be used for different purposes and be treated in different ways. In light of this, we highlight the ‘journey’ that a customer engages in, from initial order through to the end of the subscription, in order that you can understand how your data is used and why. Essentially, we seek only to use and retain such data that is necessary either for the performance of our contract with you (i.e. supplying the product or service that you have purchased), or where some other lawful purpose is engaged (e.g. holding data for accounting record purposes).

‘CrimeLine’ is CrimeLine Training Limited, a company registered in England and Wales.

In order to purchase products and/or services from CrimeLine, we ask that you review, and accept (consent to) this data protection policy, note however that CrimeLine relies upon Article 6(1)(b) of GDPR (necessary for the performance of a contract).

All data that is held by ourselves or those on our behalf is backed up on at least a daily basis, and stored on servers or computers based in the EEA or United States of America. Where data is held on, or capable of being accessed by desktop, laptop or tablet computers, that equipment is (a) password protected, (b) encrypted and (c) secured by two-factor authentication. All backed up data is encrypted, as is any financial data (credit or debit card details, bank accounts etc). CrimeLine is registered with the Information Commissioner’s Office. We have satisfied ourselves that all third-parties who hold your data on our behalf will comply with GDPR from the date of commencement, at the latest.

With effect from 14 May 2024 we are introducing two-factor authorisation as part of your account security.

We only share your data when required to do so by law.

Our core position in relation to the processing of data is this: ‘CrimeLine wishes at all times to comply with both the letter and spirit of data protection legislation. We will work openly with you to resolve any concerns that you have.’

If you wish to see the data that we hold or request its deletion, please send an email via the website contact page and we will contact you to facilitate this. We aim to comply with all requests within 20 working days.

ProcessYour data
PaymentsWhere an account is ordered via the website, or an invoice is paid via debit/credit card or direct debit.

These transactions are handled by third-parties, either Stripe (in the case of card payment) or GoCardless for direct debit transactions. We have only limited access to your financial data (i.e. bank name and card names - we do not for example see your card or account numbers or pin). Both institutions are approved financial institutions and you should contact them directly if you have questions in relation to your data use.

Where a payment is made, the transaction is recorded by our bank/payment processor, we have access to your identity and payment confirmation in order to reconcile your account, these details are retained for a period of 7 years from date of payment.
Your orderWe ask for: name, address, business address, email address and telephone contact number. We use these details to generate invoices and create accounting records for HMRC and other accounting purposes (i.e. 'legal obligations' under GDPR). These details are retained for a period of 7 years from the date of transaction.
CrimeLine Website and mailing listsOur website stores your name, address, telephone number and email contacts. Our mailing lists record your name and email address. This allows us to identify user accounts and send legal updates which form part of our subscriber services. Whilst we may notify you of other products and services offered by CrimeLine and on an occasional basis of other products/services that may be of interest (for example seminars offered by the Inns of Court, Bar Council, Law Commission etc), we only do this in order to enhance the service we offer to you. We do not accept paid advertisements for products/services and do not sell/rent or otherwise share use of our customer databases. We do not sell or use your details for any other purpose. Tracking data: We are aware that our website and mailing systems are capable of logging some usage via link click tracking and IP addresses. This is not information that we monitor. From version 4.9.6 of wordpress (which we have installed) comprehensive data download and privacy tools are enabled. All website data in relation to expired user accounts will be deleted after 3 months. We use Google Analytics to monitor website usage, data is deleted after 14 months from a users last activity, on a rolling 1 month basis. Where a user signs up for a product or service on a limited trial basis, the only data we will store will be that provided via the specific email contact form - that data will be destroyed 365 days after the end of the trial period, unless the user becomes a paid subscriber, when the above will apply.

CrimeLineAssist: If you submit queries via this service then our website will store the information that you submitted. We permanently delete tickets 12 months from date of submission.
CPD/Continuing Learning complianceOur website monitors CPD activity. You can view and download this data. If your account is not renewed prior to expiry then this data will be deleted. With your prior consent we will provide CPD records to an employer or regulatory body.
When your subscription endsWe will send you reminder emails for a period of 1 month, after that date all website data will be deleted (although it may be deleted earlier at our discretion). We will retain some data for accounting purposes as outlined above. Please see above for the implications of this in relation to any CPD records.
I want to see my data, or request deletionOf course, please send us an email.
Case reportsWe maintain a database of court judgments, mainly England and Wales, but also a number of United Kingdom, European and Commonwealth decisions. These cases may identify living individuals. This data is retained in accordance with GDPR exemptions (Data Protection Act 2018, section 10(1) and (3), and Schedule 1, Part 2, Para 26). We will not therefore remove any judgments from our database, save where required to do so by Court Order or in compliance with the Open Justice Licence.
Social MediaWe maintain a number of social media accounts. All data is maintained by the relevant controller. You are free to follow/unfollow/block in accordance with the terms of those services.
Unsolicited contactYou may contact us via email, webchat, social media etc. We may maintain a record of that exchange. In particular please note that our email systems are hosted on a platform that allows for permanent and unlimited storage of emails. You do of course have the right to have such data deleted.

Last revision:

14 May 2024 Reference to two-factor authorisation

2 February 2024 Explicit reference to the Open Justice Licence added.

24/01/2024 [added information in relation to CrimeLineAssist submissions].