This page details how we process the personal data we hold on you, and how you can control the retention and use of that data. When you begin a business relationship with us, the data you provide may be used for different purposes and be treated in different ways. In light of this, we highlight the ‘journey’ that a customer engages in, from initial order through to the end of the subscription, in order that you can understand how your data is used and why. Essentially, we seek only to use and retain such data that is necessary either for the performance of our contract with you (i.e. supplying the product or service that you have purchased), or where some other lawful purpose is engaged (e.g. holding data for accounting record purposes).
‘CrimeLine’ is CrimeLine Training Limited, a company registered in England and Wales.
In order to purchase products and/or services from CrimeLine, we ask that you review, and accept (consent to) this data protection policy, note however that CrimeLine relies upon Article 6(1)(b) of GDPR (necessary for the performance of a contract).
All data that is held by ourselves or those on our behalf is backed up on at least a daily basis, and stored on servers or computers based in the EU (case reports, but no other data, may be held outside of the EU). Where data is held on, or capable of being accessed by desktop, laptop or tablet computers, that equipment is (a) password protected, (b) encrypted and (c) secured by two-factor authentication. All backed up data is encrypted, as is any financial data (credit or debit card details, bank accounts etc). CrimeLine is registered with the Information Commissioner’s Office. We have satisfied ourselves that all third-parties who hold your data on our behalf will comply with GDPR from the date of commencement, at the latest.
We only share your data when required to do so by law, so, for example, we may have to produce accounting records in order to verify our own financial returns. We will share data in other instances when you consent in advance to that data being shared – for example, an employer or regulator may require confirmation of your CPD activity, and you may if you wish consent to this. In all other instances, we would only share data where required by legal process.
Our core position in relation to the processing of data is this: ‘CrimeLine wishes at all times to comply with both the letter and spirit of data protection legislation. We will work openly with you to resolve any concerns that you have.’
If you wish to see the data that we hold or request its deletion, please send an email via the website contact page and we will contact you to facilitate this. We aim to comply with all requests within 20 working days.
|Payments||Where an account is ordered via the website, or an invoice is paid via debit/credit card or direct debit.|
These transactions are handled by third-parties, either Stripe (in the case of card payment) or GoCardless for direct debit transactions. We have no access to your financial data at all. Both institutions are approved financial institutions and you should contact them directly if you have questions in relation to your data use.
Where a payment is made, the transaction is recorded by our bank/payment processor, we have access to your identity and payment confirmation in order to reconcile your account, these details are retained for a period of 7 years from date of payment.
|Your order||We ask for: name, address, business address, email address and telephone contact number. We use these details to generate invoices and create accounting records for HMRC and other accounting purposes (i.e. 'legal obligations' under GDPR). These details are retained for a period of 7 years from the date of transaction.|
|CrimeLine Website and mailing lists||Our website stores your name, address, telephone number and email contacts. Our mailing lists record your name and email address. This allows us to identify user accounts and send legal updates which form part of our subscriber services. Whilst we may notify you of other products and services offered by CrimeLine and on an occasional basis of other products/services that may be of interest (for example seminars offered by the Inns of Court, Bar Council, Law Commission etc), we only do this in order to enhance the service we offer to you. We do not accept paid advertisements for products/services and do not sell/rent or otherwise share use of our customer databases. We do not sell or use your details for any other purpose. Tracking data: We are aware that our website and mailing systems are capable of logging some usage via link click tracking and IP addresses. This is not information that we monitor. From version 4.9.6 of wordpress (which we have installed) comprehensive data download and privacy tools are enabled. All website data in relation to expired user accounts will be deleted after 3 months. We use Google Analytics to monitor website usage, data is deleted after 14 months from a users last activity, on a rolling 1 month basis. Where a user signs up for a product or service on a limited trial basis, the only data we will store will be that provided via the specific email contact form - that date will be destroyed 120 days after the end of the trial period, unless the user becomes a paid subscriber, when the above will apply.|
|CPD/Continuing Learning compliance||Our website monitors CPD activity. You can view and download this data. Please note: If an account is renewed within 3 months of lapsing, previous CPD data will remain available. In the event of non-renewal it will be deleted after a period of 3 months. This is a major difference under GDPR (previously we held CPD data indefinitely), so you must ensure if you leave CrimeLine that you have a copy of your CPD record as we will not be able to retrieve it for you after a period of 3 months.|
|When your subscription ends||We will send you reminder emails for a period of 3 months, after that date all website data will be deleted. We will retain some data for accounting purposes as outlined above. Please see above for the implications of this in relation to any CPD records.|
|I want to see my data, or request deletion||Of course, please send us an email.|
|Case reports||We maintain a database of court judgments, mainly England and Wales, but also a number of United Kingdom, European and Commonwealth decisions. These cases may identify living individuals. This data is retained in accordance with GDPR exemptions (Data Protection Act 2018, section 10(1) and (3), and Schedule 1, Part 2, Para 26). We will not therefore remove any judgments from our database.|
|Social Media||We maintain a number of social media accounts. All data is maintained by the relevant controller. You are free to follow/unfollow/block in accordance with the terms of those services.|
|Unsolicited contact||You may contact us via email, webchat, social media etc. We may maintain a record of that exchange. In particular please note that our email systems are hosted on a platform that allows for permanent and unlimited storage of emails. You do of course have the right to have such data deleted.|