Our Privacy Policy is a collection of documents, which should be read as a whole. It includes:

• Data Protection Policy (explaining who we are, which law applies to us, which data we collect, process and retain; how and why we collect your data; your rights as a data subject and other related rules).
• Data Retention Policy (explaining which data we retain and for how long)
• Cookies Policy (explaining the information saved on your devices when you use our Websites).
• Zoom Policy (explaining our rules on participating in, recording and sharing online meetings).

Together, these documents explain how we process personal data and other information when you interact with us or use our website.

Our Privacy Policy is designed to allow you to understand the most important information concerning how we process your personal data. It ensures that we comply with the fundamental obligation to inform you about our Policies, as required by the applicable law.

1. Introduction

Our Privacy Policy is a package of documents, which should be read as a whole. It includes:

• Data Protection Policy (i.e. this document: it explains who we are, which law applies to us, which data we process and which categories of personal data we collect from you; how and why we collect and process your data; the legal bases which justify this processing; how we retain, store and share data; what your rights are as a data subject; and how we deal with data breaches, training, compliance, governance and review. It also explains how you can contact us in relation to any data protection enquiries).
• Data Retention Policy (explaining the periods for which we retain the data you provide to us)
• Cookies Policy (explaining the information saved on your devices when you use our Websites).

Together, these documents explain how we process personal data and other information when you interact with us or use our website.

Our Privacy Policy is designed to allow you to understand the most important information concerning how we process your personal data. It ensures that we comply with the fundamental obligation to inform, as derived from the applicable law (see 3. Legal Framework).

This Data Protection Policy (the “Policy”) explains how we collect, use, store and protect your personal data when you interact with us.

 

 

2. Who We Are

The data controller responsible for your personal data is: Juris Angliae Scientia Ltd (“JAS”), operating as: British Law Centre (“BLC”, “we”, “us” or “our”).

Address: University of Cambridge (Faculty of Law), Sir David Williams Building, 10 West Road, Cambridge, CB3 9DZ, United Kingdom

Registered Charity No: 1013738
Company No. 02659061

We provide educational services, including the delivery and administration of legal education programmes such as the Diploma in English Law and Legal Skills (“DELLS” or “Course”). We operate internationally and deliver courses in countries including Bulgaria, Croatia, Czechia, Hungary, Poland, Romania and Slovakia, as well as online to participants located in other countries.

 

 

3. Legal Framework

When we process personal data, we comply with the following data protection legislation:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• EU General Data Protection Regulation (EU GDPR), where applicable to our international activities.

These laws require us to process personal data lawfully, fairly and transparently, and to protect the rights of individuals whose data we process.

 

 

4. Whose Data We Process

We process personal data relating to:

• Course applicants and participants
• Employees and applicants for employment
• Contractors
• Donors
• BLC Website users
• Event participants

In some cases, you may choose whether or not to provide your personal data. However, if you do not provide certain information, we may not be able to provide services such as course enrolment, access to online platforms, newsletters or event registration.

 

 

5. Categories of Personal Data We Collect

Depending on how you interact with us, we may collect the following types of personal data.

 

(a)  Personal Data

We may collect:

• your name
• contact details
• email address
• IP address
• student ID number (where relevant)
• your image, voice and zoom ID (during online meetings)

 

(b)  Professional Data

We may collect:

• your CV
• employment details (if relevant)
• student-status details
• trainee lawyer status (where relevant)

 

(c)  Financial Data

We may collect:

• payment information
• bank details relating to course payments or payments to staff

 

(d)  Other Information

We may also process:

• audio or video recordings of classes, lectures or events ((NB. where BLC classes, lectures or events are recorded, such recordings may capture participants’ image, voice and displayed name). 
• event attendance records

We do not intentionally collect special category data, such as health information, ethnicity or political opinions.

 

 

6. How We Collect Personal Data

We collect personal data in several ways, including when you:

• complete application forms on our website;
• correspond with us by email;
• use the BLC website or Moodle platform;
• submit documents such as CVs or eligibility documentation (e.g. student ID; trainee lawyer ID);
• make payments of Course Fees;
• submit assignments or participate in Course activities;
• communicate with us regarding Course administration;
• interact with BLC Host Institutions involved in course delivery
• attend an online BLC class or event.

 

 

7. Why We Process Your Data

We process your personal data for several purposes.

 

(a)  Course administration

We use your data to:

• review applications to join our courses;
• enrol participants and maintain course records;
• communicate with participants;
• provide access to course platforms and materials;
• administer assignments, grading and feedback;
• maintain academic records and transcripts;
• issue diplomas and certificates;
• monitor participation in the Course.

 

(b)  Financial administration

We process personal data in order to:

• administer course fees;
• maintain financial and accounting records;
• comply with tax and financial regulations.

 

(c)  Operational and organisational purposes

We may also use personal data to:

• manage course administration (including transfers, withdrawals or deferrals);
• communicate with graduates about events or courses;
• conduct fundraising activities;
• analyse website usage and improve our services;
• manage HR processes and contractual relationships;
• record and share online meetings.

 

 

8. Legal Bases for Processing

We rely on several legal bases under the applicable law (see 3. Legal Framework) to lawfully process your data.

 

(a)  Contract

We process your data when this is necessary to perform a contract with you, for example to:

• enrol you on a course;
• provide teaching activities;
• administer assignments and grading;
• issue certificates or diplomas;
• manage course fees.

 

(b)  Legal obligation

We process personal data where necessary to comply with legal obligations, including:

• financial record-keeping;
• accounting and tax compliance.

 

(c)  Legitimate interests

We may process personal data where this is necessary for our legitimate interests, such as:

• responding to enquiries;
• reviewing course applications;
• maintaining communication systems;
• improving our services;
• establishing or defending legal claims;
• to monitor attendance in BLC online events;
• to assess teaching delivery standards.

 

(d)  Consent

In some circumstances we rely on your consent, for example where you voluntarily submit information or subscribe to certain communications, or when you participate in a BLC online event.

 

 

9. Data Storage and Security

We store personal data using secure digital systems used to administer and deliver our courses.

 

Data may be stored through:

• cloud services used to host our website and learning platforms;
• the BLC Moodle platform;
• email and administrative systems used for course communications;
• secure digital storage used for administrative and financial records.

 

To protect personal data, we implement technical and organisational security measures including:

• password-protected systems;
• restricted access to authorised staff;
• secure authentication procedures;
• encrypted communication protocols for online platforms;
• system backup and recovery mechanisms.

 

 

10. Data Sharing

We may share personal data with third parties where necessary for course administration. These may include:

 

(a)  Host institutions and partner organisations

Where courses are delivered in collaboration with local institutions, we may share relevant information necessary for course delivery and administration.

 

(b)  Service providers and IT platforms

We may use service providers to operate:

• the BLC website;
• the Moodle learning platform;
• email communication systems;
• payment or financial systems.

These providers process personal data only as necessary to provide their services and are subject to contractual data protection safeguards.

We also share data with any BLC external examiners, who verifies the standards adopted by us in our grading of student written work.  

 

(c)  International transfers

As we operate internationally, personal data may be transferred outside the UK or the European Economic Area.

Where this occurs, we use appropriate safeguards such as:

• adequacy decisions issued by the UK Government or European Commission;
• Standard Contractual Clauses.

 

(d) Other Course participants and external parties

Many of our online events are recorded. We may share the recording from an online event with other Course participants or with external parties (including to advertise the BLC and its Courses). 

 

11. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected.

Examples include:

• application data: duration of the course plus six years;
• unsuccessful applications: two years;
• academic records and diplomas: indefinitely or at least ten years;
• financial records: ten years;
• website account data: duration of the course plus three years.

After the relevant retention period expires, we securely delete or anonymise the data.

See here for details of our Data Retention Policy

 

 

12. Your Rights

You have several rights under data protection law.

 

1. The right of access– the right to access your personal data and obtain a copy of it;
2. The right of rectification– the right to have inaccurate data corrected or incomplete data supplemented;
3. The right to be forgotten– the right to have your personal data erased;
4. The right to restrict processing– the right to require us to temporarily restrict processing of your personal data;
5. The right to data portability– the right to transfer your personal data to another controller (the right will apply only to data submitted by you and in the event of processing of data under consent or contract);
6. The right to object– the right to object at any time to the processing of your personal data (the right shall apply to processing of data under a legitimate interest of the controller or to perform a task in the public interest);
7. The right to withdraw consent– the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out before that consent was withdrawn (the right shall apply only when the processing is upon consent);
8. The right not to be subjectto automated decisions based on profiling.
9. The right to lodge a complaint with a supervisory authority, i.e. the Information Commissioner’s Office (ICO) or another relevant Data Protection Agency - if you believe that our processing of your data infringes the applicable law (see Legal Framework).

 

Reasonable restrictions may apply to the way in which you can exercise some of these rights (e.g. due to the controller’s statutory obligations), so every application for exercising a right is considered individually.

In order to exercise your rights, or to ask any questions regarding our Data Policy, or to complain about how we process your data. please contact us at diploma@britishlawcentre.co.uk.

 

 

13. Cookies and Website Analytics

Our website uses cookies and similar technologies.

Cookies help us:

• maintain secure login sessions;
• enable the technical operation of the website;
• remember user preferences;
• analyse how visitors interact with the site.

We may use tools such as Google Analytics to collect information such as IP addresses, browser types and pages visited. This information helps us improve our website and services.

Click here for details of our Cookie Policy.

 

14. Data Breach Management

If a personal data breach occurs, we will:

• identify and contain the breach;
• assess the risks to affected individuals;
• take steps to mitigate harm;
• document the incident.

Where required, we will report breaches to the Information Commissioner’s Office (ICO) within 72 hours. If a breach poses a high risk to individuals, we will notify affected individuals without undue delay.

 

15. Training and Compliance

We ensure that the senior administrative staff involved in processing personal data understand their responsibilities under the Legal Framework. We provide such staff with training when they begin their roles and periodically thereafter, particularly when laws or organisational procedures change.

 

 

16. Governance and Review

We review this Data Protection Policy at least every two years or earlier if necessary. Updates are approved by senior management or the governing body responsible for oversight of the organisation’s activities. We maintain a Record of Processing Activities where required under applicable data protection law.

 

 

17. Contact Us

If you wish to exercise your data protection rights, ask questions about this Policy, or complain about how we have processed your data, please email us at: diploma@britishlawcentre.co.uk