At the British Law Centre, we prioritize your privacy and are committed to protecting your personal information. Our Privacy Policy outlines the types of data we collect, how we use it, and the measures we take to ensure its security. We collect personal information when you register for our courses, subscribe to our newsletters, or interact with our website. This data is used to enhance your educational experience, provide customer support, and communicate important updates. We implement robust security protocols to protect your information from unauthorized access and ensure compliance with applicable data protection laws. Your trust is important to us, and we are dedicated to maintaining the confidentiality and integrity of your personal data.

Our Privacy Policy is a collection of documents, which should be read as a whole. It includes:

• Data Protection Policy (explaining who we are, which law applies to us, which data we collect, process and retain; how and why we collect your data; your rights as a data subject and other related rules).
• Data Retention Policy (explaining which data we retain and for how long)
• Cookies Policy (explaining the information saved on your devices when you use our Websites).
• Zoom Policy (explaining our rules on participating in, recording and sharing online meetings).

Together, these documents explain how we process personal data and other information when you interact with us or use our website.

Our Privacy Policy is designed to allow you to understand the most important information concerning how we process your personal data. It ensures that we comply with the fundamental obligation to inform you about our Policies, as required by the applicable law.

1. Purpose of this Policy

This Data Retention Policy explains how long we retain personal data and how we securely delete or anonymise it when it is no longer required.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including providing educational services, administering Courses, maintaining academic records, complying with legal obligations and protecting our legitimate interests.

Once the relevant retention period expires, we securely delete the data or anonymise it so that individuals can no longer be identified.

This policy applies to all personal data processed by Juris Angliae Scientia Ltd operating as the British Law Centre.

2. Principles Governing Data Retention

When determining how long we retain personal data, we apply the following principles:

• We retain personal data only for as long as necessary for the purposes for which it was collected.
• We retain certain information for longer periods where required by law or regulatory obligations.
• We may retain data where necessary to establish, exercise or defend legal claims.
• Where data is no longer required, we securely delete or anonymise it.
• Where possible, we minimise the amount of personal data stored and regularly review stored information.

Retention periods may be extended where necessary to comply with legal obligations or ongoing investigations, disputes or regulatory requirements.

3. Legal Framework

When we process personal data, we comply with the following data protection legislation:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• EU General Data Protection Regulation (EU GDPR), where applicable to our international activities.

These laws require us to process personal data lawfully, fairly and transparently, and to protect the rights of individuals whose data we process.

4. Categories of Data and Retention Periods

The following retention periods apply to the main categories of personal data processed by us.

Application Data (Successful Applicants)

Examples include:

• application forms
• CVs
• supporting documents submitted during the application process.

Purpose of processing:

• assessing eligibility for the Course
• enrolling participants.

Retention period: We retain this data for the duration of the Course and six years afterwards

Legal basis: Contract and legitimate interests.

Application Data (Unsuccessful Applicants)

Examples include:

• application forms
• CVs
• correspondence relating to applications.

Purpose of processing:

• administration of the recruitment process
• managing potential disputes relating to admissions decisions.

Retention period: We retain this data for two years after the recruitment decision.

Legal basis: Legitimate interests.

Participant Identity and Contact Details

Examples include:

• name
• email address
• contact information.

Purpose of processing:

• Course administration
• communication with participants.

Retention period: We retain this data for the duration of the Course and six years afterwards.

Legal basis: Contract and legitimate interests.

Academic Records

Examples include:

• assignment submissions
• grades
• transcripts
• academic assessment records.

Purpose of processing:

• academic assessment
• certification of Course completion
• verification of qualifications.

Retention period: We retain academic records indefinitely (or for at least ten years), in order to verify qualifications issued by the organisation.

Legal basis: Contract and legitimate interests.

Course Administration Records

Examples include:

• attendance records
• recorded BLC meetings
• Course participation information
• internal administrative records.

Purpose of processing:

• Course administration
• monitoring quality assurance in Course delivery
• regulatory and operational compliance

Retention period: We retain this information for the duration of the Course plus ten years afterwards.

Legal basis: Contract and legitimate interests.

Financial Records

Examples include:

• invoices
• payment records
• fee status information.

Purpose of processing:

• accounting and financial administration
• compliance with tax and financial regulations.

Retention period: We retain financial records for ten years after the end of the relevant financial year.

Legal basis: Legal obligation and legitimate interests.

Email Correspondence

Examples include:

• enquiries
• administrative communications
• routine correspondence.

Purpose of processing:

• responding to enquiries
• Course administration.

Retention period: We retain email correspondence for three years, unless it is required for the establishment, exercise or defence of legal claims, in which case for six years.

Legal basis: Legitimate interests.

Website and Platform Account Data

Examples include:

• login credentials
• Moodle account information
• website account data.

Purpose of processing:

• providing access to Course platforms
• administering Course participation.

Retention period: We retain this information for the duration of the Course and three years afterwards.

Legal basis: Contract.

Complaints or Dispute Records

Examples include:

• complaints
• appeals
• disciplinary matters.

Purpose of processing:

• resolving disputes
• defending potential legal claims.

Retention period: We retain this information for seven years after the matter has been resolved.

Legal basis: Legitimate interests.

Diploma and Certification Records

Examples include:

• records confirming the award of diplomas or certificates.

Purpose of processing:

• verification of qualifications issued by the organisation.

Retention period:

We retain these records indefinitely.

Legal basis: Legitimate interests.

Marketing or Optional Communications

Examples include:

• newsletter subscriptions
• mailing lists for events or future Courses.

Purpose of processing:

• communication about Courses or events.

Retention period: We retain this data until consent is withdrawn or after five years of inactivity, whichever occurs first.

Legal basis: Consent.

Table summary:

The table below summarises the periods, discussed above in more detail, for which we retain your Personal Data. After these periods expire, we either delete or anonymise your data (i.e. so that you can no longer be identified by using the data you provided to us).

5. Secure Deletion and Anonymisation

When the relevant retention period expires, we ensure that personal data is securely deleted or anonymised.

Secure deletion methods may include:

• removal of data from digital systems and backups where feasible;
• permanent deletion of user accounts;
• anonymisation of records so that individuals can no longer be identified.

Where anonymisation is used, the resulting data may be retained for statistical or research purposes.

6. Exceptions to Retention Periods

In certain circumstances, we may retain personal data for longer than the standard retention period.

This may occur where:

• legal proceedings or disputes are ongoing;
• regulatory or audit requirements apply;
• a supervisory authority requires the preservation of information;
• legal limitation periods have not yet expired.

7. Review of this Policy

We review this Data Retention Policy periodically to ensure that retention practices remain compliant with applicable data protection legislation and organisational requirements.