top of page
Arab design.jpg

Privacy Policy

 

Arab Lawyers Association – Website Privacy Policy

1  |  Who we are

Arab lwyers Ltd (company no. 11957700) is a private company limited by guarantee without share capital, registered in England & Wales. We trade as the Arab Lawyers Association (ALA) and act as the parent entity for ALA Chapters worldwide. For data-protection purposes, Arab lwyers Ltd is the data controller for personal data collected through www.arablawyersassociation.co.uk and any microsites or event-registration pages we operate (together, the “Site”).

 

As some services are delivered jointly with our Chapters, there may be circumstances in which we and a Chapter jointly decide why and how your data are used. In those cases, we and the relevant Chapter are joint controllers. 

 

2  |  Scope of this policy

 

This policy explains how we collect, use, share and protect personal data when you:

 

  • browse, log in to or otherwise use the Site;

  • apply for or hold any category of ALA membership;

  • register for or attend an ALA event (whether in person or online);

  • interact with us on social-media channels or subscribe to ALA newsletters; or

  • communicate with us as a professional contact, sponsor, speaker, supplier or volunteer.

It does not cover websites operated independently by third parties that may be linked from the Site; those websites will publish their own privacy notices.

3  |  The personal data we collect

We may collect and process the following categories of information about you:

 

  • Identity and contact details – such as your name, title, professional role, postal address, email address, telephone number and social-media handle, typically provided when you complete membership or event forms or submit an enquiry.

  • Professional profile information – including practice areas, bar or law-society admissions, languages, employer or firm, biography and photograph, usually supplied when creating a membership profile or speaker bio.

  • Membership and event records – for example, the membership tier you hold, payment status, continuing-professional-development (CPD) attendance, event registrations, dietary or accessibility requirements and related correspondence.

  • Marketing preferences – your choices about receiving newsletters and promotional emails, together with records of any consents or objections you have given.

  • Technical information – such as internet-protocol (IP) address, browser type, device identifiers, time-zone settings, cookie identifiers and log-file data that are generated automatically when you visit the Site.

  • Usage information – including page views, navigation paths, referral URLs and click-through data captured through analytics cookies or similar technologies.

  • Survey and feedback responses – any information you volunteer in questionnaires, polls or post-event feedback forms.

We do not intentionally collect sensitive “special-category” data (for example, health or ethnicity) except where you choose to provide it (for instance, to tell us about an accessibility need for an event). When that occurs, we process the information only with your explicit consent or another lawful basis and apply additional safeguards.

4  |   How and why we use your data

We use the personal data described above for the purposes set out below:

 

  • To administer membership confirmations, Chapter affiliations and event bookings (necessary for the performance of a contract).

  • To run networking, mentoring and referral programmes for the Arab legal profession.

  • To send legal-profession news, ALA updates and marketing communications either with your consent or, where the law permits “soft-opt-in”, because it is in our legitimate interest to keep members informed. You can opt out at any time.

  • To operate and secure the Site, troubleshoot problems and generate aggregated analytics (legitimate interests in ensuring the security, integrity and usability of our online services).

  • To comply with legal obligations, for example in relation to accounting records, sanctions screening, safeguarding and reporting requirements.

  • To create promotional material (photography or video) at events after carefully balancing our legitimate interest in publicising the ALA’s work against your privacy expectations; prominent notices will be displayed and an opt-out will be offered.

 

Whenever we rely on our legitimate interests, we assess those interests and ensure they are not overridden by your rights and freedoms.

 

5  |  Sharing your personal data

We share data only as necessary for the purposes described above:

 

  • Within the ALA Group – with members of  our committees, authorised volunteers and Chapter officers who need the information to deliver services.

  • With trusted service providers – including providers of IT hosting, cloud storage, customer-relationship-management (CRM) platforms, email marketing services, payment processors, event-management tools and professional advisers. Each provider is subject to strict confidentiality and data-processing terms.

  • With event partners or venue sponsors – limited details (normally name, role and organisation) may be passed to facilitate security access, event logistics or co-branded activities; you will be informed in advance.

  • With regulators, courts, law-enforcement agencies or other third parties when we have a legal duty to do so, are required to enforce our rights, or must protect the rights, property or safety of others.

We will never sell your personal data.

6  |  International data transfers

Given the global reach of the ALA, information you provide may be transferred to, stored in or accessed from countries outside the United Kingdom. Whenever we export personal data to a jurisdiction that has not been deemed “adequate” by the UK government, we implement approved safeguards and carry out transfer-risk assessments in line with UK Information Commissioner’s Office (ICO) guidance. 

7  |  Data-retention policy

We keep personal data only for as long as necessary to fulfil the purposes outlined in this policy, after which we either delete or anonymise the information. In broad terms:

 

  • Membership files are retained for the lifetime of the membership plus six years, reflecting statutory limitation periods.

  • Event attendance data are retained for three years to support CPD verification and audit.

  • Marketing suppression lists (records of opt-out requests) are retained indefinitely so we do not email you again if you have told us not to.

  • Technical logs are normally kept for up to twelve months unless they are needed for a security investigation or dispute.

Retention periods may be extended where a legal obligation, regulatory requirement or litigation hold applies.

 

8 |  Security measures

We apply appropriate technical and organisational measures to protect personal data, including encryption at rest, transport-layer security (TLS) for data-in-transit, role-based access controls, multi-factor authentication, staff and volunteer confidentiality undertakings, periodic penetration testing and an incident-response plan. Nevertheless, no online transmission is wholly secure.

9 |  Your data-protection rights

Subject to the conditions and exemptions in the UK GDPR, you have the right to:

 

  1. access a copy of the personal data we hold about you;

  2. request correction of inaccurate or incomplete data;

  3. request deletion of data in certain circumstances (“right to be forgotten”);

  4. restrict processing while a dispute is resolved;

  5. receive personal data in a portable, machine-readable format or have it sent to another controller;

  6. object to processing based on legitimate interests or to receiving direct marketing; and

  7. withdraw consent at any time where processing relies on consent (without affecting the lawfulness of earlier processing).

We normally respond within one month, extendable by up to two additional months for complex or multiple requests. If you are unhappy with our response, you may complain to the UK ICO (www.ico.org.uk) or to your local supervisory authority.

10 |  Cookies and similar technologies

The Site uses several categories of cookies and comparable technologies:

 

  • Strictly necessary cookies enable core functions such as security, network-management and accessibility and cannot be switched off.

  • Analytics cookies help us understand how visitors engage with the Site so we can improve performance.

  • Functionality cookies remember your preferences, for example language or region settings.

  • Marketing cookies may be set by us or by trusted partners to tailor communications or measure the effectiveness of campaigns; these are used only if you consent.

A cookie banner allows you to accept or reject non-essential cookies, and you can change your browser settings at any time to control cookies.

11  |  Third-party links

Our Site may contain links to external websites (such as partner law firms, legal-research providers or social-media platforms). We do not control those websites and are not responsible for their privacy practices. You should review the privacy notices of any third-party site you visit.

12  |  Changes to this policy

We may update this policy from time to time to reflect changes in law, our data-handling practices or Site functionality. Any significant changes will be highlighted on the Site and, where appropriate, notified to members by email. We encourage you to review this policy periodically.

13  |  Contact us

If you have any questions about this policy or wish to exercise your rights, please contact us at info@arablawyersassociation.co.uk

 

 

Last reviewed: 12 July 2025

​​​​

​​

bottom of page