UK/EU Privacy Notice

Last updated December 2023

OVERVIEW

This Privacy Notice (the “Notice”) applies to you if you are located in the European Union or the United Kingdom. If you are located in the United States, please click here.

This website is operated by Women in eDiscovery (“WiE”), also referred to in this Notice as “we” or “us”. WiE is committed to protecting and respecting your privacy. This Notice describes how we will collect and use your information (which includes your personal data), both from your use of this website and through any services that we may provide to you and the rights you have in relation to your information.

By using any of our services, including this website, and by providing us with any personal data, you acknowledge the use of your personal data as set out in this Notice, including that you are sharing your data with an organization that is based in the United States of America. Please do not browse our website any further or send us personal data if you do not want that information to be used in this way.

WiE is the data controller of any information provided via this website and in the course of our relationship with you. When we do so we are subject to the UK General Data Protection Regulation (“UK GDPR”) and the EU General Data Protection Regulation (“EU GDPR”) in relation to goods and services we offer to individuals in the European Economic Area (EEA) (together the “GDPR”).

Given the nature of our website, we do not expect to collect the personal data of anyone under 18 years old. If you are aware that any personal data of anyone under 18 years old has been shared with our website please let us know so that we can delete that data.

If you have questions, comments, or concerns about this Privacy Notice or our processing of personal data, please see the bottom of this Privacy Notice for information about how to contact us.

WHAT THIS POLICY APPLIES TO
PERSONAL DATA WE COLLECT ABOUT YOU
HOW YOUR PERSONAL DATA IS COLLECTED
HOW AND WHY WE USE YOUR PERSONAL DATA
MARKETING
WHO WE SHARE YOUR PERSONAL DATA WITH
HOW LONG YOUR PERSONAL DATA WILL BE KEPT
TRANSFERRING YOUR PERSONAL DATA OUT OF THE UK AND EEA
COOKIES
YOUR RIGHTS
KEEPING YOUR PERSONAL DATA SECURE
HOW TO COMPLAIN
CHANGES TO THIS PRIVACY POLICY
HOW TO CONTACT US

WHAT THIS POLICY APPLIES TO

This privacy policy relates to your use of our website only.

Throughout our website we may link to other websites owned and operated by certain trusted third parties to for example, our sponsors and affiliates. Those third party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to those third party websites, please consult their privacy policies as appropriate.

PERSONAL DATA WE COLLECT ABOUT YOU

The personal data we collect about you depends on the particular activities carried out through our website and the particular services we provide to you. We will collect and use the following personal data about you:

your name, address and contact information, including email address and telephone number;
your employment details including your employer and position;
information to check and verify your identity, e.g. date of birth;
your gender, if you choose to give this to us;
location data, to add you to the correct Chapter (this is the local WiE group you will be a member of and depends on your location);
details of any information, feedback or other matters you give to us by phone, email, post or via social media;
your account details, such as username and login details;
your activities on, and use of, our website;
your professional interests;
your professional online presence, e.g. LinkedIn profile;
your contact history;
information about the services we provide to you;
information about how you use our website;
your responses to surveys; and
your WiE conference participation.

You must provide certain personal data to apply for membership with WiE.

Sometimes you can choose if you want to give us your personal data and let us use it. Where that is the case we will tell you and give you the choice before you give the personal data to us. We will also tell you whether declining to share that personal data will have any effect on your use of our website or any services we provide.

We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data’ below.

For the avoidance of doubt, we do not collect any special category data.

HOW YOUR PERSONAL DATA IS COLLECTED

We collect personal data from you:

directly, when you apply for membership or send us information, such as when you contact us (including via email), post material to our website e.g. on a Chapter board, sign up to an event and send us feedback; and
indirectly, such as your browsing activity while on our website; we will usually collect information indirectly using the technologies explain in the section on ‘Cookies’ below.

HOW AND WHY WE USE YOUR PERSONAL DATA

Under data protection law, we can only use your personal data if we have a proper reason, e.g.:

where you have given consent;
to comply with our legal and regulatory obligations;
for the performance of a contract with you or to take steps at your request before entering into a contract; or
for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

The table below explains what we use your personal data for and why.

What we use your personal data for

Our reasons

Create and manage your account with us

For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you.

To perform our contract with you or to take steps at your request before entering into a contract.

Providing services to you

To perform our contract with you so we are able to provide our services with you.

Conducting checks to identify you and verify your identity

For our legitimate interests, i.e. to minimize fraud that could be damaging for you and/or us.

To enforce legal rights or defend or undertake legal proceedings

Depending on the circumstances:

to comply with our legal and regulatory obligations; and/or

in other cases, for our legitimate interests, i.e. to protect our business, interests and rights

Customize our website and its content to your particular preferences based on a record of your selected preferences or on your use of our website

Depending on the circumstances:

your consent as gathered e.g. in relation to cookies on our website; and/or

where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you.

Communications with you relating to organization events and other data relevant to your membership.

Depending on the circumstances:

to comply with our legal and regulatory obligations; and/or

in other cases, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you.

Statistical analysis to help us understand our customer base

For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you.

Updating and enhancing member records

Depending on the circumstances:

to perform our contract with you or to take steps at your request before entering into a contract;

to comply with our legal and regulatory obligations; and/or

where neither of the above apply, for our legitimate interests, e.g. making sure that we can keep in touch with our members.

Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business

To comply with our legal and regulatory obligations.

Marketing our services to existing and former members

For our legitimate interests, i.e. to promote our business to existing and former members.

To share your personal data with members of the relevant WiE Chapters and third parties that will or may provide services to our foundation. This could include professional advisors acting on our or their behalf. In such cases information will be anonymized where possible and only shared where necessary

Depending on the circumstances:

to comply with our legal and regulatory obligations;

in other cases, for our legitimate interests, i.e. to provide services, protect, realize or grow the value in our business and assets.

What we use your personal data for	Our reasons
Create and manage your account with us	For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you. To perform our contract with you or to take steps at your request before entering into a contract.
Providing services to you	To perform our contract with you so we are able to provide our services with you.
Conducting checks to identify you and verify your identity	For our legitimate interests, i.e. to minimize fraud that could be damaging for you and/or us.
To enforce legal rights or defend or undertake legal proceedings	Depending on the circumstances: to comply with our legal and regulatory obligations; and/or in other cases, for our legitimate interests, i.e. to protect our business, interests and rights
Customize our website and its content to your particular preferences based on a record of your selected preferences or on your use of our website	Depending on the circumstances: your consent as gathered e.g. in relation to cookies on our website; and/or where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you.
Communications with you relating to organization events and other data relevant to your membership.	Depending on the circumstances: to comply with our legal and regulatory obligations; and/or in other cases, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you.
Statistical analysis to help us understand our customer base	For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you.
Updating and enhancing member records	Depending on the circumstances: to perform our contract with you or to take steps at your request before entering into a contract; to comply with our legal and regulatory obligations; and/or where neither of the above apply, for our legitimate interests, e.g. making sure that we can keep in touch with our members.
Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business	To comply with our legal and regulatory obligations.
Marketing our services to existing and former members	For our legitimate interests, i.e. to promote our business to existing and former members.
To share your personal data with members of the relevant WiE Chapters and third parties that will or may provide services to our foundation. This could include professional advisors acting on our or their behalf. In such cases information will be anonymized where possible and only shared where necessary	Depending on the circumstances: to comply with our legal and regulatory obligations; in other cases, for our legitimate interests, i.e. to provide services, protect, realize or grow the value in our business and assets.

MARKETING

We will use your personal data to send you updates by email about our events, sponsors and other organizational activity.

We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.

You have the right to opt out of receiving marketing communications at any time by contacting us at privacy@womeninediscovery.org. However, if you opt out of receiving communications from us you will not receive any updates from WiE including updates about your membership or local Chapter and we will not be able to provide our services to you.

We will always treat your personal data with the utmost respect and never sell or share it with other organizations for marketing purposes.

For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ below.

WHO WE SHARE YOUR PERSONAL DATA WITH

We routinely share personal data with:

third parties we use to help us run our business and deliver our services to you, e.g. third party email providers, storage hosts, website hosts and website analytics providers; and
our sponsors who assist with hosting or sponsoring WiE events if a member has signed up to attend the conference.

We only allow those organizations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.

We or the third parties mentioned above occasionally also share personal data with:

our external auditors, e.g. in relation to the audit of our accounts, in which case the recipient of the information will be bound by confidentiality obligations;
our professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations; and
law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations.

HOW LONG YOUR PERSONAL DATA WILL BE KEPT

We will not keep your personal data for longer than we need it for the purpose for which it is used. The retention period will be determined by various criteria including (i) the purpose for which WiE is using it, and (ii) applicable laws or regulations, which may set a minimum period for which WiE has to retain personal data.

If you end your membership with us we will delete or anonymize your account data after seven years.

Following the end of the of the relevant retention period, we will delete or anonymize your personal data.

TRANSFERRING YOUR PERSONAL DATA OUT OF THE UK AND EEA

WiE is an organization that is head quartered in New York in the United States of America. You acknowledge that by sharing your personal data with WiE you are transferring this information directly to us in the United States of America and outside out of the UK and EEA. WiE will then share your personal data with the local Chapter you are applying to be a member of.

The EEA, UK and other countries outside the EEA and the UK have differing data protection laws, some of which may provide lower levels of protection of privacy. When WiE shares your data outside of the UK and EEA we will comply with applicable UK and EEA laws designed to ensure the privacy of your personal data.

Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:

in the case of transfers subject to UK data protection law, the UK government has decided a particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’). A list of countries the UK currently has adequacy regulations in relation to is available here. We rely on adequacy regulations for transfers to the EEA.
in the case of transfers subject to EEA data protection laws, the European Commission has decided that a particular country ensures an adequate level of protection of personal data (known as an ‘adequacy decision’). A list of countries the European Commission has currently made adequacy decisions in relation to is available here. We rely on adequacy decisions for transfers to the UK.
there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you; or
a specific exception applies under relevant data protection law.

Where we transfer your personal data outside the UK and EEA we do so on the basis of an adequacy regulation or, where this is not available, by legally-approved standard data protection clauses recognized or issued by the EU and UK Commissioners. In the event we cannot or choose not to continue to rely on either of those mechanisms we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by the GDPR and reflected in an update to this policy.

Any changes to the destinations to which we send personal data or in the transfer mechanisms we rely on to transfer personal data internationally will be notified to you in accordance with the section on ‘Changes to this privacy policy’ below.

If you would like further information about data transferred outside the UK or EEA, please contact us at privacy@womeninediscovery.org.

COOKIES

A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic device) when you use our website. We use cookies on our website. These help us recognize you and your device and store some information about your preferences or past actions.

YOUR RIGHTS

You generally have the following rights in relation to the personal data we hold about you, which you can usually exercise free of charge:

Access to a copy of your personal data:

The right to be provided with a copy of your personal data.

Correction (also known as rectification):

The right to require us to correct any mistakes in your personal data.

Erasure (also known as the right to be forgotten):

The right to require us to delete your personal data - in certain situations.

Restriction of use:

The right to require us to restrict use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data.

Data portability:

The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party - in certain situations.

To object to use:

The right to object:

at any time to your personal data being used for direct marketing (including profiling); or

in certain other situations to our continued use of your personal data, e.g. where we use your personal data for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defense of legal claims.

Not to be subject to decisions without human involvement:

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

Please note, we do not make any such decisions based on the personal data collected by us.

The right to withdraw consents:

If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time.

You may withdraw consents by contacting us.

Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.

For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see ‘How to contact us’ below).

If you would like to exercise any of those rights, please contact us at privacy@womeninediscovery.org.

KEEPING YOUR PERSONAL DATA SECURE

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

HOW TO COMPLAIN

Please contact us if you have any queries or concerns about our use of your personal data (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.

You also have the right to lodge a complaint with:

the Information Commissioner in the UK; or
our lead supervisory authority in the EEA, which is [●. ]; and
a relevant data protection supervisory authority in the EEA state of your habitual residence, place of work or of an alleged infringement of data protection laws in the EEA.

CHANGES TO THIS PRIVACY POLICY

We may change this privacy policy from time to time - when we make significant changes we will take steps to inform you, by emailing you a copy of the updated privacy policy and displaying the new policy on our website.

HOW TO CONTACT US

Individuals in the UK

privacy@womeninediscovery.org

Individuals in the EEA

privacy@womeninediscovery.org

Access to a copy of your personal data:	The right to be provided with a copy of your personal data.
Correction (also known as rectification):	The right to require us to correct any mistakes in your personal data.
Erasure (also known as the right to be forgotten):	The right to require us to delete your personal data - in certain situations.
Restriction of use:	The right to require us to restrict use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data.
Data portability:	The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party - in certain situations.
To object to use:	The right to object: at any time to your personal data being used for direct marketing (including profiling); or in certain other situations to our continued use of your personal data, e.g. where we use your personal data for our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defense of legal claims.
Not to be subject to decisions without human involvement:	The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. Please note, we do not make any such decisions based on the personal data collected by us.
The right to withdraw consents:	If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time. You may withdraw consents by contacting us. Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.