Data Protection
LawNet Limited Data Protection & Privacy Notice
Last updated: June 2026
1. Who We Are
LawNet Limited ("LawNet", "we", "us" or "our") is a company registered in England and Wales under company number 2538900 whose registered office is at:
Centenary House
Peninsula Park
Rydon Lane
Exeter
Devon
EX2 7XE
This Privacy Notice explains how we collect, use, store and share personal data relating to:
- representatives of member firms;
- partners and directors of member firms;
- employees of member firms;
- prospective member firms;
- speakers, trainers and event delegates;
- suppliers and business contacts.
For the purposes of UK data protection legislation, LawNet Limited is the data controller of the personal data described in this notice.
2. Contacting Us About Data Protection
If you have any questions about this Privacy Notice or how we process your personal data, please contact:
Graham Ford
IT & Member Experience Manager
LawNet Limited
Centenary House
Peninsula Park
Rydon Lane
Exeter
Devon
EX2 7XE
Email: gford@lawnet.co.uk
Telephone: 01926 886990
3. The Personal Data We Collect
Depending on your relationship with LawNet, we may collect and process:
Identity Information
- name;
- title;
- job title;
- professional qualifications;
- areas of legal specialism;
- languages spoken.
Contact Information
- business email address;
- business telephone number;
- business postal address.
Membership Information
- member firm details;
- participation in LawNet activities;
- training and event attendance records;
- accreditation and certification information.
Communications Information
- correspondence with us;
- feedback;
- survey responses;
- complaints;
- enquiries.
Technical Information
Where you use our website, member portal or online services:
- IP address;
- browser information;
- device information;
- website usage information.
Special Category Data
Where necessary for events or accessibility purposes, we may collect:
- dietary requirements;
- allergies;
- disability information;
- accessibility requirements;
- religious dietary requirements.
We will only collect and use this information where lawful to do so.
4. How We Collect Personal Data
We may obtain personal data:
- directly from you;
- from your member firm;
- through membership applications;
- through event registrations;
- through surveys and feedback forms;
- through quality assessment and audit processes;
- from suppliers providing services on our behalf;
- through your use of our website, member portal or online services.
We may also periodically request updated contact details from member firms to ensure our records remain accurate.
5. How We Use Personal Data
We may use personal data to:
Membership Administration
- administer membership arrangements;
- manage member records;
- communicate with member firms;
- provide membership services and benefits.
Learning and Events
- manage bookings;
- administer attendance;
- provide event materials;
- accommodate dietary or accessibility requirements;
- issue attendance certificates;
- facilitate delegate networking.
Products and Services
- provide information relevant to your role;
- facilitate introductions to approved partners and service providers;
- administer member benefits programmes.
Business Administration
- respond to enquiries;
- manage complaints;
- improve our services;
- maintain records;
- comply with legal and regulatory obligations.
6. Our Lawful Bases for Processing
We process personal data under one or more of the following lawful bases.
Contract
Article 6(1)(b) UK GDPR
Where processing is necessary to perform our membership arrangements or provide services requested by your firm.
Examples include:
- event bookings;
- training administration;
- membership management.
Legitimate Interests
Article 6(1)(f) UK GDPR
We process personal data where necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms.
Examples include:
- maintaining member records;
- facilitating networking opportunities;
- administering member communications;
- introducing members to approved partners;
- conducting surveys;
- improving services;
- maintaining security.
Where we rely on legitimate interests, we consider and balance any impact on individuals.
Legal Obligation
Article 6(1)(c) UK GDPR
Where we are required to process personal data to comply with legal obligations.
Consent
Article 6(1)(a) UK GDPR
Where required, we will obtain consent before processing personal data.
Examples may include:
- certain marketing communications;
- collection of dietary or accessibility information.
You may withdraw consent at any time.
7. Special Category Data
Where we process special category data, we rely on:
- Article 9(2)(a) (explicit consent); and/or
- another lawful condition permitted under applicable data protection legislation.
We only collect the minimum amount of such information necessary for the relevant purpose.
8. Marketing Communications
We may send communications regarding:
- LawNet membership services;
- training;
- webinars;
- conferences;
- networking opportunities;
- member benefits;
- partner offerings.
We will comply with the Privacy and Electronic Communications Regulations (PECR) and applicable data protection legislation when sending electronic communications.
You may unsubscribe or object to receiving marketing communications at any time by:
- using the unsubscribe link;
- contacting us directly.
9. Sharing Personal Data
We may share personal data with:
Service Providers
Including providers of:
- CRM systems;
- event management systems;
- webinar platforms;
- marketing platforms;
- IT support services;
- website hosting services.
Approved Partners and Suppliers
We may share relevant business contact details with approved suppliers offering products or services that may benefit member firms.
Any such sharing will be proportionate and relevant to your role within your firm.
You may object to this processing at any time.
Event Providers
Including:
- venues;
- speakers;
- trainers;
- event sponsors.
Where delegate lists are distributed, these will typically contain:
- name;
- Email address;
- firm name;
- job title.
Delegates may opt out of inclusion by notifying us before the event.
Professional Advisers
Including:
- legal advisers;
- accountants;
- insurers;
- auditors.
Regulators and Public Authorities
Where required by law.
10. International Transfers
We primarily store and process personal data within the United Kingdom.
Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in place, including:
- UK adequacy regulations;
- the International Data Transfer Agreement (IDTA);
- other approved transfer mechanisms.
You may contact us for further information about these safeguards.
11. Data Security
We implement appropriate technical and organisational measures designed to protect personal data against:
- accidental loss;
- unauthorised access;
- unlawful disclosure;
- destruction;
- misuse;
- alteration.
Access to personal data is restricted to those who need it for legitimate business purposes.
We regularly review and update our security measures.
12. How Long We Keep Personal Data
We retain personal data only for as long as necessary for the purposes described in this notice.
Typical retention periods include:
|
Category |
Retention Period |
|
Member contact records |
Membership period plus 6 years |
|
Event attendance records |
3 years |
|
Training records |
6 years |
|
Quality audit records |
6 years |
|
Complaints records |
6 years after closure |
|
Supplier relationship records |
Duration of relationship plus 6 years |
|
Special category event information |
Deleted shortly after the relevant event unless required longer |
We may retain information for longer where required by law or where necessary to establish, exercise or defend legal claims.
13. Your Rights
Under UK data protection legislation, you may have the right to:
- access your personal data;
- request correction of inaccurate data;
- request erasure of personal data;
- request restriction of processing;
- object to processing;
- request portability of personal data;
- withdraw consent;
- complain about how we use your personal data.
Some rights are subject to legal limitations and exemptions.
To exercise any of these rights, please contact us using the details in section 2.
14. Data Protection Complaints Procedure
If you are concerned about how we have collected, used, stored or shared your personal data, you may make a complaint to us.
Complaints may be submitted:
- by email to priddleston@lawnet.co.uk;
- by post to the address above.
When we receive a complaint:
- We will acknowledge receipt within 30 days.
- We may contact you for further information.
- We will investigate the issues raised.
- We will provide a written response explaining our findings and any action taken.
We aim to resolve complaints promptly and fairly.
15. Complaints to the Information Commissioner's Office
If you remain dissatisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO).
Information about how to do this can be found at:
www.ico.org.uk
Telephone: 0303 123 1113
We would, however, appreciate the opportunity to address your concerns before you approach the ICO.
16. Changes to This Notice
We may update this Privacy Notice from time to time.
The latest version will always be available on our website and the date of the most recent update will appear at the top of the notice.