Scottish Society for Computers and Law

Scottish Society for Computers and Law Group home page

In this section of the site, you will find details of:

• Our events
• The organising committee
• Related articles
• Please come along to one of our meetings, if you are not already a regular.

Attendance at SSCL meetings is free for all attendees. SSCL members are welcome to bring colleagues to attend any event in order to introduce them to SSCL.

Next event: SSCL: The Role of Lawyers in an Era of Computational Law - Monday 12 July 2021 @ 5.30 pm

If you wish to attend any event or for further information please contact mail@sscl.org

Scottish Society for Computers and Law. A company limited by guarantee, Registered No. SC210310, Registered Charity No. SC030577, Registered in Scotland, Registered office: 5th Floor Quartermile Two, 2 Lister Square, Edinburgh EH3 9GL.

SSCL DATA PROTECTION POLICY

Scottish Society for Computers and Law (“SSCL”) is a Scottish company (SC210310) and charity registered in Scotland (SC030577). SSCL is also a data controller and is registered with the Information Commissioner’s Office and provides seminars and events to its members and members of the public for the advancement of education in technology and law.

SSCL processes personal data about its members, attendees at our events, our speakers and our suppliers and professional contacts.

This policy sets out the personal data we process, the purpose for which it is processed and how we use personal data. We are committed to ensuring that personal data is processed fairly and lawfully and that SSCL meets in obligations in terms of data protection law.

When SSCL processes personal data we shall ensure that:-

• it is processed lawfully, fairly and in a transparent manner in relation to the data subject;
• it is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; 
• it is all adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; 
• it is all accurate and, where necessary, kept up to date and that reasonable steps will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
• it is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
• it is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Your rights in relation to personal data
We are committed to ensuring that data subjects can exercise their rights in relation to the personal data we process.

Your right to access to your personal data
You have the right to request information about how your personal data is being processed including whether personal data is being processed and the right to be allowed access to that data and to be provided with a copy of that data along and the right to be advised of the purpose of the processing; the categories of personal data processed; the recipients to whom data has been disclosed or which will be disclosed; the retention period; the right to lodge a complaint with the ICO; the source of the information if not collected direct from you; and the existence of any automated decision making. 

Your right to rectification
You have the right to require SSCL to rectify inaccurate personal data concerning you without undue delay. 

Your right to erasure
In certain circumstances you will have the right to have your personal data erased but only where the data is no longer necessary in relation to the purpose for which it was collected; where consent is withdrawn; where there is no legal basis for the processing; or there is a legal obligation to delete data. 

Your right to restrict our processing of personal data
You have the right to ask for certain processing to be restricted if you contest the accuracy of your personal data; if our processing is unlawful and you do not want it to be erased; if we no longer need the data for the purpose of the processing but it is required by you for the establishment, exercise or defence of legal claims; or if you have objected to the processing, pending verification of that objection. 

Your right to data portability
You have the right to receive a copy of the personal data you have provided to us and certain information generated by us, if our processing is carried by automated means, which will allow you to transfer it to another data controller. This only applies if our legal basis for processing is consent or under a contract. 

Your right to object to processing
You have the right to object, on grounds relating to your particular situation, to processing carried out in the public interest or in the exercise of official authority; or processing relying on the legitimate interests processing condition unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You have an absolute right to object to any direct marketing that we send to you and there are no exemptions to this which would allow you to refuse to comply. 

Your right to object to automated decision making 
Where an organisation makes decisions about you based on automated processing which have a legal or similar effect on you, then in some circumstances you have the right to object to decisions being made solely on the basis of automated processing. This includes any profiling carried out. SSCL does not carry out any automated decision making.

The information we collect

SSCL collects and processes a range of information containing personal data about you. This includes the following:

• your name
• postal address and contact details, including email address and telephone number
• your occupation and employer

Where you are a member of SSCL, we will process your personal data to administer your membership and implement our rights and obligations under our contract with you.

Where you are an individual, sole trader or partner in a partnership which has contracted with SSCL, SSCL needs to process data in order to meet its obligations and exercise its rights in terms of that contract. 

In other cases, SSCL has a legitimate interest in processing personal data which allows SSCL to:

• to send emails to you notifying you of forthcoming events run by SSCL or supported by SSCL which you are eligible to attend and where you have previously attended one of our events or have asked to be added to our mailing list
• meet its obligations and exercise its rights in terms of a contract to which you are not party but where you have been involved in the negotiations, conclusion or implementation of a contract for provision of services by SSCL or on behalf of SSCL

There may be some occasions where we seek your consent to process personal data but in this case we will provide full details of what we are seeking consent for, so that you will be able to carefully consider whether to provide consent.

Where you have entered into a contract with SSCL for provision of services, failing to provide the data may mean that SSCL is unable to properly implement the contract and that you are unable to exercise certain contractual rights.

SSCL does not process special category data.

Storage and Security of Personal Data
Your personal data will be stored in SSCL’s IT system.

SSCL will record and monitor any personal data breach and, where a breach is identified, appropriate action will be taken to address and report same. SSCL will report any personal data breaches which are likely to result in a risk to the rights and freedoms of the data subject to the Information Commissioner’s Office as required by law. 

SSCL will also communicate any personal data breach which is highly likely to result in a risk to the rights and freedoms of the data subject to the data subject or subjects involved as required by law

Where appropriate, SSCL will carry out a data protection impact assessment. The decision to carry one out will take into account the nature, scope, context and purposes of the processing and determine if there is likely to be high risk to the rights and freedoms of natural persons. 

Receiving and Sharing your personal data
We may receive personal data direct from you when you contact us, apply to be a member of SSCL or where you ask to be added to our mailing list or attend one of our events.

We may also receive personal data about you from our sister company, the Society for Computers and Law and you apply to be a member of SSCL or attend one of our events.

We will share your personal with Society for Computers and Law, where you contact us to become a member of SSCL or Society for Computers and Law. We will also share your data with the Law Society of Scotland or the Faculty of Advocates, where appropriate, for the purposes of verifying your attendance at an event for Continuing Professional Development purposes.

From time to time, third parties may host SSCL events, in which case your personal data will be shared with them for the purposes of admitting you to the venue.

SSCL also shares your data with third parties, including sub-contractors engaged by SSCL to provide services on our behalf, such as mailing services, IT services and cloud storage facilities. Where SSCL engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. They are also not allowed to use your personal data for their own purposes. 

We will also share your data as required by law.

Retention of personal data
SSCL will hold your personal data for the duration of your membership and for a period of 2 years after the date on which you last attended one of our events. 

Where you are not a member of SSCL but have attended our events, we will hold your personal data for a period of 2 years after the date on which you last attended one of our events.

Where SSCL has entered into a contract with you or your employer for supply of goods or services, we will hold your personal data for the duration of the contract and a period of 6 years thereafter.

Contacting us
If you have any concerns or wish to exercise any of your rights under the GDPR then you can contact SSCL’s data protection lead at mail@sscl.org. 

If you believe that SSCL has not complied with your data protection rights, you can complain to the Information Commissioner. The Information Commissioner can be contacted at:-

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
www.ico.org.uk

This policy was last updated in September 2018 and shall be regularly monitored and reviewed.