CILEX Group Privacy Statement

CILEX Group Privacy Statement

The Chartered Institute of Legal Executives (CILEX) takes your privacy and your rights to your personal data extremely seriously and we are committed to protecting the privacy of all personal data obtained about individuals. Data is held in compliance with Data Protection legislation and other applicable data privacy laws.

We are committed to protecting the privacy of all personal data obtained about individuals through, but not limited to, personal contact, email enquiries, newsletter sign up forms, event registrations, membership forms, etc.

Data will be collected and used only for the purposes for which it was originally submitted or in accordance with your preferences.


A. Who we are and how to contact us
B. How we communicate with you
C. How and why we obtain personal data
D. The personal data we collect, how we collect it and where is it stored
E. Sharing personal data
F. Automated decision-making
G. How long do we keep your personal data
H. Your rights
I. Reviewing the Privacy Statement

A. Who we are and how to contact us

The Chartered Institute of Legal Executives (CILEX) is the governing body for Chartered Legal Executives, paralegals and other legal professionals. CILEX as a professional association provides professional development, support and guidance to its members. It delivers legal education and training through CILEX Law School (CLS), qualifications through its Awarding Body function and independent regulation through CILEX Regulation (CRL).

CILEX is incorporated by Royal Charter (RC000850).  Our registered address is: Kempston Manor, Kempston, Bedford MK42 7AB.

CILEX is an Awarding Organisation and is required to share personal data with our Regulators, appropriate Government Agencies and partner organisations.

In most circumstances, the Chartered Institute is the controller in relation to the personal data it holds and the processing activities it undertakes as outlined below. This means that CILEX decides why and how the personal data it holds is processed and, where it delegates the handing of that data to other companies within CILEX, those companies act as processors.

If you have any questions about this Privacy Statement, you can contact us by writing to: The Group Privacy Officer, The Chartered Institute of Legal Executives, Kempston Manor, Kempston, Bedford MK42 7AB


B. How we communicate with you

CILEX respects the privacy of personal data we hold.

During the year, there are updates that CILEX needs to communicate to members, students and stakeholders in relation to the institute, CILEX membership and qualifications (administration and development). We use direct communications, e-shots, newsletters, technical bulletins and other mediums for this purpose. You can control what you like to receive at any time in your user account preference centre. Unless you advise otherwise, we will continue to send updates about CILEX and CILEX products and services to you via these communications channels. 

C. How and why we obtain personal data

CILEX only processes personal data where we have a lawful basis to do so.  This will depend on the activity we collect it for e.g. to provide membership services.  In some instances, there may be more than one lawful basis for which we process your personal data.The lawful bases which are relevant to CILEX are as follows:

1. Consent

CILEX processes personal data where you have given consent for us to do so.  This includes, but is not limited to, newsletters, surveys, consultations, events, products, services and sending you marketing communications. In relation to marketing communications, you always have the right to withdraw your consent.

2. Legal obligations

CILEX processes personal data which is necessary for compliance with legal obligations to which CILEX is subject.  (e.g. the supply of regulatory information to The Office of Qualifications and Examinations Regulation (Ofqual), or Department for Education (DfE), Qualification Wales, CCEA; regulation as an Approved Regulator under the Legal Services Act 2007 in the public interest such as the maintenance of the CILEX Authorised Practitioners Directory). This also includes, but is not limited to, providing personal data to regulators, law enforcement bodies, and statutory bodies.

3. Legitimate interest

CILEX processes personal data which is necessary for the pursuit of its legitimate interests as a professional awarding association, governing body and pursuing our objectives. This includes, but is not limited to, responding to general enquiries, supporting our members, asking our members about member services they would like to receive in the future, and researching the ongoing relevance of our member services.

The law allows us to do so provided the processing is fair, balanced and does not unduly impact your rights.

We may also rely on a third party’s legitimate interests, such as when an organisation has requested information or services from us, and your legitimate interests – which may be the case in some of the examples given above (such as where you have made an enquiry).

4. Contract performance

CILEX processes personal data to fulfil a contract or take steps linked to a contract. CILEX relies on contractual obligation to provide the products and/or services; to communicate with its customers in relation to the provision of the contracted products and services; or to provide administrative support

5. How we process personal data 

CILEX collects and processes personal data. Your personal data, however provided to us, will be used for the purposes specified in this Privacy Statement or otherwise notified to you. In particular, we may use your personal data: 

•  to provide you with services, products or information you have requested (including membership services and to enrol you on courses);

•  to administer examinations and applications, and administer membership and manage employer accounts, in accordance with any related statutory or regulatory obligations. This may include background checks and employer references;

•  to provide further information about our work, services, activities or products;

•  to answer your questions/requests and communicate with you in general;

•  to manage relationships with our members, with employers and other stakeholders and those who engage with our services and publications; 

•  to further our organisational aims in general; 

•  to analyse and improve our work, services, activities, products or information (including our website), or for our internal records;

•  to report on the impact and effectiveness of our work;

•  to run/administer our websites, keep them safe and secure and ensure that content is presented in the most effective manner for you and for your device; 

•  to register and administer your participation in events;

•  to process your application for a job or volunteer role with us when you apply through our job vacancies page (including to conduct background checks and employer references); 

•  for training and/or quality control;

•  to audit and/or administer our accounts;

•  to satisfy legal obligations which are binding on us, for example in relation to regulatory, government and/ or law enforcement bodies with whom we may work (for example requirements relating to the payment of tax or anti-money laundering);

•  for the prevention of fraud or misuse of services; and/or

•  for the establishment, defence and/or enforcement of legal claims.

D. The personal data we collect, how we collect it and where is it stored

CILEX is committed to respecting the personal data you supply to us. The personal data we collect will be relevant to the purposes for which it is to be used and we will do our utmost to ensure that such personal data will be accurate, complete and kept up to date. Whenever personal data is obtained from you, you will have access to information explaining how that personal data will be used.

1. The personal data we collect

CILEX may collect, store and otherwise process the following kinds of personal data:

a.  name and contact details including postal address, telephone number, email address and emergency contact details;

b.  date of birth

c.  financial information, such as bank details and/or credit/debit card details;

d.  information about your computer/mobile device and your visits to and use of this website, including, for example, your IP address and geographical location;

e.  video and audio recording if you choose to take an online test/examination through the online invigilation platform;

f.  unique candidate identifiers/unique learner numbers;

g.  examination results and the information about your membership and your interactions with CILEX;

h.  details of your qualifications/experience and;

i.  through cookies on our website.

2. Special Category Data

We may also collect special category data, such as gender, ethnicity, whether you have a disability or any other protected characteristics (particularly related to where reasonable adjustments or access arrangements may be needed) and any information relating to a background check.

Such data will only be collected and/or provided to us if you have provided your explicit consent or if we are otherwise permitted to receive and process it under the Data Protection legislation.

For the processing of special category data, we consider whether the risks associated with our use of this type of personal data, affect our other obligations around data minimisation and security. A Data Protection Impact Assessment (DPIA) and an appropriate policy document should be completed.
3. How we collect personal data

a.  When you give it to any part of CILEX directly

For example, personal data that you give to us when you communicate with us by email, phone or letter, such as when you apply to and become a member; complete a CILEX survey, take a test/examination, join a Specialist Reference Group (SRG), report a problem or sign-up to receive our communications.

b.  When we obtain it indirectly

For example, your personal data, provided by you to an accredited centre, may be shared with us by training/learning providers after you enrol for a course or submit your apprenticeship application form in relation to which we provide the relevant qualification (as CILEX acts as an end-point assessor for paralegal and chartered legal executive apprenticeships), and we may also conduct background checks and obtain employer references, or receive your personal data from dependent applicants to the CILEX Foundation. 

Very often, your personal data will have been provided to us by your employer at your request or with your agreement with them.

c.  When it is available publicly

Your personal data may be available to us from external publicly available sources. For example, depending on your privacy settings for social media services, we may access personal data from those accounts or services.

d.  When you visit our website

When you visit our website, we automatically collect the following types of personal data;

•  Technical information, including the internet protocol (IP) address used to connect your device to the internet, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms.

•  Information about your visit to the websites, including the uniform resource locator (URL) click stream to, through and from the website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling and clicks) and methods used to browse away from the page

•  Through cookies on our website- please refer to our Cookie Notice

In general, we may combine your personal data from these different sources set out in a-d above, for the purposes set out in this Statement.

4. Complaints

Where you lodge a complaint, your personal data will be used to correspond with you.  Depending on your connection with CILEX, we will determine if the complaint is recorded on our CRM system e.g. you are a member of CILEX, or if it is only held in hard-copy format.  Your complaint will be retained for two years after resolution, in line with CILEX’s Archive, Retention and Destruction Policy. To exercise your rights please see section H of this Privacy Statement.

5. Access to your personal data 

We take reasonable steps to ensure that the personal data we hold will be accurate and up to date. You can check the personal data that we hold about you if you are a member through your MyCILEXaccount. Alternatively, you can ask us to check by e-mailing us at: or writing to the Group Privacy Officer, The Chartered Institute of Legal Executives, Kempston Manor, Kempston, Bedford MK42 7AB.

6. Users 16 and under

We do not knowingly collect or solicit personal data from anyone aged 16 or under or knowingly allow such persons to provide us with their personal data without parent or guardian consent. If you are aged 16 or under, please do not provide us with your personal data, without first asking your parent/guardian for permission. In the event that we learn that we have collected personal data from anybody aged 16 or under and we do not have the consent of a parent or guardian, we will delete that personal data as quickly as possible. If you believe that we might have any personal data from or about anyone aged 16 or under without the consent of a parent or guardian, please contact the Group Privacy Officer by email to or writing to the Group Privacy Officer, The Chartered Institute of Legal Executives, Kempston Manor, Kempston, Bedford MK42 7AB.

7. Storage of data

Personal data collected by CILEX is stored on secure IT systems. This personal data can generally be accessed throughout CILEX except where it is unsuitable to do so, in which case appropriate measures are put in place to ensure personal data can only be accessed by those with a need to know.

No external person will have access to CILEX records except in circumstances outlined in the Privacy Notice and this Privacy Statement.

Any third party contracted by CILEX to process personal data on its behalf will be requested to have security measures in place to protect the personal data and to treat such data in accordance with the law. CILEX also has put in place procedures to deal with any Potential Data Security Incident (PDSI) and will notify you and the UK Information Commissioner, when appropriate, of a breach where we are legally required to do so.

8. Marketing

We may contact you for marketing purposes related to our products and services and our website unless you let us know that you do not want to receive marketing communications from us. Your agreement to the use of your personal information for these purposes is optional and if you decline to provide your agreement, your visit to and use of the website will not be affected.

E. Sharing personal data

The personal data we collect will only be used for the purposes set out in this Statement or otherwise notified to you. We will not disclose your personal data to third-parties except as set out in this Statement, including where required to or permitted to by law or where those parties are conducting CILEX activities on our behalf, (for example to regulators, law enforcement agencies or partner organisations) including with other entities in CILEX, CILEX Professional; CILEX Regulation; CILEX Law School; CILEX Foundation.

In circumstances, where we engage a service provider or CILEX entity to provide services to us, we ensure that personal data is only processed in a manner compliant with the relevant law, and subject to a formal data processing agreement, and only used for the purposes for which the personal data was originally collected.

We also might share personal information with the Police or other organisations that have a crime prevention or law enforcement function. Data Protection legislation allows organisations to share personal information if it is needed to prevent or detect a crime, or to catch and prosecute a suspect. 

If we undergo a merger or reorganisation, in doing so we may acquire or transfer personal data as part of that transaction, but your personal data would continue to be used for the same purpose.

You may choose not to receive CILEX marketing communications by writing to our Membership Department at: Kempston Manor, Kempston, Bedford, MK42 7AB or emailing us at

1. Sharing data with overseas accredited centres

Where a member is studying at an overseas CILEX accredited centre, that centre will share the member’s personal data with us in the form of name, membership number and name of examination. Examination results will be shared in return by us with the CILEX accredited centre. 

2. International Transfers

We may transfer personal data to countries outside of the United Kingdom where personal data is not protected in the same way (usually to other businesses who provide services on our behalf). In such cases, we will make sure that suitable safeguards are in place to protect the personal data. Additional steps are taken to ensure that appropriate measures and controls are in place to protect that data in accordance with relevant data protection laws and regulations

3. Qualifications / End Point Assessments

If you are taking CILEX exams or assessments, CILEX will share personal data with CILEX accredited centres, our assessment providers and CILEX regulators i.e. Ofqual, Qualification Wales, CCEA, CILEX Regulation. The Education and Skills Funding Agency (ESFA) to operate the process for issuing apprenticeship certificates on behalf of the Secretary of State; your employer in relation to CILEX provision of End Point Assessment.

CILEX may also share data with the Department for Education (DfE) in its role as awarding body and end point organisation.  

4. Financial information

CILEX does not store credit/debit card details nor share financial information with third parties.  However, when paying for goods/services online, CILEX uses a credit card processing company or a Direct Debit service to complete these transactions.  These companies do not retain, share, store or use personal data for any purposes other than to provide this service to CILEX.

5. Advertising Cookies

The main purpose of CILEX cookies is to provide the user with the best experience possible. No personal information is permanently stored within a cookie from CILEX website.

When users access to CILEX website, encrypted session Cookies are used to validate the users access to different parts of the website.

CILEX also collects information about how people access and use its websites using Google Analytics

6. Verification requests

CILEX may sometimes respond to verification requests of qualification or membership status from current or prospective employers, employment agencies, regulators or other third-party contacts.

F. Automated decision-making 

CILEX makes automated decision-making for membership applications, tutors management, etc. Depending on the situation, CILEX could make others automated decisions as part of its processes.

G. How long do we keep your personal data

In general, CILEX only retains personal data for as long as necessary to fulfil the purposes for which it is being processed (including to comply with relevant legal or regulatory requirements, and/or to resolve legal disputes).

That length of time may vary depending on the reasons for which we are processing the personal data and whether we have a legal (for example under financial regulations) or contractual obligation to keep it for a certain amount of time.

Once the retention period has expired, personal data will be confidentially disposed of or permanently deleted. If you object to further contact from us, we will keep some basic information about you in order to avoid sending you unwanted communications in the future.

If before that date (i) your personal data is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure, we will remove it from our records at the relevant time.

H. Your rights

You have the following rights:

•  access to your personal data 

•  have inaccurate personal data rectified

•  object to certain processing of your personal data

In certain circumstances, you might have the right to:

•  have your personal data erased

•  restrict the processing of your personal data

•  Data portability i.e. the right to have your personal data provided in a structured, commonly used and machine-readable format

In certain cases, CILEX can refuse to comply with a request if it is manifestly unfounded or excessive. In order to decide if a request is manifestly unfounded or excessive, CILEX must consider each request on a case-by-case basis.

To exercise any of the above rights or make a related complaint, please contact: 

The Group Privacy Officer, The Chartered Institute of Legal Executives, Kempston Manor, Kempston, Bedford MK42 7AB


You also have the right to lodge a complaint with the Information Commissioner’s Office. Their contact details are:

Information Commissioner’s Office
Wycliffe House
Water Lane

Tel No: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

I. Reviewing the Privacy Statement

CILEX will review and update this Privacy Statement from time to time, when changes to our processes or procedures and systems are made, if laws and regulations change or if new circumstances require it.  

If this Privacy Statement changes in any way, we will put an updated version on the website. Regular review of this page ensures that you are always aware of what personal data we collect, how we use it and under what circumstances.

CILEX will make reasonable efforts to contact and update those affected if the changes are significant in nature.

Correct as at: November 2020

Next formal review date: April 2022