To administer and maintain your membership, the Mental Health Lawyers Association (MHLA) processes a limited amount of personal data. The lawful basis for this processing is UK General Data Protection Regulation and Article 6(1)(b) UK GDPR (performance of a contract), as this information is required to assess your eligibility for membership and to manage your ongoing membership. Where we process personal data for optional purposes such as mailing updates or newsletters, we rely on your consent, which you may withdraw at any time.
We treat all personal data fairly, lawfully, and transparently and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Documents used to verify your eligibility will be retained for the duration of your membership. If you request deletion of these documents, we may be unable to continue your membership, and it may lapse as a result.
We process your personal data securely and responsibly, in line with our Data Protection, Confidentiality and Website Privacy Policies. These policies are available on our website or on request from our administrative office (Mental Health Lawyers Association PO Box 172 Banstead SM7 9DR).
Your Rights
Under the UK GDPR, you have the following rights regarding your personal data:
- Right to be informed about how and why we process your data.
- Right of access to the personal data we hold about you.
- Right to rectification of inaccurate or incomplete data.
- Right to erasure where no lawful basis for continued processing applies.
- Right to restrict processing in certain circumstances.
- Right to data portability for data you have provided to us.
- Right to object to processing based on legitimate interests or direct marketing.
- Rights related to automated decision-making. The MHLA does not use automated decision-making or profiling.
The MHLA’s Data Compliance Officer (DCO) is responsible for ensuring appropriate data protection governance. You can contact the DCO at admin@mhla.co.uk.
We apply appropriate technical and organisational measures to protect the security and confidentiality of your data. Personal data is retained only for as long as necessary for the purposes for which it is processed, or as required by law.