Westminster Centre for Mediation and Arbitration Limited Company Number: 14119691 Registered Office: Devonshire House, 1 Devonshire Street, London, England, W1W 5DR  

Introduction 

Westminster Centre for Mediation and Arbitration Limited (“the Centre,” “we,” “us,” or “our”) is dedicated to safeguarding and respecting the personal data entrusted to us. This privacy policy outlines the reasons for collecting and using personal data, as well as information about individuals’ rights. It applies to personal data provided to us by individuals themselves, by third parties acting on their behalf, or by other connected entities. 

Personal data refers to any information related to an identified or identifiable living person. We are committed to transparency in our data processing activities, ensuring individuals understand the purposes and methods behind the collection and use of their personal data. 

The Westminster Centre for Mediation and Arbitration Limited is recognized as a Data Controller under the Data Protection Act 2018 and is registered with the Information Commissioner’s Office (ICO) under ZB654367. We only collect and use personal information for purposes indicated in our notification with the Information Commissioner’s Office. 

Data that We Hold 

The Centre processes personal data for various purposes, including: 

1. Providing Services to Clients: 

• When engaging with clients for professional services, we may collect and process personal data to fulfill contractual obligations. 
• Personal data may be provided directly by individuals, third parties representing them, or organizations involved in disputes. 

2. Client Management: 

• Personal data is processed to communicate with and assess the needs of actual or prospective clients, ensuring their requirements are appropriately addressed. 

3. Promoting Our Services: 

• Business contact details may be used to provide information about effective dispute resolution and conflict management, including relevant services, updates, and event invitations. 

4. Administration: 

• Personal data is collected and processed to manage and administer our business, including internal records, client and supplier relationships, events, and internal operating processes. 

5. Regulatory: 

• Personal data may be collected and processed to fulfill regulatory, legal, or ethical requirements, such as identity verification. 

The processed personal data may include relevant financial or non-financial information necessary for service provision, such as contact details, payroll data, employee information, and other pertinent data. 

In some instances, sensitive or special category data, such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, sex life, or criminal record, may be processed when relevant to the service provided. 

Security 

We prioritize the security of all data we hold and maintain a culture of confidentiality. Key security measures include: 

• Staff training on data protection, confidentiality, and security. 
• Implementation of policies and procedures to ensure secure data handling. 
• Storage of all data on secure servers. 
• Internal security measures to prevent unauthorized access, loss, or alteration of personal data. 
• Limiting access to personal data to authorized personnel, subject to confidentiality obligations. 

Procedures are in place to address suspected data security breaches, with notifications to affected parties and regulators as required by law. 

Retention Period 

We retain processed personal data for the duration necessary for the specified purpose(s) and in compliance with applicable laws or regulations. Factors considered in determining retention periods include the nature and sensitivity of personal data, potential risks, processing purposes, and legal requirements. 

Information Sharing and Disclosure 

The Centre does not sell or swap personal information with any third party. We may share personal data with trusted third-party data processors, strictly for supporting our services or managing internal IT systems. 

Personal data may also be disclosed to individual members of our mediator, adjudicator, consultant, and trainer panels when necessary for service delivery. 

All trusted partners adhere to data protection laws and our standards, processing information strictly according to our instructions. We may disclose personal information to third parties when legally obligated or to enforce our terms and conditions. 

We do not share personal information for purposes other than those mentioned. 

Your Rights 

Under the GDPR and Data Protection Act 2018, individuals have the following rights: 

1. Right to be Informed: 

• Clear, transparent, and easily understandable information about how we use personal data and individuals’ rights. 

2. Right to Access: 

• Request access to personal data and obtain a copy to verify lawful processing. 

3. Right to Correction: 

• Request correction of incomplete or inaccurate personal data. 

4. Right to Erasure: 

• Request deletion or removal of personal data when no longer necessary. 

5. Right to Object: 

• Object to processing based on legitimate interests or for direct marketing purposes. 

6. Right to Restriction of Processing: 

• Request suspension of personal data processing. 

7. Right to Data Portability: 

• Request transfer of personal data to a third party under specified circumstances. 

8. Right to Withdraw Consent: 

• Withdraw consent for specific data processing purposes. 

9. Right to Lodge a Complaint: 

• Lodge a complaint with us or the Information Commissioner’s Office (ICO) if data processing breaches occur. 

To exercise these rights, contact our Company Secretary, Graham Massie, at gmassie@wcma.org. We aim to respond promptly, generally within one calendar month. 

Changes to this Privacy Notice 

Any changes to this Privacy Notice will be posted on our website and, if appropriate, communicated via email or other means.