Privacy Policy

Privacy Policy

In this privacy policy “we”, “us” and “our” means the Global Alliance of Impact Lawyers (“GAIL”) incorporated and registered in England and Wales with company number 09491407. Our registered office is at 10 Queen Street Place, London, EC4R 1BE.

We are committed to protecting and respecting your privacy. This privacy policy (together with any documents referred to in it) sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be stored, used and shared by us.

Please read this privacy policy carefully to understand our practices regarding your Personal Data and how we will treat it. It also explains your rights and how to contact us or our supervisory authority in the event you have any concerns we are unable to address.

When we use your Personal Data we are required to do so in accordance with the General Data Protection Regulation (“GDPR”). We are responsible as ‘controller’ of your Personal Data for the purposes of the GDPR. We will use your Personal Data in accordance with your engagement with us and your instructions, the GDPR and other relevant EU legislation.



Data Security Breach

means any act or omission that may or may already have
compromised the security of Personal Data, e.g. accidental
loss, destruction, theft, corruption or unauthorised disclosure
of Personal Data;

Data Controller

is the entity which determines the purposes for which, and
the manner in which, any Personal Data is processed. It has
a responsibility to establish practices and policies in line with
the GDPR. GAIL is the data controller of all Personal Data
used in its business;

Data Processor

includes any person who processes Personal Data on behalf
of a Data Controller. Employees of Data Controllers are
excluded from this definition but it will include suppliers
which handle Personal Data on GAIL’s behalf such as
outsourced service providers;

Data Subject

means the individual to whom the Personal Data relates;


means the European Economic Area;


General Data Protection Regulation which applies across the
European Union (including in the United Kingdom);

Personal Data

means information relating to identifiable individuals. This
includes expression of opinion about the individual and any
indication of someone else’s intentions towards the
individual. Personal Data includes Special Category
Personal Data;

Processing Information

means obtaining, recording, organising, storing, amending,
retrieving, disclosing and/or destroying information, or using
or doing anything with it. Processing also includes
transferring Personal Data to third parties;

Special Category Personal Data

Personal Data revealing racial or ethnic origin, political
opinions, religious beliefs, philosophical beliefs or trade
union membership, genetic and biometric data, and data
concerning health, sex life or sexual orientation;

We ask for Personal Data as it enables us to provide our service to you. If you do not provide the Personal Data we request, it may delay or prevent us from providing services to you.

We collect information about:

people who use or enquire about using our services or becoming a member;
visitors to our website;
people whose services we use.

The GDPR recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health, ethnicity and political opinions (please see the definition of Special Category Personal Data above for more details). In certain situations, we may collect and / or use these Special Category Personal Data. We will only process Special Category Personal Data if there is a valid reason for doing so and where the GDPR allows us to do so.

People who use or enquire about using our services or becoming a member. We may collect information from you online in the following ways:

through your application for membership;
through your membership;
through your request for information;
through your contacting us with enquiries or other correspondence;
through your posting of information on to the website.

Personal Data we may collect may include:

Personal Data we will collect

Personal Data we may collect depending on why you have contacted

Personal Data we will collect

Personal Data we may collect depending on why you have contacted

Your name, address, telephone number and other contact information

Your bank and/or building society details   

Electronic contact details, e.g. your email address and mobile phone number

Details of your professional online presence, e.g. LinkedIn profile

Your financial details e.g. when becoming a member of GAIL

Your employment status

Your use of our IT, communication and other
systems, and other monitoring information,
e.g. if using our secure online client portal.

Our website uses cookies to record visits to our Website. This helps us to improve our website and in turn provide you with a better experience when you are browsing. When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the website. This information is only processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect Personal Data and will explain what we intend to do with it.

Please see our Cookie Policy for more information.

The Personal Data we collect from visitors to our website also applies to people who subscribe to our mailing list.

Personal Data we may collect depending on why you use our website

Your name, email address, telephone number and home address

Name of your organisation and job title

Information relating to the matter in which you are contacting us about

Payment details

We are committed to providing a high-quality service to all our users, however when concerns are raised with us, we may collect Personal Data such as:

Personal Data we may collect depending on the nature of your complaint

Your name, address, telephone number, email address and mobile phone number

Information relating to the matter

Your bank details

Where we engage individuals or organisations to carry out services for us we may be required to process Personal Data of the service provider or its personnel in order to facilitate the provision of the service. We may also collect and retain information to enable us to evaluate that service.

Any such processing will be governed by contractual terms between us and the service provider, but the general provisions as to data security retention periods etc. as set out in this privacy policy will apply.

We may also receive Personal Data about you from various third parties and public sources such as:

analytic providers (e.g. Google Analytics);

publicly accessible sources (such as Companies House or the Charity Commission);

directly from third parties (such as your bank or building society or your employer).

We can only use your Personal Data if we have a proper reason for doing so, e.g. to comply with our legal and regulatory obligations; for or in the performance of our contract with you or to take steps at your request before entering into a contract;

for our legitimate interests or those of a third party; or where you have given consent.

We won’t share your information with any other organisations for marketing, market research or commercial purposes, and we don’t pass on your details to other websites.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The table below explains what we use (process) your Personal Data for and our reasons for doing so:

What we use your Personal Data for

Our reasons and the legal basis for processing

To provide services to you (or in relation to you – not directly to you)

For the performance of our contract with you or to take steps at your request.

Conducting checks to identify our members and verify their identity; screening for financial and
other sanctions or embargoes; other processing 

necessary to comply with professional, legal and

regulatory obligations that apply to our business.

To comply with our legal and regulatory obligations.

Ensuring business policies are adhered to and operational reasons, such as improving efficiency, training and quality control.

For our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures so we can continuously improve our service to you.

Ensuring the confidentiality of commercially sensitive information.

For our legitimate interests or those of a third party, e.g. to protect our intellectual property and other commercially valuable information. To comply with our legal and regulatory obligations.

Statistical analysis to help us manage our business.

For our legitimate interests or those of a third party, e.g. to

make sure we are following our own internal procedures so we can continuously improve our service to you.

Preventing unauthorised access and modifications to systems

For our legitimate interests or those of a third party, e.g. to 

prevent and detect criminal activity that could be damaging for us and for you. To comply with our legal and regulatory obligations

Updating member records

For the performance of our contract with you or to take steps
at your request before entering into a contract. To comply
with our legal and regulatory obligations. For our legitimate
interests or those of a third party, e.g. making sure that we
can keep in touch with our members about existing and new

Marketing our services to existing and former members and third parties who have expressed an interest in our services.

For our legitimate interests or those of a third party, i.e. to promote our business to existing and former members.

We may use your Personal Data to send you updates (by email, telephone or post) about industry developments that might be of interest to you and/or information about our services.

We have a legitimate interest in processing your Personal Data for these purposes (see above ‘How and why we use your Personal Data’). This means we do not usually need your consent to send you these communications. However, where consent is needed, we will ask for this consent separately and clearly. You have the right to withdraw this consent at any time.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

The data we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by persons operating outside of the EEA who work for us.

If we do send your Personal Data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information and any contract includes appropriate clauses about the use of data e.g. if the company is based in the USA, we will confirm whether it is accredited under the EU-US Privacy Shield.

We may disclose your personal information to third parties if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply any agreements; or to protect the rights, property or safety of GAIL, or others. This includes exchanging information with other companies and organisations for the purposes of anti-money laundering legislation and credit risk reduction.

We only allow our service providers to handle your Personal Data if we are satisfied they take appropriate measures to protect your Personal Data. We also impose contractual obligations on service providers to ensure your confidentiality is maintained.

We may also need to share some Personal Data with other parties, such as potential buyers of some or all of our business or during a re-structuring. We would ensure that any recipient of the information would be bound by confidentiality obligations.

We will keep your Personal Data after our relationship has come to an end. We will do so for one of these reasons:

to respond to any questions, complaints or claims made by you or on your behalf;

to show that we treated you fairly;

to keep records required by any applicable law or regulation;   

for business management purposes.

We will not keep your Personal Data for longer than necessary for the purposes you provide it to us and as set out in this privacy policy. Different retention periods apply for different types of data depending on the nature of the matter you have asked us to advise on and the purpose for which it was collected. Further details are available on request.

To let us know that you wish us to exercise any of your rights outlined below, please do this by contacting us using the details at the end of this privacy policy.
You have the right to:

Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.

Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your 

Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios:

if you want us to establish the data’s accuracy;

where our use of the data is unlawful but you do not want us to erase it;

where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims;

you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Our website may, from time to time, contain links to and from websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.

If you choose to become a member and are provided with or create a user identification code, password or any other information as part of our security procedures, you must treat such information as confidential. You must not disclose it to any third party.

We have the right to disable any user identification code or password, whether chosen by you or allocated by us, at any time, if in our reasonable opinion you have failed to comply with any of the provisions of this privacy policy.

If you know or suspect that anyone other than you knows your user identification code or password, you must promptly notify us at

This privacy policy was last updated on 11 June 2018.

We reserve the right to vary this privacy policy from time to time. Such variations will become effective on posting on the website. When we make any significant changes we will inform you via a notice on the website and within our email footers. Where it is practicable, we will notify you directly if there are any material changes to this privacy policy. However we encourage you to review this privacy policy periodically to be informed of how we use your Personal Data.

Your subsequent use of this website or submission of personal information to GAIL will be deemed to signify your acceptance to the variations.

Questions, comments, concerns and requests regarding this privacy policy or our use of your information should be addressed to us by:


Post: GAIL, 10 Queen Street Place, London, EC4R 1BE

Phone: +44 0207 551 7910

We hope that we can resolve any query or concern that you may have. However, in the event that we are unable to do so, the GDPR also gives you the right to raise your concerns with a supervisory authority. The supervisory authority in the UK is the Information Commissioner’s Office (ICO) who may be contacted at or telephone: 0303 123 1113. The ICO’s address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.