Privacy Notice

Last reviewed: 11 May 2026

1 | Who we are

ALLAC LTD (company number 17208385) is a private company limited by guarantee registered in England and Wales. We trade as The Association of Lusophone Lawyers, Advisers and Consultants (ALLACweusour). We are an association for lawyers, consultants and other professionals with an interest in Lusophone jurisdictions, markets and communities.

For data-protection purposes, ALLAC is the data controller for personal data collected through www.allac.org and any related microsites, event-registration pages, forms or online platforms that we operate together as part of the ALLAC website and related activities (the Site).

If ALLAC activities are delivered jointly with regional chapters, committees, working groups, partner organisations or event partners, there may be circumstances in which we and the relevant organisation jointly decide why and how your personal data are used. In those cases, we and the relevant organisation may act as joint controllers, and we will provide further information where appropriate.

2 | Scope of this notice

This notice explains how we collect, use, share and protect personal data when you:

  • browse, log in to or otherwise use the Site;

  • apply for, express interest in, or hold any category of ALLAC membership;

  • register for, attend or participate in an ALLAC event, whether in person or online;

  • interact with us on social-media channels or subscribe to ALLAC newsletters or updates;

  • take part in networking, mentoring, referral, speaker, sponsor, committee or volunteer activities; or

  • communicate with us as a professional contact, partner, sponsor, speaker, supplier, volunteer or supporter.

This notice does not cover websites, platforms or services operated independently by third parties that may be linked from the Site. Those third parties will publish their own privacy notices.

3 | The personal data we collect

We may collect and process the following categories of information about you:

Identity and contact details – such as your name, title, professional role, organisation, postal address, email address, telephone number and social-media handle, typically provided when you complete membership or event forms, sign up for updates or submit an enquiry.

Professional profile information – including practice areas, professional qualifications, bar or law-society admissions, languages, employer, firm or organisation, biography, photograph and links to professional profiles, usually supplied when creating a member profile, speaker profile or contributor biography.

Membership and participation records – for example, the membership category you hold or have applied for, payment status where applicable, committee or working-group participation, event registrations, attendance records, continuing-professional-development or training attendance where relevant, dietary or accessibility requirements and related correspondence.

Marketing and communication preferences – your choices about receiving newsletters, event invitations, professional updates and promotional communications, together with records of any consents, unsubscribe requests or objections you have given.

Technical information – such as internet-protocol (IP) address, browser type, device identifiers, time-zone settings, cookie identifiers and log-file data generated automatically when you visit the Site.

Usage information – including page views, navigation paths, referral URLs, click-through data and engagement information captured through analytics cookies or similar technologies, where enabled.

Survey and feedback responses – any information you volunteer in questionnaires, polls, consultation exercises or post-event feedback forms.

We do not intentionally collect sensitive “special-category” data, such as health information, religious beliefs, ethnicity or political opinions, except where you choose to provide it. This may occur, for example, if you tell us about an accessibility need, dietary requirement or other support requirement for an event. Where this happens, we process the information only where we have a lawful basis to do so and apply additional safeguards.

4 | How and why we use your data

We use the personal data described above for the purposes set out below:

To administer membership, event bookings and participation in ALLAC activities. This includes processing applications, confirming registrations, managing attendance, administering payments where relevant, issuing event information and maintaining participation records. The lawful basis is usually performance of a contract or steps taken at your request before entering into a contract.

To run professional, networking, mentoring, referral and community-building programmes. This supports ALLAC’s purpose of connecting lawyers, consultants and other professionals with an interest in Lusophone jurisdictions and markets. The lawful basis is usually our legitimate interest in operating and developing ALLAC’s professional network, or your consent where required.

To send newsletters, event invitations and professional updates. We may send you ALLAC news, event information, opportunities and related professional updates where you have consented, where you are a member or participant and the law permits us to do so, or where we have another lawful basis. You can opt out of marketing communications at any time.

To operate, improve and secure the Site. This includes hosting, troubleshooting, protecting against misuse, monitoring performance and generating aggregated analytics. The lawful basis is our legitimate interest in ensuring the security, integrity and usability of our online services.

To manage relationships with speakers, sponsors, partners, suppliers, volunteers and professional contacts. This includes event planning, sponsorship arrangements, collaboration, due diligence, invoicing, record-keeping and day-to-day administration. The lawful basis is usually performance of a contract, steps taken before entering into a contract, legal obligation or our legitimate interests.

To comply with legal and regulatory obligations. This may include obligations relating to accounting, tax, audit, record-keeping, sanctions screening, safeguarding, legal claims, regulatory reporting or responding to lawful requests from public authorities.

To create promotional material relating to ALLAC activities. We may take photographs or video at events to publicise ALLAC’s work, document events or promote future activities. Where we rely on legitimate interests, we will consider your privacy expectations and provide appropriate notices. Where consent is required, we will seek it. We will also provide a reasonable opportunity to opt out where practicable.

Whenever we rely on our legitimate interests, we assess those interests and ensure they are not overridden by your rights and freedoms.

5 | Sharing your personal data

We share personal data only as necessary for the purposes described in this notice. This may include sharing:

Within ALLAC – with authorised committee members, officers, volunteers, administrators, working-group members or regional representatives who need the information to deliver ALLAC activities.

With trusted service providers – including providers of website hosting, IT support, cloud storage, customer-relationship-management platforms, email marketing services, event-management tools, payment processors, analytics services, professional advisers and other administrative services. Where required, these providers are subject to confidentiality and data-processing obligations.

With event partners, venues or sponsors – limited information, usually name, role, organisation and attendance details, may be shared to facilitate security access, event logistics, guest lists, co-branded activities, CPD or training administration, or sponsor-supported events. We will provide further information where appropriate.

With professional advisers, regulators, courts, law-enforcement agencies or public authorities – where we have a legal duty to do so, where it is necessary to establish, exercise or defend legal rights, or where we need to protect the rights, property or safety of others.

We will never sell your personal data.

6 | International data transfers

Given the international nature of ALLAC’s activities, information you provide may be transferred to, stored in or accessed from countries outside the United Kingdom.

Where we transfer personal data to a jurisdiction that has not been recognised as providing an adequate level of protection under applicable UK data-protection law, we will take appropriate steps to protect the data. These steps may include using approved contractual safeguards, carrying out transfer-risk assessments where required and applying additional technical or organisational measures where appropriate.

7 | Data retention

We keep personal data only for as long as necessary to fulfil the purposes described in this notice, after which we either delete or anonymise the information. In broad terms:

  • Membership records are usually retained for the lifetime of the membership plus up to six years, reflecting statutory limitation periods and record-keeping requirements.

  • Event attendance records are usually retained for up to three years, particularly where needed for CPD, training verification, audit or event administration.

  • Enquiry and correspondence records are retained for as long as needed to deal with the enquiry and maintain appropriate administrative records.

  • Marketing suppression lists, including records of opt-out requests, are retained for as long as necessary to ensure we do not contact you again where you have asked us not to.

  • Technical logs are normally kept for up to twelve months unless they are needed for a security investigation, dispute or legal obligation.

Retention periods may be extended where a legal obligation, regulatory requirement, investigation, dispute or litigation hold applies.

8 | Security measures

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

These measures may include secure website hosting, transport-layer security for data-in-transit, access controls, password protection, multi-factor authentication where available, confidentiality obligations for those handling personal data, limited access on a need-to-know basis, secure cloud services and incident-response procedures.

We also rely on reputable third-party service providers, such as website, email, payment, cloud and event-management platforms, to maintain appropriate security standards for the services they provide.

Nevertheless, no online transmission or storage system is wholly secure, and we cannot guarantee absolute security.

9 | Your data-protection rights

Subject to the conditions and exemptions in the UK GDPR and applicable data-protection law, you may have the right to:

  • access a copy of the personal data we hold about you;

  • request correction of inaccurate or incomplete data;

  • request deletion of personal data in certain circumstances;

  • restrict processing while a dispute is resolved;

  • receive personal data in a portable, machine-readable format or have it sent to another controller;

  • object to processing based on legitimate interests;

  • object to receiving direct marketing at any time; and

  • withdraw consent at any time where processing relies on consent, without affecting the lawfulness of earlier processing.

We normally respond to rights requests within one month. This period may be extended by up to two additional months where a request is complex or where you have made multiple requests.

If you are unhappy with our response, you may complain to the UK Information Commissioner’s Office at www.ico.org.uk or to your local supervisory authority.

10 | Cookies and similar technologies

The Site may use several categories of cookies and comparable technologies:

Strictly necessary cookies enable core functions such as security, network management, accessibility and basic website operation. These cannot usually be switched off through the Site.

Analytics cookies help us understand how visitors engage with the Site so we can improve performance and content.

Functionality cookies remember your preferences, such as language, region or display settings.

Marketing cookies may be set by us or by trusted partners to tailor communications, measure the effectiveness of campaigns or support social-media and advertising functionality. These are used only where permitted by law and, where required, with your consent.

Where non-essential cookies or similar technologies are used, a cookie banner or similar tool may allow you to accept or reject them. You can also change your browser settings at any time to control cookies.

11 | Third-party links

The Site may contain links to external websites, including partner organisations, law firms, professional associations, legal-research providers, event platforms, payment providers or social-media platforms.

We do not control those websites and are not responsible for their privacy practices. You should review the privacy notices of any third-party site you visit.

12 | Changes to this notice

We may update this notice from time to time to reflect changes in law, our data-handling practices, ALLAC activities or Site functionality.

Any significant changes will be highlighted on the Site and, where appropriate, notified to members or subscribers by email. We encourage you to review this notice periodically.

13 | Contact us

If you have any questions about this notice or wish to exercise your data-protection rights, please contact us at: privacy@allac.org