CILEX Law School Privacy Statement

The Chartered Institute of Legal Executives (CILEX) is the Governing Body for the Chartered Legal Executives, Paralegals and other Legal Professionals. CILEX, as a professional association provides professional development, support and guidance to its Members. It delivers legal education and training through CILEX Law School (CLS), qualifications through its Awarding Body function and independent regulation through CILEX Regulation Ltd (CRL).


A. Background

At CILEX, we ensure that Personal Data is only processed in a manner compliant with the relevant law, lawful bases and only used for the purposes for which the Personal Data was originally collected. Data is held jointly and shared across CILEX. Personal Data is shared across the group, except where it is sensitive personal information, such as medical and criminal record information or information relating to conduct. In these instances, access to the data is restricted based on job role requirements.

In addition, CLS is a Course and Apprenticeship Provider and CILEX is an Awarding Body and an Apprenticeship End-Point Assessment Organisation. As such, in order to comply with the regulatory requirements, access to certain data is restricted based on job role requirements.

This statement sets out CLS function-specific privacy considerations. It is an addendum to and should be viewed, in conjunction with the CILEX Privacy Statement and Privacy Notice.

For more information about how we collect and use your Personal Data across CILEX, please read the CILEX Privacy Statement and Privacy Notice, which can be found on the CILEX Website.

There is further information on our other Website’s concerning the relevant Privacy Policies:


B. Sharing Personal Data

The Personal Data collected by CLS will only be used for the purposes set out in this statement, the CILEX Privacy Statement or as otherwise notified to you. We will not disclose your Personal Data to any third-parties, except as set out in our Privacy Statements.

Depending on the nature of the services being delivered, the third-parties with whom we share your data with may include, but may not be limited to:

  • Your Employer where they have paid for your course fees on a distance learning course or you have secured an Apprenticeship with them.
  • Your Prospective Employer, if you are an applicant for an Apprenticeship.
  • Our Partner Organisation for your course or Apprenticeship, where the course or Apprenticeship is jointly delivered by us and either De Montfort University or City University for the purposes of teaching, course delivery and maintaining your student record.
  • City & Guilds, where they are your Apprenticeship End-Point Assessment Organisation (EPAO) or Awarding Body for Functional Skills. The City & Guilds Privacy Notice can be found here. For any Data Protection Enquiries, please contact the City and Guilds DPO.
  • The Learner Record Service, a government department, with whom we are obliged to share your data, if you are enrolling on a course or listed on an Apprenticeship.
  • Ofqual’s Register of Recognised Qualifications. We are obliged to share the LRS Privacy Notice with you here.
  • The Education and Skills Funding Agency (ESFA), a government department, for reporting purposes for Apprenticeship funding. If you are enrolling on an Apprenticeship, then we are obliged to share the ESFA’s Privacy Notice with you here.
  • The Office for Standards in Education, Children’s Services and Skills (OFSTED), if we are inspected by them, in respect of our delivery of an Apprenticeship programme on which you are enrolled. The OFSTED Privacy Notice is available here.

For further information on International Data Transfers linked to Data Sharing, either with third-parties or their sub-processors, please see the CILEX Privacy Statement.

The lawful bases, which are relevant to CILEX and CLS are primarily, as follows:

1. Consent of the Data Subject

CILEX processes Personal Data, where you have given consent for us to do so. This includes, but is not limited to, newsletters, surveys, consultations, events, products, services and sending you marketing communications. In relation to marketing communications, you always have the right to withdraw your consent.

2. Compliance with a Legal Obligation

CILEX processes Personal Data, which is necessary for compliance with legal obligations to which CILEX is subject. (e.g., the supply of regulatory information to The Office of Qualifications and Examinations Regulation (Ofqual) or Department for Education (DfE), Qualification Wales, CCEA; regulation as an Approved Regulator under the Legal Services Act 2007 in the public interest, such as the maintenance of the CILEX Authorised Practitioners Directory). This also includes, but is not limited to, providing Personal Data to regulators, law enforcement bodies and statutory bodies.

3. Legitimate Interest

CILEX processes Personal Data, which is necessary for the pursuit of its legitimate interests, as a Professional Awarding Association, as a Governing Body and in pursuing our objectives. This includes, but is not limited to, responding to general enquiries, supporting our members, asking our members about member services they would like to receive in the future and researching the ongoing relevance of our member services. The law allows us to do so provided that the processing is fair, balanced and it does not unduly impact on your rights. We may also rely on a third-party’s legitimate interests, such as when an organisation has requested information or services from us and your legitimate interests, which may be the case in some of the examples given above (such as where you have made an enquiry).

4. Contractual Necessity

CILEX processes Personal Data to fulfil a contract or take steps linked to a contract. CILEX relies on contractual obligation to provide the products and/or services, to communicate with its customers, in relation to the provision of the contracted products and services or to provide administrative support.


C. Third-Party Suppliers

Depending on the nature of the services being delivered, the organisations we share your Personal Data with may include, but may not be limited to,:

  • Our Print Contractor to send out your course materials or a publication you have purchased,
  • Our Credit Card Processing Companies to process payments in our online shop,
  • Our Digital Platform Providers for our Website and Customer Relationship Management System (CRM),
  • Our Virtual Learning Environment Providers, so that you can access and use our Distance Learning Resources,
  • Our E-Portfolio Provider,
  • Our Legal Research Database Provider,
  • Our Video Conferencing Software for the delivery of Webinars,
  • Our Learner Management and Reporting Software to assist us in keeping Apprenticeship records for internal analysis and external reporting,
  • Our Freelance Tutors, who mark your study exercises or assignments,
  • Our Freelance Tutors, who deliver your face-to-face sessions and webinars or who provide additional study support,
  • Our GCSE and Functional Skills Assessment Provider to determine your English, Maths and/or ICT level (for Apprenticeships),
  • Our platform for storing streamed videos and
  • The Email Software and Survey Tool Providers that we use to issue mass communications, including surveys.


D. Data Processing

CLS collects and processes Personal Data, where it has a lawful basis to do so. Your Personal Data will be used for the purposes specified in this Privacy Statement, the CILEX Privacy Statement or as otherwise notified to you. We may use your Personal Data:

  • to provide you with services, products or information that you have requested (such as how to enrol you on courses);
  • to administer examinations, applications and to administer courses, as well as to manage the employer accounts, in accordance with any related contractual, statutory or regulatory obligations. This may, include background checks and employer references;
  • to undertake administration, in relation to products and/or services, which you have registered for or purchased;
  • to provide you with a certificate, credential or other record of learning;
  • to contact you directly, in relation to our Quality Assurance processes, investigations, appeals and complaints;
  • to contact you directly, in relation to new and existing Products, Services, News, Awards and Events;
  • to assess and to provide reasonable adjustments, in relation to your learning or assessment, where requested;
  • to provide further information about our work, services, activities or products;
  • to answer your questions or requests and to communicate with you in general;
  • to manage relationships with our Learners, with Employers and other Stakeholders and those, who engage with our Services and Publications.

CILEX communicates with Members, Students and Stakeholders, in relation to its Activities, Membership Services and Qualifications in various ways, including Direct Communications, E-Shots, Newsletters, Technical Bulletins and other mediums. We will obtain your consent in advance, where the UK Data Protection Legislation requires us to do so. You can change what optional communications that you would like to receive at any time in your CRM User Account’s Communication Preferences.

Note to Learners regarding the use of Generative AI

CILEX Law School embraces learning, curiosity and the pursuit of knowledge. As such we are aware that Generative AI Tools and Platforms can offer a number of benefits in the legal environment and as such, we are not issuing a blanket or absolute restriction on the use of Generative AI in assessed work.

Please be advised that the use of Generative AI is only permitted for assignments on your Law and Practice Units.  Additionally, if you use any Generative AI Tool (such as ChatGPT) to help you (e.g. generate ideas or develop a plan), you must acknowledge how you have used the Tool, even if you do not include any AI generated content in your work.

You should acknowledge in the Law and Practice Unit Assignment’s Reference List under the header of Generative AI Tools:

  • The AI Tool used,
  • Describe how you used it,
  • Is any AI generated content featured in your assignment? (If so, please also add footnotes on sentences/paragraphs in your assignment stating the source of information),
  • Please state in the Reference List the original sources of where the data was scraped by the Generative AI Tool, as you would for any website source of reference.
  • And please indicate the date that you accessed the Generative AI Tool.

Please note, that this is a new section to be added to the Reference List, in addition to existing sources of information, such as books and websites.

Generative AI is not allowed in any form for Skills Unit Assignments, including Mock Assignments or in any online or in person (at an Accreditation Centre) examinations. We do not permit the use of AI, during CILEX Law School exams, including the use of the Humane AI Pin or similar device.

However, we feel it is important that Learners are transparent about the use of such AI Tools and content generated from them and we would remind our Learners that there are also drawbacks:

It is important that our Learners:

  • Understand that GenAI Tools may be useful, but they are not a substitute for human judgment and creativity. You must also be aware that there is software available to detect AI Generated Content within documents/assignments.
  • Evaluate AI Tools: You must evaluate the security of any AI Tool, before using it. This includes reviewing the AI Tool’s Security Features, Terms of Service and Privacy Policy. You must also check the reputation of the Tool Developer and any third-party services or sub-processors used by the Tool, including if they have been subject to any Data Breaches or IT Security Incidents. Is it a public-facing AI Tool, such as ChatGPT, etc.  (any inputted information becomes publicly accessible by all other users of the AI Tool) or is it a privately accessible AI Tool i.e. MS Azure or M365 CoPilot (whereby the inputted information remains on your personal or business Microsoft account and its related servers, so that it is not publicly available)?
  • Understand the drawbacks and limitations of any AI system that you are using, such as AI Bias and AI Hallucinations. Does the AI generated content contain “bias” that needs to be addressed, before using the content? With regard to AI Hallucinations, please ensure that your AI generated content is factual and accurate, that the source exists (i.e., not linking to an Error 404 webpage_ and from a verifiable and legitimate source. (Sometimes the web page linked to a piece of information searched by AI, is either obsolete or it contains incorrect information, so you should use your judgement, when dealing with any source material.) You understand that many GenAI Tools are prone to “hallucinations,” false answers or information or information that is stale and therefore, responses must always be carefully verified by a human.
  • Adhere to UK Data Protection Legislation and that you do not input any Personal Data (including Special Categories of Personal Data), Confidential Information or any information that is subject to either Intellectual Property Rights or Copyright into any AI Platform (either publicly accessible (such as ChatGPT, CoPilot, Google AI, etc.) or privately accessible (such as MS Azure or M365 CoPilot) AI Platforms. Assess the risk of any inputted information into an AI Tool. Treat every piece of information that you provide to an GenAI Tool ,as if it will go viral on the Internet, attributed to you, regardless of the settings you have selected within the tool (or the assurances made by its creators). In particular, any information inputted into a publicly accessible AI Platforms remains in its memory for use by all other users.
  • Please be aware of Intellectual Property Rights and Copyright that are applicable to online content, which has been data scraped and if using quoted information, you must quote the source, as with any other published content, such as books.
  • Have addressed the Limited Language Capabilities. Artificial intelligence has a limited understanding of language and its nuances. It can need help with more complex writing tasks, such as crafting persuasive or creative pieces. AI content can provide factual information, but it needs refinement to effectively communicate ideas in a more complex way. You will notice a similar format and sentence construction, when reading AI-generated content. This means that the same sentence structure may be used in multiple pieces, leading to a lack of variety and boredom for readers. Even a non-tech-savvy person can easily spot AI-generated content due to its lack of variety. Using words like “therefore” and “however” multiple times in AI-generated content can be a dead giveaway.
  • Do not rely on AI generated content, as your key source, but rather use it in conjunction with other sources.

There are many issues arising from the use of AI, including Copyright Infringement, Plagiarism and Intellectual Property infringements, which have led to legal cases.

Over-reliance on AI Tools to generate written content or analysis in assignments reduces opportunities to practice and develop key legal skills (e.g., persuasive writing, critical thinking, evaluation and analysis). These are all important skills that are valued and required to succeed in and beyond your time at CILEX Law School.

Finally, please be aware that, if you use AI Tools (such as ChatGPT or others) to generate an assignment (or part of an assignment) in your Law and Practice Units and submit this, as if it were your own work without reference or acknowledgement of its use, this will be regarded as Academic Malpractice and treated as such.

With regard to utilising AI generated content, when using Social Media Channels, please refer to Section 8 Social Media of the CILEX Privacy Statement and the CILEX Community Website (Hivebrite) Privacy Policy.


E. Data Retention

We adhere to our CILEX Archive, Retention and Destruction Policy and Procedure.


F. Financial Information

When paying for goods or services online, CLS uses credit card processing companies to complete these transactions. These companies do not retain, share, store or use Personal Data for any purposes, other than to provide this service to CLS. We adhere to the PCI-DSS (Payment Card Industry – Data Security Standards) and our CILEX PCI-DSS Policy and Procedure.


G. Automated Decision-Making

CLS makes automated decision-making during the Tutor Management process, when auto-allocating Tutors. Depending on the situation, CLS could make other automated decisions, as part of system integration mechanisms.


H. Legislation

“UK Data Protection Legislation” means All applicable UK Data Protection and Privacy legislation in force from time-to-time, including the General Data Protection Regulation (EU) 2016/679, the UK Data Protection Act 2018 and the Privacy and Electronic Communications (EU Directive) Regulations 2003 (as amended) (PECR) and any superseding legislation and all other applicable laws, regulations, statutory instruments and/or any codes, practice or guidelines issued by the relevant data protection or supervisory authority in force from time to time and applicable to a Party, relating to the processing of Personal Data and/or governing individual’s rights to privacy.


I. The Rights of the Individual

  • The Right to be Informed – Data Subjects have the right to be informed about the collection, sharing, protection and use of their Personal Data.
  • The Right of Access – Data Subjects have the right to request access to any personal information that we hold.
  • The Right to Rectification – Individuals have a right to have inaccurate Personal Data rectified, removed or completed, if it is incomplete. If the Personal Data is found to be incorrect, but it is unable to be updated, this should be removed.
  • The Right to Erasure – The Right to Erasure – Under certain circumstances, a Data Subject may request for us to delete their information that we retain regarding them, with the exception of any information that we are legally required to retain and for the other exemptions set out in UK Data Protection Legislation (your right to get your data deleted | ICO).
  • The Right to Restrict Processing – The Right to Restrict Processing – Data Subjects have the right to request the restriction or suppression of their Personal Data, in certain circumstances.
  • The Right to Data Portability – Individuals may request a copy of their data for reuse across different services, which should be provided in a way, so that information can be copied or transferred from one IT environment to another safely and securely without affecting this usability.
  • The Right to Object – Data Subjects have the right to object to the processing of their Personal Data, in certain circumstances. For example, individuals have an absolute right to stop their data being used for direct marketing.
  • Rights Concerning Automated Decision Making and Profiling – We may only carry out this type of decision-making, where the decision is either necessary for the entry into or performance of a contract, authorised by EU or UK law applicable to the Data Controller or it is based on the individual’s explicit consent.


J. Contacting Us

All Data Protection enquiries are handled centrally by CILEX.

In certain cases, CILEX can refuse to comply with a request, if it is manifestly unfounded or excessive. In order to decide, if a request is manifestly unfounded or excessive, CILEX must consider each request on a case-by-case basis.

If you have any questions about how CILEX process your Personal Data, any questions or concerns about this Privacy Statement or you would like to exercise any of your rights of the individual under the UK Data Protection legislation, please log in to myCILEX Portal and go to Contact Us, then select ‘Data Protection: Query and Request’ on ‘My Query Relates to’ section.

If you do not have access to the myCILEX Portal or if you do not wish to log your details on the system, please contact us by email:

You also have the right to lodge a complaint with the UK’s Information Commissioner’s Office (ICO). Their contact details are:

Information Commissioner’s Office

Wycliffe House

Water Lane




Tel No: 0303 123 1113 (Local Rate) or 01625 545745 (National Rate)



K. Reviewing the Privacy Statement

CILEX Law School will review and update this Privacy Statement from time to time, when changes to our processes or procedures and systems are made, if UK legislation and regulations change or if new circumstances require it. If this Privacy Statement changes in any way, we will put an updated version on the Website. Regular review of this page ensures that you are always aware of what Personal Data we collect, how we use it and under what circumstances. CILEX Law School will make reasonable efforts to contact and update those affected, if the changes are significant in nature.

Statement Approval
Date of Issue: April 2024
Review Date: December 2025
Version: 1.3
Procedure Owner: Corporate Compliance Manager
Approved By: Corporate Policy Review Panel (CPRP)