Updated and effective as of 18 January 2024



The Collective Redress Lawyers Association (“CORLA”) is an unincorporated members’ association of solicitors and similar legal professionals.

We have created this website (the “Site”) for the purposes of raising awareness of CORLA. This Privacy Policy explains how we collect, use and disclose personal information that we receive when you visit and use this Site, communicate with us, or otherwise interact with us, whether online or offline.

It is important that you read this Privacy Policy so that you are fully aware of how and why we are using your data.

The Site is owned and operated by Milberg London LLP for and on behalf of CORLA.

CORLA is an industry association which is in development and whose address is c/o Milberg London LLP 7th Floor, 75 Farringdon Rd London EC1M 3JY.

CORLA is the controller of the personal data collected through this Site. It is currently not registered as a data controller with the Information Commissioner’s Office as it is a not-for-profit organisation which is exempt from this requirement.



If you have any questions about this Privacy Policy or wish to exercise any of your rights as described in this Privacy Policy, you can contact us at [email protected].



Information you give us

You may provide us with personal information, including when you:

  • sign-up to receive updates from CORLA;
  • join CORLA; or
  • communicate with us (whether through the Site, by email or phone).

The categories of personal information you provide include:

  • first name and last name;
  • contact details (includes employer’s or firm’s name and address, email address and telephone numbers); and

We do not normally collect any Special Categories of Personal Data about you, with the exception that if you have a health-related dietary requirement or accessibility requirement we may need to notify your personal data to the event venue for catering or access purposes. We do not store or otherwise use or share such data.

Where we need to collect personal data by law, or (if you are a supplier to us) under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.

Information we process automatically

We may also collect, store and use information about your use of the Site, and about your computer, tablet, mobile or other device through which you access the Site. This includes the following information:

  • Technical Data: including Internet protocol (IP) address, browser type, internet service provider, device identifier, time zone setting, browser plug-in types and versions, preferred language, activities, operating system and platform, and geographical location.
  • Usage Data: including the full Uniform Resource Locators (URL), page interaction information (such as whether surveys and polls have been completed), date and time pages are accessed.


The Site is not intended for or directed at children under the age of 16 years and we do not knowingly collect information relating to children under this age.



As a data controller, we will only use your personal information if we have a legal basis for doing so. The purpose for which we use and process your information and the legal basis on which we carry out each type of processing is explained in the table below.

Purposes for which we will process the information Legal Basis for the processing
To inform you of the latest developments regarding CORLA It is in our legitimate interests where professionally you have a similar interest, or have expressed an interest to inform you about CORLA
To respond to your queries about CORLA and provide you with information and materials that you request from us. It is in our legitimate interests to respond to your queries and provide any information and materials requested in order to generate interest in CORLA.
To add or remove you from participation in CORLA  For the performance of our membership agreement we may add or remove you from participation in CORLA under the terms of that agreement.
To send you information regarding changes to our policies, other terms and other administrative information such as technical notices, updates and security alerts. For the performance of our membership agreement we may send you information to ensure that any changes to our policies, terms and other such technical updates are communicated to you.
To administer the Site, including resolving technical issues, troubleshooting, data analysis, testing, research, statistical and survey purposes. It is in our legitimate interests to continually monitor and improve the Site and to ensure network security.



We may share your personal information with the following third parties (as required in accordance with the uses set out above):

  • CORLA affiliates: we may share your personal information with the law firms and other parties that make up CORLA (see list here [link to list of founder firms] on our website, including in the USA;
  • Service providers: we may share your personal information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing email, web hosting or Customer Relationship Management services and with whom we have data processing agreements in place;
  • Law enforcement, regulators and other parties for legal reasons: we may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements; and/or (iii) exercise or protect the rights, property, or personal safety of CORLA or others.

We will not sell, rent, lease or otherwise share your personal information except as outlined in this Privacy Policy or without obtaining your consent beforehand.



As detailed above, we may share your data with CORLA affiliates in the USA. We may also share your data with certain third-party service providers based outside of the United Kingdom (“UK”) and European Economic Area (“EEA”).

Where personal information is transferred to and stored in a country not determined by the UK or European Commission as providing adequate levels of protection for personal information, we take steps to provide appropriate safeguards to protect your personal information, including by entering into standard contractual clauses approved by the UK or the European Commission, obliging recipients to protect your personal information.

If you would like further information on the specific mechanism used by us when transferring your personal information outside of the UK or the EEA, please contact us using the details set out in the Contacting Us section above.



We use appropriate technical and organisational security measures (including encryption) to protect personal information both online and offline from unauthorised use, loss, alteration or destruction. Any personal data you enter on our enquiry form is encrypted by the use of security systems with encryptions and firewalls, provided on a secure socket layer (SSL), to protect the confidentiality and integrity of your information from unauthorised access and disclosure.

Where data processing is carried out on our behalf by a third party, we take steps to ensure that appropriate security measures are in place to prevent unauthorised disclosure of personal information.

Despite these precautions, however, we cannot guarantee the security of information transmitted over the internet or that unauthorised persons will not obtain access to personal information.



We will retain any data we collect from you through this Site for a period of six (or, where you become a member, six years after you cease to be a member of CORLA). After this period of time, we will either permanently destroy any data we hold or ensure that it is placed outside of daily use by any third party.



In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:

  • Right of access. You have the right to obtain access to your personal information.
  • Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
  • Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
  • Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
  • Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
  • Right to object. You have a right to object to any processing based on our legitimate interests in certain circumstances. You can also object to our direct marketing activities for any reason by clicking the “unsubscribe” link set out in any marketing communication you receive.
  • Right to withdraw consent. If you have provided consent to any processing of your personal information, you have a right to withdraw that consent but without affecting the lawfulness of processing based on consent before its withdrawal.

Please note that not all of the above rights are absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.

For example, we may refuse a request for erasure of personal information where the processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defence of legal claims. We may refuse to comply with a request for restriction if the request is manifestly unfounded or excessive.



You can exercise any of your rights as described in this Privacy Policy and under data protection laws by contacting us as provided in the Contacting Us section above.

Save as described in this Privacy Policy or provided under data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.

Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.



We use cookies and similar technologies on the Site for various purposes. For more information about cookies and why we use these, please refer to our Cookies Policy.



The Site may, from time to time, contain links to and from the websites of our business partners, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.



If you have any questions or concerns regarding our Privacy Policy or practices, please contact us as provided in the Contacting Us section above. You also have the right to complain to the UK Information Commissioner’s Office (https://ico.org.uk/).



We reserve the right to change this Privacy Policy from time to time. Any changes will be posted on the Site with an updated revision date. If we make any material changes to this Privacy Policy, we may notify you by email or by means of a prominent notice on the Site prior to the change becoming effective.