Privacy Policy

1. Introduction

This Privacy Notice sets out the data processing practices carried out by the International Bar Association.

If you have any requests concerning your personal information or any queries with regard to these practices, please contact dataprotection@int-bar.org

2. Who We Are

The International Bar Association (IBA), established in 1947, is the world's leading organisation of international legal practitioners, bar associations and law societies. The IBA influences the development of international law reform and shapes the future of the legal profession throughout the world. It has a membership of more than 80,000 individual lawyers and more than 190 bar associations and law societies spanning over 170 countries. It has considerable expertise in providing assistance to the global legal community.

IBA is incorporated as a Not-for-Profit Corporation under the laws of the State of New York in the United States of America and is registered with the Department of State of the State of New York with registration number 071114000655 - and the liability of its members is limited. Its registered address in New York is c/o Capitol Services Inc, 1218 Central Avenue, Suite 100, Albany, New York 12205.

The London office of IBA is registered in England and Wales as a branch with registration number FC028342. The IBA’s office in the EU is Nassaulaan 19, 2514 JT The Hague, The Netherlands.

The International Bar Associations Human Rights Institute (IBAHRI) has been created to advance education in the law throughout the world for the benefit of the public; to promote research into commonly encountered legal problems and to disseminate the useful results of such research for the benefit of the public; to promote human rights throughout the world; to promote the relief of financial hardship or distress of lawyers, their widows, widowers and other dependants and employees.

The IBA and the IBAHRI are data controllers under the data protection rules.

3. Information collection

3.1 Ways we collect data

We collect information in the following ways:

  1. Information you give us. For example, when you engage with us by registering for an event, complete a survey, contribute articles for publication, becoming a member or otherwise provide us with personal information.

    IBA Member - we’ll ask for the following personal information to store with your account:
    Date of birth (optional)
    Firm name and address
    Email address
    Lawyer type and position

    Delegates to an IBA event: when you register for an event, we will ask you for the following personal information to store with your account:

    Date of birth (optional)
    Firm name and address
    Email address
    Lawyer type and position

    For in-person events, we will also ask if you have any dietary requirements or allergies. See 3.2 Sensitive Personal information.

    We also collect your communication preferences from time-to-time.

  2. Information we get from your use of our app, website and services. We collect information about the services you use and how you use them, like when you visit our websites or view and interact with our content. We, like all companies, are able to confirm what browser you are using, IP address and computer operating systems that are being used and this information may be used to improve the services we offer.
  3. Information from third parties. We may also receive information about you from third parties. This can include information such as your name, postal address, email address, phone number, your geographic location (for mobile devices), credit/debit card details.
  4. Information from Research. We may also obtain information about you from your company website and other public sources such as LinkedIn. We will notify you when we receive your data and you will be given the opportunity to opt out of all communication and to remove your data immediately.

3.2 Sensitive Personal information

Data Protection law recognises that certain categories of personal information are more sensitive. This is known as sensitive personal information and covers health information, race, religious beliefs and political opinions. We do not usually collect sensitive personal information about you unless there is a clear reason for doing so, such as any dietary requirements when attending a conference (which may infer religious beliefs or medical conditions) or where we need this information to ensure that we provide appropriate facilities or support to enable you to participate in an event.

4. Use of personal information

We process personal information collected for the purposes of:

  1. Providing and personalising our services [such as membership of the IBA and attendance at one of our events.]
  2. Dealing with your inquiries and requests
  3. Administering orders and accounts relating to our suppliers or members/delegates/purchasers;
  4. Administering membership records;
  5. Subject to your communication preferences, providing you with information about products and services.
  6. As set out in section 12 of this policy, exchanging personal information with third parties for the purposes of providing you with your member benefits, e.g. with Sponsors, Exhibitors, Mailing Houses, e-mail marketing software providers, Marketing and Telesales.
  7. Fundraising for the IBA Human Rights Institute such as invitations to support events.
  8. Maintaining information as a reference tool or general resource including our publications such as journals and guides, speaker papers from our events.
  9. Carrying out market research campaigns, or research surveys and projects.
  10. General administration for the benefit of the association and its members.
  11. Using Google Analytics to measure the use of the website (see Cookies).

The International Bar Association uses SAP Commerce Cloud as its content and membership experience system. This software is a Cloud Platform product provided by SAP as a Software As A Service. The hosting and security are provided under this licence using Microsoft Azure. These include; monitoring, hosting, patching and security frameworks as part of the provisioning.

5. Website users

All IBA websites use cookies to help our websites work well and to track information about how people are using them. Where permitted, we may use your personal information to personalise our communications to you, and to provide you with targeted advertising both on and off the site. For more information about the techniques we use for this purpose and your rights in relation to this, please refer to section 11 of this policy. More information on cookies can be found in section 5.1 - see Cookies.

In addition, if you register on our websites then the following will also apply:

  1. All IBA websites collect personal information when you register with us.
  2. The website you sign up to will collect information such as your name, email address and post code.
  3. As part of the registration process and continued use of IBA services, you agree that any registration information you give to IBA will always be accurate, correct and up to date. Should you need to amend any of your personal information, you can do so by logging into My IBA or by getting in touch with the Membership Services Team on +44 (0) 20 7842 0090 or member@int-bar.org.
  4. We collect and retain information about your interactions with us so that we can process your interactions and deal with future queries.
  5. We use cookies to allow us to store limited information on an individual’s computer to either track them through tracking cookies or to allow people to have automatic logons as an example. We use this information to provide you with a good experience when browsing our website and to improve the functionality of our site.

Parts of the IBA website are restricted to IBA members only.

5.1 IBA Cookies

To provide the best experience to our users the IBA makes use of cookies. Our cookies do not store sensitive personal information. They only store the browser association that loads the data and provides a dynamic experience for the site user.

The full policy can be found at What are cookies and how are they used?

Domain Cookie What it is used for
www.ibanet.org __utma,
These cookies provide general analytics information tracking user experience.
www.ibanet.org glt_3_,
These cookies provide a permanent logged-in experience for the IBA Website. The cookie lasts 14 months and is validated and extended each time a user accesses the IBA site. Pressing signout on the IBA website ends the cookie.
www.ibanet.org ASP.NET_SessionId,
General storage about,the site user to enhance the site experience. When logged in this stores,server side information that further enhances the site experience. For, example pre-populating forms and details.
www.int-bar.org CFID,
General storage about, the site user to enhance the site experience. When logged in this stores server side information that further enhances the site experience. For, example pre-populating forms and details.

5.2 Third Party cookies

When on the International Bar Association Web site, you may notice some cookies are not related to our domain. Third party plug in technology helps to make a better and more dynamic experience when using the IBA web site. The third party cookies these companies use are listed overleaf.

Company Domain Cookie What it is used for
Cloudflare .cloudflare.com __cfduid Cloudflare is used for fonts on the IBA website. Tracking information to assist in this is used in the cookie.
Twitter cdn.syndication.twimg.com lang Cookie to store local language to assist content loading.
Twitter .twitter.com _ga,
Used to assist in the dynamic experience of twitter alongside general analytics information tracking user experience.
Vimeo .vimeo.com __qca,
These cookies help Vimeo player run and work from inside the IBA Web site.
Vimeo .player.vimeo.com __utma,
These cookies provide general analytics information tracking user experience.

5.3 Third Party cookies from sites containing IBA advertising.

We utilise the technology of third parties on a regular basis to ensure that we are using up to date systems that are managed by the best companies to provide us with the information that we need. This in turn means that there will be a number of third party cookies from our trusted suppliers used on our websites. Each company is responsible for the cookies that they place onto your device and have separate policy documents to highlight their use.

Our list of trusted third parties who may deploy a cookie to your device, with a link to their cookie details is below.

Facebook https://www.facebook.com/policies/cookies/
Twitter https://support.twitter.com/articles/20170514
Bing https://privacy.microsoft.com/en-gb/privacystatement
LinkedIn https://www.linkedin.com/legal/cookie-policy
Cloudflare https://www.cloudflare.com/security-policy/
Google Ads http://www.google.com/policies/privacy/partners/
Vimeo https://vimeo.com/cookie_policy

If you click on links through to their sites, you are then covered by their Privacy Policy and not ours.

5.4 Inappropriate website content

If you post or send any content that we believe to be inappropriate, offensive or in breach of any laws, such as defamatory content on our forums or social media pages, we may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies.

6. Your debit and credit card information

If you use your credit or debit card to join us, buy something or pay for a registration online or over the phone, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard. You can find our more information about PCI DSS here -


We do not store your credit or debit card details at all as all transactions are made through Optile - https://www.optile.io/

If we receive an email containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this. All purchases should be completed through the IBA website, by phone, cheque or by sending payment via bank transfer.

7. Legal basis for processing personal information

We rely on the following legal bases when processing your personal information:

  • The performance of a contract that we have in place with you, or to enter into such a contract, for example when you sign up for membership or join one of our events;
  • Compliance with our legal obligations such as health and safety regulations;
  • The IBA’s and our third parties’ legitimate interests, provided these are not overridden by your own interests. For example, we have a legitimate organisational interest to use your personal information to respond to you when you request information about membership with us or about an event we are organising. We also rely on our legitimate interests where we process your donations in support of IBAHRI and the IBA Foundation's objectives, for our internal administrative purposes, to communicate with our members, and where we need to take steps to protect our network security or risk of fraud; or in some instances, we will rely on obtaining your consent to our use of your personal information. This is the case, for example, where we seek to obtain your consent to receive certain email marketing about the IBA. For more information about how we communicate with you, please see Section 8 below.

8. Our communications with you – It’s your choice

8.1 Member communications

We want to ensure our members receive the level of information about the IBA that is right for them. It is always your choice as to whether you want to receive information about our work and the ways you can get involved.

If you want to change how you receive these member communications, you can do so by indicating your preferences on the form on which we collect your data; by logging into the My IBA section of the website and selecting Marketing Preferences or by clicking the ‘Opt-out/unsubscribe’ link in at the end of emails sent to non-members. If you do opt out of any communications, we will retain your details on a suppression list to help ensure that we do not continue to send you the relevant communications you have opted-out of.

8.2 Email Marketing

If you actively provide your consent to us along with your email address, we may contact you for marketing purposes by email. You can withdraw your consent by logging into the My IBA section of the website and selecting Marketing Preferences or or by clicking the ‘Opt-out/unsubscribe’ link in at the end of emails sent to non-members. If you do opt out, we will retain your details on a suppression list to help ensure that we do not continue to contact you.

8.3 Post/telephone marketing

If you have provided us with your postal address or telephone number, we may send you direct mail or telephone you about our work unless you have told us that you would prefer not to receive such information. You can withdraw your consent by logging into the My IBA section of the website and selecting Marketing Preferences or or by clicking the ‘Opt-out/unsubscribe’ link in at the end of emails sent to non-members If you do opt out, we will retain your details on a suppression list to help ensure that we do not continue to contact you.

8.4 IBA Members’ Directory

One of the benefits of membership is that you can be listed in the IBA Members’ Directory. If you would like to opt-out of appearing, choose ‘Personal Details’ from the side menu, scroll to the bottom of the page, and tick ‘Hide profile from Members Directory’. Note that only current Members, Group Members, and Corporate Members have access to the Members’ Directory.

8.5 Photography and Filming

Certain sessions and/or social functions at our virtual and in-person events may be recorded, photographed and/or filmed and some of this content may be used for future IBA marketing materials, member communications, products, or services. Should you have any concerns regarding this, or do not wish to be featured in any of these materials please contact the IBA Marketing Department at ibamarketing@int-bar.org.

9. Data Retention

Your personal information is kept for as long as it is necessary for the purposes for which it was collected. Therefore, after this period data is erased or anonymised.

In order to comply with accounting regulations, we keep records for all transactions (e.g., conference registration, IBA membership) for 7 years, and will continue to send you marketing information about related conferences or about IBA membership for 4 years unless you withdraw your consent in the Manage Preferences section of the website.

If you register your interest for a conference, but have not yet attended one, we retain your contact details for up to 4 years and will, where permitted, send you marketing information about related conferences or about IBA membership.

If you applied for membership but never completed your application, we will leave the invoice available to you until the end of the calendar year. We would then suspend your [application for?] membership and keep your record for up to 3 years after that; where permitted we will continue to send you marketing information about related conferences or about IBA membership.

You can opt out at any time by emailing member@int-bar.org, clicking ‘unsubscribe’ in any of our emails, or logging into your My IBA and going to Manage Preferences.

10. Your rights to your personal information

Depending on the circumstances, you may have the following rights under data protection law:

  1. The right to be informed - this is fulfilled through this notice.
  2. The right of access - you have the right to obtain confirmation that your data is being processed and access to your personal information. This is so that you are aware of and can verify the lawfulness of the processing. Where requests are manifestly unfounded or excessive, in particular because they are repetitive, we may charge a reasonable fee taking into account the administrative costs of providing the information; or refuse to respond. Where we refuse to respond to a request, we will explain why to you, informing you of your right to complain to the supervisory authority and to a judicial remedy without undue delay and at the latest within one month.

    Should you wish to exercise these rights, we may require you to prove your identity. Please address requests to the Operations Director at dataprotection@int-bar.org, or by post to International Bar Association, 5 Chancery Lane, London, WC2A 1LG, or via our social media channels and we will respond within 30 days, of receipt of your written request and confirmed ID. Please provide as much information as possible about the nature of your contact with us to help us locate your records.]

    Further information can be found in our Data Subject Access Request policy . You may prefer to use our Data Subject Access Request form to make your request.

  3. The right to rectification - to amend your personal information log in to MyIBA, choose ‘Manage Personal Details’, where you can amend all your personal information. If you are unable to log in to MyIBA, it may mean that your membership status does not grant you access to members’ area of the website. If you need to inquire about your level of access or if you wish to amend your data, please contact the Membership Services Team, member@int-bar.org, and they will assist you.
  4. The right to erase - this is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable you to request the deletion or removal of personal information where there is no compelling reason for its continued processing. If you would like us to erase you from our database, please email member@int-bar.org.
  5. The right to restrict processing – In certain circumstances, you may have a right to ‘block’ or suppress processing of personal information.
  6. The right to object – In certain circumstances, you may have the right to object to processing of your personal information, for example where our processing is based on legitimate interests (including profiling) or is for direct marketing (including profiling) purposes.
  7. The right to data portability – In certain circumstances you have the right to obtain the data that the IBA processes on you and use it for your own purposes.
  8. Should you wish to exercise these rights, please contact us by email at dataprotection@int-bar.org Alternatively, you can address requests to the Operations Director, International Bar Association, 5 Chancery Lane, London WC2A 1LG. Please provide as much information as possible about the nature of your contact with us to help us locate your records.

11. Rights in relation to profiling and remarketing

11.1 Profiling

We may collect, and our third party providers of advertisements and content may collect, information about where you are on the internet (e.g. the URL you came from, IP address, domain types like .co.uk and .com), your browser type, the country and telephone area code where your computer is located, purchase history, the pages of our website that were viewed during your visit, the advertisements you clicked on, and any search terms that you entered on our website ("User Information"). We may collect this information even if you do not register with us.

You should be aware that this site is being monitored and may capture information about your visit that will help us improve the quality of our service or be used to present you with IBA products and services which are relevant to your browsing history when you visit other websites.

11.2 Remarketing

The IBA uses remarketing on other websites to present you with products and services we think may be of interest to you, based on your browsing history. Third-party vendors, including Google, Facebook, LinkedIn and Twitter, may show IBA adverts on sites across the Internet.

We do have relationships with carefully selected and monitored suppliers who may also set cookies during your visit to be used for remarketing purposes, to show you different products and services based on what you appear to be interested in. These companies also use automated technologies to collect information when you click on our ads, which helps track and manage the effectiveness of our marketing efforts. If you'd like to opt out , please go to the Network Advertising Initiative website (opens in a new window - please note that we're not responsible for the content of external websites).

12. Recipients – Information and Disclosure

The IBA may disclose your personal information in the following circumstances:

  1. Internally within our organisation to those who have a “need to know” the information for business or legal reasons, for example, in order to carry out an administrative function, such as processing an invoice or to direct a query that you have submitted to the relevant IBA office.
  2. To suppliers or service providers only to provide the products or services you've requested from us where, for example, we use a separate company to deliver goods to you.
  3. To third parties who provide a service to us and are data processors. This would include our trusted partners that work with us, and other entities that act as fundraisers for IBA, sell IBA products or provide IBA information and marketing (subject to your communication preferences and our internal policies and procedures). We require these third parties to comply strictly with our instructions and data protection laws and we will make sure that appropriate controls are in place. We enter into contracts with all of our data processors and regularly monitor their activities to ensure they are complying with IBA policies and procedures.
  4. Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example, to government bodies and law enforcement agencies), or in order to enforce or apply our rights (including in relation to our website or other applicable terms and conditions) or to protect the IBA, for example in cases of suspected fraud or defamation.
  5. To IBA Officers, to assist with the running of the IBA.

13. International transfers of personal information

As the IBA is a global association, we have regional offices in Sao Paulo, Seoul, The Hague and Washington. They transfer, process and store the data hosted in the UK in order to provide IBA services at a more local level. We have data sharing agreements in place with each office.

We use suppliers (such as conference venues) outside the UK and the EEA. This means that the personal information of individuals from the UK and the EEA may be transferred, processed and stored outside the UK or the EEA (as applicable). This includes countries that the UK or European Union authorities do not consider provides and adequate level of protection for personal information. However, we take steps to put in place suitable safeguards to protect your personal information when processed by the supplier such as entering into the European Commission approved standard contractual clauses. If you would like to receive further information about our safeguards, please contact dataprotection@int-bar.org.

14. Changes to this privacy policy

We may update the terms of this policy at any time, so please do check it from time to time.

15. Complaints, compliments or comments

If you are unhappy with our work or something that we have done or failed to do, we want to know about it. We also welcome your views on what we do well. Your comments enable us as an organisation to learn and continuously improve our services. Email us at dataprotection@int-bar.org or our Operations Director, at joe.bell@int-bar.org

If you are still not satisfied after you have spoken to us, you can contact the Information Commissioner’s Office - www.ico.org.uk