Gray's Inn

Data Privacy Notice

General principles

Personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.  The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the 'GDPR').

Who are we?

The Honourable Society of Gray’s Inn (herein after referred to as ‘the Inn’)  is the data controller (contact details below), which means it decides how personal data is processed and for what purposes.

How do we process personal data?

The Inn complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining unnecessary  amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

Processing

The Inn will only process data where it has a lawful reason for doing so. GDPR defines six lawful reasons for processing personal data, three of which are relevant to the Inn. These are:

  1. Where there is a Legitimate Interest of the Inn or a third party for the processing to take place
  2. Where the Inn has the consent of the individual
  3. Where there is a contract between the Inn and the individual which enables or requires the Inn to undertake processing

The Inn actively manages the processing of personal data and does not rely on automated processes.

Further processing

If the Inn wishes to use your personal data for a new purpose, not covered by this Data Privacy Notice, then it will provide individuals with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.  Where necessary, we will seek prior consent to the new processing.

Individual’s rights and personal data

Unless subject to an exemption under the GDPR, individuals have the following rights with respect to their personal data:

  • The right to request a copy
  • The right to request that the Inn corrects any personal data if it is found to be inaccurate or out of date
  • The right to request that personal data is erased where it is no longer necessary for the Inn to retain such data
  • The right to withdraw consent to the processing at any time (only applicable where 'consent' is detailed as the basis for Lawfulness of Processing)
  • The right, where there is a dispute in relation to the accuracy or processing of personal data, to request a restriction is placed on further processing
  • The right to object to the processing of personal data, (where 'Legitimate Interest' is the basis of Lawfulness of Processing)
  • The right to lodge a complaint with the Information Commissioners Office

Contact Details

For all enquiries or to exercise any of the above rights, individuals should contact The Director of Finance, The Honourable Society of Gray’s Inn, 8 South Square, Gray’s Inn, London, WC1R 5ET.

You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Categories of personal data

All personal data held by the Inn is processed in accordance with the general principles detailed in this Data Privacy notice.  There are additional specific policies for different categories of personal data i.e.:

Data Protection Notice - Members

General Principles

The Honourable Society of Gray’s Inn ('the Inn') processes personal information in compliance with the General Data Protection Regulation 2016/679 (the 'GDPR'). The general principles it follows in processing personal data are displayed on this page (the Data Privacy Notice page of the Inn’s website). This page details the policies specific to members, or applicants for membership, of the Inn.

We use your personal data for the following purposes:

  • To administer membership records thereby fulfilling the Inn’s legal responsibilities for regulation and training of pre and post qualified barristers
  • To manage the delivery of training (both pre and post qualification)
  • To maintain our own accounts and records
  • To operate the Gray’s Inn website and deliver the services that members have requested
  • To inform members of news, events, activities or services run by the Inn or related organisations
  • To share your contact details with the Bar Standards Board and Bar Council so that they can keep you informed about news, events, activities and services
  • To contact members via surveys to conduct research about their opinions of current services (the results of which will be anonymised), events attended, potential new services that may be offered and for demographic trend analysis as required by Government agencies under United Kingdom law (the results of which will be anonymised)

There are two Lawful Bases for processing your personal data

  1. Consent
  • Applicant for Membership or Scholarship;
    • As an applicant for Membership of, or a scholarship from, the Inn, you consent to the processing, retention and sharing of your personal data submitted with your application, including details of any misconduct or criminal convictions, for the purpose of assessing your Membership application
    • You may withdraw your consent and request erasure of your data at any time prior to your acceptance of Membership status or scholarship if so offered
    • Should you withhold your consent, the Inn will be unable to accept or process your application
    • Processing is necessary for statistical purposes in accordance with the requirements of the law of the United Kingdom.  Such statistical data will be anonymised.
  • ‘Called’ Barrister;
    • As a Barrister you consent to the processing, retention and sharing of your personal data for the purposes outlined above. You will have the opportunity to amend your records so that you only receive notices of social events which are of interest. For details on accessing the Gray's Inn Online System (GIOS) to update records and preferences visit the Member Login page.
  1. Legitimate Interest;
  • Processing is necessary for the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the member
  • Processing is necessary for the performance of training,  professional regulation and development services with the member
  • Processing is necessary for compliance with a legal or regulatory obligation i.e. to retain and share records relating to your  academic and professional qualifications, Calling to the Bar, Pupillage, Chambers and disciplinary records where applicable

Sharing your personal data

Your personal data will be treated as strictly confidential, and will be shared only with Inn employees or members whose responsibilities require that they have access to the data.  We will only share your data with third parties, outside of the Inn, with your consent or acting under instruction from appropriate legal or regulatory authority.

How long do we keep your personal data?

We keep your personal data for the duration of your membership. Outside of this the following retention periods will apply:

  • If your application for membership is unsuccessful your personal data will be deleted 2 years from the date of your application
  • If you withdraw your membership the Inn will retain records relating to admission, scholarships, call, election to the Bench, pupil supervision and any disciplinary procedures. This is required to protect the legitimate interests of the Inn and the wider profession. All other personal data will be deleted.  

Data Protection Notice - Employees

General Principles

The Honourable Society of Gray’s Inn ('the Inn') processes personal information in compliance with the General Data Protection Regulation 2016/679 (the 'GDPR'). The general principles it follows in processing personal data are displayed on this page (the Data Privacy Notice page of the Inn’s website). This page details the policies specific to members, or applicants for membership, of the Inn.

Any individual applying for a job with the Society will be asked to submit an application form or Curriculum Vitae.  This data will be held securely in the Society’s systems and will only be available to staff concerned with assessing the application and those who have responsibility for data management.  If the individual is successful with the application then the data will be transferred to the Inn’s Human Resources system.  The controls over this system, and the privacy policy applicable to all employees and former employees, are described in a handbook which is provided to all staff.  If the individual is unsuccessful with the application then the personal data submitted is destroyed within six months of the decision being made. 

Data Protection Notice - Pension Scheme Members

General Principles

The Honourable Society of Gray’s Inn ('the Inn') processes personal information in compliance with the General Data Protection Regulation 2016/679 (the 'GDPR'). The general principles it follows in processing personal data are displayed on this page (the Data Privacy Notice page of the Inn’s website). This page details the policies specific to members, or applicants for membership, of the Inn.

All employees of the Inn are enrolled as members of the Pension Scheme although they are given the option of withdrawing.  The administration of the Scheme is provided by a third party provider who operates as a data processor.  All members of the Scheme are provided with a Data Privacy Notice from the administrator.

Data Protection Notice - Non-Members

The Inn collects personal data in respect of non-members for a variety of purposes and these will determine the precise policies and practices to be applied to the data:

Student out-reach

The Inn will collect personal data on students and potential members in order to give them information about training as a barrister and the services the Inn can offer. The data will be held securely within the Inn’s systems and will only be used to as part of the process to inform and guide students who may be considering a career at the Bar.  Students will give their consent for this data to be processed.  If any student is under the age of 16, parental consent will also be obtained.  Data will be retained for five years after the data is initially gathered.

Volunteers

In order to fulfil its educational and career development functions the Inn relies on volunteers and a certain amount of their personal data is required.  Most volunteers are members of the Inn and the privacy policy is that applicable to all members. If a volunteer is not a member of the Inn the data will be subject to the following policies:

  1. The volunteers will provide consent to the data being captured and processed
  2. The data will be held in a secure file only accessible to individuals responsible for the educational or careers function
  3. The data will be deleted if the volunteer has not taken part in an exercise for more than two years

Inn services

Non-members can purchase a range of services from the Inn, which may require personal data in order to complete the transaction.  There will be a contract between the Inn and the individual and this forms the lawful basis for processing.  The data will only be used to fulfil the contract unless consent is obtained for additional processing.  The personal data will be deleted six years after the contract has been fulfilled.