Skip to content

General principles

Personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.  The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the ‘GDPR’).

Who are we?

The Honourable Society of Gray’s Inn (herein after referred to as ‘the Inn’)  is the data controller (contact details below), which means it decides how personal data is processed and for what purposes.

How do we process personal data?

The Inn complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining unnecessary  amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

Processing

The Inn will only process data where it has a lawful reason for doing so. GDPR defines six lawful reasons for processing personal data, three of which are relevant to the Inn. These are:

  1. Where there is a Legitimate Interest of the Inn or a third party for the processing to take place
  2. Where the Inn has the consent of the individual
  3. Where there is a contract between the Inn and the individual which enables or requires the Inn to undertake processing

The Inn actively manages the processing of personal data and does not rely on automated processes.

Further processing

If the Inn wishes to use your personal data for a new purpose, not covered by this Data Privacy Notice, then it will provide individuals with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.  Where necessary, we will seek prior consent to the new processing.

Individual’s rights and personal data

Unless subject to an exemption under the GDPR, individuals have the following rights with respect to their personal data:

  • The right to request a copy
  • The right to request that the Inn corrects any personal data if it is found to be inaccurate or out of date
  • The right to request that personal data is erased where it is no longer necessary for the Inn to retain such data
  • The right to withdraw consent to the processing at any time (only applicable where ‘consent’ is detailed as the basis for Lawfulness of Processing)
  • The right, where there is a dispute in relation to the accuracy or processing of personal data, to request a restriction is placed on further processing
  • The right to object to the processing of personal data, (where ‘Legitimate Interest’ is the basis of Lawfulness of Processing)
  • The right to lodge a complaint with the Information Commissioners Office

Contact Details

For all enquiries or to exercise any of the above rights, individuals should contact The Director of Finance, The Honourable Society of Gray’s Inn, 8 South Square, Gray’s Inn, London, WC1R 5ET.

You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Categories of personal data

All personal data held by the Inn is processed in accordance with the general principles detailed in this Data Privacy notice.  There are additional specific policies for different categories of personal data i.e.:

Data Protection Notice – Members

General Principles

The Honourable Society of Gray’s Inn (‘the Inn’) processes personal information in compliance with the General Data Protection Regulation 2016/679 (the ‘GDPR’). The general principles it follows in processing personal data are displayed on this page (the Data Privacy Notice page of the Inn’s website). This page details the policies specific to members, or applicants for membership, of the Inn.

We use your personal data for the following purposes:

  • To administer membership records thereby fulfilling the Inn’s legal responsibilities for regulation and training of pre and post qualified barristers
  • To manage the delivery of training (both pre and post qualification)
  • To maintain our own accounts and records
  • To operate the Gray’s Inn website and deliver the services that members have requested
  • To inform members of news, events, activities or services run by the Inn or related organisations
  • To share your contact details with the Bar Standards Board and Bar Council so that they can keep you informed about news, events, activities and services
  • To contact members via surveys to conduct research about their opinions of current services (the results of which will be anonymised), events attended, potential new services that may be offered and for demographic trend analysis as required by Government agencies under United Kingdom law (the results of which will be anonymised)

There are two Lawful Bases for processing your personal data

  1. Consent
  • Applicant for membership or scholarship;
    • As an applicant for membership of, or a scholarship from, the Inn, you consent to the processing, retention and sharing of your personal data submitted with your application, including details of any misconduct or criminal convictions, for the purpose of assessing your membership application
    • You may withdraw your consent and request erasure of your data at any time prior to your acceptance of membership status or scholarship if so offered
    • Should you withhold your consent, the Inn will be unable to accept or process your application
    • Processing is necessary for statistical purposes in accordance with the requirements of the law of the United Kingdom.  Such statistical data will be anonymised.
  • ‘Called’ barrister;
    • As a barrister you consent to the processing, retention and sharing of your personal data for the purposes outlined above. You will have the opportunity to amend your records so that you only receive notices of social events which are of interest. For details on accessing the Gray’s Inn Online System (GIOS) to update records and preferences visit the Member Login page.
  1. Legitimate Interest;
  • Processing is necessary for the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the member
  • Processing is necessary for the performance of training,  professional regulation and development services with the member
  • Processing is necessary for compliance with a legal or regulatory obligation i.e. to retain and share records relating to your academic and professional qualifications, calling to the Bar, pupillage, chambers and disciplinary records where applicable

Sharing your personal data

Your personal data will be treated as strictly confidential, and will be shared only with Inn employees or members whose responsibilities require that they have access to the data.  We will only share your data with third parties, outside of the Inn, with your consent or acting under instruction from appropriate legal or regulatory authority.

How long do we keep your personal data?

We keep your personal data for the duration of your membership. Outside of this the following retention periods will apply:

  • If your application for membership is unsuccessful your personal data will be deleted 2 years from the date of your application
  • If you withdraw your membership the Inn will retain records relating to admission, scholarships, call, election to the Bench, pupil supervision and any disciplinary procedures. This is required to protect the legitimate interests of the Inn and the wider profession. All other personal data will be deleted.

Data Protection Notice – Employees

General Principles

The Honourable Society of Gray’s Inn (‘the Inn’) processes personal information in compliance with the General Data Protection Regulation 2016/679 (the ‘GDPR’). The general principles it follows in processing personal data are displayed on this page (the Data Privacy Notice page of the Inn’s website). This page details the policies specific to members, or applicants for membership, of the Inn.

Any individual applying for a job with the Society will be asked to submit an application form or Curriculum Vitae.  This data will be held securely in the Society’s systems and will only be available to staff concerned with assessing the application and those who have responsibility for data management.  If the individual is successful with the application then the data will be transferred to the Inn’s Human Resources system.  The controls over this system, and the privacy policy applicable to all employees and former employees, are described in a handbook which is provided to all staff.  If the individual is unsuccessful with the application then the personal data submitted is destroyed within six months of the decision being made.

Data Protection Notice – Pension Scheme Members

General Principles

The Honourable Society of Gray’s Inn (‘the Inn’) processes personal information in compliance with the General Data Protection Regulation 2016/679 (the ‘GDPR’). The general principles it follows in processing personal data are displayed on this page (the Data Privacy Notice page of the Inn’s website). This page details the policies specific to members of the The Honourable Society of Gray’s Inn Life Assurance and Pension Scheme (‘the Scheme’).

The Trustees of the scheme rely on the Society to maintain all the personnel policies, records and processes required to operate the Scheme. The data of any Scheme member who is also an employee of the Society will be managed in accordance with the rules laid down in the staff handbook (a copy of which is accessible to all employees).

An employee will often remain a member of the Scheme even when he or she has left employment.  This situation arises with members (and their spouses) who are eligible for Defined Benefit pension payments or where the Scheme has purchased an annuity on their behalf.  Under these circumstance the individuals file will be maintained until the death of the individual or his or her spouse (whichever is later).  If a member who is entitled to a Defined Benefits pension resigns from the Scheme, leaving no further liability for the Scheme, then the individuals file will be retained for six years after resignation.  For statistical and archival purposes the names of and dates of Scheme membership of all members will be held indefinitely.

The Trustees use a third party to administer the Scheme – a function which requires the third party to hold personal data on members and to act as a data processor. All members of the Scheme are provided with a Data Privacy Notice from the administrator.

Data Protection Notice – Non-Members

The Inn collects personal data in respect of non-Members for a variety of purposes and these will determine the precise policies and practices to be applied to the data:

Student out-reach

The Inn will collect personal data on students and potential Members in order to give them information about training as a barrister and the services the Inn can offer. The data will be held securely within the Inn’s systems and will only be used to as part of the process to inform and guide students who may be considering a career at the Bar. Students will give their consent for this data to be processed.  If any student is under the age of 16, parental consent will also be obtained.  Data will be retained for five years after the data is initially gathered.

Volunteers

In order to fulfil its educational and career development functions the Inn relies on volunteers and a certain amount of their personal data is required.  Most volunteers are Members of the Inn and the privacy policy is that applicable to all Members. If a volunteer is not a Member of the Inn the data will be subject to the following policies:

  1. The volunteers will provide consent to the data being captured and processed
  2. The data will be held in a secure file only accessible to individuals responsible for the educational or careers function
  3. The data will be deleted if the volunteer has not taken part in an exercise for more than two years

Inn services

Non-Members can purchase a range of services from the Inn, which may require personal data in order to complete the transaction.  There will be a contract between the Inn and the individual and this forms the lawful basis for processing.  The data will only be used to fulfil the contract unless consent is obtained for additional processing.  The personal data will be deleted six years after the contract has been fulfilled.  

Data Protection Notice – Job Applicants

As part of any recruitment process, the Inn collects and processes personal data relating to job applicants. The Inn is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

What information does the Inn collect?

Any individual applying for a job with the Society will be asked to submit an application form or Curriculum Vitae.  This data will be held securely in the Society’s systems and will only be available to staff concerned with assessing the application and those who have responsibility for data management.

The Inn collects a range of information about you. This includes:

  • your name, address and contact details, including email address and telephone number;
  • details of your qualifications, skills, experience and employment history;
  • information about your current level of remuneration, including benefit entitlements;
  • whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process;
  • information about your entitlement to work in the UK; and
  • equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health, and religion or belief.

The Inn collects this information in a variety of ways. For example, data might be contained in application forms, CVs, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

The Inn will seek information from third parties, such as references supplied by former employers, only once a job offer to you has been made and will inform you that it is doing so.

Data will be stored in a range of different places, including on your application record, in HR management systems and on other IT systems (including email).

Why does the Inn process personal data?

The Inn needs to process data to take steps at your request prior to entering into a contract with you. It also needs to process your data to enter into a contract with you.

In some cases, the Inn needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant’s eligibility to work in the UK before employment starts.

The Inn has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows the Inn to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. The Inn may also need to process data from job applicants to respond to and defend against legal claims.

The Inn processes health information if it needs to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out its obligations and exercise specific rights in relation to employment.

Where the Inn processes other special categories of data, such as information about ethnic origin, sexual orientation, health, religion or belief, age, gender, or marital status, this is done for the purposes of equal opportunities monitoring with the explicit consent of job applicants, which can be withdrawn at any time by contacting the PA to the Director of Finance.

The Inn will not use your data for any purpose other than the recruitment exercise for which you have applied.

For how long does the Inn keep data?

If your application for employment is unsuccessful, the Inn will hold your data on file for six months after the end of the relevant recruitment process. At the end of that period or once you withdraw your consent, your data is deleted or destroyed.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to the Inn’s Human Resources system and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.

What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to the Inn during the recruitment process. However, if you do not provide the information, the Inn may not be able to process your application properly or at all. If your application is successful, it will be a condition of any job offer that you provide evidence of your right to work in the UK and satisfactory references.

You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for your application if you choose not to provide such information.

Find out more

Find us

Getting here and our opening hours

Member Login

Check your member details

Contact

Get in touch with the Inn

Let us know your feedback

"*" indicates required fields

WeeklyMonthlyYearlyThis is my first visit
YesNoJust browsing
StudentPupilBarristerBencherOther
Not at all likelyUnlikelyNeutralLikelyVery likely