Skip to content

General principles

Personal data – what is it?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.  The processing of personal data is governed by the Data Protection act (DPA) 2018 and UK General Data Protection Regulation (‘UK GDPR’).

Who are we?

The Honourable Society of Gray’s Inn (herein after referred to as ‘the Inn’)  is the data controller (contact details below), which means it decides how personal data is processed and for what purposes.

How do we process personal data?

The Inn complies with its obligations under the UK GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining unnecessary  amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

Processing

The Inn will only process data where it has a lawful reason for doing so. UK GDPR defines six lawful reasons for processing personal data, three of which are relevant to the Inn. These are:

  1. Where there is a Legitimate Interest of the Inn or a third party for the processing to take place
  2. Where the Inn has the consent of the individual
  3. Where there is a contract between the Inn and the individual which enables or requires the Inn to undertake processing

The Inn actively manages the processing of personal data and does not rely on automated processes.

Further processing

If the Inn wishes to use your personal data for a new purpose, not covered by this Data Privacy Notice, then it will provide individuals with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.  Where necessary, we will seek prior consent to the new processing.

Individual’s rights and personal data

Unless subject to an exemption under the UK GDPR, individuals have the following rights with respect to their personal data:

  • The right to request a copy
  • The right to request that the Inn corrects any personal data if it is found to be inaccurate or out of date
  • The right to request that personal data is erased where it is no longer necessary for the Inn to retain such data
  • The right to withdraw consent to the processing at any time (only applicable where ‘consent’ is detailed as the basis for Lawfulness of Processing)
  • The right, where there is a dispute in relation to the accuracy or processing of personal data, to request a restriction is placed on further processing
  • The right to object to the processing of personal data, (where ‘Legitimate Interest’ is the basis of Lawfulness of Processing)
  • The right to lodge a complaint with the Information Commissioners Office

Contact Details

For all enquiries or to exercise any of the above rights, individuals should contact The Director of Finance, The Honourable Society of Gray’s Inn, 8 South Square, Gray’s Inn, London, WC1R 5ET.

You can contact the Information Commissioners Office on 0303 123 1113, via email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.