Data Protection Notice

Data Protection

Overview and General Information

1. INTRODUCTION

We have developed this Data Protection Statement to illustrate our commitment to the protection of the privacy and personal information of data subjects who interact with King’s Inns and this website.

The purpose of this Data Protection Statement is to provide you with a clear understanding of:

· how we process your information

· the types of your personal information which we collect;

· how we use and share your personal information;

· how we protect your data protection rights;

· details on how you can find out more about how we use your personal information; and

· other details relevant to how we give effect to the privacy rights of individuals who interact with King’s Inns and the King’s Inns website

When we refer to “Personal Data” in this Data Protection Statement we mean any information relating to an identified or identifiable natural person (‘Data Subject‘); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

In some situations where we are collecting and/or processing your personal information, we will provide you with further details about the information we are collecting, the purposes for which we are using and sharing that information as well as any other information which is particularly relevant to such situations. When we do so, we may also refer back to this Data Protection Statement and the general principles set out here.

1.1 ORGANISATION INFORMATION

We are The Honorable Society of King’s Inns (referred to herein as “we”, “us”, “our” and the “King’s Inns”).

1.2 LEGISLATION

All personal data we gather will be “processed” in accordance with all applicable data protection laws and principles, including the EU General Data Protection Regulation 2018 and the applicable Irish Data Protection Acts.

1.3 QUERIES AND COMPLAINTS

If you have any questions about this Data Protection Statement or the way in which your Personal Data is being used by us please contact:

Data Protection Officer

King’s Inns, Henrietta Street, Dublin 1, DO1 KF59, Ireland

Email: data.privacy@kingsinns.ie

Telephone: +353 1 874 4840

You have the right to lodge a complaint with the Office of the Data Protection Commissioner. To contact the Office of the Data Protection Commissioner, please use the following details:

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2

D02 RD28

Telephone: 01 7650100

Telephone: 1800437 737

Email: info@dataprotection.ie

For your convenience we have divided our Data Protection Statement into sections:

STUDENTS | MEMBERS | BUSINESS CONTACT | RECRUITMENT

STUDENTS- DATA PROTECTION STATEMENT	Our Student Services Data Protection Statement provides specific information about the services we provide for applicants and students of our courses of education
MEMBERS – DATA PROTECTION STATEMENT	Our Member Services Data Protection Statement provides specific information about our services relevant to persons that are entered upon a register of members of King’s Inns
BUSINESS CONTACT – DATA PROTECTION STATEMENT	Our Business Contact Data Protection Statement is relevant to all other individuals whose Personal Data we process who are not considered Students or Members. This includes but is not limited to suppliers, business partners, website users, tenants, parking users, dining services, venue hire, library services and members of the public.
STAFF RECRUITMENT - DATA PROTECTION STATEMENT	We have a separate Data Protection Statement for internal staff recruitment. Our Staff Recruitment Data Protection Statement provides specific information about our processing activities relevant to individuals who might consider or apply for jobs to work with us on a contract basis or as employees.

2. ABOUT US

King’s Inns is the oldest institution of legal education in Ireland. Its main objectives are:

· the promotion and advancement of learning in the law;

· the education and training of students and members of the King’s Inns;

· the protection and furtherance of the reputation and standing of the degree of Barrister–at–Law;

· the preservation of the heritage that is comprised in the King’s Inns, its buildings, library, furnishings, and environs; and

· to ensure the fitness of persons to practice as or to hold themselves out as barristers prior to and, subject to Part 6 of the Legal Services Regulation Act 2015, after their call to the Bar of Ireland.

In addition to our main activities listed above, the King’s Inns provides a number of products and services including merchandising, newsletters, dining services, cottage rental, venue hire, and parking services. Our Data Protection Statements provides further information about the Personal Data we process in connection with these activities.

3. WHO THIS DATA PROTECTION STATEMENT APPLIES TO?

We process Personal Data about a wide range of people. This general section includes information relevant to all Data Subjects including:

· candidates who apply for positions of employment with King’s Inns,

· users of our website.

· individuals identified on our CCTV system; and

· individuals who receive marketing communications.

We have included further details about our processing activities relating to Students, Members and Business Contacts is specific sections of this Data Protection Statement as follows:

Data Subject	Description
Students	This includes applicants to and students of our courses of education
Members	This includes members, committees, council, members of the judiciary, benchers, alumni and barristers on the roll
Business Contacts	This includes suppliers, partners, tenants of our rental properties, users of our parking facilities and other business contacts of King’s Inns

4. how do we collect PERSONAL DATA?

We receive Personal Data from a variety of sources, as follows:

· the Personal Data is often provided as part of the relationship;

· the Personal Data may be collected from public sources;

· the Personal Data may be collected indirectly from another person;

· the Personal Data may be collected through our website;

· the Personal Data may be collected through our systems, including CCTV;

· the Personal Data may be collected indirectly from a website or from a third party.

5. CATEGORIES OF PERSONAL DATA

We process the following categories of Personal Data. For each category we have included an example of the type of Personal Data that may be part of that category:

Personal Data Category Description	Description
Contact Data	may include a person’s email address, phone number, postal address, other communication details (e.g. Skype)
Communication Data	may include phone calls, email correspondence and hard copy correspondence.
CCTV Data	CCTV Data includes information recorded by our CCTV cameras
Marketing Data	may include your Identification Data, Contact Data and any preferences in receiving marketing from us and your communication preferences.
Recruitment Data	may include recruitment related data such as Identification Data, Contact Data, Communication Data, CV and job application data. When processing CV related data, we may process certain Personal Data including the following: employment history, skills/experience, languages, educational history, qualifications, membership of professional associations, contact details of employer references/character references, licenses held, interests and hobbies, languages, locations, nationality, passport, eligibility to work in certain jurisdictions, salary expectations, interview/screening answers and notes
Financial Data	may include payment related information or bank account details and financial data received as part of our relationship with you.
Special Category Recruitment Data	If we interact with you for the purposes of recruitment, we may collect Recruitment Data that is of a special category per the GDPR definition: this can include diversity data such as gender, religion, racial or ethnic origin, sexual orientation, trade union membership or data relating to health. We will only source this data with the explicit consent of candidates.
Web Data	may include Personal Data provided on any forms on our website, including cookies, and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

6. LAWFULNESS OF PROCESSING

We process all Personal Data lawfully and in accordance with the requirements of the law. The GDPR sets out the legal grounds for processing Personal Data.

When we process General Contact Personal Data any one of the following legal grounds will generally apply. If we operate under a legal ground, that is not listed below, we will try to ensure you are informed what that is.

Consent

For certain processing activities we may rely on your consent. Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.

You can withdraw consent provided by you at any time by contacting us at data.privacy@kingsinns.ie. If you do withdraw your consent, it does not mean that any processing, with your consent, of your personal data up to that point is unlawful.

Your right to withdraw consent also relates to our use of your personal data for marketing purposes. You may withdraw your consent to receiving marketing communications from us by contacting us at data.privacy@kingsinns.ie or by using the “Unsubscribe” option available to you in each communication.

Please note that if you have opted in and consented to receive any information from our associated organisations, third parties or our partners and you wish to unsubscribe from their marketing or communications, please contact those organisations directly or use the “Unsubscribe” option available to you in their communications.

Contract

We will process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract.

Legitimate Interest

At times we will need to process your Personal Data to pursue our legitimate interests, for example for administrative purposes, to collect debts owing to us, to provide information to you, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights.

We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests. You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at data.privacy@kingsinns.ie and we will review our processing activities.

Legal Obligation

If we have a legal obligation to process Personal Data, we will process Personal Data on this legal ground.

Defence of Legal Claims

In limited circumstances and in accordance with the law we may use Personal Data in the defence of legal claims or enforcing legal rights.

7. OUR PROCESSING ACTIVITIES

The table below sets out the purpose for which we collect General Contact – Personal Data, our lawful basis for doing so, and the Personal Data that we collect.

In limited circumstances we may need to use your Personal Data for purposes other than those stated when we collected the Personal Data. Should this happen, we will notify you of this new purpose.

Purpose of processing	Categories of personal data	Lawful basis for processing
CCTV to manage and administer the CCTV system	CCTV Data	Legitimate Interest
Marketing & Promotion Activities: to respond to any requests from you/ to send newsletters and other information that maybe of interest/ to contact you as part of our relationship and general administration/ to inform you of events or webinars that might be of interest/ to deliver and organise our conferences, seminars, events/ to collect testimonials and promote the King’s Inns on our website and other relevant publications, including through the use of feedback surveys	Marketing Data/ Contact Data/ Web Data	Consent/ Legitimate Interest
Recruitment Activities to manage and administer the CCTV system/ as part of agency shortlisting/ to select the right Candidate to interview the Candidate/ to hire and seek to onboard the Candidate (pre contract)/ to manage our database of prospective Candidates	Identification Data/ Contact Data/ Communication Data/ Recruitment Data/ Web Data/ Marketing Data/ Special Category Recruitment Data	Consent/ Legitimate Interest/ Contract/ Legal Obligation/
Website Delivery to respond to web forms completed by you/ to promote our products and services/ to administer the Website/ and for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes/ to ensure the safety and security of our website and our services.	Web Data	Consent/ Legitimate Interest

8. SECURITY OF YOUR PERSONAL INFORMATION

We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Data Protection Statement and the Data Protection Laws. In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.

We monitor for and do everything we can to prevent security breaches of the Personal Data that we process. Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.

We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.

If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.

9. DISCLOSURE OF PERSONAL DATA

We will need to share your Personal Data in order to provide services to you and in certain circumstances we may disclose your Personal Data as follows:

· to business partners and sub–contractors for the performance of any contract relating to services provided by the King’s Inns;

· to tax, audit or other authorities, if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation or in order to enforce or apply any contract that we have;

· to official authorities to protect our rights, property, or safety, or those of other persons (including you);

· to payment service partners for the processing of payments to and from King’s Inns, to screen for fraud and carry out other related activities;

· to our catering and events management partners;

· to King’s Inns insurance brokers and providers where required for administering claims;

· to our email distribution partner and service providers in the case of marketing and newsletters;

· to other academic institutions and partners in the case of marketing and promotions of the King’s Inns;

· to the Residential Tenancies Board in the case of our rental properties; and

· to our subcontractors involved in the maintenance and repair of the rental property, in advance and with notification to the tenant.

10. RETENTION OF YOUR PERSONAL DATA

In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.

Our retention policy for General Contact Personal Data is as follows:

Purpose of processing Retention Period	Retention Period
CCTV	30 Days
Recruitment Activity	18 months for unsuccessful applicants
Website Delivery	Please see our Cookie Notice* (link below)
Marketing and Promotion Activities	12 months in the case where there is no further meaningful engagement or upon unsubscribe 5 years in the case of testimonials, feedback, photography and videography provided for the purposes of marketing

Cookie notice*

Further information is set out in the relevant sections of this Data Protection Statement.

11. YOUR RIGHTS

You have a number of rights when it comes to your personal data. On receipt of a valid request to invoke one of your rights, we will do our best to adhere to your request as promptly as reasonably possible, however, restrictions may apply in certain situations.

Right of Access

You have a right to know what personal data we hold on you, why we hold the data, and how we are using the data. When submitting your request, please provide us with information to help us verify your identity and as much detail as possible to help us identify the information you wish to access (i.e. date range, subject of the request).

Identity verification will require a copy of your photographic ID, as well as the provision of three unique identifying factors from your medical record. If the request is submitted by a third party (such as a solicitor) on your behalf, the request will be required to include written authorisation from you for the provision of a specific data to the third party.

We will provide the first copy of your personal data free of charge, but we may charge you a reasonable fee for any additional copies.

We cannot give you access to a copy of your personal data in some limited cases including where this might adversely affect the rights and freedoms of others.

Right to Rectification

You have a right to request that the personal data held in relation to you is up to date and accurate. Where information is inaccurate or incomplete, we encourage you to contact us to have this information rectified. Upon receipt of your request, we will ensure that the personal data is rectified and as up to date as is reasonably possible.

Right to Erasure

In some circumstances you can ask for your personal data to be deleted, for example, where:

· your personal data is no longer needed for the reason that it was collected in the first place

· you have removed your consent for us to use your personal data (where there is no other lawful basis for us to use it)

· there is no lawful basis for the use of your personal data

· deleting the personal data is a legal requirement

Please note that we can’t delete your personal data where:

· we are required to have it by law

· it is used for freedom of expression

· it is used for public health purposes

· it is used for scientific or historical research or statistical purposes where deleting the personal data would make it difficult or impossible to achieve the objectives of the processing

· it is necessary for legal claims.

Right to Restriction

You have the right to restrict the extent for which your personal data is being used by us in circumstances where:

· You believe the personal data is not accurate (restriction period will exist until we update your information).

· The processing of the personal data is unlawful, but you wish to restrict the use of the data rather than erase it.

· Where the personal data is no longer required by us, but you require the retention of the data for the establishment, exercise, or defence of a legal claim.

· You have a pending objection to the future use of your personal data.

When the use of your data has been restricted, your personal data will only be further used:

with your consent;

· for the establishment, exercise or defence of legal claims;

· for the protection of the rights of other people; or

· for reasons important to public interest, such as for the protecting against cross-border threats or ensuring high standards of quality and safety of health care.

We will contact you to confirm where the request for restriction is fulfilled and will only lift the restriction after we have informed you that we are doing so.

Right to Data Portability

You have the right to the provision of all personal data, which you provided to us, provided to you in a structured, commonly used and machine-readable format where:

· The lawfulness of the use of your personal data by us is reliant on the provision of your consent.

· The data is being utilised by fully automated means.

You may also request that we send this personal data to another legal entity where technically feasible. We will only refuse such a request if the data being requested may adversely affect the rights and freedoms of others.

Right to Object

You have the right to object to the further use of your personal data where:

· The lawfulness of the use of your personal data by us is reliant on the basis of our legitimate interests.

· Where the data is non-sensitive and being used for reasons in the public interest.

· Where the data is being used for direct marketing purposes.

If you wish to object to the use of your data, please contact us with your request. We will then stop using the data or personal data unless it is required for legal proceedings.

Right not to be subject to Automated Decision-Making Profiling

You have the right not to be subject to a decision based solely on automated processing. This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent or the processing is authorised by law.

Right to Complain

You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.

Where do I send requests?

Please send all requests to the contact details provided in Section 1, with as much detail as possible regarding your requirements to enable us to deal with your request efficiently. To answer your request, we may ask you to provide identification for verification purposes.

How long will a request take to complete?

Upon receipt of a request, we will have 30 days to provide a response, with an extension of two further months if required. If we require more time to deal with your request, we will notify you of the delay, and of the factors responsible for the delay, within 30 days of the receipt of your request. If we refuse your request, we will notify you within 30 days of the receipt of the request accompanied by the reason for refusal.

You are entitled to contact the Office of the Data Protection Commissioner if we refuse your request.

How much does it cost to submit a request?

We will not charge a fee for any requests, provided we do not consider them to be unjustified or excessive. If we do consider these to be unjustified or excessive, we may charge a reasonable fee (also applicable for multiple copies) or refuse the request.

12. USE OF THIRD PARTY WEBSITES

Websites that you access via a link on the King’s Inns website are outside our control and are not covered by this Data Protection Statement. If you access other websites using the links provided, the operators of these websites may collect Personal Data from you, which will be used by them in accordance with their own data protection statements, which may differ from ours. Please check the data protection statements on those websites before you submit any Personal Data to them.

13. COOKIES

Please see our separate Cookie Notice available for further information.

14. AMENDMENTS TO THIS DATA PROTECTION STATEMENT

We will post any changes on the Website and when doing so will change the effective date at the top of this Data Protection Statement.

In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.

Members' Dining

Hilary Term 2022