As you browse our sites (www.coic.org.uk, www.icca.ac.uk, www.tbtas.org.uk) and whenever you communicate with us, we collect personal information. We are committed to safeguarding the privacy of our website visitors and this policy sets out how we will treat your personal information.

Please read this policy carefully, along with our Website Terms and Conditions, to understand how we collect, use and store your personal information. The provision of your personal information to us is voluntary but please note that in some cases without providing us with personal information your use of our services or your interaction with us may be impaired.

Who we are and how to contact us

Our sites are operated by The Council of the Inns of Court, a company limited by guarantee registered in England and Wales under company number 8804708, registered charity number 1155640 and registered office of 9 Gray’s Inn Square, London WC1R 5JD.

To contact us please send us an email to info@coic.org.uk or call us on 020 7822 0763.

You have the right to make a complaint to the Information Commissioner’s Office at any time, but we always appreciate the opportunity to hear about your concerns before you feel this step is necessary.

What personal information do we collect?

We may collect, store and use the following kinds of personal information:

• information you provide us in order to register an account, including your name, contact details and which Inns or Circuits you are associated with (if any)
• information about your computer and about your visits to and use of our sites (including your IP address, geographical location, browser type, referral source, length of visit and number of page views)
• information provided to us in the course of a BTAS tribunal, which may include information about you provided by third parties (including, the prosecution and the defence)
• any other information that you choose to send to us (which may include your name, address, telephone number and/or email address) including, for example, information provided as part of events bookings or in response to a job vacancy, which may include references, or simply information provided in email correspondence.

Special categories of data and criminal data

The EU General Data Protection Regulation (“GDPR”) recognises certain categories of personal information as sensitive and therefore requiring more protection, for example information about your health, ethnicity and political opinions. The GDPR and the Data Protection Act 2018 also afford greater protection to criminal data. In certain situations, COIC may collect and/or use these kinds of data (for example, due to the nature of BTAS tribunals they are likely to consider evidence including criminal or alleged criminal data). We will only process these kinds of data if there is a valid reason for doing so and where the law allows us to do so.

How and why we use your personal information

Personal information submitted on our sites will be used for the purposes specified in this privacy policy or in relevant parts of our sites. We may use your personal information to:

• provide you with services, products or information you have requested
• to provide further information about our work, services, activities or events
• to answer your correspondence and communicate with you in general
• to administer your memberships and register, administer and personalise online accounts
• to further our charitable aims in general, including to promote high standards of advocacy and enforce professional standards of conduct (including administering disciplinary tribunals)
• to analyse and improve our work, services, activities, products or information (including our website), or for our internal records
• to register and administer participation in events
• to process your application for a job or other role with us
• to administer your employment/ other working relationship with us (for example, to pay your salary)
• to provide references
• for training and/or quality control
• to audit and/or administer our accounts
• to satisfy legal obligations which are binding on us, for example in relation to regulatory, government and/ or law enforcement bodies with whom we may work (for example: requirements relating to the payment of tax or anti-money laundering)
• for the prevention of fraud or misuse of services
• for the establishment, defence and/or enforcement of legal claims
• administer the sites
• improve your browsing experience by personalising the sites.

Where you submit personal information for publication on our sites or elsewhere, we will publish and otherwise use that information in accordance with the licence you grant to us. We will not, without your express consent, provide your personal information to any third parties for the purpose of direct marketing.

Our lawful basis for processing your personal information

Data privacy law requires us to rely on one or more lawful grounds to collect and use your personal information. We consider the following to be relevant to COIC’s use of your personal information:

• Consent. Where you have provided your consent for us to use your personal information in a certain way (for example, signing up to email newsletters).
• Legal obligation. Where necessary so that we can comply with a legal obligation to which we are subject (for example, where we are obliged to share your personal information with regulatory bodies which govern our work and services).
• Contract. Where necessary to perform a contract with you (for example, if you apply to work for us).
• Legitimate interests. The GDPR allows us to process personal information if it is reasonably necessary to achieve our or others’ legitimate interests, as long as that processing is fair, balanced and does not unduly impact your rights. In broad terms, our “legitimate interests” means the interests of running COIC as a charitable entity and pursuing our aims and ideals; for example enforcing professional standards of conduct through our work with BTAS.
• Public interest. Where it is necessary for the performance of a task carried out in the public interest.

Who we share your personal information with

We may disclose personal information about you to any of our employees, officers, agents, BTAS panel members (for the purpose of tribunals), suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this policy.

In addition, we may disclose personal information about you:

1. to the extent that we are required to do so by law
2. in connection with any legal proceedings or prospective legal proceedings
3. in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk – for example credit reference agencies); and
4. to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.

We may allow our suppliers to access and use your personal information to allow them to perform services on our behalf (e.g. payment processing). In these circumstances we will not give these organisations any rights to use your personal information except to provide services to use and in accordance with our instructions. Except as provided in this privacy policy or otherwise notified to you, we will not provide your information to third parties.

Event Registration

We use third party providers for event registration (currently Eventbrite), and contain a link to their external site for this purpose. Any personal information you provide to Eventbrite when booking events will be processed in accordance with Eventbrite’s own privacy policy.

Where we store your personal information

Personal information which we collect is generally stored within the UK, but may be transferred to or stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who works for us or one of our suppliers. Some countries outside the UK and EEA have a lower standard for personal information, including lower security requirements and fewer rights for individuals. We take all steps reasonably necessary to ensure that your personal information is subject to appropriate safeguards (such as by entering into standard contractual clauses designed to protect it) and used in accordance with this policy.

Personal information that you submit for publication on our sites will be published on the internet and therefore publicly available, via the internet, around the world. We are not responsible for republication by third parties. For further information please see our Website Terms and Conditions.

How long we keep your personal information

The period for which we keep your personal information depends on the purposes for which it is held. In general, unless still required in connection with the purpose(s) for which it was collected and/or otherwise processed, we remove your personal information from our records six years after the data it was collected – but this varies. If before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure, we will remove it from our records at the relevant time.

Please see our Data Retention Policy, or contact us for further details.

Security of your personal information

We take appropriate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure of or access to your personal information. For example, your personal information is only accessible by appropriately individuals on a confidential basis, and stored on secure servers.

Data transmission over the internet cannot be guaranteed to be 100% secure, and we cannot guarantee the security of data sent over the internet and so wish to draw to your attention that you send us information in this manner at your own risk.

Where we have given you (or you have chosen) a password which enables you to access certain parts of our sites, you are responsible for keeping this password confidential, and we ask you not to share this with anyone.

International Data Transfers

Given we are UK-based; generally the personal information we collect is stored within the UK. However, where we use agencies and/or suppliers to process personal information on our behalf, it is possible that personal information we collect from you will be transferred to and stored in a location outside the European Economic Area (“EEA”), for example the United States.

Please note that some countries outside of the EEA have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. Where your personal information is transferred, stored and/or otherwise processed outside the EEA in a country that does not offer an equivalent standard of protection to the EEA, we will take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards (such as by entering into standard contractual clauses) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this policy. If you have any questions about the transfer of your personal information, please contact us using the details above.

Your rights

You have the following data privacy rights:

1. Access – you may request the details of the personal information we hold about you and request a copy. This is sometimes called a “subject access request”.
2. Erasure – you may request we delete your personal information from our records. Alternatively, we may anonymise it so you can no longer be identified from it.
3. Rectification – if you believe our records regarding you are inaccurate (and you can ask us to check if insure) you can ask us to update them.
4. Restriction – you may ask us to restrict the processing of your personal information if there is disagreement about its accuracy or legitimate usage.
5. Objection – you have the right to object to processing where we are (i) processing your personal information on the basis of legitimate interests, (ii) using your personal information for direct marketing or (iii) using your personal information for statistical purposes.
6. Data porting – you have the right to ask us to provide you or another service provider with your personal information in a machine-readable format in certain limited circumstances – this and other rights apply where your personal information is processed using ‘automated means’ but COIC does not currently process personal information using automated means in order to make decisions about individuals that have a legal effect or similarly significant effect.

If we are relying on your consent, you can withdraw that consent at any time.

If you want access to your information, send a description of the information you want to see and proof of your identity to The Council of the Inns of Court, 9 Gray’s Inn Square, London WC1R 5JD. Please note that these are legal rights which are limited and subject to exemptions.

Third Party websites

Our sites may from time to time contain links to third party websites. If you follow a link to any of these websites, please note that these websites will have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these third parties’ policies before you submit any personal information to these websites.

Cookies

This policy explains how we use cookies and other tracking technologies through our sites (www.coic.org.uk, www.icca.ac.uk, www.tbtas.org.uk).

Please read this policy carefully, along with our Privacy Policy (above), to understand how we collect, use and store your personal information.

If you do not accept our use of cookies please disable them following our guidance below.

What are cookies?
Web cookies are small snippets of data which are saved on your computer when you visit certain websites that distinguish you from other users of the website. Cookies are used to help users navigate websites more efficiently and to perform certain functions, as well as to provide information to the owners of the website. Like most websites, we use cookies.

Why do we use cookies?
We use cookies for a number of purposes:

1. To let you do things on our website – for example, cookies enable you to log in to secure areas of our website, fill in forms or view content.
2. To collect anonymous statistics – the information collected by cookies enables us to improve the website through usage figures and patterns. For example, it is useful to see which pages of the website – and therefore which of our services – are the most popular and how users are interacting with them.
3. To improve your experience of our site – for example, to prevent you having to re-enter details when you have already done so, or by ensuring that users can find what they are looking for easily.
4. To ensure that our site is secure – for example, to make sure that personal information that you give to us does not fall into the wrong hands.

By [clicking accept tab/ticking box] when you visit the website you consent to our use of cookies as updated from time to time. In particular, you consent to cookies being stored on your computer and/or mobile device (unless rejected or disabled by your browser).

Turning cookies off
Web browsers normally accept cookies by default. However, all modern browsers let you turn off either all or third-party cookies. Some of the cookies we use are essential for parts of the sites to operate and have already been set as per the table above (marked “strictly necessary”). Please be aware that restricting or deleting cookies may impact on the functionality of the sites.

The Help function within your browser should tell you how to reject cookies. Alternatively, you can visit www.allaboutcookies.org which provides general information about cookies and how you can manage cookies on your computer.

You may opt-out of Google’s analytics cookies by visiting Google’s opt-out page – https://tools.google.com/dlpage/gaoptout.

Policy amendments

We may update this policy from time-to-time, so please check this page occasionally to ensure you are happy with any changes. We may also notify you of changes to our privacy policy by email where possible, if we update this policy in a way that significantly changes how we use your personal information.