ICAEW.com works better with JavaScript enabled.

Last updated: 7 February 2022

This notice (referred to as this “privacy notice”) explains what Personal Data the Institute of Chartered Accountants England and Wales (ICAEW) holds about ICAEW Students, pathway applicants, those undertaking qualifications offered by ICAEW, potential students and those individuals who have not yet come into ICAEW membership (referred to in this privacy notice as you or students), how we collect it, and how we use and share Personal Data. Please ensure that you read this privacy notice and any other privacy notices we may provide to you from time to time when we collect or process Personal Data about you while you are an ICAEW student.

1. Who can I contact if I have any questions?

ICAEW is the controller for the Personal Data collected from students unless this is stated otherwise. ICAEW is registered with the Information Commissioner’s Office (ICO) with registration number (Z5765897). In this privacy notice, references to ‘we’, ‘us’ or ‘our’ mean ICAEW. You can contact ICAEW in a number of ways as follows:

  • Email: data.protection@icaew.com
  • Post: The Data Protection Office, ICAEW, Metropolitan House, 321 Avebury Boulevard, Milton Keynes, MK9 2FZ UK
  • Telephone: +44 (0)1908 248 250

2. What is Personal Data?

2.1     Personal Data is any information which directly or indirectly identifies an individual, for example, your name, address, membership and/or student number, NI number, qualifications, date of birth, photos, videos or voice recordings.

2.2     Special categories of Personal Data are a set of Personal Data that we are required to look after even more carefully. Special categories of Personal Data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. In limited circumstances, we collect special categories of Personal Data about you through the application process, for example, we may collect details of your health data to ensure that we can make reasonable adjustments for you.

2.3     We collect Personal Data about you when you are a student, and we also collect information about your criminal convictions and offences which is another type of Personal Data that we need to look after very carefully.

3. Personal Data we collect about you

We collect Personal Data about you when you give us Personal Data in direct interactions with us during your time as an ICAEW student, for example by completing the registration process, attending courses, internships, events and webinars, taking part in exams and other assessments. We also collect Personal Data from other sources as set out below.

Personal Data collected directly from you

Identity Data

Your name, title, date of birth, facial photographs, images of identification documents, such as driving license.

Contact Data

Your address and contact details, including email address and telephone numbers.

Education Data

Details of your academic and professional qualifications including educational establishments, dates of study, subjects studied and results. 

 

Career Data

Employment history, including start and end dates with current and previous employers. Details of membership of Professional Bodies.

Student Data

ICAEW Student training records, results for exams you sit with us and awards you receive, tutor organisation, unique learner number (ULN), employer’s reference number (ERN).

Financial Data

Details of your bank account.

Criminal Offence Data

Information about your criminal record, if applicable, is collected when you provide a declaration.

Equal Opportunities Data

Equal opportunities monitoring information, including information about your ethnic origin, gender, sexual orientation, health and religion or belief.

Health Data

Information about your health, medical conditions or disabilities. 

Online Invigilation Data

Data collected during your completion of online examinations while logged into the ICAEW online remote invigilation exam platform consisting of images, video and audio recorded via your device while you are in the process of completing an exam which is invigilated online. This recording may capture; images of your face, desk and workspace recordings of your voice, visible or audible physical health data, racial/ethnic origin/religious beliefs (by virtue of video recording), IP address, browser agents, browser and operating system identifiers, screenshots of your PC, your exam setting (home, office etc.), all recorded video streams (computer, webcam and mobile), name of the exam you are sitting and other assessment based data that may be collected, including information about browser version, appVersion, appName, product and appCodeName, video frame size, type and library used for encoding, framerate, jitter, packet loss and bandwidth.

Website Data

Information collected during your use of our website. Please see our website privacy notice (Website and email privacy notice | ICAEW policies | ICAEW) for more details.

 

Reference Data

Information supplied by former employers, education providers and recruitment agencies. For example, information about your previous academic or employment history, including details of any conduct grievance or performance issues, appraisals, time and attendance.

Contact Data

Information you supplied to an organisation with the explicit consent to share with us, for example, if you have chosen to hear about ICAEW services via another scheme. 

4. What if you do not supply your Personal Data

Some of the Personal Data we process is mandatory meaning that if you do not provide it to us, we will be unable to provide some or all student services to you.  For example, if you don't enter the mandatory Personal Data when registering as a student with us, you will not be able to register as a student with us, sit or pass exams or gain ICAEW qualifications. We will explain at the point of data collection, which information is mandatory information, and which is optional.

  • Purposes and legal basis for which we will use your Personal Data

5. Purposes and legal basis for which we will use your personal data

5.1     Processing Personal Data from students allows us to administer and manage the process of registering you as a student, provide courses to you and administer exams. In order to comply with Personal Data protection laws, we need a lawful basis to process your Personal Data. We use the following lawful bases to obtain and use your Personal Data.

  • Performance of a Contract – We need to process your Personal Data to take steps at your request, prior to entering into a contract with you and for the performance of our contract with you as an ICAEW student.
  • Consent – Some Personal Data is processed because you have given your consent. Consent can be withdrawn at any time by contacting us at dataprotection@icaew.com.
  • Legal or Regulatory Obligation – In some cases, we need to process Personal Data to comply with a legal or regulatory obligation which we are subject to.
  • Legitimate Interest – Where processing the Personal Data is in our legitimate interests (or those of a third party) provided that your fundamental rights do not override such interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process Personal Data for our legitimate interests.
    • The table below describes the ways in which we use your Personal Data and the legal bases we rely on to do so. Where appropriate we have also set out our legitimate interests in processing your Personal Data.

Purpose and/or activity

Type of Data

Legal basis for processing

To register you as a student, provide you with advice in relation to your registration as a student, to enable you to sign up for and use a student account on our website, to administer and manage your student journey.

Identity Data
Contact Data
Criminal
Data
Education
Data
Financial
Data

Performance of a contract: to enable you to register as a student and to communicate with you once you become a student.

To comply with our equal opportunities monitoring obligations and to follow our equality and other policies.

Equal
Opportunities
Data

Consent: for collecting the data from you. The process of monitoring is to comply with our legal obligations and for reasons of substantial public interest.

To support any special exam requirements, you have and/or to consider an appeal that you make or that is made on your behalf if you consent to this.

Health Data

Explicit consent: where you have consented to giving ICAEW your health data. 

Legal obligation: to comply with accessibility requirements for the reasons of substantial public interest, to ensure equality of opportunity or treatment.


To take payment or provide you with a refund.

Financial Data

Performance of a Contract: to allow us to take, and if necessary, refund, payments made by you for the provision of services by ICAEW to you as a student.

To reconcile payments to ICAEW for services we provide

Financial Data

Legitimate interest: in our legitimate interests in running a well-managed business, providing the services we have been paid for and identifying services for which payments have not been received. It enables ICAEW to confirm that you have paid for your product or service and prevents you from being incorrectly chased for payments they have made. 

To run competitions

Identity Data
Contact Data

Consent: to manage a competition to which you have entered.

To provide you with CABA services

Identity Data
Contact Data
Member
Data

Performance of a contract: to deliver to you the services included in your membership.

To ensure the authenticity of any documents submitted as part of your registration or any appeal, complaint or other application, to run eligibility checks on your eligibility for qualification and/or membership.

Background
Data
Criminal
Data
Education
Data

Legitimate interest: to ensure authenticity of documents as part of any appeals, complaints, or other applications.

For reasons of substantial public interest (preventing or detecting unlawful acts): To ensure the authenticity of any documents submitted as part of your registration, to run eligibility checks on your eligibility for qualification and/or membership.

 

To investigate and respond to any queries, disputes, appeals, complaints or other similar or related matters raised by you.


Identity Data 
Contact Data 
All relevant student and member data held by ICAEW

Legitimate interest: to complete investigations and resolve such matters raised by you.

If you have an ICAEW training agreement with an employer or principal, to ensure that your training and progress meets the standard required by your employer and that your ACA status is represented accurately.

Identity Data
Contact Data
Exam and course related data

Legitimate interest: to contact your employer/tuition provider, share and communicate with them regarding relevant records associated with the training agreement. 

To provide you with updates and information, including changes to regulations or changes to the way rules are applied and other updates relevant to you; to send you other information or updates relating to our services that you may be interested in including our direct marketing emails and/or mail. We will only send direct marketing emails and/or mail with your consent. Please see the Direct Marketing section in this table below for more information.

Identity Data
Contract Data

Performance of a Contract: to provide all relevant information to you for the purposes of progressing your student journey and successfully completing your exams.

Legitimate interest: to provide relevant information that will more generally assist you in your studies and associated activities.

 


For feedback, research, analysis and development purposes, to request and collect feedback on your student journey and examination experiences to help us to assess the suitability of training, exam modules and/or processes, for research purposes and statistical analysis; to help us develop and improve our services.

Identity
Data
Contract
Data
Response
data provided by you.


Legitimate interest: in requesting, collecting and responding to feedback from students about their experiences of ICAEW.

Legitimate interest: understanding how students use our services, in researching and analysing what students want from ICAEW.

Legitimate interest: in developing and improving our services.

To capture and create ICAEW case studies, testimonials, profiles for careers touchpoints e.g. brochures, websites, adverts, social media, student insights (content on ICAEW website)

Identity Data
Education
Data
Career Data

Consent: where you have actively provided this data on the case studies form. 

Review of CPD records and processing delayed applications; processing of audit qualification.

Identity Data
Education
Data

Legal obligation: in Schedule 10 of the Companies Act 2006.

Legitimate interest: the related administration tasks is “Legitimate Interest” under Article 6(f).

 

Exam and qualification administration and management, to assess your eligibility for qualifications you apply for; to enable you to book and sit ICAEW exams; to invigilate exams online, (including verifying the identity of the person taking the exam, observing the completion of the exam, managing incidents and help to prevent fraud); to manage and administer our qualifications, to administer exam awards;  and to communicate with you about the results of ICAEW exams you sit.

Identify Data,
Online
Invigilation
Data,
Exam scripts
Exam results

Legitimate Interest: ensuring that exams taken are fair and secure and to ensure the integrity of the assessment process.

Performance of a contract: in order to provide you with the services you are entitled to under your contract with us.

Consent: We may share and publish your results and awards that you receive including publishing results online including exam awards or celebrations. We will only do this where you have provided your consent.

For non-UK residents becoming ICAEW students, to manage and administer international routes to becoming an ICAEW student; to assess ability of prospective referee to act as a referee for prospective international student; and to assess eligibility.

Identity Data
Contract
Data
Referee related data
Education
data
Criminal data

Performance of a contract: in order to provide you with the services you are entitled to under your contract with us.

To share relevant details with 3rd party organisations, to which you are associated, and which have a direct interest in your student data (e.g. where ICAEW exams are used by other organisations as part of their professional qualification).

 

Exam and course related data

Legitimate Interest: receiving and sharing information with other entities regarding shared students.

Direct Marketing, sending you emails to promote our services.

Identity Data
Contact Data

Consent: where you have consented to receiving the communications. 

 

Ethics Learning Programme; registering for the programme, sharing your registration Personal Data with the provider of our Ethics Learning Programme.

Identity Data
Contact Data

Legitimate Interest: there is a legitimate interest in enabling electronic learning and registration with the relevant third-party provider. 


To run reports analysis on student data.

Identity Data
Contact Data

Legitimate interest: in our legitimate interest to understand the intake and trends of ICAEW students. 

 

Anonymisation of personal data for the onward activities of Management Information and Business Intelligence.

All Personal Data

Legitimate Interest of the ICAEW for business improvement and intelligence purposes.

Audit activities

A sample of all Personal Data

Legitimate Interest of the ICAEW to gain a true and fair understanding of current practices, with a view to organisational improvement.  

6. How Long will Personal Data be retained?

6.1     We keep Personal Data that we obtain about you during your time as an ICAEW student. Examination and qualification records will be kept indefinitely for record and Regulatory evidence.

7. Automated Decision Making

7.1     Certificate Level and Certificate in Insolvency exams may be marked using automated means. The correct answers and pass mark are determined by ICAEW. The examination mark and whether you have passed or failed an exam marked using automatic means will be automatically determined by reference to the number of correct and incorrect exam answers and the applicable pass mark – your answers are marked by computer against a pre-set marks scheme. If you wish to request a check of the automated decision-making process you should contact studentsupport@icaew.com.

8. Sharing your Personal Data

8.1     ICAEW may share your Personal Data with third-party processors who provide services to the organisation. These services include:

  • external assessment, training and examination providers (including test centres) invigilators and providers of online invigilating services.
  • tutors and ICAEW partners in learning;
  • payment providers;
  • business system providers;
  • publishers;
  • companies who run competitions on our behalf;
  • companies who facilitate our communication with you including marketing communications you are registered for and communicating your exam results;
  • website content and hosting providers, including analytics; and
  • if you have special exam requirements such as access arrangements, extra time or other assistance due to illness, disability, religion or other extenuating circumstances, we may share your Personal Data (where necessary, including health data) with third party suppliers engaged by us who need to know such information in order to cater for your special requirements.

8.2     We may share your Personal Data with organisations where we have a legal obligation, contract or other legitimate interest to do so, including:

  • Building landlords and facilities management organisations (CCTV and access control systems);
  • Your employer/principal - to meet our contractual obligations. For example, if you have a training agreement with your employer/principal we will share your personal data with your employer/principal to ensure that your training and progress meets the standard required by your employer/principal.
  • Evidence issuing authority: We will share your personal data with the issuing authority of any evidence you provide to ensure authenticity i.e. when you have sent us your educational qualifications and we check them with your educational institution or against UK ENIC managed by Ecctis Ltd.
  • Publishing your exam results: We may share and publish your results and awards that you receive including publishing results online and at prize giving celebrations. We will only do this where you have provided your consent.
  • District and student societies: We will share your Personal Data with district societies and student societies to allow such societies to communicate with you, if you fall within their remit;
  • International accountancy institutions: If you study under ICAEW’s Pathways programme or a similar arrangement, we may share your Personal Data with the home body in your country of residence;
  • Chartered Accountants Benevolent Association in order for CABA to be able to provide services to you;
  • Criminal convictions: If you disclose a criminal conviction, this will be shared with ICAEW's internal professional conduct team and depending on the circumstances may also be shared with third parties such as regulators or other professional bodies;
  • Potential employers through our jobs portal: If you use our jobs portal, we may share your Personal Data with potential employers;
  • Board and Committee Members when appropriate and
  • Regulators: When requested to provide such information.

8.3        Your Personal Data may be transferred to other third-party organisations in certain scenarios:

  • If we're discussing selling or transferring part or all of our business. Personal Data may be transferred to prospective purchasers under suitable terms as to confidentiality;
  • If we are reorganised or sold, Personal Data may be transferred to a buyer who can continue to provide services to you;
  • If we are required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority, for example the Police, we may need to share your Personal Data;
  • If we are investigating or defending any legal claims your Personal Data may be transferred as required in connection with defending such investigations and/or claims.

9. Transferring Data Overseas

9.1     Please be aware that if you are an overseas student, we will be processing data both in the UK and local to you if you are attending a venue.

9.2     In some cases, we or our suppliers may need to process Personal Data outside the European Economic Area (EEA) and/or United Kingdom (UK).

9.3     Whenever we transfer your Personal Data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

(a)      we will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK;

(b)      where we use certain processors, we may use specific contracts approved by the UK which give Personal Data the same protection it has within the UK. When we rely on this measure we will ensure that the third-party can comply with the provision of such contracts and we have confirmed that the country to which the Personal Data is transferred has adequate data protection laws in place to protect Personal Data.

9.4     Please contact us at data.protection@icaew.com if you would like further information about the specific mechanism used by us when transferring your Personal Data.

10. How we protect your Personal Data

10.1   We have appropriate security measures in place to prevent Personal Data from being accidentally lost, used or accessed in an unauthorised way. We limit access to your Personal Data to those who have a genuine business need to have it. Those processing your Personal Data will do so only in an authorised manner and are subject to a duty of confidentiality.

10.2   We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

11. Your Rights

11.1   Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your Personal Data.
  • Your right to rectification – You have the right to ask us to rectify Personal Data you think is inaccurate. You also have the right to ask us to complete Personal Data you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your Personal Data in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your Personal Data in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your Personal Data in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the Personal Data you gave us to another organisation, or to you, in certain circumstances.
  • Rights related to automated decision making, including profiling -You have the right not to be subjected to a decision based solely on automated processing (including profiling) which may significantly affect you. We do not make any employment decisions, solely using automated decision-making technologies.

11.2   In most cases we will deal with your request as soon as possible and at the latest within one calendar month of the request. If we need to extend the time period for responding to your request, we will let you know within the one-month period. We do not charge a fee for any such requests, unless there are exceptional circumstances.

11.3      If you wish to exercise any of your rights, please contact our Data Protection Office via email using data.protection@icaew.com.

12. Complaints

If you have any concerns about the Personal Data we use about you, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, by contacting them at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us in the first instance via email using data.protection@icaew.com.