ICAEW.com works better with JavaScript enabled.

Data protection policy

This is a statement of the data protection policy adopted by the ICAEW.

We need to collect and use certain types of personal information about the people we deal with, such as current, past and prospective employees, students, members, affiliates, suppliers, clients/customers, and others with whom we communicate.

In addition, we may occasionally be required, either by law or to carry out our responsibilities as a regulator and a professional body, to collect, use and share certain types of personal information to comply with the requirements of government departments, agencies and regulators.

Under the Data Protection Legislation, all organisations which handle personal information must comply with a number of important principles regarding the privacy and disclosure of this information.

We believe that the lawful and correct treatment of personal information is critical to our successful operation, and to maintaining our members' confidence in us. We recognise that, to maintain our reputation and integrity as an open and professional organisation, we must be fully compliant with this legislation.

Data protection legislation

In the United Kingdom and the European Economic Area (EEA), "Data Protection Legislation" means all applicable data protection and privacy legislation or regulations including The Privacy and Electronic Communications (EC Directive) Regulations 2003 (also known as PECR) and any guidance or codes of practice issued by the European Data Protection Board or the Information Commissioner, together with:

  • prior to 25 May 2018, the UK Data Protection Act 1998; and
  • from 25 May 2018 onwards Regulation (EU) 2016/679 (the "General Data Protection Regulation" or "GDPR”), as amended by the UK Data Protection Bill.

Outside of the EEA, "Data Protection Legislation” means local, territorial data protection and privacy legislation that governs the processing of Personal Data. 

Therefore we fully endorse and adhere to the principles of data protection set out in the Data Protection legislation and will:

  • fully observe the conditions regarding the fair collection and use of personal information
  • meet our legal obligations to specify the purposes for which we use personal information
  • only collect and process the personal information needed to carry out our business or to comply with any legal requirements
  • ensure that the personal information we use is as accurate as possible
  • ensure that we don't hold personal information any longer than is necessary
  • ensure that people know about their rights to see the personal information we hold about them
  • take appropriate technical and organisational security measures to safeguard personal information; and
  • ensure that personal information is not transferred abroad without suitable safeguards.

In addition, we will ensure that:

  • there is someone with specific responsibility for data protection in the organisation, ICAEW's Data Protection Officer (telephone +44 (0)1908 248 250; email data.protection@icaew.com)
  • we regularly review and audit how we handle personal information
  • the ways we handle personal information are clearly described
  • everyone handling personal information understands that they are responsible for following good practice
  • everyone handling personal information is appropriately trained and properly supervised
  • we regularly assess the performance of people who handle personal information
  • anybody wanting to make enquiries about handling personal information knows what to do; and
  • queries about handling personal information are deal with promptly and courteously

You have the right to request a copy of the personal information that we hold about you. To do so please write to ICAEW, Metropolitan House, 321 Avebury Boulevard, Milton Keynes, MK9 2FZ UK. We charge a £10 fee for this service.

You can get a written copy of this policy from ICAEW's Data Protection Officer, by email at data.protection@icaew.com, by telephone on +44 (0)1908 248 250, or in writing at the address above.

CABA data protection statement

CABA is the charity that supports the wellbeing of past and present ICAEW members and their families. We offer a wide range of support and services, for example career development, emotional support (including mental health), benefits advice and information, and practical advice on how to improve your personal wellbeing. All of our services are free, impartial and strictly confidential. Please see below for a summary of CABA’s privacy notice. The full privacy notice can be found at caba.org.uk/privacy-statement 

CABA operates independently from the ICAEW, which allows us to provide you with entirely confidential support. If you wish to hear more from us about the services we can offer you, then please opt in at www.caba.org.uk/consent

How CABA processes your data

Your privacy is important to us. We’ll handle any personal data we collect in line with current Data Protection Legislation. 

We’ll retain your details to confirm your eligibility to access our services as a legitimate interest and, where you provide consent, to keep you up to date with the wide range of support available to you. 

We may share information with selected 3rd parties who provide us with services, including profiling, to help us to make sure our communications are relevant to you. You can opt out of profiling and other activities by contacting CABA. 

You can change your preferences at caba.org.uk/preference, where you can also opt out of communications by unsubscribing. This can also be done by contacting us directly.

  • Updated October 2017
  • Next review April 2018