Version number: SP2.1
Who can I contact if I have any questions?
ICAEW is the controller for the Personal Data collected from students unless this is stated otherwise. ICAEW is registered with the Information Commissioner’s Office (ICO) with registration number (Z5765897). In this privacy notice, references to ‘we’, ‘us’ or ‘our’ mean ICAEW. You can contact ICAEW in a number of ways as follows:
- Email: firstname.lastname@example.org
- Post: The Data Protection Office, ICAEW, Metropolitan House, 321 Avebury Boulevard, Milton Keynes, MK9 2FZ UK
- Telephone: +44 (0)1908 248 250
What is Personal Data?
Personal Data is any information which directly or indirectly identifies an individual, for example, your name, address, membership number, job title, date of birth, photos, videos or voice recordings.
Special categories of Personal Data are a set of Personal Data that we are required to look after even more carefully. Special categories of Personal Data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
Personal Data we collect about you
We collect the following types of Personal Data directly from you:
|Contact details||including name, job title, place of work, biography and images, address, email, phone numbers and, where required for live events, dietary requirements, access and disability information.|
|as part of the process of recording events and producing promotional videos:|
|Video Data (images and sound)||video recordings, recordings of live events, webinars
or other online events
|Image Data||photographic Images|
|Audio Data||podcasts and audio-only elements of recordings of live events or
|Dietary and access needs||when volunteered to assist you in relation to the event
Purposes and legal basis for which we will use your Personal Data
Processing Personal Data from speakers, event participants and video or podcast participants allows us to host events and produce photographic and audio-visual media content to be used for promotional and training purposes by our members and members of the public. In order to comply with data protection laws, we need a lawful basis (a reason) to process your Personal Data. We use the following lawful bases to obtain and use your Personal Data.
- Performance of a Contract – We need to process your Personal Data to take steps at your request, prior to entering into a contract with you and for the performance of our contract with you as a contractor, worker or temporary staff member.
- Consent – Some Personal Data is processed because you have given your consent.
- Legitimate Interest – Where processing the Personal Data is in our legitimate interests (or those of a third party) provided that your fundamental rights do not override such interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process Personal Data for our legitimate interests.
The table below describes the ways in which we use your Personal Data and the legal bases we rely on to do so. Where appropriate we have also set out our legitimate interests in processing your Personal Data.
|Purpose and/or activity||Type of Data||Legal basis for processing|
|Booking, registration, contractual administration and event coordination activities.||Contact Data||Art 6 1 (b) Necessary to take steps at your request prior to entering into a contract.
Where a contract has not been established; Art 6 1 (f) Legitimate Interest of both ICAEW and yourself to participate in the event.
|Event hosting activities, either live or on-line for which you have been engaged.||
|Art 6 1 (b) Performance of a contract to which you are a party. Where a contract has not been established; Art 6 1 (f) Legitimate Interest of ICAEW to make content available to the membership and other interested parties. Health related data will only be processed with your explicit consent Art 9 2 (a).|
|Post event feedback surveys.||
|Legitimate Interests: ICAEW may seek to contact for comments regarding your experience and views of the event.|
|Producing, and creating marketing collateral, photographic and audio-visual content and/or written content for an ICAEW activity for which you have been engaged.||Name, job title, place of work, biography,
Video, audio and Data
|Art 6 1 (b) Performance of a contract to which you are a party.|
|Editing, storing and sharing of photographic and audiovisual content for educational, training or promotional activities, including on the ICAEW website and through the use of social media.||Video Data
|Legitimate Interests: ICAEW has a legitimate interest in creating content to use in training and promotional activities for ICAEW members and the general public.|
|Anonymisation of personal data for the onward activities of Management Information and Business Intelligence.||All Personal Data||Legitimate Interest of ICAEW for business improvement and intelligence purposes.|
|Audit related activities to ensure ICAEW understands it business practices.||A sample of all Personal Data||Legitimate Interest of ICAEW to ensure it is delivering high quality, compliant services, through having a true perspective of business practices with a view to adopting recommended improvements.|
Sharing your Personal Data
Your contact details may be shared with third parties who are involved with the production or performance of the event, webinar, video or podcast creation for which you have been engaged or where we have a legal obligation, contract or other legitimate interest to do so.
Marketing collateral and audio-visual recordings may be shared and made available through various media as part of ICAEW promotional and training activities. This will include exposure to ICAEW members and the general public.
As a contributor, where you create content for ICAEW and your moral rights to be identified as the author have not been waived, we may disclose your name and professional title to our licensees where we own the copyright or have the appropriate licensing rights in the content.
How long will Personal Data be retained?
We keep Personal Data that we obtain that we obtain about you for no longer than is necessary for the purposes for which it is processed.
Transferring Data Overseas
Content such as Webinars, Videos and Podcasts are made available to audiences over the internet. As such, this material may be accessed globally.
In some cases, we or our suppliers may need to process Personal Data outside the European Economic Area (EEA) and/or United Kingdom (UK). Where this is the case, we will only share the minimal amount of Personal Data necessary for the purpose of processing and, where possible, we will share the Personal Data in an anonymised form.
Whenever we transfer your Personal Data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK;
- where we use certain processors, we may use specific contracts approved by the UK which give Personal Data the same protection it has within the UK. When we rely on this measure we will ensure that the third-party can comply with the provision of such contracts and we have confirmed that the country to which the Personal Data is transferred has adequate data protection laws in place to protect Personal Data.
Please contact us at email@example.com if you would like further information about the specific mechanism used by us when transferring your Personal Data.
How we protect your Personal Data
We have appropriate security measures in place to prevent Personal Data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your Personal Data to those who have a genuine business need to know it. Those processing your Personal Data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your Personal Data.
- Your right to rectification – You have the right to ask us to rectify Personal Data you think is inaccurate. You also have the right to ask us to complete Personal Data you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your Personal Data in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your Personal Data in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your Personal Data in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the Personal Data you gave us to another organisation, or to you, in certain circumstances.
- Rights related to automated decision making, including profiling -You have the right not to be subjected to a decision based solely on automated processing (including profiling) which may significantly affect you.
In most cases we will deal with your request as soon as possible and at the latest within one calendar month of the request. If we need to extend the time period for responding to your request, we will let you know within the one-month period. We do not charge a fee for any such requests, unless there are exceptional circumstances.
If you wish to exercise any of your rights, please contact our Data Protection Office via email using firstname.lastname@example.org
If you have any concerns about the Personal Data we use about you, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, by contacting them at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us in the first instance via email using email@example.com.