ICAEW.com works better with JavaScript enabled.

ICAEW Authorised Training Employers and Authorised Training Principals Privacy Notice

Last updated: 27th October 2021

This notice (referred to as this “privacy notice”) explains what Personal Data the Institute of Chartered Accountants in England and Wales (Company No. RC000246) (ICAEW) holds about individuals overseeing the training process (including QPRTs, ATPs, PRTs, PRSOs, Deputy QPRTs and other people involved in that process (including Counsellors, ACA student managers, AQ Authorised Individuals and ICAEW advisers) working at ICAEW Authorised Training Employers. (you). This privacy notice explains how we collect Personal Data, and how we use and share it. Please ensure that you read this privacy notice and any other privacy notices we may provide to you from time to time when we collect or process Personal Data about you while you are acting in any of the above positions.

1. Who can I contact if I have any questions?

ICAEW is the controller for the Personal Data collected from individuals overseeing, and involved in, the training process, unless this is stated otherwise. ICAEW is registered with the Information Commissioner’s Office (ICO) with registration number (Z5765897). In this privacy notice, references to ‘we’, ‘us’ or ‘our’ mean ICAEW. You can contact ICAEW in a number of ways as follows:

  • Email: data.protection@icaew.com
  • Post: The Data Protection Office, ICAEW, Metropolitan House, 321 Avebury Boulevard, Milton Keynes, MK9 2FZ UK
  • Telephone: +44 (0)1908 248 250

2. What is Personal Data?

2.1     Personal Data is any information which directly or indirectly identifies an individual, for example, your name, address, membership number, NI number, qualifications, date of birth, photos, videos or voice recordings.

2.2     Special categories of Personal Data are a set of Personal Data that we are required to look after even more carefully. Special categories of Personal Data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any special categories of Personal Data about you.

2.3     We collect Personal Data about you when you are an individual overseeing, or involved in, the training process, we  may also collect information about your criminal convictions and offences which is another type of Personal Data that we need to look after very carefully. This happens where we are required to do so for legal or regulatory purposes, for example when carrying out background checks on individuals who have applied to become a QPRT, PRT, PRSO, Deputy QPRT or ATP.

3. Personal Data we collect about you

3.1     We collect Personal Data about you when you give us Personal Data in direct interactions with us during your application to become an individual who oversees, or is involved in, the training process or during your time in that role, for example when you complete an application form, or during our due diligence process. We also collect Personal Data from other sources as set out below.

Personal Data collected directly from you

Identity Data

Your name, date of birth,

Contact Data

Your address and contact details, including email address.

Career Data

Details of your current employer.

Professional Data

Details of professional qualifications, date of qualification, details of membership of Professional Bodies including your membership number, details of relevant professional disciplinary issues, details of your continuing professional development.

Criminal Offence Data

Information about your criminal record, or of a criminal offence you have been charged with if applicable, for example this is disclosed by you as part of your application.

Financial Standing Data

Information, if relevant about any individual voluntary arrangement, bankruptcy, or similar arrangement with creditors.

 

Failure to satisfy a judgement debt.

Directorship Disqualification Data

Details of any disqualification order made, or disqualification undertaking under the Company Directors Disqualification Act 1986, or similar overseas legislation.

Personal Data provided by third parties

Professional Data

Details of professional qualifications, date of qualification, details of membership of Professional Bodies, details of relevant professional disciplinary issues, details of your continuing professional development.

4. What if you do not supply your Personal Data

4.1     Some of the Personal Data we process is mandatory meaning that if you do not provide it to us, we will be unable to process your application to become an individual who oversees, or is involved in, the training process, we will be unable to fulfill our obligations as a regulatory body and you will not be able to fulfill your responsibilities as an individual who oversees, or is involved in, the training process, and your organisation’s authorised status would be terminated.

5. Purposes and legal basis for which we will use your Personal Data

5.1     Processing Personal Data from you allows us to enable you to fulfil your obligations as an individual who oversees, or is involved in, the training process. In order to comply with Personal Data protection laws, we need a lawful basis (a reason) to process your Personal Data. We use the following lawful bases to obtain and use your Personal Data. 

(a) Consent – Some Personal Data is processed because you have given your consent. Consent can be withdrawn at any time by emailing ATEAccess@icaew.com

(b) Legal or Regulatory Obligation – In some cases, we need to process Personal Data to comply with a legal or regulatory obligation which we are subject to. 

(c) Legitimate Interest – Where processing the Personal Data is in our legitimate interests (or those of a third party) provided that your fundamental rights do not override such interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process Personal Data for our legitimate interests.

5.2      The table below describes the ways in which we use your Personal Data and the legal bases we rely on to do so. Where appropriate we have also set out our legitimate interests in processing your Personal Data.

Purpose and/or activity

Type of Data

Legal basis for processing

To process your application to become an individual who oversees, or is involved in, the training process.

Identity Data

Contact Data

Professional Data

Criminal Offence Data

Financial Standing Data

Directorship Disqualification Data.

Legitimate Interests: to provide regulated training to ICAEW students and members.

To enable you to fulfil your organisation’s obligations as an ICAEW authorised training employer or your role as an individual who oversees, or is involved in, the training process.

Identity Data

Contact Data

CPD data

Disciplinary record data

 

Legitimate Interests: to provide regulated training to ICAEW students and members.

 

We also collect data to provide access to ICAEW’s online training file platform.

Identity Data

Contact Data

Career Data

Professional Data

Criminal Offence Data

Financial Standing Data

Directorship Disqualification Data.

Legitimate Interests: to provide regulated training to ICAEW students and members.

 

To provide regulated training to ICAEW students and members, to carry out our responsibilities as a regulator and as a professional body, and to monitor your compliance with our regulations

Identity Data

Contact Data

Career Data

Professional Data

Criminal Offence Data

Financial Standing Data

Directorship Disqualification Data

Legal obligation: to comply with legal and regulatory obligations applicable to ICAEW as a professional body.

 

To communicate with you on ACA training matters.

Contact Data

Legitimate Interests: to provide regulated training to ICAEW students and members

Anonymisation of personal data for the onward activities of Management Information and Business Intelligence

 

 

All Personal Data

Legitimate Interest of the ICAEW for business improvement and intelligence purposes.

Audit Activities

A sample of all Personal Data           

Legitimate Interest of the ICAEW to gain a true and fair understanding of current practices, with a view to organisational improvement. 

6. How Long will Personal Data be retained?

6.1     We keep Personal Data that we obtain about you during your time as an individual who oversees, or is involved in, the training process for no longer than is necessary for the purposes for which it is processed. How long we keep your Personal Data will depend on how long you remain in the role, the nature of the Personal Data concerned and the purposes for which it is processed.

7. Automated Decision Making

7.1     No automated decision making is used in relation to individuals who oversees, or are involved in, the training process.

8. Sharing your Personal Data

8.2     We may share your Personal Data with organisations where we have a legal obligation, contract or other legitimate interest to do so, including:

(a) Authorised individuals within your current employer;

(b) Other professional bodies and regulators; and

(c) Criminal convictions: If you disclose a criminal conviction, this will be shared with ICAEW's Regulatory and Conduct Department and/or members of its Investigation and Disciplinary Committee and depending on the circumstances may also be shared with third parties such as regulators or other professional bodies.

8.3     Your Personal Data may be transferred to other third-party organisations in certain scenarios:

(a) If we are discussing selling or transferring part or all of our business. Personal Data may be transferred to prospective purchasers under suitable terms as to confidentiality;

(b) If we are reorganised or sold, Personal Data may be transferred to a buyer who can continue to provide services to you;

(c) If we are required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority, for example the Police, we may need to share your Personal Data; or

(d) If we are investigating or defending any legal claims your Personal Data may be transferred as required in connection with defending such investigations and/or claims.

9. Transferring Data Overseas

9.2       In some cases, for example in order to share data with our overseas offices or where a student is located overseas, we or our suppliers may need to process Personal Data outside the European Economic Area (EEA) and/or United Kingdom (UK) therefore their processing of your Personal Data will involve a transfer of Personal Data outside the EEA and/or UK. Where this is the case we will only share the minimal amount of Personal Data necessary for the purpose of processing and, where possible, we will share the Personal Data in an anonymised form.

9.3       Whenever we transfer your Personal Data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

(a) we will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK;

(b) where we use certain processors, we may use specific contracts approved by the UK which give Personal Data the same protection it has within the UK. When we rely on this measure we will ensure that the third-party can comply with the provision of such contracts and we have confirmed that the country to which the Personal Data is transferred has adequate data protection laws in place to protect Personal Data.

9.4        Please contact us at protection@icaew.com if you would like further information about the specific mechanism used by us when transferring your Personal Data.

10. How we protect your Personal Data

12.1   We have appropriate security measures in place to prevent Personal Data from being accidentally lost or used or accessed in an unauthorised way. We limit access to your Personal Data to those who have a genuine business need to know it. Those processing your Personal Data will do so only in an authorised manner and are subject to a duty of confidentiality.

12.2   We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

11. Your rights

13.1   Under data protection law, you have rights including: 

(a) Your right of access – You have the right to ask us for copies of your Personal Data. 

(b) Your right to rectification – You have the right to ask us to rectify Personal Data you think is inaccurate. You also have the right to ask us to complete Personal Data you think is incomplete. 

(c) Your right to erasure – You have the right to ask us to erase your Personal Data in certain circumstances. 

(d) Your right to restriction of processing – You have the right to ask us to restrict the processing of your Personal Data in certain circumstances. 

(e) Your right to object to processing – You have the right to object to the processing of your Personal Data in certain circumstances. 

(d) Your right to data portability – You have the right to ask that we transfer the Personal Data you gave us to another organisation, or to you, in certain circumstances. 

(e) Rights related to automated decision making, including profiling – You have the right not to be subjected to a decision based solely on automated processing (including profiling) which may significantly affect you. We do not make any decisions in relation to individuals who oversees, or are involved in, the training process, solely using automated decision making technologies.

13.2   In most cases we will deal with your request as soon as possible and at the latest within one calendar month of the request. If we need to extend the time period for responding to your request, we will let you know within the one-month period. We do not charge a fee for any such requests, unless there are exceptional circumstances.

13.3   If you wish to exercise any of your rights, please contact our Data Protection Office via email using data.protection@icaew.com.

14. Complaints

If you have any concerns about the Personal Data we use about you, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, by contacting them at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us in the first instance via email using data.protection@icaew.com.