Regulated, licensed and quality assured individuals privacy notice
This privacy notice provides information on how we collect, use and retain personal data relating to our regulated, assured, registered, licensed and authorised individuals, our customers and partners.
What is covered
ICAEW, a professional body established by Royal Charter, is a regulatory and assurance body. We work in the public interest and collect and process personal data in order meet our legal and regulatory obligations. We work with regulators, government departments and agencies, oversight bodies and other organisations to maintain and improve standards and protect members of the public.
As part of our regulatory, monitoring, conduct and quality assurance activities, our work with our professional advisors, legal authorities and with other regulators, and to discharge our legal obligations, we use and/or disclose the personal information of nominated individual representatives of firms.
We may use personal details to send relevant registration and regulatory or assurance updates, and to validate registration and quality related commitments.
For conduct related investigations relating to members, students and firms we will process personal information about individual respondents and other third parties.
While our investigations are confidential, disciplinary proceedings are generally held in public and we usually publish disciplinary findings and sanctions in order to maintain trust and confidence in the profession.
- Names and identifying details
- Address and contact details (e.g. physical and/or email addresses)
- Personal details (e.g. nationality, date of birth)
- Employment and qualification details
- Details of membership of other professional bodies
- Education details
- Complaints and disciplinary records
- DBS records
High risk personal data
- Financial information
- Criminal records
- Health information
We are a professional membership and authorising and licensing body, a regulator and an assurance organisation.
We collect and hold personal information on:
- ACA, CFAB and BFP students
- ICAEW members and BFPs
- Individuals in the firms we regulate and quality assure – ICAEW members and non ICAEW members
- Members of Professional Standards Department regulatory and disciplinary committees and the ICAEW Regulatory Board
- Applicants to the Chartered Accountants Compensation Scheme (CACS)
- Applicants to the Probate Compensation Scheme
- Individual representatives of stakeholder organisations:
- Oversight regulators (e.g. FRC, FCA, IAASA, LSB, Insolvency Service, OPBAS)
- Other regulators (e.g. ACCA, CIOT, SRA, BSB)
- Government bodies (e.g. HMRC, Charities Commission, Treasury, the MoJ, BEIS)
- Organisations for which the Quality Assurance team (QAD) provides outsourced monitoring activities
- Individual representatives of commercial partners and suppliers:
- Insurance advisors
- IT suppliers
- Participating insurers which provide members and firms with insurance
- ICAEW’s own insurers
We need to have a lawful basis for collecting, using, sharing and storing personal data in order to comply with the law. The lawful basis will depend on the context and on the information being processed and sometimes there will be more than one basis which applies.
We will process personal data to perform a legal obligation, this includes matters related to payments and taxation.
In addition as we carry out our authorising, supervisory and disciplinary functions as a statutory regulator and anti-money laundering supervisor. In maintaining the public audit and probate registers, and in providing returns to oversight regulators.
As a regulator we have an overriding duty under the Royal Charter to operate in the public interest. We have a legitimate interest in carrying out our supervisory, regulatory and disciplinary activities e.g. processing annual returns; reviewing firms which are part of the Practice Assurance Scheme; supporting the Chartered Accountants Compensation Scheme and investigating complaints and taking disciplinary action against individuals and firms.
We also have a legitimate interest in liaising with our committee members to ensure they are fit and proper to carry out their duties.
We have a legitimate interest in processing the details of representatives of other organisations which we have a commercial contract with to provide monitoring services.
We will only process your special category data with your explicit consent.
We process personal data in order to perform our obligations under contract.
We process personal data about individuals when we carry out our functions as a statutory regulator of audit, insolvency, probate, exempt investment business and as an anti-money laundering supervisor i.e. in processing applications and authorising firms and individuals to carry out reserved activity; in monitoring compliance with regulations and taking regulatory and disciplinary action.
Sometimes this may involve the processing of sensitive health information and criminal records (i.e. referred to in data protection legislation as Special Category Data and Criminal Offence Data).
We process information about individuals in firms which are part of ICAEW’s Practice Assurance Scheme. During the course of activities we may also review information about clients of these firms who are individuals.
Quality Assurance (QAD) third party monitoring contracts
We review and process information about individuals in firms which are subject to monitoring by QAD on behalf of other bodies under contract. We may also review information about clients of such firms.
Complaints and discipline
We process information about respondents, complainants and other individuals (e.g. Counsel and expert witnesses) in investigating complaints and, where necessary, taking disciplinary action. Occasionally this may involve the processing of Special Category Data concerning individuals’ health and Criminal Offence Data.
The fitness regime
We process data, including Special Category Data, about respondents who are the subject of a referral to the ICAEW Fitness Committee on the basis that they may not be fit to undergo disciplinary proceedings.
The Chartered Accountants Compensation Scheme and Probate Compensation Scheme
We process personal data in dealing with applications for compensation to these schemes.
PII and the assigned risk pool
We occasionally process personal data in monitoring compliance with the PII Regulations, in contracting and liaising with insurers who ‘participate’ ICAEW’s PII arrangements for firms, and in overseeing the operation of the Assigned Risks Pool.
We process the personal data of individuals who are members of Professional Standards’ Committees (e.g. their address and contact details; personal and employment history and (rarely) health and medical data).
In carrying our regulatory and assurance activities, we may share personal data, with the necessary safeguards, with the following individuals and bodies:
- Committee members
- Oversight regulators
- Other regulators and professional bodies
- Government agencies and bodies
- Counsel and expert witnesses
- Commercial partners such as those related to PII
Your Personal Data may be transferred to countries outside of the European Economic Area (EEA) . For example, your Personal Data may be shared with one of ICAEW’s overseas offices if necessary.
Where data is transferred outside of the EEA, it is done on the basis of appropriate safeguards, for example binding corporate rules, EU model clauses or a declaration of adequacy.
ICAEW will retain data for as long as it is needed for the relevant regulatory, assurance and conduct purpose. Specific records may also be retained for other legitimate reasons for example to resolve complaints an disputes, to validate applications and to comply with other legal and oversight obligations.
This policy statement explains ICAEW’s commitment to provide timely and effective communications to members, member firms, regulated individuals / firms and other stakeholders.
We send out regular communications relating to e.g.:
- our regulatory arrangements for audit, exempt investment business, probate and insolvency;
- the ICAEW Practice Assurance Scheme;
- monitoring by ICAEW’s Quality Assurance Department;
- AML supervision;
- the ICAEW annual return;
- professional conduct matters (complaints and disciplinary proceedings); and
- changes to bye-laws, regulations and guidance.
Regulatory updates and general communications
To ensure communications are received in a timely manner, we require three forms of contact details for each firm representative: email address, postal address and telephone number.
Unless otherwise required by law, we will send communications relating to regulatory updates, the Practice Assurance scheme, the annual return, and bye-law and regulation changes by email to ensure the timely delivery of communications. Additionally, we will send some regulatory updates via SMS.
It is your responsibility to keep up to date with the requirements of being a firm representative.
Professional conduct matters
Communications with respondents / respondent firms, complainants, witnesses and others involved in the disciplinary process will be via email, post or phone.
- Updated 23 May 2018