This notice (referred to as this “privacy notice”) explains what Personal Data The Institute of Chartered Accountants England and Wales (ICAEW) holds about ICAEW Faculty and Community Members, Partners in Learning (tutors working in ICAEW recognised professional education providers and higher education institutions), and individuals who enrol in professional development training as a delegate in our Academy of Professional Development (you). This notice does not cover individuals who may also be members or students as part of these groups, there are separate privacy notices for these individuals which can be found on the ICAEW website. It explains how we collect it, and how we use and share Personal Data. Please ensure that you read this privacy notice and any other privacy notices we may provide to you from time to time when we collect or process Personal Data about you while you are part of one of these ICAEW groups.
Who can I contact if I have any questions?
ICAEW is the controller for the Personal Data collected from employees unless this is stated otherwise. ICAEW is registered with the Information Commissioner’s Office (ICO) with registration number (Z5765897). In this privacy notice, references to ‘we’, ‘us’ or ‘our’ mean ICAEW. You can contact ICAEW in a number of ways as follows:
- Email: firstname.lastname@example.org
- Post: The Data Protection Office, ICAEW, Metropolitan House, 321 Avebury Boulevard, Milton Keynes, MK9 2FZ UK
- Telephone: +44 (0)1908 248 250
What is Personal Data?
Personal Data is any information which directly or indirectly identifies an individual, for example, your name, address, membership and/or member number, NI number, qualifications, date of birth, photos, videos or voice recordings.
Special categories of Personal Data are a set of Personal Data that we are required to look after even more carefully. Special categories of Personal Data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. In limited circumstances, we collect special categories of Personal Data about you through the application process, for example, we may collect details of your health data to ensure that we can make reasonable adjustments for you.
We collect Personal Data about you when you join an ICAEW faculty or community, when you take a qualification via a registered Partner in Learning, or you attend an event or course within the Academy.
Personal Data we collect about you
We collect Personal Data about you when you give us Personal Data in direct interactions with us, for example by completing the registration process, attending courses and webinars. We also collect Personal Data from other sources as set out below.
Personal Data collected directly from you
|Name, date of birth.
|Your address, email address and phone number.
|Diversity and Inclusion Data
|Details of your gender, nationality, ethnicity and disability information.
|Details of your academic and professional qualifications including, educational establishments, dates of study, subjects studied and results.
|Current employer, employment history, details of membership of Professional Bodies.
|Details of your bank account and credit card details.
|Any personal data provided by yourself to us via webchat.
|Information collected during your use of our website. Please see our website privacy notice (Website and email privacy notice | ICAEW policies | ICAEW) for more details.
Personal Data provided by third parties
|Corporate member firms
|Your name, email address.
|Your name, email address and phone number, social media profile such as LinkedIn and Facebook.
What if you do not supply your Personal Data
Some of the Personal Data we process is mandatory meaning that if you do not provide it to us, we will be unable to provide some or all services to you.
Purposes and legal basis for which we will use your Personal Data
- Performance of a Contract – We need to process your Personal Data to take steps at your request, prior to entering into a contract with you and for the performance of our contract with you. This could include but isn’t limited to:
- as part of your membership in an ICAEW faculty and/or community
- when you register for a course or event as part of our Academy for Professional development
- Consent – Some Personal Data is processed because you have given your consent. Consent can be withdrawn at any time by either logging into your online member account and amending your preferences or by contacting us at email@example.com.
- Legal or Regulatory Obligation – In some cases, we need to process Personal Data to comply with a legal or regulatory obligation which we are subject to.
- Legitimate Interest – Where processing the Personal Data is in our legitimate interests (or those of a third party) provided that your fundamental rights do not override such interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process Personal Data for our legitimate interests.
The table below describes the ways in which we use your Personal Data and the legal bases we rely on to do so. Where appropriate we have also set out our legitimate interests in processing your Personal Data.
|Purpose and/or activity
|Type of Data
|Legal basis for processing
|To register you as a faculty or community member, provide you with advice in relation to your registration as a member, to enable you to sign up for and use a member account on our website, to administer and manage your faculty or community journey.
Performance of a contract: to enable you to register as a member and to communicate with you once you become a member.
Legitimate interest: where you are joining as part of a corporate membership who share your data with us to join a faculty.
|To take payment or provide you with a refund
|Performance of a Contract: to allow us to take, if necessary, refund, payments made by you for the provision of services by ICAEW.
To register you as a Partner in Learning tutor.
To provide you with free access to teaching resources relating to ICAEW qualifications.
To provide regular updates regarding developments with ICAEW qualifications via a tutor alert and annual conference.
To provide you with a dedicated link to your website which features any partnership arrangement with ICAEW.
To provide you with the ICAEW partner in learning logo and corresponding brand guidelines.
Professional qualification details
|Performance of a Contract: to enable you to register as a partner in learning and to communicate with you once you become a partner in learning.
|To provide you with updates and information, including changes to regulations or changes to the way rules are applied and other updates relevant to you; to send you other information or updates relating to our services that you may be interested in including our faculty magazines and direct marketing emails. We will only send direct marketing emails and our faculty magazine to you with your consent. Please see the Direct Marketing section in this table below for more information
|Performance of a contract: to deliver to you the services included in your membership.
|For non-UK residents becoming faculty or community members, to manage and administer international routes to becoming a faculty or community member; to assess ability of prospective referee to act as a referee for prospective international member; and to assess eligibility
Criminal Offence Data
Diversity and Inclusion Data
|Performance of a contract: to enable you to register as a faculty or community member and to communicate with you once you become a faculty or community member.
|Direct Marketing, sending you emails to promote our/relevant third-party services, sending you our faculty magazines by post
Consent: where you have consented to receiving the communications.
Legitimate Interests: in our legitimate interests as a professional body and regulator of chartered accountants, we will use your Personal Data for marketing purposes where we have a relevant or appropriate relationship with you or where there is a reasonable expectation of us doing so.
|To provide you with member benefits
|Consent: where you have opted in to receive promotional emails from third parties.
|Providing professional development training
|Performance of a contract: to deliver to you the services included in your membership.
Consent: where you have consented to take part in our research activities.
Legitimate Interests: in our legitimate interests to understand more about non-members and how better to serve them.
|Audit related activities to ensure ICAEW understands its business practices
|A Sample of all Personal Data
|Legitimate Interests: where we have a legitimate interest in auditing our internal processes and procedures to ensure that we are complying with applicable laws and internal and managing risk appropriately.
|Anonymisation of personal data for the onward activities of Management Information and Business Intelligence
|All Personal Data
|Legitimate Interest of the ICAEW for business improvement and intelligence purposes.
|To distribute financial reports to business partners for analysis and accruals for the month-end process
|Legitimate Interest for ICAEW to meet its financial month-end obligations
Special Category Data
Where the information we process is special category or sensitive data such as your health data, the additional bases for processing that we rely on are:
- Where you have provided ICAEW with your explicit consent to the processing.
How long will Personal Data be retained?
We keep Personal Data that we obtain about you for no longer than is necessary for the purposes for which it is processed. How long we keep your Personal Data will depend on how long you remain an associate of ICAEW, the nature of the Personal Data concerned and the purposes for which it is processed.
Automated Decision Making
No automated decision making is used in relation to members.
Sharing your Personal Data
ICAEW may share your Personal Data with third-party processors who provide services to the organisation. These services include:
- payment providers;
- business system providers;
- publishers and mailing houses;
- training providers;
- website content and hosting providers, including analytics.
We may share your Personal Data with organisations where we have a legal obligation, contract or other legitimate interest to do so, including:
- Building landlords and facilities management organisations (CCTV and access control systems);
- External auditors
- access your Personal Data to perform our contractual obligations (such as providing member services to you) and to deal with your requests or complaints;
- Third party content sponsors, in order to assist them in delivering an event that you have registered to attend or where they are providing content so that they can send you relevant information that may be of interest to you. Identity Data, Contact Data and Career Data will only be sent for individual subscribers where they have consented or corporate subscribers where we have told you that we will do so, and you have not objected.
- Your Employer - if you are a member as part of a corporate firm membership, to ensure that we have an accurate and up-to-date list of members.
Your Personal Data may be transferred to other third-party organisations in certain scenarios:
- If we are discussing selling or transferring part or all of our business. Personal Data may be transferred to prospective purchasers under suitable terms as to confidentiality.
- If we are reorganised or sold, Personal Data may be transferred to a buyer who can continue to provide services to you.
- If we are required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority, for example the Police, we may need to share your Personal Data; or
- If we are investigating or defending any legal claims your Personal Data may be transferred as required in connection with defending such investigations and/or claims.
Transferring Data Overseas
In some cases, we or our suppliers may need to process Personal Data outside the European Economic Area (EEA) and/or United Kingdom (UK). Where this is the case we will only share the minimal amount of Personal Data necessary for the purpose of processing and, where possible, we will share the Personal Data in an anonymised form.
Whenever we transfer your Personal Data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK Information Commissioner’s Office.
- where we use certain processors, we may use specific contracts approved by the UK Information Commissioner’s Office which gives Personal Data the same protection it has within the UK. When we rely on this measure, we will ensure that the third-party can comply with the provision of such contracts and we have confirmed that the country to which the Personal Data is transferred has adequate data protection laws in place to protect Personal Data.
Please contact us at firstname.lastname@example.org if you would like further information about the specific mechanism used by us when transferring your Personal Data.
How we protect your Personal Data
We have appropriate security measures in place to prevent Personal Data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your Personal Data to those who have a genuine business need to know it. Those processing your Personal Data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your Personal Data.
- Your right to rectification – You have the right to ask us to rectify Personal Data you think is inaccurate. You also have the right to ask us to complete Personal Data you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your Personal Data in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your Personal Data in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your Personal Data in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the Personal Data you gave us to another organisation, or to you, in certain circumstances.
- Rights related to automated decision making, including profiling - You have the right not to be subjected to a decision based solely on automated processing (including profiling) which may significantly affect you. We do not make any employment decisions, solely using automated decision-making technologies.
In most cases we will deal with your request as soon as possible and at the latest within one calendar month of the request. If we need to extend the time for responding to your request, we will let you know within the one-month period. We do not charge a fee for any such requests unless there are exceptional circumstances.
If you wish to exercise any of your rights, please contact our Data Protection Office via email using email@example.com.
If you have any concerns about the Personal Data we use about you, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, by contacting them at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us in the first instance via email using firstname.lastname@example.org.