Who can I contact if I have any questions?
ICAEW is the controller for the Personal Data collected from website visitors and individuals who download data via OneDrive unless this is stated otherwise. ICAEW is registered with the Information Commissioner’s Office (ICO) with registration number (Z5765897). In this privacy notice, references to ‘we’, ‘us’ or ‘our’ mean ICAEW. You can contact ICAEW in a number of ways as follows:
- Email: dataprotection@icaew.com
- Post: The Data Protection Office, ICAEW, Metropolitan House, 321 Avebury Boulevard, Milton Keynes, MK9 2FZ UK
- Telephone: +44 (0)1908 248 250
Personal data we collect about you
Personal Data is any information which directly or indirectly identifies an individual, for example, your name, address, NI number, qualifications, date of birth, photos, videos or voice recordings.
Special categories of Personal Data are a set of Personal Data that we are required to look after even more carefully. Special categories of Personal Data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. In limited circumstances, we collect special categories of Personal Data about you while you are applying for a post on, or are a member of, the ICAEW Board, or an ICAEW Committee, for example, we may collect details of your health data to ensure that we can make reasonable adjustments for you.
We also collect information about your criminal convictions and offences which is another type of Personal Data that we need to look after very carefully. This happens where we are required, for example to check suitability for the role applied for.
What is Personal Data?
We collect Personal Data about you when you give us Personal Data in direct interactions with us during your application for a post on an ICAEW Board or an ICAEW Committee, and during your time as a ICAEW Board and/or Committee Member. For example, from forms completed at the start of, or during your appointment, from correspondence with you, meetings with you, grievance and disciplinary procedures. In addition, your Personal Data may be captured as you enter, exit and move within our buildings or as you make use of institute systems and resources. We also retain some Personal Data collected during the application process when you become a Board or Committee Member.
We also collect Personal Data from other sources as set out below.
Identity Data | Your name, title, marital status, date of birth and National Insurance Number, passport information, birth, marriage and change of name certificates. |
---|---|
Contact Data | Your address and contact details, including email address and telephone numbers. |
Education Data | Details of your academic and professional qualifications including, educational establishments, dates of study, subjects studied and results. |
Career Data | Employment history, including start and end dates with previous employers, details of the practice areas in which you have experience, your commitments outside of the Board or Committee role, details of other directorships. Details of membership of Professional Bodies. |
Financial Data | Details of your bank account. |
Criminal Offence Data | Depending on the position for which you applied, or hold, we may need to process Criminal Offence Data. |
Equal Opportunities Data | Equal opportunities monitoring information, including information about your age, nationality, ethnic origin, gender, sexual orientation, health, disability and religion or belief. |
Health Data | Information about your health, medical conditions or disabilities, including whether you have a disability for which we need to make reasonable adjustments and to accommodate for any dietary requirements. |
Terms and Conditions Data | Details of your standard working hours Information about remuneration and expenses. Information about your benefits such as professional indemnity insurance |
Emergency Contact Data | Information about your next of kin and emergency contacts |
Family and Dependent Data | Information about your spouse or partner and your dependents, including any children, in relation to conflicts of interest. |
Nationality and Immigration Data | Your nationality and entitlement to work in the UK |
Attendance Data | Details of your attendance at meetings |
Performance Management Data | Assessment of your performance, including appraisals, performance reviews and ratings, performance improvement plans and related correspondence |
Disciplinary and Grievance Data | Details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence |
Image Data | Photographs and CCTV |
Audio Data | Call recordings. |
Reference Data | Information supplied by employers, education providers and recruitment agencies and personal referees. For example, information about your academic or employment history, including details of any conduct grievance or performance issues, appraisals, time and attendance. |
---|---|
Background Data |
Information about you provided by background check providers (if applicable). |
Social Media Data | Information about you available on social media platforms such as Linkedin. |
Civil Litigation Data | Information relating to civil litigation you have been involved in. |
Court Orders and similar documents | Court orders and similar documentation. |
HMRC Data | Tax codes and other information that we receive from HMRC in order to make the required deductions from your salary. |
Right to Work Data | Data provided by third parties as evidence of your right to work in the UK, including relevant tax code information. |
What if you do not supply your Personal Data
You are under no statutory or contractual obligation to provide Personal Data during the application process. However, if you do not provide us with your Personal Data we will not be able to process your application properly or at all.
As a member of the Board and Committee, you have legal obligations and obligations under your appointment contract or appointment letter, to provide us with the categories of information marked * to enable us to verify your right to work and suitability for the position, to pay you (if your role entitles you to remuneration), to provide you with your contractual benefits, e.g., professional indemnity insurance. If you do not provide this information, we may not be able to appoint you, to make these payments or provide these benefits.
Purposes and legal basis for which we will use your Personal Data
Processing your Personal Data allows us to manage and administer your appointment contract or appointment letter and deliver effective Human Resource management and business administration activities. In order to comply with data protection laws, we need a lawful basis (a reason) to process your Personal Data. We use the following lawful bases to obtain and use your Personal Data.
- Performance of a Contract – We need to process your Personal Data to take steps at your request, prior to entering into a contract with you and for the performance of our contract with you as an ICAEW Board member or Committee Member.
- Consent - Where we collect and process special category Personal Data, such as information about ethnic origin, sexual orientation, health or religion, in order to maintain and promote equal opportunities within the workplace. Personal Data used for these purposes is collected with the explicit consent of applicants and Board and Committee members, which can be withdrawn at any time. Applicants, Board and Committee Members are free to decide whether or not to provide such Personal Data and there are no consequences for failing to do so.
- Legal or Regulatory Obligation – In some cases, we need to process Personal Data to comply with a legal or regulatory obligation which we are subject to.
- Legitimate Interest – Where processing the Personal Data is in our legitimate interests (or those of a third party) provided that your fundamental rights do not override such interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process Personal Data for our legitimate interests.
- Public Interest – Where processing the personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
The tables below describe the ways in which we use your personal data and the legal bases we rely on to do so. Where appropriate we have also set out our legitimate interests in processing your personal data.
- Table A covers the Personal Data we collect and hold during the application or election process for positions on ICAEW Boards and Committees.
- Table B covers the Personal Data we collect and hold during your time as an ICAEW Board or Committee member
Purpose and/or activity | Type of Data | Legal basis for processing |
---|---|---|
To contact you to progress your application, inform you of the outcome. To inform the relevant board or committee members or staff of your application. | Identity Data Contact Data |
Legitimate interest: to carry out a fair recruitment process Legitimate interest: to progress your application, arrange interviews and inform you of the outcome at all stages |
To make an informed decision as to whether to shortlist you, or make an offer of appointment to you. | Career Data Social Media Data |
Legitimate interest: to carry out a fair recruitment process Legitimate interest: to make an informed decision to shortlist for interview and (if relevant) to recruit |
To comply with our equal opportunities monitoring obligations and to follow our equality and other policies | Equal Opportunities Data | Explicit Consent |
To carry out a fair election and appointment process | Reference Data | Legitimate interest: to carry out a fair recruitment process |
To determine whether reasonable adjustments are required to the appointment process because of a disability you may have | Health Data | To comply with our legal obligations |
To obtain the relevant reference about you in order to verify the information you have provided to us | Career Data Reference Data |
Legitimate interest: to make an informed decision to recruit Legitimate interests: to maintain records and to comply with legal, regulatory and corporate governance obligations and good practice |
To carry out reference checks | career data | Legitimate interest: to maintain records |
Purpose and/or activity | Type of Data | Legal basis for processing |
---|---|---|
Entering into and administering the appointment contract: Payment of salary and expenses, managing tax and National Insurance Contributions. | Identity Data Contact Data Financial Data Attendance Data |
To perform the appointment contract including payment of the correct salary and benefits |
Entering into and administering the appointment contract/letter: Payment of salary and benefits, managing tax and National Insurance Contributions. | Identity Data Contact Data Financial Data Attendance Data |
Legitimate interests: to maintain appointment records and good practice and to perform our obligations listed in the appointment contract and letter |
Entering into and administering the appointment contract/letter: Payment of salary and benefits, managing tax and National Insurance Contributions. | Identity Data Contact Data Financial Data Attendance Data |
Legal or Regulatory Obligations: to comply with legal, regulatory and corporate governance obligations. |
Managing Board and Committee Member absence | Identity Data Contact Data Attendance Data |
Legitimate interests: to ensure obligations are being fulfilled. |
Sending communication papers to individual Board Members and Committee Members. | Identity Data Contact Data |
Legitimate interests: we process this data in order to enable Board and Committee Members to understand and perform their roles. |
Displaying biographies and photographs of Board Members and Committee Members on the ICAEW website. | Identity Data Contact Data Image Data |
Consent – you consent to have this information displayed on the ICAEW website. This consent can be revoked at anytime. |
Checking when visas and leave to remain expire. | Identity Data Nationality and Immigration Data |
Legal or Regulatory Obligation: To comply with our legal obligations. |
Equal opportunities monitoring | Equal Opportunities Data | To comply with our legal obligations and for reasons of substantial public interest (equality of opportunity or treatment). |
Performance Management, carrying out, administering and keeping records of appraisals and performance reviews, performance management plans, disciplinary matters and your conduct during your appointment. | Performance Management Data. Disciplinary and Grievance Data |
Legitimate interest: to ensure safe working practices and record keeping. |
Keeping a record of Board and Committee meeting minutes, including Audio and visual where meetings take place via video call. | Identity Data |
Legitimate interests: to maintain records and practice in relation to matters relating to decisions of the Board. |
Managing grievances raised by you or involving you. | Disciplinary and Grievance Data. | Legitimate interest: to comply with, regulatory and corporate governance obligations and good practice, to ensure safe working practices. |
Monitoring your use of our websites, other technical systems such as computer networks and connections, CCTV and access control systems, email and instant messaging, intranet and internet facilities, telephone, voicemail and mobile phones and printers. | Image Data. |
Legitimate interests: to monitor and manage Board and Committee Member access to our premises, systems and facilities. |
Controlling and monitoring entry and use of our buildings. | Image Data | Legitimate interests: to monitor and manage Board and Committee Member access to our premises, systems and facilities. |
Providing references about you to a prospective new employer, educational institution or other organisation at your request. | Identity Data Career Data |
Legitimate interests: to maintain records and to comply with legal, regulatory and corporate governance obligations and good practice. |
Bringing or defending legal claims in relation to your appointment. | Identity data Contact Data Equal opportunities data Disciplinary data Grievance data Health data Attendance data |
Legitimate interests: our legitimate interests in establishing, bringing and defending legal claims in relation to your appointment. |
Carrying out surveys | Identity Data, Ethnicity Data |
Consent – To enable us to collect information in ad hoc surveys, including special category data in some instances. |
Business continuity – to enable us to contact you, or your emergency contact, in the event of an emergency affecting our business. | Contact Data Emergency Contact Data |
Legitimate interests: to enable us to communicate effectively with all Board and Committee Members in the event of an emergency, in order to maintain the running of our business should an emergency occur. |
Anonymisation of personal data for the onward activities of Management Information and Business Intelligence. | All Personal Data | Legitimate Interest of the ICAEW for business improvement and intelligence purposes. |
Audit activities | A sample of all Personal Data | Legitimate Interest of the ICAEW to gain a true and fair understanding of current practices, with a view to organisational improvement. |
How long will Personal Data be retained?
We keep Personal Data that we obtain about you during your time as an ICAEW Board or Committee member for no longer than is necessary for the purposes for which it is processed. How long we keep your Personal Data will depend on how long you remain a Board or Committee member, the nature of the Personal Data concerned and the purposes for which it is processed. By their nature Board and Committee records are kept indefinitely, which may include your involvement in these activities. For more information on how long we keep your data for please email us at: dataprotection@icaew.com.
Sharing your Personal Data
ICAEW may share your Personal Data with third-party processors who provide services to the organisation where we have a legal obligation, contract or other legitimate interest to do so.. These services include, but not limited to:
- Payroll providers;
- Providers of background checks;
- Election services providers
- Training providers;
- Benefit providers; and
- Legal advisers acting under professional duties of confidentiality.
We may share your Personal Data with organisations where we have a legal obligation, contract or other legitimate interest to do so, including:
- Building landlords and facilities management organisations (CCTV and access control systems);
- HMRC;
- Law enforcement agencies;
- Insurance providers;
- florists and other providers of gifts;
- couriers and other postal services;
- Your former employers and other organisations or individuals you have identified to us as referees.
Your Personal Data may be transferred to other third-party organisations in certain scenarios:
- If we're discussing selling or transferring part or all of our business. Personal Data may be transferred to prospective purchasers under suitable terms as to confidentiality;
- If we are reorganised or sold, Personal Data may be transferred to a buyer who can continue to provide services to you;
- If we are required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority, for example the Police, we may need to share your Personal Data; and
- If we are investigating or defending any legal claims your Personal Data may be transferred as required in connection with defending such investigations and/or claims.
Transferring Data Overseas
In some cases, we may need to process Personal Data outside the European Economic Area (EEA) and/or United Kingdom (UK)
Whenever we transfer your Personal Data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK Information Commissioner’s Office;
- where we use certain processors, we may use specific contracts approved by the UK which gives Personal Data the same protection it has within the UK. When we rely on this measure we will ensure that the third-party can comply with the provision of such contracts and we have confirmed that the country to which the Personal Data is transferred has adequate data protection laws in place to protect Personal Data.
Please contact us at dataprotection@icaew.com if you would like further information about the specific mechanism used by us when transferring your Personal Data
How we protect your Personal Data
We have appropriate security measures in place to prevent Personal Data from being accidentally lost or used or accessed in an unauthorised way. We limit access to your Personal Data to those who have a genuine business need to know it. Those processing your Personal Data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Your Rights
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your Personal Data.
- Your right to rectification – You have the right to ask us to rectify Personal Data you think is inaccurate. You also have the right to ask us to complete Personal Data you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your Personal Data in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your Personal Data in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your Personal Data in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the Personal Data you gave us to another organisation, or to you, in certain circumstances.
- Rights related to automated decision making, including profiling – You have the right not to be subjected to a decision based solely on automated processing (including profiling) which may significantly affect you. We do not make any decisions relating to Board and Committee Members, solely using automated decision making technologies.
In most cases we will deal with your request as soon as possible and at the latest within one calendar month of the request. If we need to extend the time period for responding to your request, we will let you know within the one-month period. We do not charge a fee for any such requests, unless there are exceptional circumstances.
If you wish to exercise any of your rights, please contact our Data Protection Office via email using dataprotection@icaew.com.
Complaints
If you have any concerns about the Personal Data we use about you, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, by contacting them at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us in the first instance via email using dataprotection@icaew.com.