Who can I contact if I have any questions?
ICAEW is the controller for the Personal Data collected from website visitors and individuals who download data via OneDrive unless this is stated otherwise. ICAEW is registered with the Information Commissioner’s Office (ICO) with registration number (Z5765897). In this privacy notice, references to ‘we’, ‘us’ or ‘our’ mean ICAEW. You can contact ICAEW in a number of ways as follows:
- Email: dataprotection@icaew.com
- Post: The Data Protection Office, ICAEW, Metropolitan House, 321 Avebury Boulevard, Milton Keynes, MK9 2FZ UK
- Telephone: +44 (0)1908 248 250
What is Personal Data?
Personal Data is any information which directly or indirectly identifies an individual, for example, your name, address, membership and/or member number, NI number, qualifications, date of birth, photos, videos or voice recordings.
Special categories of Personal Data are a set of Personal Data that we are required to look after even more carefully. Special categories of Personal Data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. In limited circumstances, we collect special categories of Personal Data about you through the application process, for example, we may collect details of your health data to ensure that we can make reasonable adjustments for you.
There are also strict rules which govern when we can collect and use information about criminal convictions and offences. We may need to collect and use this type of information about you for legal or regulatory purposes, for example where we are required to assess fitness for admission into membership.
Personal Data we collect about you
We collect Personal Data about you when you give us Personal Data in direct interactions with us during your time as an ICAEW member, for example by completing the registration process, attending courses and webinars, or through correspondence in supporting you and resolving any enquiries. This includes:
Identity Data | Name, date of birth |
Contact Data | Your address(es), email address(es), social media and phone number(s). |
Diversity and Inclusion Data | Details of your gender, sexual orientation, nationality, ethnicity and disability information. |
Education Data | Details of academic and professional qualifications including, educational establishments, dates of study, subjects studied and results. |
Career Data |
Employment history, including start and end dates with previous employers, information about your current level of remuneration, including benefit entitlements. Details of membership of Professional Bodies. |
Marketing and Communication Preferences | Details of your preferences for marketing and communication from ICAEW and any third parties |
Member Data | Your member number |
Criminal Offence Data | Information about your criminal record, if applicable. |
Financial Data | Details of your bank account and credit card details. including previous payments, and payment methods used. |
Audio Data | Voice recordings of our telephone calls with you. |
Enquiry Data | Any personal data provided by yourself to us via correspondence through webchat, emails, webforms, applications or letter. Copies of correspondence we sent to you to advise or support on billing or regulatory matters, significant to your membership. |
Website Data | Information collected during your use of our website. Please see our website privacy notice (https://www.icaew.com/icaew-policies/privacy-notice) for more details. |
Complaint Data | Information received regarding complaints with regards to conduct and practice as a Chartered Accountant. |
What if you do not supply your Personal Data
Some of the Personal Data we process is mandatory, meaning that if you do not provide it to us, we will be unable to provide some or all member services to you. We will let you know when this is the case.
Purposes and legal basis for which we will use your Personal Data
Processing Personal Data from members allows us to administer and manage the process of registering as a member, studying and taking exams with us. In order to comply with Personal Data protection laws, we need a lawful basis (a reason) to process your Personal Data. We use the following lawful bases to obtain and use your Personal Data.
- Performance of a Contract – We need to process your Personal Data to take steps at your request, prior to entering into a contract with you and for the performance of our contract with you as an ICAEW member.
- Consent – Some Personal Data is processed because you have given your consent. Consent can be withdrawn at any time by either logging into your online member account and amending your preferences or by contacting us at dataprotection@icaew.com.
- Legal or Regulatory Obligation – In some cases, we need to process Personal Data to comply with a legal or regulatory obligation which we are subject to.
- Public Interest – Where processing the personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
- Legitimate Interest – Where processing the Personal Data is in our legitimate interests (or those of a third party) provided that your fundamental rights do not override such interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process Personal Data for our legitimate interests.
The table below describes the ways in which we use your Personal Data and the legal bases we rely on to do so. Where appropriate we have also set out our legitimate interests in processing your Personal Data.
Purpose and/or activity |
Type of Data |
Legal basis for processing |
To register you as a member, provide you with advice in relation to your registration as a member, to enable you to sign up for and use a member account on our platforms, provide services, to administer and manage your member journey |
Identity Data Contact Data Career Data Education Data Financial Data Criminal Offence Data Member Data Diversity and Inclusion Data
|
Performance of a contract: to enable you to register as a member and to communicate with you once you become a member.
|
To take payment or provide you with a refund, including the collection of renewals or outstanding debt |
Identity Data Contact Data Financial Data |
Performance of a Contract: to allow us to take, if necessary refund, payments made by you or on your behalf, for the provision of services by ICAEW to you as a member. |
To administer your ICAEW Library access to resources | Identity Data Contact Data |
Performance of a contract: to register you as a user of the ICAEW Library and enable you to use our library services |
To respond to and deal with with enquiries, internal investigations, disputes, appeals, complaints or other similar or related matters |
Identity Data Contact Data Career Data Education Data Financial Data Criminal Offence Data Member Data Diversity and Inclusion Data (Dependant on complaint type/context) Complaint Data Audio Data Enquiry & Web Chat Data Health related information (when volunteered and related to the enquiry) |
Legitimate Interests: in our legitimate interests to investigate, deal with disputes and respond to enquiries, appeals, complaints or other similar related matters.
|
Facilitating the sharing of your contact details on support pages online if you have opted in to ICAEW through various networks such as boards, committees, as a local Contact Member or Support Member | Identity Data Contact Data |
Consent: Where you have provided your consent through the various networks, opted in as a Local Member or Support Member |
To provide you with updates and information, including changes to regulations or changes to the way rules are applied and other updates relevant to you. We will only send direct marketing emails and our member magazine/newsletter to you with your consent. Please see the Direct Marketing section in this table below for more information |
Identity Data Contact Data Marketing and Communication Preferences |
Performance of a contract: to deliver to you the services included in your membership.
|
For non-UK residents and members of other professional bodies becoming an ICAEW member; to manage and administer routes to becoming an ICAEW member; to assess ability of prospective referee to act as a referee for prospective member; and to assess eligibility
|
Identity Data Contact Data Career Data Education Data Financial Data Criminal Offence Data Member Data Diversity and Inclusion Data |
Performance of a contract: to enable you to register as a member and to communicate with you once you become a member.
|
Direct Marketing, communicating with you to promote our/relevant third party services and sending you our member magazine by post or newsletters via email. |
Identity Data Contact Data Cookie Data Marketing and Communication Preferences |
Consent: where you have consented to receiving the communications.
Legitimate Interests: in our legitimate interests as a professional body and regulator of chartered accountants, we will use your Personal Data for marketing purposes where we have a relevant or appropriate relationship with you or where there is a reasonable expectation of us doing so. |
Serving you with targeted and retargeted advertisements and monitoring the success of those advertisements. |
Identity Data Contact Data Cookie Data |
Legitimate Interests: in our legitimate interests as a professional body and regulator of chartered accountants, we will use your Personal Data for marketing purposes where we have a relevant or appropriate relationship with you or where there is a reasonable expectation of us doing so and also to monitor the success of these advertisements in order to understand how better to serve ads to you. |
To provide you with member benefits |
Identity Data Contact Data Career Data |
Consent: where you have opted in to receive promotional emails from third parties
|
To confirm eligibility for the services provided by caba |
Identity Data Contact Data Member Data |
Performance of a contract: to deliver to you the services included in your membership. |
To administer, process and review CPD Training including declarations and confirmation with employers if required |
Identity Data Education Data |
Performance of a contract: to ensure fitness for membership and continue to be able to deliver to you the services included in your membership. |
Maintaining the member public directory, Find a Chartered Accountant |
Identity Data Contact Data Career Data |
Public Interest: Maintaining a public directory of certified accountants is a task carried out in the public interest and a requirement as part of the official authority vested in ICAEW. |
Conducting research |
Identity Data Contact Data Career Data Education Data Diversity and Inclusion Data |
Consent: Where you have consented to take part in our wider research activities.
|
In fulfilling ICAEW’s obligation as a Regulatory Body |
Identity Data Contact Data Career Data Education Data Criminal Offence Data Financial Data Complaint Data |
Necessary for performance of a task in the public interest: To protect the public from dishonesty
|
Voting for example in ICAEW Council elections, AGM |
Identity Data Contact Data |
Performance of a contract: to deliver to you the services included in your membership.
|
Audit related activities to ensure ICAEW understands it business practices |
A sample of all Personal Data
|
Legitimate Interests: where we have a legitimate interest in auditing our internal processes and procedures to ensure that we are complying with applicable laws and internal and managing risk appropriately. |
Anonymisation of personal data for the onward activities of Management Information and Business Intelligence |
All Personal Data |
Legitimate Interest of the ICAEW for business improvement and intelligence purposes. |
To run reports and analysis on Member data |
All Personal Data Education Data Career Data Diversity and Inclusion Data Financial Data |
Legitimate interest: in our legitimate interest to understand the intake and trends of ICAEW Members |
To administer and facilitate reciprocal membership with approved bodies | Identity Data Contact Data Education Data Diversity and Inclusion Data |
Consent: Where you have consented to ICAEW sharing your personal data with approved bodies to facilitate your reciprocal membership |
Performing system testing in order to enhance and improve our products and services |
Identity Data Contact Data Education Data, Career Data |
Legitimate interest: In our legitimate interest to review and improve our services provided to you |
Special Category Data
Where the information we process is special category or sensitive data such as your health data, the additional bases for processing that we rely on are
- Where you have provided ICAEW with your explicit consent to the processing
- Where processing is necessary for the establishment, exercise or defence of legal claims
- Where processing is necessary for reasons of substantial public interest,
How long will Personal Data be retained?
We keep Personal Data that we obtain about you during your time as an ICAEW member for no longer than is necessary for the purposes for which it is processed. How long we keep your Personal Data will depend on how long you remain a member, the nature of the Personal Data concerned and the purposes for which it is processed.
Automated Decision Making
No automated decision making is used in relation to members.
Sharing your Personal Data
ICAEW may share your Personal Data with third-parties where we have a legal obligation, contract or other legitimate interest to do so. These services include, but are not limited to:
- Payment providers;
- Business system providers;
- Website content and hosting providers, including analytics;
- Building landlords and facilities management organisations (CCTV and access control systems);
- We may share your Personal Data with member societies for event purposes or to allow such societies to communicate with you, where you have provided consent;
- Criminal convictions: If you disclose a criminal conviction, this will be shared with ICAEW's internal professional conduct team and depending on the circumstances may also be shared with third parties such as regulators or other professional bodies;
- Chartered Accountants Benevolent Association (caba) in order for caba to be able to provide services to you;
- Regulators and other professional bodies as we are obligated to do so as a Regulatory Function for example, where a member moves jurisdiction and we are required to advise whether said member is fit and proper;
- Third party content sponsors, in order to assist them in delivering an event that you have registered to attend or where they are providing content so that they can send you relevant information that may be of interest to you. If you have signed up using a personal email address, your information will only be shared with third party content sponsors for marketing purposes if you have provided your consent. All members can opt-out of their data being shared for marketing purposes at any time;
- Third parties who may provide member benefits to you;
- Credit reference agencies;
- Your Employer –
- If you have an ICAEW Audit Qualification, to ensure that your employer is aware of your qualification. This helps employers to identify individuals who can act as approvers of students’ audit experience in order for them to apply for the ICAEW Audit Qualification;
- If your employer pays for your membership fees, to ensure that these are invoiced correctly;
- Where member personal data is shared to comply with Continuous Professional Development (CPD) regulations; and
- We also occasionally work with external organisations to carry out market research about ICAEW or for topics of public interest. We may share your email address with these organisations so that they can contact you directly and carry out this research independently from ICAEW. We only use organisations that adhere to the Market Research Society code of practice.
Your Personal Data may be transferred to other third-party organisations in certain scenarios:
- If we are discussing a merger or acquisition, Personal Data may be transferred to respective third parties under suitable terms as to confidentiality;
- If we are reorganised or sold, Personal Data may be transferred to a buyer who can continue to provide services to you;
- If we are required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority, for example the Police, we may need to share your Personal Data; or
- If we are investigating or defending any legal claims your Personal Data may be transferred as required in connection with defending such investigations and/or claims.
Transferring Data Overseas
In some cases, we or our suppliers may need to process Personal Data outside the European Economic Area (EEA) and/or United Kingdom (UK). Where this is the case we will only share the minimal amount of Personal Data necessary for the purpose of processing and, where possible, we will share the Personal Data in an anonymised form.
Whenever we transfer your Personal Data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK;
- where we use certain processors, we may use specific contracts approved by the UK which give Personal Data the same protection it has within the UK. When we rely on this measure we will ensure that the third-party can comply with the provision of such contracts and we have confirmed that the country to which the Personal Data is transferred has adequate data protection laws in place to protect Personal Data.
Please contact us at dataprotection@icaew.com if you would like further information about the specific mechanism used by us when transferring your Personal Data.
How we protect your Personal Data
We have appropriate security measures in place to prevent Personal Data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your Personal Data to those who have a genuine business need to know it. Those processing your Personal Data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Your Rights
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your Personal Data.
- Your right to rectification – You have the right to ask us to rectify Personal Data you think is inaccurate. You also have the right to ask us to complete Personal Data you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your Personal Data in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your Personal Data in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your Personal Data in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the Personal Data you gave us to another organisation, or to you, in certain circumstances.
- Rights related to automated decision making, including profiling -You have the right not to be subjected to a decision based solely on automated processing (including profiling) which may significantly affect you. We do not make any employment decisions, solely using automated decision making technologies.
In most cases we will deal with your request as soon as possible and at the latest within one calendar month of the request. If we need to extend the time period for responding to your request, we will let you know within the one-month period. We do not charge a fee for any such requests, unless there are exceptional circumstances.
If you wish to exercise any of your rights, please contact our Data Protection Office via email using dataprotection@icaew.com
Complaints
If you have any concerns about the Personal Data we use about you, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, by contacting them at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us in the first instance via email using dataprotection@icaew.com.
-
Update History
- 29 Feb 2024 (12: 00 AM GMT)
- Changes made to text under 'Sharing your Personal Data' section, bullet point 'e'.
- 22 Jul 2024 (11: 15 AM BST)
- Changes made to text under 'Sharing your Personal Data' section; bullet point 'm' added.