Please ensure that you read this privacy notice and any other privacy notices we may provide to you from time to time when we collect or process personal data about you through the application process.
Who can I contact if I have any questions?
ICAEW is the controller for the Personal Data collected from website visitors and individuals who download data via OneDrive unless this is stated otherwise. ICAEW is registered with the Information Commissioner’s Office (ICO) with registration number (Z5765897). In this privacy notice, references to ‘we’, ‘us’ or ‘our’ mean ICAEW. You can contact ICAEW in a number of ways as follows:
- Email: dataprotection@icaew.com
- Post: The Data Protection Office, ICAEW, Metropolitan House, 321 Avebury Boulevard, Milton Keynes, MK9 2FZ UK
- Telephone: +44 (0)1908 248 250
What is Personal Data?
Personal Data is any information which directly or indirectly identifies an individual, for example, your name, address, membership and/or student number, NI number, qualifications, date of birth, photos, videos or voice recordings.
Special categories of personal data are a set of personal data that we are required to look after even more carefully. Special categories of personal data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. In limited circumstances, we collect special categories of personal data about you through the application process, for example, we may collect details of your health data to ensure that we can make reasonable adjustments for you.
We may also collect information about your criminal convictions and offences which is another type of information that we need to look after very carefully. This happens where we are required to do so for legal or regulatory purposes, for example recruiting into regulatory areas.
Personal Data we collect about you
Identity Data | Your name, personal email address, work email address, title, date of birth, photographic identification (including passport and driving license information), National Insurance Number, gender and date of birth and marital status |
---|---|
Contact Data | Your address and contact details, including email address and telephone numbers |
Career Data | Employment history, including start and end dates with previous employers, information about your current level of remuneration, including benefit entitlements. Details of membership of Professional Bodies. |
Education Data | Details of your academic and professional qualifications including, educational establishments, dates of study, subjects studied and results. |
Nationality and Immigration Data | Your nationality and entitlement to work in the UK, including Visa and Passport Information |
Equal Opportunities Data | Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief, social mobility data. |
Health Data | Whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process |
Criminal Offence Data | Information about your criminal record, if applicable, for example this may be requested from an organisation or a recruiter. |
Social Media Data | Information collected from social media platforms such as LinkedIn where we automatically receive a copy of your profile. |
---|---|
Reference Data | Information supplied by former employers, education providers and recruitment agencies. For example, information about your previous academic or employment history, including details of any conduct grievance or performance issues, appraisals, time and attendance. |
What if you do not supply your Personal Data
Purposes and legal basis for which we will use your Personal Data
Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. In order to comply with data protection laws, we need a lawful basis to process your Personal Data. We use the following lawful bases to obtain and use your Personal Data.
Performance of a Contract – We need to process your Personal Data to take steps at your request, prior to entering into a potential employment contract with you.
Legal or Regulatory Obligation – In some cases, we need to process data to comply with a legal or regulatory obligation which we are subject to.
Legitimate Interest – Where processing the Personal Data is in our legitimate interests (or those of a third party) provided that your fundamental rights do not override such interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process data for our legitimate interests
Consent – Where we collect and process special category Personal Data, such as information about ethnic origin, sexual orientation, health or religion, in order to maintain and promote equal opportunities within the workplace. Personal Data used for these purposes is collected with the explicit consent of applicants, which can be withdrawn at any time. Applicants are free to decide whether or not to provide such Personal Data and there are no consequences for failing to do so.
The tables below describe the ways in which we use your personal data and the legal bases we rely on to do so. Where appropriate we have also set out our legitimate interests in processing your personal data. Table A covers the Personal Data we collect and hold up to the shortlisting stage of the recruitment process. By the term shortlisting we mean any part of the recruitment process which takes place up to the point where a conditional offer of employment is made.
Table B covers the Personal Data we collect and hold before making a final decision to recruit (i.e. making any offer of employment unconditional).
Table A: Personal Data collected and used up to and including the shortlisting stage
Purpose and/or activity | Type of Data | Legal basis for processing |
---|---|---|
To contact you to progress your application, arrange interviews and inform you of the outcome. To inform the relevant manager or department of your application | Identity Data Contact Data |
Legitimate interest: to carry out a fair recruitment process, arrange interviews and to inform you of the outcome at each stage. |
To make an informed decision as to whether to shortlist you for interview, or make an offer of employment to you | Career Data Education Data Social Media Data |
Legitimate interest: to carry out a fair recruitment process and to assess your suitability for employment by making an informed decision to shortlist for interview and (if relevant) to recruit. |
To help monitor the effectiveness of our equality, diversity & inclusion policy | Identity Data Equal Opportunities Data |
Consent: to be obtained at the recruitment stage for processing equal opportunities data. |
To carry out a fair recruitment process | Identity Data Reference Data |
Legitimate interest: to carry out a fair recruitment process and to assess your suitability for employment by making an informed decision to shortlist for interview and (if relevant) to recruit. |
To determine whether reasonable adjustments are required to the recruitment process because of a disability you may have. | Identity Data Health Data |
Legal obligation: To comply with our legal obligations. |
Anonymisation of personal data for the onward activities of Management Information and Business Intelligence. | All Personal Data | Legitimate Interest of the ICAEW for business improvement and intelligence purposes. |
Internal Audit | A sample of all Personal Data | Legitimate Interests: where we have a legitimate interest in auditing our internal processes and procedures to ensure that we are complying with applicable laws and internal and managing risk appropriately. |
Table B: personal data collected and used before making a final decision to recruit
You are required by law, or in order to enter into your contract of employment, to provide us with the information in Table B to enable us to verify your right to work and suitability for the position.
Purpose and/or activity | Type of Data | Legal basis for processing |
---|---|---|
To obtain the relevant reference about you in order to verify the information you have provided to us | Identity Data Education Data Reference Data |
Performance of a Contract – to enter into a potential employment contract with you. |
To carry out right to work checks | Identity Data Contact Data Nationality and Immigration Data |
Legal obligations: to check your eligibility to work in the UK. |
To make an informed recruitment decision | Identity Data Criminal Offence Data Background Data |
Legitimate interest: to carry out a fair recruitment process, maintain employment records and enter into/perform the employment contract. to assess your suitability for employment by making an informed decision to shortlist for interview and (if relevant) to recruit. |
Special Category Data
Where the information we process is special category data such as your health data, the additional bases for processing that we rely on are:
- Where you have provided ICAEW with your explicit consent to the processing.
- Where processing is necessary in relation to carrying out our obligations and exercising our rights as your employer.
- Where processing is necessary for the establishment, exercise, or defence of legal claims.
How long will Personal Data be retained?
We keep Personal Data that we obtain about you during the recruitment process for no longer than is necessary for the purposes for which it is processed. How long we keep your information will depend on whether your application is successful and you become employed by us, the nature of the information concerned and the purposes for which it is processed.
We will keep recruitment information (including interview notes) for no longer than is reasonable, taking into account the limitation periods for potential claims such as race or sex discrimination (as extended to take account of early conciliation), after which they will be destroyed. If there is a clear business reason for keeping recruitment records for longer than the recruitment period, we may do so but will first consider whether the records can be pseudonymised, and the longer period for which they will be kept.
If your application is successful, we will keep only the recruitment information that is necessary in relation to your employment. You will be provided with a copy of our Employee Privacy Notice before entering into your contract of employment.
Sharing your Personal Data
If we make you an offer of employment we will then share your data with the following:
- The referees you have provided in order to obtain references for you.
-
ICAEW may share your personal data with third-party processors who provide services to the organisation. These services include:
- Recruitment agencies;
- Right to Work check agencies;
-
We may share your personal data with organisations where we have a legal obligation, contract or other legitimate interest to do so, including:
- Building landlords and facilities management organisations (CCTV and access control systems);
- We do not share personal data of job applicants with any joint controllers.
Your Personal Data may be transferred to other third-party organisations in certain scenarios:
- If we are discussing a merger or acquisition, Personal Data may be transferred to respective third parties under suitable terms as to confidentiality;
- If we are reorganised or sold, Personal Data may be transferred to a buyer who can continue to provide services to you;
- If we are required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority, for example the Police, we may need to share your Personal Data; or
- If we are investigating or defending any legal claims your Personal Data may be transferred as required in connection with defending such investigations and/or claims.
Transferring Data Overseas
Your personal data may be transferred to countries outside of the UK and the European Economic Area (EEA). For example, your Personal Data may be shared with one of our overseas offices if necessary or where you provide ICAEW with an international referee. Where data is transferred outside of the UK and the EEA, it is done so on the basis of appropriate safeguards, for example binding corporate rules, model clauses or a declaration of adequacy.
9.1 In some cases, we or our suppliers may need to process Personal Data outside the European Economic Area (EEA) and/or United Kingdom (UK). Where this is the case we will only share the minimal amount of Personal Data necessary for the purpose of processing and, where possible, we will share the Personal Data in an anonymised form.
9.2 Whenever we transfer your Personal Data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK;
- Where we use certain processors, we may use specific contracts approved by the UK which give Personal Data the same protection it has within the UK. When we rely on this measure we will ensure that the third-party can comply with the provision of such contracts and we have confirmed that the country to which the Personal Data is transferred has adequate data protection laws in place to protect Personal Data.
9.3 Please contact us at dataprotection@icaew.com if you would like further information about the specific mechanism used by us when transferring your Personal Data.
How we protect your Personal Data
We have appropriate security measures in place to prevent Personal Data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your Personal Data to those who have a genuine business need to know it. Those processing your Personal Data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Your Rights
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your Personal Data.
- Your right to rectification – You have the right to ask us to rectify Personal Data you think is inaccurate. You also have the right to ask us to complete Personal Data you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your Personal Data in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your Personal Data in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your Personal Data in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the Personal Data you gave us to another organisation, or to you, in certain circumstances.
- Rights related to automated decision making, including profiling -You have the right not to be subjected to a decision based solely on automated processing (including profiling) which may significantly affect you. We do not make any employment decisions, solely using automated decision making technologies.
In most cases we will deal with your request as soon as possible and at the latest within one calendar month of the request. If we need to extend the time period for responding to your request, we will let you know within the one-month period. We do not charge a fee for any such requests, unless there are exceptional circumstances.
If you wish to exercise any of your rights, please contact our Data Protection Office via email using dataprotection@icaew.com
Complaints
If you have any concerns about the Personal Data we use about you, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, by contacting them at www.ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please feel free to contact us in the first instance via email using dataprotection@icaew.com.