Event privacy notice

We are committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you before, during and after your attendance at Institute events, in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Who we are

   The Institute of Chartered Accountants Ireland (“Institute”, "we", or "us") is a controller of your personal data. We would like to provide you with details of the extent to which we process your personal information as an attendee of events organised by the Institute.

2. How is your personal data collected?

   We collect personal information about event attendees when we interact directly with you about our events. We may also obtain personal information directly from you through our website when you (i) fill out an event application form or (ii) sign up to our mailing list. We may from time to time collect additional personal information from your employer or during a particular event.

3. The purpose and legal basis for processing your personal data

   Personal data, or personal information, means any information about an individual from which that person can be identified. We have detailed in the table below, your personal data which we may from time to time collect, the purpose or purposes for which we process this personal data, as well as the legal basis for such processing:

Personal data	Purpose for processing	Legal basis for processing
Basic information about you such as your name, email, address, and telephone number and, where applicable, documentation for confirming your identity at events.	For the general administration, organisation and planning of events, such as to reserve a place for you at the event and to ensure that the event is properly hosted and attended.	In order to ensure the performance of our contractual obligations to you as an attendee and in order to pursue our legitimate interests of conducting the proper organisation of an Institute event.
Your job title, role and position in your company.	To facilitate and manage member interactions at events.	In order to pursue our legitimate interests of managing our relationships with members and facilitating business connections between members.
Information about your prior and future attendance at our events, including communications with our staff and social media posts.	To improve and enhance our events and attendee engagement with our event offerings.	In order to pursue our legitimate interests of developing our events to suit the needs of attendees and facilitating business connections between members.
Information about your dietary requirements.	For determining the food and beverages that should be served to attendees at events.	In order to comply with our legal obligations and in our legitimate interests of providing an enjoyable event experience. We will only process information relating to your health with your explicit consent.
Information about particular attendance needs or accessibility requirements you may have, including disability, hearing and speech needs.	To provide you with information about accessibility, transportation and parking and to facilitate your attendance and enjoyment of an event.	In order to comply with legal requirements and to pursue our legitimate interests of facilitating access to our events. We will only process information relating to your health with your explicit consent.
Information relating to your subscription to, receipt of or interest in any of our mailing lists.	To inform you about upcoming events similar to those that you have previously attended and to analyse the effectiveness of our event offerings.	In order to pursue our legitimate interests of growing our event attendee and membership numbers and to improve membership engagement with our events.
Financial information such as your credit card number and expiration date and any other information necessary to receive payments.	To process your payment should it be required for a particular event.	In order to pursue our legitimate interests of receiving payment for event attendance where required.
Feedback information provided by you at events.	To receive attendee feedback and improve future events.	In order to pursue our legitimate interests of improving future events.
Photographs and videos and comments given by attendees of the event, including photos and videos of speakers and attendees.	To capture events and promote future events in order to develop and grow events and facilitate business connections. Photographs and videos may be published online (for example on a website or in social media).  Photographs may also be published in Institute publications (for example, magazines, updates etc.).	In order to pursue our legitimate interests of growing our events and promoting future events and for facilitating business connections between members.
CCTV footage when you visit our events.	For safety and security purposes.	In order to comply with our legal obligations and to pursue our legitimate interest of ensuring safety and security at our events.




4. Recipients of your personal data

   We will, from time to time, send some of your personal data to certain recipients as detailed below.

   1. Other event attendees: for District Society events, in order to encourage networking, the Institute may circulate event attendee lists to other attendees of the same event prior to, during or after that event. You can ask for further information in relation to these attendance lists through the ‘Contact us’ details below.
   2. Publication in print and online: the Institute may use photographs or videos from events on its website or social media channels.
   3. Transfers to service providers: the Institute may transfer your personal details to third parties involved in the hosting or organising of events, such as sponsors, catering companies, exhibitors, stationery providers or hospitality staff at event locations. Such transfers are made for the legitimate interests pursued by the Institute in order to ensure the effective operation of our events. You can ask for further information in relation to these third party service providers though the ‘Contact us’ details below.

5. Data security

   We have put in place appropriate security measures to protect your personal data, including measures preventing your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  In addition, we limit access to your personal information to only those employees, agents and contractors who are authorised to access your data.

6. How long we retain your personal data

   We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

   When you have not participated, attended or registered to participate or attend in one of our events for 12 months, we will delete your personal data unless we are obliged to hold it for a longer period under law or applicable regulations (credit card detail are deleted immediately). If you consent to stay in touch with us, information to communicate with you will be kept until you withdraw your consent or unsubscribe to receiving communications.

7. Your rights

   You have certain rights under data protection legislation as summarised below:

   1. Right of access: you have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data, as well as certain information on how we are processing such data.
   2. Right to rectification: you have the right to obtain from us the rectification of inaccurate personal data concerning you. Considering the purpose of the processing, you may also, in some cases, be entitled to supplemental information regarding incomplete personal data.
   3. Right to erasure (right to be forgotten): you may, in certain circumstances, have your personal data deleted, for example if your personal information is no longer necessary in relation to the purpose for which it was collected, if you have objected to the processing of personal data and we do not have a legitimate interest which outweighs your interest, if the personal data has been processed unlawfully, or if the personal data must be deleted to comply with a legal obligation.
   4. Right to restriction of processing: you may require that we restrict the processing of your personal data in certain cases, e.g. where we no longer need your personal data but you need it to determine, enforce or defend legal claims or you have objected to processing based on our legitimate interest in order to enable us to check if our interest overrides your interest.
   5. Right to data portability: in some circumstances, you may be entitled to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller.
   6. Right to object: you have the right to object to the processing of your personal data in certain circumstances, for example where the processing is based on our legitimate interest. If so, in order to continue processing, we must be able to show compelling legitimate grounds that override your interests, rights and freedoms.

   Your rights will in each case be subject to the restrictions set out in applicable data protection laws.  For further information on these rights, and the circumstances in which they may arise, please contact us using the details in the ‘Contact us’ section.

8. Right of complaint

   If you have any grievance, issue or problem in respect of our handling or processing of your personal data in any way, you have the right to lodge a complaint to the Data Protection Commission, whose contact details are as follows:

   Telephone: 1890 252 231  

   Email: info@dataprotection.ie

   Address: Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland 

9. Additions and changes

   We may make updates and amendments to this privacy notice. If we do, we will inform you in advance, by email or by message on our intranet, of any intended material changes taking effect and will also explain the likely impact of those changes. If such changes to this privacy notice are communicated to you, please read the updated privacy notice carefully.

10. Contact us

    In order to make a query, raise a concern, avail of your data protection rights or for any other reason related to this privacy notice, please contact us using the below contact details:

    Name: Privacy Manager

    Email: privacy@charteredaccountants.ie

    Address: Chartered Accountants House, 47 Pearse Street, Dublin 2, Ireland

This privacy notice applies with effect from 25 May 2018.