Event privacy notice

We are committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you before, during and after your attendance at Institute events, in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Who we are

   The Institute of Chartered Accountants Ireland (“Institute”, "we", or "us") is a controller of your personal data. We would like to provide you with details of the extent to which we process your personal information as an attendee of events organised by the Institute.

2. How is your personal data collected?

   We collect personal information about event attendees when we interact directly with you about our events. We may also obtain personal information directly from you through our website when you (i) fill out an event application form or (ii) sign up to our mailing list. We may from time to time collect additional personal information from your employer or during a particular event.

3. The purpose and legal basis for processing your personal data

   Personal data, or personal information, means any information about an individual from which that person can be identified. We have detailed in the table below, your personal data which we may from time to time collect, the purpose or purposes for which we process this personal data, as well as the legal basis for such processing:

4. Recipients of your personal data

   We will, from time to time, send some of your personal data to certain recipients as detailed below.

   1. Other event attendees: for District Society events, in order to encourage networking, the Institute may circulate event attendee lists to other attendees of the same event prior to, during or after that event. You can ask for further information in relation to these attendance lists through the ‘Contact us’ details below.
   2. Publication in print and online: the Institute may use photographs or videos from events on its website or social media channels.
   3. Transfers to service providers: the Institute may transfer your personal details to third parties involved in the hosting or organising of events, such as sponsors, catering companies, exhibitors, stationery providers or hospitality staff at event locations. Such transfers are made for the legitimate interests pursued by the Institute in order to ensure the effective operation of our events. You can ask for further information in relation to these third party service providers though the ‘Contact us’ details below.

5. Data security

   We have put in place appropriate security measures to protect your personal data, including measures preventing your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  In addition, we limit access to your personal information to only those employees, agents and contractors who are authorised to access your data.

6. How long we retain your personal data

   We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

   When you have not participated, attended or registered to participate or attend in one of our events for 12 months, we will delete your personal data unless we are obliged to hold it for a longer period under law or applicable regulations (credit card detail are deleted immediately). If you consent to stay in touch with us, information to communicate with you will be kept until you withdraw your consent or unsubscribe to receiving communications.

7. Your rights

   You have certain rights under data protection legislation as summarised below:

   1. Right of access: you have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data, as well as certain information on how we are processing such data.
   2. Right to rectification: you have the right to obtain from us the rectification of inaccurate personal data concerning you. Considering the purpose of the processing, you may also, in some cases, be entitled to supplemental information regarding incomplete personal data.
   3. Right to erasure (right to be forgotten): you may, in certain circumstances, have your personal data deleted, for example if your personal information is no longer necessary in relation to the purpose for which it was collected, if you have objected to the processing of personal data and we do not have a legitimate interest which outweighs your interest, if the personal data has been processed unlawfully, or if the personal data must be deleted to comply with a legal obligation.
   4. Right to restriction of processing: you may require that we restrict the processing of your personal data in certain cases, e.g. where we no longer need your personal data but you need it to determine, enforce or defend legal claims or you have objected to processing based on our legitimate interest in order to enable us to check if our interest overrides your interest.
   5. Right to data portability: in some circumstances, you may be entitled to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller.
   6. Right to object: you have the right to object to the processing of your personal data in certain circumstances, for example where the processing is based on our legitimate interest. If so, in order to continue processing, we must be able to show compelling legitimate grounds that override your interests, rights and freedoms.

   Your rights will in each case be subject to the restrictions set out in applicable data protection laws.  For further information on these rights, and the circumstances in which they may arise, please contact us using the details in the ‘Contact us’ section.

8. Right of complaint

   If you have any grievance, issue or problem in respect of our handling or processing of your personal data in any way, you have the right to lodge a complaint to the Data Protection Commission, whose contact details are as follows:

   Telephone: 1890 252 231  

   Email: info@dataprotection.ie

   Address: Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland 

9. Additions and changes

   We may make updates and amendments to this privacy notice. If we do, we will inform you in advance, by email or by message on our intranet, of any intended material changes taking effect and will also explain the likely impact of those changes. If such changes to this privacy notice are communicated to you, please read the updated privacy notice carefully.

10. Contact us

    In order to make a query, raise a concern, avail of your data protection rights or for any other reason related to this privacy notice, please contact us using the below contact details:

    Name: Privacy Manager

    Email: privacy@charteredaccountants.ie

    Address: Chartered Accountants House, 47 Pearse Street, Dublin 2, Ireland

11. Virtual Admission Ceremony 

    The institute has engaged a third party called Combined Media to host this event. Your name will be shared with this third party to display your name as part of the virtual event.

    Once the event has been completed, all data provided to Combined Media will be deleted

  
This privacy notice applies with effect from 25 May 2018.