Privacy statement

Chartered Accountants Ireland (the Institute) respects your right to privacy and this statement sets out the Institute’s policy towards safeguarding information which you disclose to us.  Any personal information which you volunteer to the Institute will be treated with the highest standards of security and confidentiality, strictly in accordance with applicable data protection rules, including the General Data Protection Regulation.

In any case, where the Institute asks you for personal information, such as your name and address, from which you can be identified on an individual basis, we will only do this where we require that information for specific purposes, for example registration.  In every case, we will let you know what we intend doing with that information before collecting it.  

Types of information we collect

We collect information, which includes personal data, about our members (including affiliate and reciprocal members), students, prospective students, non-member customers, members of our council and committees, prospective employees, and the directors, officers, employees, agents and / or authorised signatories of other regulatory and oversight bodies, the Institute’s suppliers, service providers, vendors and other commercial entities with which the Institute deals, member’s firms, law enforcement, and members of the public with whom we interact (collectively “individuals”) for the purposes of and in connection with the Institute’s dealings with those individuals and / or relevant commercial entities.  You may be such an individual.

Personal data means any information which the Institute has or obtains, or which you provide to the Institute, and specifically your name, address, email address, phone number(s), title or position, date of birth, gender, employment status, employment details, employer address, work email, work phone, work experience, bank details, credit / debit card details, CV, exam records and educational details from which you can be directly or indirectly personally identified.  Some of this personal data may be special category personal data, namely data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health or sex life or sexual orientation.

We may also collect certain statistical and other analytical information collected on an aggregate basis relating to all visitors to our Website.  This non-personal data comprises information that cannot be used to identify or contact you, such as demographic information regarding browser types, mobile device equipment, mobile network and other anonymous statistical data involving the use of the Website. We collect this information to help us monitor traffic and enhance your experience of the Website.  Please see further detail on this in our cookie notice on this page.

How we obtain your personal data

We will obtain some of your personal data directly from you where we interact directly with you in the course of our business.  We may also obtain personal data directly from you through the website, such as (i) when you make an enquiry about our services or professional courses and seminars (ii) when you sign up to our mailing list, or (iii) when you apply for a position with the Institute.

Our cookie notice also sets out details of the targeting or advertising cookies, which will collect and use your personal data, which are used by or via our website.

This information may be collected indirectly from a variety of sources, such as other regulatory and oversight bodies (including where you request that such bodies provide information directly to us), your employer, the commercial entity which you represent, and publicly available sources including media reports and social media, such as LinkedIn.

Use of personal data

The Institute will use the personal data where necessary:

  1. For the purposes of performing our contract with you, or in anticipation of you becoming a member or student of the Institute or achieving a qualification, namely:
    1. for the purpose of providing services to you, registering you as a member or student, enrolment for examinations, providing an accreditation / qualification when achieved and other related administration services, as the case may be;
    2. for the collection of membership subscription fees and exam fees;
    3. for education and maintenance of CPD requirements;
    4. to deal with your queries or complaints;
  2. Where we have a legitimate interest in using it, including:
    1. for the purposes of managing our contracts and relationships with our members, students, non-member customers, suppliers, service providers, vendors and other commercial entities;
    2. for the purposes of discharging our regulatory obligations including, without limitation,  assessment, ongoing inspection and monitoring, and certification or licensing of you or your firm or employer, including without limitation as an audit firm or insolvency practitioner;
    3. for the processing of complaints and disciplinary matters in accordance with the Institute’s Disciplinary Bye-Laws, Regulations, policies and guidance (this includes, without limitation,   undertaking in-house ethical, investigatory and disciplinary proceedings howsoever called);
    4. maintenance of and / or provision of information to public registers;
    5. ensuring compliance with CPD requirements
    6. for day to day operational and business purposes;
    7. board and Council reporting and management purposes;
    8. management of the benevolent association;
    9. in the event of a merger, reorganisation or disposal of, or a proposed merger, reorganisation of disposal of all or any part of our business;
    10. to take advice from our external legal and other advisors; 
  3. For compliance with our legal obligations, including;
    1. for the purposes of discharging our regulatory obligations including, without limitation, assessment, ongoing inspection and monitoring, and certification or licensing of you or your firm or employer, including without limitation as an audit firm or insolvency practitioner;
    2. for the processing of complaints and disciplinary matters in accordance with the Institute’s Disciplinary Bye-Laws, Regulations, policies and guidance (this includes, without limitation, undertaking in-house ethical, investigatory and disciplinary proceedings howsoever called);
    3. maintenance of and / or provision of information to public registers;
    4. tax and regulatory reporting obligations;
    5. Where we are ordered to disclose information by a court with appropriate jurisdiction;
  4. Where use or sharing is for a legitimate interest of a third party to which we provide the personal data, including for day to day operational and business purposes;
  5. Where necessary to establish, exercise or defend legal rights or for the purpose of legal proceedings;
  6. If we need and you have given your consent to use of your personal data for a particular purpose.  

Where we have your permission, the Institute may direct information relating to topics, goods or services to you which we feel will be of interest to you.  If you subsequently decide that you no longer wish to receive such information, you can manage this through your preference centre.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purposes and applicable laws.  If we need to use your personal data for a purpose unrelated to the original purpose for which we collected it, we will notify you and we will explain the legal basis which allows us to do so.

Disclosures of personal data

We will not disclose any personal data to any third party, except as outlined above and / or as follows:

  1. to enable us to carry out the obligations under and enforce our contracts with our customers, suppliers, service providers, vendors and other commercial entities;
  2. to anyone providing a service to us or acting as our agent, as data processors, for the purposes of providing services to us and on the understanding that they will keep the Personal Data confidential;
  3. where we need to share personal data with our auditors, and legal and other advisors;
  4. where we are required or requested to share information with another regulatory or oversight body, including where a member requests that we confirm details with such bodies;
  5. where you are a student and your employer is your sponsor, we will share your personal data with your employer;
  6. in the event of a merger or proposed merger, any (or any proposed) transferee of, or successor in title to, the whole or any part of our business, and their respective officers, employees, agents and advisers, to the extent necessary to give effect to such transaction;
  7. is the disclosure is required by law or regulation, or court or administrative order having force of law, or is required to be made to any of our regulators.

The regulatory and oversight bodies with which we interact including but not limited to the Irish Auditing and Accounting Supervisory Authority, the Central Bank of Ireland and the Financial Reporting Council.

International transfers

Personal Data may be transferred outside Ireland in connection with the uses described above and / or as otherwise required or permitted by law. 

Many of the countries will be within the European Economic Area (the “EEA”), or will be ones which the European Commission has approved, and will have data protection laws which are the same as or broadly equivalent to those in the European Union.  However, some transfers may be to countries which do not have equivalent protections, and in that case we shall use reasonable efforts to implement contractual protections for the Personal Data.  While this may not always be possible, any transfers will be done in accordance with applicable data protection laws, including through the implementation of appropriate or suitable safeguards in accordance with such applicable data protection laws. 

For the avoidance of doubt, safeguards in the form of EU Commission approved standard contractual clauses will be implemented for transfers to service providers outside the EEA, including in India .]  Further information in relation to international data transfers can be obtained by contacting us at the address specified below.

Third party personal data

Where you provide us with personal data relating to other people, such as your directors, officers, employees, advisors or other related persons, you represent and warrant that you will only do so in accordance with applicable data protection laws.  You will ensure that before doing so, the individuals in question are made aware of the fact that we will hold information relating to them and that we may use it for any of the purposes set out in this statement, and where necessary you will obtain their consent to our use of their information.  We may, where required under applicable law, notify those individuals that you have provided their details to us.

Third party providers of information

We may obtain personal data relating to you indirectly, such as where your employer provides your contact details to us in connection with our business.  The person providing the information will in the ordinary course be asked to warrant that it will only do so in accordance with applicable data protection laws, and that it will ensure that before doing so, you are made aware of the fact that we will hold information relating to you and that we may use it for any of the purposes set out in this statement, and where necessary that it will obtain consent to our use of the information. 

In certain circumstances, such as where a complaint is made against a member, we have an obligation to act on the basis of the information which is provided to us. 

Recipients of the personal data

In any case where we share personal data with a third party data controller (including, as appropriate, other regulatory and oversight bodies), the use by that third party of the personal data will be subject to the third party’s own privacy policies.  

Updates to personal data

We will use reasonable efforts to keep personal data up to date.  However, you will need to notify us without delay in the event of any change in your personal or business circumstances, so that we can keep the personal data up to date.

Retention of personal data

We are obliged to retain certain information to ensure accuracy, to help maintain quality of service, for legal and regulatory purposes, and for legitimate business purposes. 

Information will be retained for no longer than is necessary for the purpose for which it was obtained by us, or as required or permitted for legal and regulatory purposes (including disciplinary procedures), and for legitimate business purposes.  In general, we (or our service providers on our behalf) will hold this information for a period of seven years after you cease to interact with us, unless we are obliged to hold it for a longer period under law or applicable regulations. In certain circumstances, where required by law or applicable regulations or where the Institute deems it necessary for our legitimate business, regulatory and / or disciplinary purposes, we may hold the data for a longer or shorter period. 

Exam scripts will only be retained for the period during which an appeal may be lodged plus one month, or if an appeal is lodged, for a month after the end of the appeal process.  There is no appeal period for interim assessments therefore the interim assessment scripts are retained for one month after the relevant results are published.

Your rights in relation to your personal data

You may at any time request a copy of your personal data from us.  This right can be exercised by writing to us at the address specified below.

You also have the right to correct any inaccuracies in, and in certain circumstances, to request erasure, or restriction on the use, of your personal data, and to object to certain uses of your Personal Data, in each case subject to the restrictions set out in applicable data protection laws.  Further information on these rights, the circumstances in which they may arise in connection with our processing of personal data, and any restrictions on them, can be obtained by writing to us at the address specified below.

In any case where we are relying on your consent to process your personal data, you have the right to change your mind and withdraw consent by writing to the address specified below. 

Where we are relying on a legitimate purpose of the Institute or a third party recipient of the personal data, in order to use and disclose personal data, you are entitled to object to such use or disclosure of your personal data, and if you do object, we will cease to use and process the Personal Data for that purpose unless we can show there are compelling legitimate reasons for us to continue or we need to use the personal data for the purposes of legal claims. 

You also have the right to lodge a complaint about our processing of your personal data with the Data Protection Commission by emailing info@dataprotection.ie or writing to the following address:  Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois.  You can visit the website of the Data Protection Commission at www.dataprotection.ie for more details. 

Updates to this policy

The Institute reserves the right in its sole discretion to amend this statement at any time (for example, to comply with changes in laws or regulations, our practices, procedures and organisational structures, requirements imposed or recommended by supervisory authorities or otherwise).  Changes to this statement will be communicated to you in writing by us where we are legally required to do so.

Contacting the Institute

Any queries or complaints regarding our use of your personal data and / or the exercise of individual rights should be addressed to the Privacy Manager, Chartered Accountants Ireland, Chartered Accountants House, 47-49 Pearse Street, Dublin 2.

You should include any personal identifiers which you supplied earlier (whether via the website or otherwise).  Your request will be dealt with as soon as possible.

Last updated 17 May 2018                 

Cookies and tracking

You should be aware that each time you visit a website, general information about your visit is retained. Statistical and other analytical information is collected on an aggregate and non-individual specific basis of all browsers who visit the site. This statistical and analytical information provides us with general and not individually specific information about the number of people who visit this website; the number of people who return to this site; the pages that they visit; where they were before they came to this site and the page and site at which they exited.

This information helps us monitor traffic on our website, so that we can manage the website's capacity and efficiency. It also helps us to understand which parts of this website are most popular, and generally to assess user behaviour and characteristics in order to measure interest in and use of the various areas of the website. This type of non-personal information and data can be collected through the standard operation of our Internet servers and logs as well as "cookies". One simple way to prevent the use of cookies is to activate the facility which is available in most web browsers that enables you to deny or accept cookies.

The following web links point to the common browsers and their 'how to delete cookies' pages 

However, you should realise that cookies may be necessary in order to provide you with certain features such as the customised delivery of certain information. The following cookies are used by the Institute's website:.

Chartered Accountants Ireland cookies

Cookie name Purpose Expires Domain
ASP.NET_SessionId Session cookie sent to the web browser. Used when you open the browser and then go to a website that implements ASP.NET session state. This cookie is deleted when you close your browser. At end of session .charteredaccountants.ie
.EPiServerLogin,EPiDPCKEY,.ASPXRoles Only used if you log in to a website. At end of session .charteredaccountants.ie
__epiAntiForgeryToken_ The AntiForgeryToken cookie is a session-cookie, and is encrypted / decrypted using the machine key. Token used by the AntiForgeryValidation page plugin, to protect against ross-site request forgery. At the end of session www.charteredaccountants.ie
editlanguagebranch Session cookie sent to the web browser. Holds the language code. This cookie is deleted when you close your browser At the end of session www.charteredaccountants.ie
_utma This cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure. 2 years from set/update .charteredaccountants.ie
__utmb This cookie is used to establish and continue a user session with your site. When a user views a page on your site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on your site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on your site for longer than 30 minutes. You can modify the default length of a user session with the _setSessionCookieTimeout() method.
30 minutes from set/update. .charteredaccountants.ie
__utmz This cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site. 6 months from set/update .charteredaccountants.ie
__utmc Historically, this cookie operated in conjunction with the __utmb cookie to determine whether or not to establish a new session for the user. For backwards compatibility purposes with sites still using the urchin.js tracking code, this cookie will continue to be written and will expire when the user exits the browser At end of session .charteredaccountants.ie
CookieConsent Stores the user's cookie consent state for the current domain 1 year charteredaccountants.ie
__cfduid Used by the content network, Cloudflare, to identify trusted web traffic. 1 year flickrembed.com
__cfduid Used by the content network, Cloudflare, to identify trusted web traffic. 1 year zopim.com
_ceg.s Used by the service Crazy Egg to register where the visitor clicks on the website. The cookie enables the service to recognize the visitor on returning visits. 3 months charteredaccountants.ie
_ceg.u Used by the service Crazy Egg to register where the visitor clicks on the website. The cookie enables the service to recognize the visitor on returning visits. 3 months charteredaccountants.ie
_dc_gtm_UA-# Used by Google Tag Manager to control the loading of a Google Analytics script tag. At end of session charteredaccountants.ie
_ga Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 2 years charteredaccountants.ie
_gali Enhanced Link Attribution improves the accuracy of your In-Page Analytics report At end of session charteredaccountants.ie
_gat Used by Google Analytics to throttle request rate At end of session charteredaccountants.ie
_gid Registers a unique ID that is used to generate statistical data on how the visitor uses the website. At end of session charteredaccountants.ie
AWSALB Used by Zopim live chat 6 days zopim.com
__zlcmid Preserves users states across page requests. 1 year charteredaccountants.ie
zte# Saves a Zopim Live Chat ID that recognises a device between visits during a chat session. At end of session charteredaccountants.ie
fr Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. 3 months facebook.com
NID Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads. 6 months google.com
GPS Registers a unique ID on mobile devices to enable tracking based on geographical GPS location. At end of session youtube.com
PREF Registers a unique ID that is used by Google to keep statistics of how the visitor uses YouTube videos across different websites. 8 months youtube.com
VISITOR_INFO1_LIVE Tries to estimate the users' bandwidth on pages with integrated YouTube videos. 179 days youtube.com
YSC Registers a unique ID to keep statistics of what videos from YouTube the user has seen. At end of session youtube.com

You should also be aware that where you link to another website from the Institute website, the Institute has no control over that other website. Accordingly, the Institute cannot guarantee that the controller of that website will respect your privacy in the same manner as the Institute.

The Institute reserves the right in its sole discretion to amend this privacy statement at any time, and you should regularly check this privacy statement for any amendments.