Privacy statement
Chartered Accountants Ireland (the “Institute”) respects your right to privacy and this statement sets out the Institute’s policy towards safeguarding information which you disclose to us. Any personal information which you volunteer to the Institute will be treated with the highest standards of security and confidentiality, strictly in accordance with applicable data protection rules, including the General Data Protection Regulation (the “GDPR”).
In any case, where the Institute asks you for personal information, such as your name and address, from which you can be identified on an individual basis, we will only do this where we require that information for specific purposes, for example registration. In every case, we will let you know what we intend doing with that information before collecting it.
Types of information we collect
We collect information, which includes personal data, about our members (including affiliate and reciprocal members), students, prospective students, non-member customers, members of our council and committees, prospective employees, and the directors, officers, employees, agents and/or authorised signatories of other regulatory and oversight bodies, the Institute’s suppliers, service providers, vendors and other commercial entities with which the Institute deals, member’s firms, law enforcement, and members of the public with whom we interact (collectively “individuals”) for the purposes of and in connection with the Institute’s dealings with those individuals and/or relevant commercial entities. You may be such an individual.
Personal data means any information which the Institute has or obtains, or which you provide to the Institute, and specifically your name, address, email address, phone number(s), title or position, date of birth, gender, employment status, employment details, employer address, work email, work phone, work experience, bank details, credit/debit card details, CV, exam records and educational details from which you can be directly or indirectly personally identified. Some of this personal data may be special category personal data, namely data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health or sex life or sexual orientation.
We may also collect certain statistical and other analytical information collected on an aggregate basis relating to all visitors to our Website. This non-personal data comprises information that cannot be used to identify or contact you, such as demographic information regarding browser types, mobile device equipment, mobile network and other anonymous statistical data involving the use of the website. We collect this information to help us monitor traffic and enhance your experience of the website. Please see further detail on this in our cookie notice on this page.
How we obtain your personal data
We will obtain some of your personal data directly from you where we interact directly with you in the course of our business. We may also obtain personal data directly from you through the website, including (i) when you make an enquiry about our services or professional courses and seminars (ii) when you sign up to our mailing list, or (iii) when you apply for a position with the Institute.
Our cookie notice also sets out details of the targeting or advertising cookies, which will collect and use your personal data, which are used by or via our website.
This information may be collected indirectly from a variety of sources, such as other regulatory and oversight bodies (including where you request that such bodies provide information directly to us), your employer, the commercial entity which you represent, and publicly available sources including media reports and social media, such as LinkedIn.
Use of personal data
The Institute will use the personal data where necessary:
- For the purposes of performing our contract with you, or in anticipation of you becoming a member or student at the Institute or achieving a qualification, namely:
- for the purpose of providing services to you, registering you as a member or student, enrolment for examinations, providing an accreditation/qualification when achieved and other related administration services, as the case may be;
- for the collection of membership subscription fees and exam fees;
- for education and maintenance of CPD requirements;
- to deal with your queries or complaints.
- Where we have a legitimate interest in using it, including:
- for the purposes of managing our contracts and relationships with our members, students, non-member customers, suppliers, service providers, vendors and other commercial entities;
- for the purposes of discharging our regulatory obligations including, without limitation, assessment, ongoing inspection and monitoring, and certification or licensing of you or your firm or employer, including without limitation as an audit firm or insolvency practitioner;
- for the processing of complaints and disciplinary matters in accordance with the Institute’s Disciplinary Bye-Laws, Regulations, policies and guidance (this includes, without limitation, undertaking in-house ethical, investigatory and disciplinary proceedings howsoever called);
- maintenance of and/or provision of information to public registers;
- ensuring compliance with CPD requirements
- for day to day operational and business purposes;
- board and Council reporting and management purposes;
- management of the benevolent association;
- in the event of a merger, reorganisation or disposal of, or a proposed merger, reorganisation of disposal of all or any part of our business;
- to take advice from our external legal and other advisors.
- For compliance with our legal obligations, including:
- for the purposes of discharging our regulatory obligations including, without limitation, assessment, ongoing inspection and monitoring, and certification or licensing of you or your firm or employer, including without limitation as an audit firm or insolvency practitioner;
- to comply with our obligations under anti-money laundering law and regulations;
- for the processing of complaints and disciplinary matters in accordance with the Institute’s Disciplinary Bye-Laws, Regulations, policies, and guidance (this includes, without limitation, undertaking in-house ethical, investigatory and disciplinary proceedings howsoever called);
- maintenance of and/or provision of information to public registers;
- tax and regulatory reporting obligations;
- Where we are ordered to disclose information by a court with appropriate jurisdiction.
- Where use or sharing is for a legitimate interest of a third party to which we provide the personal data, including for day to day operational and business purposes.
- Where necessary to establish, exercise or defend legal rights or for the purpose of legal proceedings.
- If we need and you have given your consent to use of your personal data for a particular purpose.
Where we have your permission, the Institute may direct information relating to topics, goods, or services to you which we feel will be of interest to you. If you subsequently decide that you no longer wish to receive such information, you can manage this through your preference centre.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purposes and applicable laws. If we need to use your personal data for a purpose unrelated to the original purpose for which we collected it, we will notify you and we will explain the legal basis which allows us to do so.
Disclosures of personal data
We will not disclose any personal data to any third party, except as outlined above and/or as follows:
- to enable us to carry out the obligations under and enforce our contracts with our customers, suppliers, service providers, vendors and other commercial entities;
- to anyone providing a service to us or acting as our agent, as data processors, or for the purposes of providing services to us and on the understanding that they will keep the personal data confidential and only process it in accordance with our instructions and the GDPR;
- where we need to share personal data with our auditors, legal and other advisors;
- where we are required or requested to share information with another regulatory or oversight body, including where a member requests that we confirm details with such bodies;
- where you are a student and your employer is your sponsor, we will share your personal data with your employer;
- in the event of a merger or proposed merger, any (or any proposed) transferee of, or successor in title to, the whole or any part of our business, and their respective officers, employees, agents, and advisers, to the extent necessary to give effect to such transaction;
- if the disclosure is required by law or regulation (including but not limited to anti-money laundering law and regulations), or court or administrative order having force of law, or is required to be made to any of our regulators or law enforcement agencies;
- the Institute may generally share personal data with another Recognised Accountancy Body (“RAB”) where it perceives there is a legitimate interest in doing so.
The following is a list of regulatory and oversight bodies with which we interact and share personal data including but not limited to the Irish Auditing and Accounting Supervisory Authority, the Central Bank of Ireland, the Financial Reporting Council, the Office of the Director of Corporate Enforcement, An Garda Siochana, Revenue Commissioners Ireland, Central Bank of Ireland, National Crime Agency, Office for Professional Body AML Supervision (“OPBAS”), GB/NI Insolvency Service, other RABs, Disciplinary Panel Members, Committee Members and External Disciplinary Committees.
International transfers
Personal data may be transferred outside Ireland in connection with the uses described above and/or as otherwise required or permitted by law.
Many of the countries will be within the European Economic Area (the “EEA”) or will be ones which the European Commission has approved and will have data protection laws which are the same as or broadly equivalent to those in the European Union. Personal data can transfer freely to these countries in accordance with the GDPR. However, some transfers may be to countries which do not have equivalent protections, and in that case, we will implement contractual protections for the personal data in the form of EU Commission approved standard contractual clauses or other appropriate safeguards as provided for under the GDPR. Further information in relation to international data transfers can be obtained by contacting us at the address specified below.
Third party personal data
Where you provide us with personal data relating to other people, such as your directors, officers, employees, advisors, or other related persons, you represent and warrant that you will only do so in accordance with applicable data protection laws. You will ensure that before doing so, the individuals in question are made aware of the fact that we will hold information relating to them and that we may use it for any of the purposes set out in this statement, and where necessary you will obtain their consent to our use of their information. We may, where required under applicable law, notify those individuals that you have provided their details to us.
Third party providers of information
We may obtain personal data relating to you indirectly, such as where your employer provides your contact details to us in connection with our business. The person providing the information will in the ordinary course be asked to warrant that it will only do so in accordance with applicable data protection laws, and that it will ensure that before doing so, you are made aware of the fact that we will hold information relating to you and that we may use it for any of the purposes set out in this statement, and where necessary that it will obtain consent to our use of the information.
In certain circumstances, such as where a complaint is made against a member, we have an obligation to act based on the information which is provided to us.
Recipients of the personal data
In any case where we share personal data with a third party data controller (including, as appropriate, other regulatory and oversight bodies), the use by that third party of the personal data will be subject to the third party’s own privacy policies.
Updates to personal data
We will use reasonable efforts to keep personal data up to date. However, you will need to notify us without delay in the event of any change in your personal or business circumstances, so that we can keep the personal data up to date.
Retention of personal data
We are obliged to retain certain information to ensure accuracy, to help maintain quality of service, for legal and regulatory purposes, and for legitimate business purposes.
Information will be retained for no longer than is necessary for the purpose for which it was obtained by us, or as required or permitted for legal and regulatory purposes (including disciplinary procedures), and for legitimate business purposes. In general, we (or our service providers on our behalf) will hold this information for a period of seven years after you cease to interact with us, unless we are obliged to hold it for a longer period under law or applicable regulations. In certain circumstances, where required by law or applicable regulations or where the Institute deems it necessary for our legitimate business, regulatory and/or disciplinary purposes, we may hold the data for a longer or shorter period.
Exam scripts will only be retained for the period during which an appeal may be lodged plus one month, or if an appeal is lodged, for a month after the end of the appeal process. There is no appeal period for interim assessments therefore the interim assessment scripts are retained for one month after the relevant results are published.
Your rights in relation to your personal data
You may at any time request a copy of your personal data from us. This right can be exercised by writing to us at the address specified below.
You also have the right to correct any inaccuracies in, and in certain circumstances, to request erasure, or restriction on the use, of your personal data, and to object to certain uses of your personal data, in each case subject to the restrictions set out in applicable data protection laws. Further information on these rights, the circumstances in which they may arise in connection with our processing of personal data, and any restrictions on them, can be obtained by writing to us at the address specified below.
In any case where we are relying on your consent to process your personal data, you have the right to change your mind and withdraw consent by writing to the address specified below.
Where we are relying on a legitimate purpose of the Institute or a third party recipient of the personal data, in order to use and disclose personal data, you are entitled to object to such use or disclosure of your personal data, and if you do object, we will cease to use and process the personal data for that purpose unless we can show there are compelling legitimate reasons for us to continue or we need to use the personal data for the purposes of legal claims.
You also have the right to lodge a complaint about our processing of your personal data with the Data Protection Commission by emailing info@dataprotection.ie. You can visit the website of the Office of the Data Protection Commission at www.dataprotection.ie for more details.
Updates to this policy
The Institute reserves the right in its sole discretion to amend this statement at any time (for example, to comply with changes in laws or regulations, our practices, procedures and organisational structures, requirements imposed or recommended by supervisory authorities or otherwise). Changes to this statement will be communicated to you in writing by us where we are legally required to do so.
Contacting the Institute
If you have any queries or complaints regarding the use of your personal data and/or the exercise of your individual rights, please contact the Privacy Manager by email privacy@charteredaccountants.ie
Any queries or complaints in writing should be addressed to the Privacy Manager, Chartered Accountants Ireland, Chartered Accountants House, 47-49 Pearse Street, Dublin 2.
Your request will be dealt with as soon as possible.
Last updated 21 May 2021
Cookies and tracking
You should be aware that each time you visit a website, general information about your visit is retained. Statistical and other analytical information is collected on an aggregate and non-individual specific basis of all browsers who visit the site. This statistical and analytical information provides us with general and not individually specific information about the number of people who visit this website; the number of people who return to this site; the pages that they visit; where they were before they came to this site and the page and site at which they exited.
This information helps us monitor traffic on our website, so that we can manage the website's capacity and efficiency. It also helps us to understand which parts of this website are most popular, and generally to assess user behaviour and characteristics in order to measure interest in and use of the various areas of the website. This type of non-personal information and data can be collected through the standard operation of our Internet servers and logs as well as "cookies". One simple way to prevent the use of cookies is to activate the facility which is available in most web browsers that enables you to deny or accept cookies.
The following web links point to the common browsers and their 'how to delete cookies' pages
However, you should realise that cookies may be necessary in order to provide you with certain features such as the customised delivery of certain information. The following cookies are used by the Institute's website:.
Chartered Accountants Ireland cookies
You should also be aware that where you link to another website from the Institute website, the Institute has no control over that other website. Accordingly, the Institute cannot guarantee that the controller of that website will respect your privacy in the same manner as the Institute.
The Institute reserves the right in its sole discretion to amend this privacy statement at any time, and you should regularly check this privacy statement for any amendments.