View Cart

Hello, World!

☰

Members students affiliates privacy statement

Chartered Accountants Ireland (the “Institute”) respects data subjects right to privacy and this statement (published on our website) sets out the Institute's policy towards safeguarding information which data subjects disclose to the Institute. Any personal information which is volunteered to the Institute will be treated with the highest standards of security and confidentiality, strictly in accordance with applicable data protection rules, including the General Data Protection Regulation (the “GDPR”).

The Institute acts as the Data Controller. The Institute’s registered address is Chartered Accountants House, 47-49 Pearse Street, Dublin 2, D02 YN40.

In any case, where the Institute asks for personal information, such as name and address, from which data subjects can be identified on an individual basis, the Institute will only do this where that information is required for specific purposes. In every case, the Institute will inform data subjects what the intention is with that information before collecting it.

Definitions

Reference	Definition
Data	Data is information, which is stored electronically, on a computer or in certain paper-based filing systems.
Data subjects	Data subjects include all living individuals about whom the Institute hold personal data (including members, students and affiliates). All data subjects have legal rights in relation to their personal information.
Data Controllers	Data Controllers are the people or organisations who determine the purposes for which, and the manner in which any personal data is processed. They are responsible for establishing practices and policies in line with relevant laws and regulations. The Institute is the data controller of all personal data used in their business for their own commercial purposes.
Data Processors	Data Processors include any person or organisation that processes personal data on the Institute’s behalf and on Institute’s instructions. Employees of data controllers are excluded from this definition, but it could include suppliers which handle personal data on the Institute’s behalf.
Data Protection Impact Assessments (DPIA)	DPIA assessments are used to help organisations identify, assess and mitigate risks to individuals’ privacy when processing personal data. DPIAs are legally required under the EU and UK GDPR for certain data processing activities to ensure compliance and protect personal data.
Legitimate Interests Assessment ("LIA")	A Legitimate Interest Assessment is a process for organisations to carry out a risk assessment in order to analyse and evaluate the justification for processing personal data based on Legitimate Interests as the lawful basis under GDPR.
Personal data	Personal data is data relating to a living individual who can be identified from the data in conjunction with other information that is in or is likely to come into the Institute’s possession. Examples of Personal Data include name, address, date of birth, telephone number, email address, membership number etc.
Sensitive Personal Data (special category data)	Sensitive Personal Data relates to specific categories of data such as data relating to a person’s racial origin; political opinions or religious or other beliefs; physical or mental health; sexual life; criminal convictions or the alleged commission of an offence and trade union membership. The Institute may collect sensitive personal data, such as limited health data in the event that specialised services are required.
Processing of personal data	Processing of personal data is any activity that involves the use of the data. The Institute requires this information to understand data subject needs to provide a better service.
Robotic Processing Automation (“RPA”)	Robotic Processing Automation is a machine learning technology, to support Institute personnel working on processing large volumes of data of our students, members, and affiliates e.g. exemption application data, student training development records and so on.

Obligations of the Institute as Data Controller

Data Controllers processing personal data must comply with the following Data Protection principles of good practice. These provide that personal data must be:

Obtained and processed lawfully and fairly.
Collected and kept only for specified, explicit and legitimate purposes and not be used or disclosed in a manner incompatible with those purposes for which it was given initially
Protected against unauthorised access, alteration, disclosure or destruction, or unlawful processing.
Accurate, complete and where necessary, kept up to date.
Adequate, relevant and not excessive in relation to the purpose for which they were collected.
Not kept for longer than is necessary.

Types of information the Institute collect

The Institute collect information, which includes:

Personal data, about its members (including affiliate and reciprocal members)
Students and prospective students
Non-member customers
Members of its council and committees
Prospective employees, and the directors, officers, employees, agents and/or authorised signatories of other regulatory and oversight bodies
The Institute's suppliers, service providers, vendors and other commercial entities with which the Institute deals
Member's firms
Law enforcement
Members of the public with whom the Institute interacts

Collectively “data subjects”.

This processing occurs for the purposes of and in connection with the Institute's dealings with those individuals and/or relevant commercial entities.

How the Institute obtains data subjects personal data

The Institute will obtain some of data subject’s personal data where the Institute interact directly with the data subject in the course of its business. The Institute may also obtain personal data directly from data subjects through the website, including:

when making an enquiry about Institute services or professional courses and seminars
when data subjects sign up to the Institute mailing list, or
when applying for a position with the Institute.

Our cookie notice also sets out details of the targeting or advertising cookies, which will collect and use data subjects’ personal data, which are used by or via the Institute website.

This information may be collected indirectly from a variety of sources including:

Regulatory and oversight bodies (including where data subjects request that such bodies provide information directly to the Institute)
The data subject’s employer
The commercial entity represented
Publicly available sources including media reports and social media, such as LinkedIn.

Use of personal data

Please see information in relation to categories of personal data in scope, purposes and legal bases of processing in the table below.

Definitions

Purpose of processing	Categories of personal data processed	Lawful basis under GDPR
(a) Providing services to data subjects, registering a member or student, enrolment for examinations, providing an accreditation/qualification when achieved and other related administration services, as the case may be. If this personal data is not provided, the Institute will be unable to provide these services to data subjects.	Student/member name, address, email, date of birth and mobile, member/student number, Country of residence Photograph Image of Identification Document for exams Video and audio recording of the exam session Flags indicating non-conformance with exam rules IP Address from which exams are taken Exam script, exam adjustments arising from Reasonable Accommodation Exam grade A unique identifier which denotes a candidate and each specific exam PC browser & Operating System Cookies are placed on the candidate’s PC Employer details IBAN details	Necessary for the performance of a contract with the data subject (per Article 6(1)(b) GDPR). In respect of health information, where necessary for the purposes of exercising the Institute’s or data subject’s specific rights in relation to membership and/or examinations.
(b) For the collection of membership subscription fees and exam fees. Communications can be in the form of letter, email or SMS. If this personal data is not provided, the Institute will be unable to collect these fees.	Student/member name, address, email, DOB & mobile, member/student number, IBAN details. Credit card details not stored in line with PCI compliance.	Necessary for the performance of a contract with data subjects (per Article 6(1)(b) GDPR).
(c) To deal with data subjects queries or complaints or disciplinary matters in accordance with the Institute's Disciplinary Bye-Laws, regulations, policies and guidance (this includes, without limitation, undertaking in-house ethical, investigatory and disciplinary proceedings howsoever called). If this personal data is not provided, the Institute will be unable to comply with its obligations to deal with data subject queries or complaints.	Complainant name, address, email, DOB, mobile, health details (where applicable), Name of employees, members, students, affiliates, council members, committee members, legal advisors, contractors, suppliers, Chartered firms and members of the public involved in the complaint.	Necessary for the performance of a contract with data subjects (per Article 6(1)(b) GDPR) and/or Necessary for the purposes of the Institute’s legitimate interests in promoting the proper and efficient administration of the Institute’s business, where such interests are not overridden by data subjects’ fundamental rights (per Art. 6 (1)(f) GDPR) and or Necessary to comply with the Institute’s legal obligations pursuant to laws and regulations stated in Appendix A (per Art. 6(1)(c) GDPR) In respect of health information, where necessary for the purposes of exercising Institute or data subjects specific rights in relation to membership and/or education.
(d) Managing Institute contracts and relationships with its members, students, non-member customers, suppliers, service providers, vendors and other commercial entities.	Name, address, email, mobile, DOB, CCTV images, supplier/contractor tax number, health details (where applicable) for- employees, members, students, affiliates, council members, committee members, legal advisors, contractors, suppliers, Chartered firms and members of the public.	Necessary for the purposes of the Institute’s legitimate interests in promoting the proper and efficient administration of the Institute’s business, where such interests are not overridden by data subjects’ fundamental rights (per Art. 6 (1)(f) GDPR). In respect of health information, where necessary for the purposes of exercising Institute or data subject specific rights in relation to membership and/or education.
(e) Discharging Institute regulatory obligations including, without limitation, assessment, ongoing inspection and monitoring, and certification or licensing of the data subject or their firm or employer, including without limitation as an audit firm or insolvency practitioner.	Name, address, email, mobile, DOB, CCTV images, supplier/contractor tax number, health details (where applicable) for- employees, members, students, affiliates, council members, committee members, legal advisors, contractors, suppliers, Chartered firms and members of the public.	Necessary for the purposes of the Institute’s legitimate interests in promoting the proper and efficient administration of the Institute’s business, where such interests are not overridden by data subjects’ fundamental rights (per Art. 6 (1)(f) GDPR) and/or Necessary to comply with the Institute’s legal obligations pursuant to laws and regulations stated in Appendix A (per Art. 6(1)(c) GDPR). In respect of health information, where necessary for the purposes of exercising Institute or data subject specific rights in relation to membership, employer or firm.
(f) Maintenance of and/or provision of information to public registers.	Name of firm, its partners, firm address. Members name, employers name and address, job title, membership number.	Necessary for the purposes of the Institute’s legitimate interests in promoting the proper and efficient administration of the Institute’s business, where such interests are not overridden by data subjects’ fundamental rights (per Art. 6 (1)(f) GDPR) and/or Necessary to comply with the Institute’s legal obligations pursuant to laws and regulations stated in Appendix A (per Art. 6(1)(c) GDPR).
(g) Ensuring compliance with CPD requirements. If this personal data is not provided, the Institute will be unable to comply with these contractual obligations to data subjects.	Firm name and address. Members names, address, email, mobile number, membership numbers.	Necessary for the purposes of the Institute’s legitimate interests in the proper and efficient administration of the Institute’s business, where such interests are not overridden by data subjects’ fundamental rights (per Art. 6 (1)(f) GDPR). Necessary for the performance of a contract with data subjects (per Article 6(1)(b) GDPR).
(h) For day-to-day operational and business purposes.	Name, address, email, DOB, mobile, CCTV images, supplier/contractor tax number, health details (where applicable) for- employees, members, students, affiliates, council members, committee members, legal advisors, contractors, suppliers, Chartered firms and members of the public.	Necessary for the purposes of the Institute’s legitimate interests in promoting the proper and efficient administration of the Institute’s business, where such interests are not overridden by data subjects’ fundamental rights (per Art. 6 (1)(f) GDPR). In respect of health information, where necessary for the purposes of exercising Institute or data subject specific rights in relation to membership, education, employer or firm.
(i) Board and Council reporting and management purposes.	Name, email, DOB of board and Council members.	Necessary for the purposes of the Institute’s legitimate interests in promoting the proper and efficient administration of the Institute’s business, where such interests are not overridden by data subjects’ fundamental rights (per Art. 6 (1)(f) GDPR).
(j) Management of the benevolent association.	Name, address, email, DOB, mobile, financial or health details (where applicable) for members, students, affiliates.	Necessary for the purposes of the Institute’s legitimate interests in promoting the proper and efficient administration of the Institute’s business, where such interests are not overridden by data subjects’ fundamental rights (per Art. 6 (1)(f) GDPR). In respect of health information, where necessary for the purposes of exercising Institute or data subjects’ specific rights in relation to membership, education, employer or firm.
(k) In the event of a merger, reorganisation or disposal of, or a proposed merger, reorganisation of disposal of all or any part of Institute business.	Name, address, email, DOB, mobile, CCTV images, supplier/contractor tax number, health details (where applicable) for- employees, members, students, affiliates, council members, committee members, legal advisors, contractors, suppliers, Chartered firms and members of the public.	Necessary for the purposes of the Institute’s legitimate interests in promoting the proper and efficient administration of the Institute’s business, where such interests are not overridden by data subjects’ fundamental rights (per Art. 6 (1)(f) GDPR) In respect of health information, where necessary for the purposes of exercising Institute or data subject specific rights in relation to membership, educations, employer or firm.
(l) To take advice from Institute external legal and other advisors.	Name, address, email, mobile, DOB, CCTV images, supplier/contractor tax number, health details (where applicable) for- employees, members, students, affiliates, council members, committee members, legal advisors, contractors, suppliers, Chartered firms and members of the public.	Necessary for the purposes of the Institute’s legitimate interests in promoting the proper and efficient administration of the Institute’s business, where such interests are not overridden by data subjects’ fundamental rights (per Art. 6 (1)(f) GDPR). In respect of health information, where necessary for the purposes of exercising Institute or data subject specific rights in relation to membership, education, employer or firm.
(m) To comply with Institute obligations under anti-money laundering law and regulations. If this personal data is not provided, the Institute will be unable to discharge these regulatory obligations.	Name, address, email, DOB, mobile of employees, members, students, affiliates, council members, committee members, legal advisors, contractors, suppliers, Chartered firms, supplier/contractor tax number.	Necessary to comply with the Institute’s legal obligations pursuant to laws and regulations stated in Appendix A (per Art. 6(1)(c) GDPR).
(n) Tax and regulatory reporting obligations. If this personal data is not provided, the Institute will be unable to discharge these regulatory obligations.	Name, address, email, DOB, mobile, health details (where applicable). Name of employees, members, students, affiliates, council members, committee members, legal advisors, contractors, suppliers, Chartered firms and their employees and members of the public.	Necessary to comply with the Institute’s legal obligations pursuant to laws and regulations stated in Appendix A (per Art. 6(1)(c) GDPR) In respect of health information, where necessary for the purposes of exercising Institute or data subjects’ specific rights in relation to membership, education, employer or firm.
(o) Where the Institute are ordered to disclose information by a court with appropriate jurisdiction. If this personal data is not provided, the Institute will be unable to comply with such orders.	Will depend on the request at hand.	Necessary to comply with the Institute’s legal obligations pursuant to laws and regulations stated in Appendix A (per Art. 6(1)(c) GDPR).
(p) Where use or sharing is for a legitimate interest of a third party to which the Institute provide the personal data, including for day to day operational and business purposes.	Name, address, email, DOB, mobile, health details (where applicable). Name of employees, members, students, affiliates, council members, committee members, legal advisors, contractors, suppliers, Chartered firms and their employees and members of the public.	Necessary for the purposes of a third party’s legitimate interests in promoting the proper and efficient administration of the Institute’s business, such as for day-to-day operational and business purposes, where such interests are not overridden by data subjects’ fundamental rights (per Art. 6 (1)(f) GDPR) In respect of health information, where necessary for the purposes of exercising Institute or data subjects’ specific rights in relation to membership, education, employer or firm.
(q) Where necessary to establish, exercise or defend legal rights or for the purpose of legal proceedings.	As notified to data subjects from time to time.	Necessary for the purposes of the Institute’s legitimate interests in establishing, exercising or defending legal rights, where such interests are not overridden by data subjects’ fundamental rights (per Art. 6 (1)(f) GDPR).
(r) If the Institute need and consent has been provided to use of data subject personal data for a particular purpose.	As notified to data subjects from time to time.	The data subject has given consent to the processing of data subjects’ personal data for one or more specific purposes (per Art. 6(1)(a) GDPR).
(s) Where necessary to migrate data from an existing software to a new software system using RPA technology e.g. exemption application programme, student training record upload.	Could include any of the following depending on the software involved: Name, address, email, DOB, mobile, CCTV images, supplier/contractor tax number, health details (where applicable) for- employees, members, students, affiliates, council members, committee members, legal advisors, contractors, suppliers, Chartered firms and members of the public.	Necessary for the purposes of the Institute’s legitimate interests in establishing, exercising or defending legal rights, where such interests are not overridden by data subjects’ fundamental rights (per Art. 6 (1)(f) GDPR).

Where the Institute has data subject’s permission, the Institute may direct information relating to topics, goods, or services to which the Institute feels will be of interest. If a data subject subsequently decides that they no longer wish to receive such information, this can be managed through the preference centre section on the student portal.

The Institute will only use data subject personal data for the purposes for which it was collected, unless the Institute reasonably consider that it needs to use it for another reason and that reason is compatible with the original purposes and applicable laws. If the Institute need to use data subject’s personal data for a purpose unrelated to the original purpose for which it was collected, it will be notified to the data subject and explained the legal basis which allows the Institute to do so.

Legitimate Interest Assessment

The Institute carries out a Legitimate Interests Assessment ("LIA") to determine if we can process personal data on the legal basis of our legitimate interests (Article 6(1)(f) of the GDPR).

A Legitimate Interests Assessment requires us to:

identify our legitimate interests in processing personal data;
demonstrate that the processing is necessary to achieve the legitimate interests; and
consider carefully the Institute's right to process personal data in the context of the members, students or affiliates right as a Data Subject to privacy.

Where data is processed for the purposes of the Institute’s legitimate interests, the Institute will prepare a Legitimate Interest Assessment (LIA) to ensure that the Institute’s interest does not override the interests or fundamental rights and freedoms of the data subject.

If RPA technology is used to process any data, the Institute will prepare a Data Protection Impact Assessment (DPIA) to identify, assess and mitigate risks to individuals’ privacy when processing personal data. When using RPA technology that involves automated decision making, we will ensure there is a ‘human in the loop’ during this processing activity.

Disclosures of personal data

The following personal data is shared with our third-party service providers to enable us to carry out our operations:

Category of recipients	Personal data shared by the Institute	Purposes for which the personal data is shared
Suppliers Service providers Vendors Other commercial entities	Name, address, email, DOB, mobile, CCTV images, supplier/contractor tax number, health details (where applicable), for- employees, members, students, affiliates, Council members, committee members, legal advisors, contractors, suppliers, Chartered firms and members of the public.	To enable the Institute to carry out the obligations under and enforce its contracts with the Institute’s non-member customers, suppliers, service providers, vendors and other commercial entities.
Auditors Legal and other advisors	Name, address, email, DOB, mobile, CCTV images, supplier/contractor tax number, health details (where applicable) for- employees, members, students, affiliates, council members, committee members, legal advisors, contractors, suppliers, Chartered firms and members of the public.	Where the Institute need to share personal data with auditors, legal and other advisors.
Regulatory or oversight bodies	Name, address, email, DOB, mobile, supplier/contractor tax number, health details (where applicable) for- members, students, affiliates, Council members, committee members, Chartered firms.	Where the Institute is required or requested to share information with another regulatory or oversight body, including where a member requests that the Institute confirms details with such bodies.
Employer sponsors	Name, address, email, DOB, mobile, health details (where applicable) for- employees.	Where the data subject is a student and their employer is their sponsor, the Institute will share the data subject’s personal data with their employer.
Proposed Assignee, Transferee or Successor in Title and their respective officers, employees, agents and advisors	Name, address, email, DOB, mobile, supplier/contractor tax number, health details (where applicable), for- employees, members, students, affiliates, Council members, committee members, legal advisors, contractors, suppliers, Chartered firms	In the event of a merger or proposed merger, any (or any proposed) transferee of, or successor in title to, the whole or any part of Institute business, and their respective officers, employees, agents, and advisers, to the extent necessary to give effect to such transaction.
Recipients as required by law or regulation, court or administrative order having force of law, regulators, other regulatory and oversight bodies, member’s firms or law enforcement agencies	Specified as per each request.	If the disclosure is required by law or regulation (including but not limited to anti-money laundering law and regulations), or court or administrative order having force of law, or is required to be made to any regulators or law enforcement agencies.
Another Recognised Accountancy Body (“RAB”)	Name, address, email, DOB, mobile, supplier/contractor tax number for- employees, members, students, affiliates, council members, committee members, legal advisors, contractors, suppliers, Chartered firms	The Institute may generally share personal data with another RAB where it perceives there is a legitimate interest in doing so.

Regulatory and Oversight Bodies (ROB’s)

The Institute interacts and shares personal data with the following bodies (including but not limited to):

The Irish Auditing and Accounting Supervisory Authority
The Central Bank of Ireland
The Financial Reporting Council
Office of the Director of Corporate Enforcement
An Garda Siochana
Revenue Commissioners Ireland
National Crime Agency
Office for Professional Body AML Supervision (“OPBAS”)
GB/NI Insolvency Service
Other RABs, Disciplinary Panel members, committee members and external disciplinary committees.

International transfers

Personal data may be transferred outside Ireland in connection with the uses described above and/or as otherwise required or permitted by law.

Many of the countries will be within the European Economic Area (the “EEA”) or the United Kingdom (“UK”) or will be ones which the European Commission has approved and will have data protection laws which are the same as or broadly equivalent to those in the European Union. Personal data can transfer freely to these countries in accordance with the GDPR. However, some transfers may be to countries which do not have equivalent protections, and in that case, the Institute will implement contractual protections for the personal data in the form of EU Commission approved standard contractual clauses or other appropriate safeguards as provided for under the GDPR.

Further information in relation to international data transfers can be obtained by contacting the Institute at the details specified below.

Third party personal data

This statement also applies to personal data relating to third parties that the Institute are required to process to facilitate our relationship with data subjects. An example of third-party personal data processed for this purpose are the name(s) and contact details of individuals at the member’s or student’s training firm.

Third party providers of information

The Institute may obtain personal data relating to data subjects indirectly, such as where the data subject’s employer provides contact details to us in connection with Institute business. The person providing the information will in the ordinary course be asked to warrant that it will only do so in accordance with applicable data protection laws, and that it will ensure that before doing so, the data subject is made aware of the fact that the Institute will hold information relating about them and that the Institute may use it for any of the purposes set out in this statement, and where necessary that it will obtain consent to the Institute’s use of the information.

In certain circumstances, such as where a complaint is made against a member, the Institute has an obligation to act based on the information which is provided.

Recipients of personal data

In any case where the Institute share personal data with a third-party data controller (including, as appropriate, other regulatory and oversight bodies), the use by that third party of the personal data will be subject to the third party’s own privacy policies.

Updates to personal data

The Institute will use reasonable efforts to keep personal data up to date. However, the data subject will need to notify the Institute without delay in the event of any change in personal or business circumstances, so that personal data is kept up to date.

Retention of personal data

The Institute is obliged to retain certain information to ensure accuracy, to help maintain quality of service, for legal and regulatory purposes, and for legitimate business purposes.

Information will be retained for no longer than is necessary for the purpose for which it was obtained by the Institute, or as required or permitted for legal and regulatory purposes (including disciplinary procedures), and for legitimate business purposes. In general, the Institute (or our service providers on our behalf) will hold this information for a period of seven years after a data subject ceases to interact with the Institute, unless obliged to hold it for a longer period under law or applicable regulations. In certain circumstances, where required by law or applicable regulations or where the Institute deems it necessary for our legitimate business, regulatory and/or disciplinary purposes, the Institute may hold the data for a longer or shorter period.

Exam scripts will only be retained for the period during which an appeal may be lodged plus one month, or if an appeal is lodged, for a month after the end of the appeal process. There is no appeal period for interim assessments therefore the interim assessment scripts are retained for one month after the relevant results are published.

Data security

Appropriate physical, organisational and technical security measures are in place to protect the individual’s personal data from accidental loss, unauthorised access, use, alteration or disclosure. Strict internal guidelines are in place to ensure that privacy is safeguarded at every level in the Institute. We limit access to personal data to only those employees and processors who have a legitimate business need to access such data. We will continue to revise our policies and implement additional security features as new technologies become available.

Data Subject Rights in relation to personal data

Data subjects have the following rights, in certain circumstances, under Articles 12-22 of the GDPR:

The right to be informed about what personal data is collected and how it is used.
The right of access to the personal data controlled by the Institute.
The right to correct any inaccuracies in the personal data.
In some instances, subject to the Examinations and Appeals Regulations and in accordance with the need to provide fair examinations to all Institute candidates, there is the right to erasure of personal data (also known as the “Right to be Forgotten”).
The right to restrict the processing of the personal data.
The right to object to the processing of your personal data in certain circumstances, this includes the right to opt-out of receiving marketing communications from the Institute.
The right not to be subject to automated decision making and profiling in certain circumstances. This right does not apply if the processing is based on explicit consent.
There is the right to data portability of the personal data that data subjects provide to the Institute and where it is processed based on the data subjects consent or for the performance of a contract.

In any case where the Institute are relying on the data subject’s consent to process their personal data, the data subject has the right to change their mind and withdraw consent by writing to the address specified below, without affecting the lawfulness of processing based on consent before its withdrawal.

Where the Institute are relying on a legitimate purpose of the Institute or a third party recipient of the personal data, in order to use and disclose personal data, the data subject is entitled to object to such use or disclosure of their personal data, and if they do object, the Institute will cease to use and process the personal data for that purpose unless the Institute can show there are compelling legitimate reasons to continue or need to use the personal data for the purposes of legal claims.

How to exercise privacy rights under GDPR

A data subject can exercise any of the listed rights above by contacting the Institute’s Privacy Manager at the details listed below.

Data Subjects also have the right to lodge a complaint about the Institute processing of personal data with the relevant supervisory authority in accordance with Article 77 GDPR, details as follows:

Republic of Ireland:

Telephone: 1890 252 231

Email: info@dataprotection.ie

Address:
Data Protection Commission,
6 Pembroke Row,
Dublin 2,
D02 X963,
Ireland

Northern Ireland:

Telephone: 028-9027-8757

Email: ni@ico.org.uk

Address:
Information Commissioner’s Office,
10^th Floor Causeway Tower,
9 James Street South,
Belfast,
BT7 2JB
Northern Ireland

Details on how to lodge a complaint are available on our Data Privacy Complaints Procedures page. All questions in relation to this privacy statement can be directed to the Privacy Manager at the details below.

Updates to this statement

The Institute reserves the right in its sole discretion to amend this statement at any time (for example, to comply with changes in laws or regulations, our practices, procedures and organisational structures, requirements imposed or recommended by supervisory authorities or otherwise). Changes to this statement will be communicated by the Institute where legally required to do so.

Contacting the Institute

Any queries or complaints regarding the use of data subjects’ personal data and/or the exercise of individual rights, please contact the Privacy Manager whose contact details are as follows:

Email: privacy@charteredaccountants.ie

Address:
Privacy Manager,
Chartered Accountants Ireland,
Chartered Accountants House,
47-49 Pearse Street,
Dublin 2
D02 YN40

Hello, World!

Members students affiliates privacy statement

Definitions

Obligations of the Institute as Data Controller

Types of information the Institute collect

How the Institute obtains data subjects personal data

Use of personal data

Definitions

Legitimate Interest Assessment

Disclosures of personal data

Regulatory and Oversight Bodies (ROB’s)

International transfers

Third party personal data

Third party providers of information

Recipients of personal data

Updates to personal data

Retention of personal data

Data security

Data Subject Rights in relation to personal data

How to exercise privacy rights under GDPR

Republic of Ireland:

Northern Ireland:

Updates to this statement

Contacting the Institute

The latest news to your inbox

Useful links

Get in touch

Connect with us