This statement relates to the Institute of Certified Public Accountants in Ireland (CPA Ireland) privacy practices in connection with our website, and its obligations under the Data Protection Acts and Regulation (EU) 2016/679 General Data Protection Regulation (GDPR). The purpose is to describe how we collect and use personal data, including disclosures to third parties, if necessary.
Who we are
The Institute of Certified Public Accountants in Ireland (CPA Ireland) is one of the main Irish accountancy bodies with over 5,000 members and students. The CPA designation is the most commonly used designation worldwide for professional accountants and the Institute’s qualification enjoys wide international recognition.
The role of the Institute is to:
- regulate CPAs in accordance with the law and the Institute's Code of Ethics in the public interest;
- ensure that CPAs are constantly up to date in all matters relating to their professional work;
- maintain the highest levels of educational standards for new entrants to the profession,
- represent the interests of our members where appropriate.
Personal data is any information which CPA Ireland collects or holds, or which is provided by an individual, from which an individual can be directly or indirectly identified.
CPA Ireland collects personal information directly from its members, students, prospective members and students, non-members who avail of our services and other customers, from third parties or through use of our products and services. Typically this information is limited to the information that can be found on a business card: first name, last name, job title, employer name, work address, work email, and work phone number.
We may also need to collect information confirming an individual’s identity, e.g. date of birth, identity card, home contact details, etc. We use this information to provide members, students and customers with goods and services, including membership services, certification, training, and the like. Data protection and the EU General Data Protection Regulation is intended to give individuals control over how their personal data is used, assigning specific rights.
CPA Ireland does not collect any personal data about you on this website, apart from information which you volunteer by e-mailing us via the website, by submitting an online inquiry form or feedback form or by using the CPA Ireland newsletter sign-up facility.
Cpaireland.ie contains links to other sites. CPA Ireland is not responsible for the privacy practices of these other sites. We encourage you to be aware of this when you leave cpaireland.ie, to read the privacy statements on other web sites you visit. This privacy statement applies solely to information collected on cpaireland.ie.
For general web browsing, no personal information is revealed to us, although certain statistical information is available to us via our Internet service provider and our use of Google Analytics tracking software. It is not CPA Ireland’s policy to identify individual visitors or to associate technical details with any individual.
Examples of the data we hold on individuals includes, but is not limited to:
- Identity/Contact: First name, last name, gender, date of birth, nationality, home address, work address, phone numbers, email addresses, membership number.
- Membership: Membership designation, member type, qualifications, employment history, CPD courses attended, CPD hours, exam results and sittings, mentors, etc.
- Financial: transactional history, orders and invoices, payments and receipts.
- Content: photographs or video content of events hosted which may be used on our website, publications, marketing material or other CPA Ireland channels.
- Legal: Companies Registration Office (ROI) returns, Companies House (UK), Revenue, HMRC, IAASA, Central Bank, etc. Specific information is required for CPA Ireland directors.
- Other: to comply with certain CPA Ireland’s regulations and processing requirements, we may collect request additional information relating to health issues. Our Fit and Proper Declaration form may mean individuals are required to disclose relevant details on criminal convictions or offences.
We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of CPA services. We do not store credit card details or personal bank details for individuals on our systems or databases.
Legal bases for using your personal data
The legal bases we rely on to process your personal data are as follows:
Performance of contract
We process your personal data in order to provide you with the products or services associated with your membership, student or other contractual arrangements
We are required to process personal data to comply with various legal and regulatory obligations, such as Central Bank of Ireland, IAASA, etc.
We may request your consent to process personal data for specific purposes, or explicit consent in order t process any special categories of data that you provide, e.g. health related data.
We will process your personal data in our normal operations as a membership Institute. For example, debtor management, analysis of trends to determine what CPD courses to produce, direct marketing of events, etc.
When and how we share information with others
Information about CPA purchases and membership or registration credentials for members, students and customers are held in association with your membership account. The personal information collected is stored on one or more secure databases, some of which are hosted by third parties. These third parties do not use or have access to your personal details other than for storage or retrieval.
We retain information for as long as is necessary to fulfil the purposes for which it was obtained, or as required or permitted for legal, regulatory and legitimate business purposes, including dealing with any claims or disputes that might arise in relation to services we provide.
Following the publication of examinations results, student examination answer scripts will be retained:
- During the period within which a ‘re-check’ may be applied for plus one additional month, or
- In the case of an examination script where a re-check is applied and paid for, one month after the end of the completion of the re-check process.
- The GDPR provides the following rights for individuals in relation to your personal data:
- The right to be informed. This relates to how we collect and use your personal data. It also relates to the provision of correct information to ensure any processing is conducted on accurate information.
- The right of access. You have the right to request a copy of your personal data, commonly know as subject access
- The right to rectification. You have the right to have incorrect data put right.
- The right to erasure. Also known as the ‘right or to be forgotten’. You have the right to request that all personal data is deleted. Although not an absolute right and only applies in certain circumstances.
- The right to restrict processing. Again, not an absolute right and only applies in certain circumstances.
- The right to data portability. This allows individuals to obtain and reuse their personal data for their own purposes across different services.
- The right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data being used for direct marketing.
- Rights in relation to automated decision making and profiling.
More detailed information on rights in relation to your personal data is available on the Data Protection Commission’s website.
Data Privacy contact
Cpaireland.ie is owned and operated by the Institute of Certified Public Accountants in Ireland (CPA Ireland). Should you have any queries or complaints about how we process your data or with regard to this privacy statement, please contact us as follows:
By email to: firstname.lastname@example.org
By telephone to: +353 1 (0) 4251000
By post to: The Institute of Certified Public Accountants in Ireland, No 17 Harcourt Street, Dublin 2, Ireland.
You also have the right to make a complaint to the Data Protection Commission where you feel that our rights have not been appropriately handled by us. Their website www.dataprotection.ie contains all the necessary details on raising a concern or issue, and they can be contacted as follows:
Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland.
Phone +353 (0761) 104 800 | LoCall 1890 25 22 31 | Fax +353 57 868 4757 | email email@example.com