Please note, our office and phone lines will be closed from 23rd December to 3rd January. All queries will be responded to in the new year. 

privacy statement

Introduction

For the purposes of this privacy statement, caba is the Data Controller. Your privacy is important to caba. This privacy statement sets out how we'll process and protect your data, in line with the current legislation, through appropriate organisation and technical security measures/processes. It also describes your rights in relation to that data.

caba reserves the right to make changes to this statement as necessary. When we do so we'll make previous versions available on request so you can see what these changes are. If any such changes alter key aspects of the notice or its meaning we'll notify you of those changes in advance. We encourage you to occasionally review caba.org.uk/privacy-statement for information on our latest practices.

1. How caba collects personal data

You can give us your personal data in a number of ways.

Information you provide to us directly when you:

  • register your details with us
  • enquire about our services
  • sign up to attend a course
  • make a donation
  • use our online resources
  • communicate with us through our website

When you use our website we'll collect your personal information using 'cookies' and other tracking methods. For more information on the cookies and tracking methods we use please refer to caba's cookie policy at: caba.org.uk/cookie-policy

Information provided to us indirectly:

  • your information will be shared with us by the ICAEW when registering or renewing your membership

Your information may also be shared with us by 3rd parties, for example:

  • independent event organisers, for example when we jointly support an ICAEW event or provide a workshop at your firm


2. What information caba collects

  • Personal data: name, date of birth, gender and title
  • Contact data: postal address, email address and telephone number
  • Membership data: ICAEW number, registration date and District Society
  • Student data: ICAEW number, registration date and contract type
  • Information about your activities on our website
  • Your bank details where you provide these to make a payment or we're making a payment to you
  • Where you have enquired about our services, information relating to your circumstances to enable us to process your request
  • Any other personal information you provide to us


3. How caba uses your personal data

Eligibility verification

As a charity supporting past and present ICAEW members and their families, caba has a legitimate interest in retaining your personal data in order to confirm both your eligibility and that of your family members to access our services.

Marketing
We'd like to send you marketing communications to keep you up to date with the wide range of support available to you, but we'll only do so if you provide us with your consent. You can change your mind and opt out of this type of communication at any time by following the directions included in those communications. Should you not opt out, any consent provided will expire automatically after 5 years, unless subsequent consent has been provided in that time.

  • Profiling: As part of our marketing activities caba use profiling techniques that match information such as your registered contact address to a profile. This will indicate, for example, whether you live in a remote rural area or a city centre location. We'll use this information to reduce the quantity of communications that we send and to make sure they're as relevant as possible
  • Online advertising: In order to make our online advertising more relevant and maximise visibility to only those eligible for caba's services, we'll display advertisements on 3rd party sites such as Facebook using emails registered with us to highlight user accounts


Data validation
It's necessary for compliance with our legal obligations to make sure the data we hold is as accurate as possible. As well as contacting you directly to check that the data we hold is correct, we also have an obligation to use appropriate 3rd parties to ensure that the data we retain about you is accurate. We only use reputable sources where information is available to the public.

Accessing our services
When you request our support or access our services, we'll process additional personal information so we can provide you with the appropriate support that enables us to fulfil our contract with you. When we need to process special category data, for example, information about your health, we'll do this as part of our legitimate activities as a not for profit body. caba can use 3rd parties as either specialist providers of our services or to liaise and instruct organisations on your behalf. We'll always let you know before we share your information with any 3rd party and, where the information we share contains special category data, we'll always ask for your consent first.

Research and feedback
We may contact you directly or through selected research companies to request your participation in research and/or feedback as a legitimate interest in order to better understand our community and to continually improve the services we provide.

Management reporting and business planning
We produce internal documents and measures as a legitimate interest in order to monitor our own activities to help us review our performance and plan appropriately for the future.

Cookies and other forms of online tracking
When visiting caba's website, we'll ask if you wish to accept cookies and features that collect your IP address and data on which pages you're visiting on our site. For up-to-date information on this, please refer to caba's cookie policy at: caba.org.uk/cookie-policy

caba membership
Where you register as a member of caba we'll process your details as a legitimate interest to support the administration of our membership records.

Gift Aid declarations
If you make a donation to caba and authorise Gift Aid, it's necessary for compliance with our legal obligations that we process the required data in line with guidance set out by the Financial Conduct Authority and other UK legislation.

Disclosures required by law
The law can require the disclosure of information for various reasons, in such circumstances caba must comply with those requests.

4. Sharing

In the course of business caba may share information with carefully selected organisations we engage with to provide certain services. These include:

  • our helpline provider
  • specialist service providers
  • organisations we liaise with on your behalf
  • event organisers/training facilitators
  • business partners, suppliers and sub-contractors who may process information on our behalf
  • data validation services
  • research organisations
  • data storage services, including cloud storage and data management
  • financial organisations such as banks and building societies

Please note that outside of the EU member states, privacy laws may not be equivalent to those provided by the GDPR. In such countries, caba will still handle data as described in this document, ensuring appropriate security measures in line with legislation.

5. Protecting your data

caba ensures the highest levels of security, both technical and organisational when collecting and processing data, and when your data is in transit. This is regularly reviewed to ensure those measures remain effective and up-to-date with current technologies.

6. Retention of data

To ensure we're able to confirm eligibility for our services, we retain your basic personal data as a legitimate interest to ensure that we can provide lifelong support. For this reason we'll retain these records indefinitely/for life unless you object or request to engage your right to be forgotten.

caba have specific criteria to determine how long we'll retain other information which are determined by legal and operational considerations, for example tax or the continuity of service provision.

7. Social media

Social media features and widgets are either hosted by a 3rd party or hosted directly on our site. Your interactions with these features are governed by the privacy policy of the company providing that service.

Depending on your own settings or the policies of social media and messaging services such as Facebook, WhatsApp or Twitter, you may be providing caba and other organisations access to certain information. You should check with those services to ensure you're happy with that information being shared.

8. Children

If and when we collect information from children, we'll process that information in an age appropriate manner.

If a child is under 16 years of age we'll seek consent from a parent and guardian.

9. Your rights

Current legislation provides you with the following rights for in relation to the processing of your personal data:

  • The right to be informed about our processing of your personal data
  • The right to request access to your personal data and information about how we process it
  • The right to rectification, to have your data corrected if it's inaccurate and to have incomplete personal data completed
  • The right to have your personal data erased (the 'right to be forgotten')
  • The right to restrict processing of your personal data
  • The right to move, copy or transfer your personal data ('data portability')
  • The right to object to processing of your personal data and
  • Rights in relation to automated decision making including profiling
  • To find out more about what these rights mean for you, refer to the Information Commissioner's website: ico.org.uk

10. Contact

If you have any questions regarding this statement or you wish to discuss your data, you can contact caba's Data Protection representative at [email protected] or by writing to:

Michael Smith
caba
Merrett House
Swift Park
Old Leicester Road
Rugby
CV21 1DZ

June 2018 - version 1.1