Last Modified: May 2018
At ifac Group, we take your privacy seriously. It is important that you know exactly what we do with personal information that you and others provide to us, why we gather it and what it means to you. This document is being provided to you in line with our obligations under the General Data Protection Regulation (GDPR), which will come into force on 25 May 2018. From that date, the GDPR, together with applicable Irish requirements, will amend existing data protection law and place enhanced accountability and transparency obligations on organisations when using your information. The GDPR will also introduce changes which will give you greater control over your personal information, including a right to object to processing of your personal information where that processing is carried out for our business purposes.
Please take time to read this notice carefully. If you are under 16 years of age, please read this summary with a parent or guardian and ensure you understand it.
This summary explains the most important aspects of how we use your information and what rights you have in relation to your personal information.
Collection and use
Information we collect
- At registration and engagement - you provide us with information about you in the context of your engagement with us and your use of our Services. For example, you may provide us with information about your identity and your business.
- For website enquiries – you provide us with information such as your name, title, company address, areas of interest, email address, and telephone and fax numbers, when you visit or use our website and enquire for further information.
- At events and for marketing - you provide us with your information such as your name, place of work and contact details, when you sign up to or attend our events or otherwise engage with our business.
- For support - you provide us with information by sending us emails via the contact form on our website. These messages will necessarily contain your email name and email address, as well as any additional information you may wish to include in the message.
- When submitting a curriculum vitae (CV) – you provide us with certain information when you send us your CV and we can consider you for roles at ifac.
- Automatically from your device – we automatically collect certain information from your browser or device when you use certain Services or read a message from us. For example, we collect data regarding the device you’re using, such as its unique identifier and operating system; logs will be recorded by our servers based on the information sent from your app or browser; and information may be recorded by cookies and similar technologies when you use the Services.
- From third parties – we receive information from other third parties, which may include information about you. For example, we may receive information from the Revenue Commissioners and other regulatory authorities and public bodies
Our legal bases for processing
- as necessary to provide our Services;
- further to your consent where you have given it (which you may revoke at any time);
- if necessary to comply with a legal obligation, a court order or to exercise and defend legal claims; and
- where necessary for the purpose of our or others’ legitimate interests.
Exceptionally, in infrequent and highly specific situations, we may also process your information:
- to protect your vital interests, or those of others; and
- where necessary in the public interest.
Our legitimate interests
In certain cases, we use your information to pursue our and others’ legitimate interests, which include:
- Providing and improving our Services: we use your information as necessary to pursue our legitimate interests in providing, developing and improving the Services.
- Marketing: we use your information as necessary in accordance with our legitimate interests of marketing our Services to you.
- Safety and security of our Services: we take safety and security seriously. We rely on both our and your legitimate interests to monitor the safety and security of IT systems to protect against fraud and ensuring network and information security.
How we use your information
We use the information we have to help us operate, provide, improve, understand, customize, support, and market our Services. We use the information we have about you in the following ways and for the following purposes:
- Providing the Services, for example assurance, tax or advisory services;
- Maintaining and using relevant IT systems, in particular systems which we use to enable us deliver the Services;
- Quality and risk management reviews, undertaken either by our regulators or internally by us for compliance purposes;
- Communicating with you, including providing information about us and our range of services;
- Analysing request and usage patterns so that we may enhance the content of our Services and improve website navigation. When sending emails, we may carry out certain analytics on the messages sent, such as whether the message has been opened, how many times it has been opened, and your topic preferences;
- With your permission, to contact you with information about ifac’s business, services and events, and other information which may be of interest to you. You may unsubscribe from our mailing list at any time by contacting us or clicking on the ‘Unsubscribe’ link in our messages; and
- Legal obligations, such as to comply with any requirement of law, regulation, or a professional body of which we are a member.
We do not collect or compile information for dissemination or sale to outside parties for consumer marketing purposes, or host mailings on behalf of third parties.
Your information may be transferred outside the country where you are located in connection with the provision of the Services. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide equivalent protection for your information.
We have taken steps to ensure all information is provided with adequate protection and that all transfers of information outside the EEA are lawful. We will only transfer information outside of the EEA to a recipient who (i) is located in a country determined by the European Commission as providing an adequate level of protection for information; (ii) is subject to an agreement, derogation or other legal act which allows for the lawful transfer of information outside the EEA, such as the European Commission standard contractual clauses or the EU-US Privacy Shield.
We recognise that your information is important to you and we take appropriate measures to protect your information while it is in our care. We have implemented appropriate technical and organisational security measures in order to protect your information from unauthorised or unlawful disclosure, loss, misuse, alteration, destruction damage to such information.
Individuals have certain rights over their information and controllers are responsible for fulfilling these rights. As outlined, in certain circumstances, we act as a controller of your information. We have therefore provided information below about the rights that individuals have and how to exercise them.
Access to information
We like to keep your information accurate and up to date. If you would like to access or update your information, or you would like details of the information which you have submitted to us, please do so via the original registration page or please email us at firstname.lastname@example.org.
If we are informed that any information we hold is no longer accurate, we will make appropriate corrections based on the updated information provided.
Restriction, Rectification and Deletion
You can request that we restrict, rectify or limit our processing of your information by contacting us. You can also request that we delete your information.
If we process your information based on our legitimate interests explained above, or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
If you no longer want to receive our marketing emails, you can always opt-out by contacting us or by clicking on the unsubscribe link in the relevant email which you have received.
Withdrawal of consent
Where we’ve asked for your consent to process your information, and you want to withdraw that consent, you can do so at any time. To withdraw consent to our processing of your information please email us at email@example.com.
In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
We hope that you won’t ever need to, but if you do want to complain about our use of your information, please send an email with the details of your complaint to firstname.lastname@example.org.
You also have the right to lodge a complaint with the Data Protection Commission (“DPC”), the Irish data protection regulator. For further information on your rights and how to complain to the DPC, please refer to the DPC website or contact the DPC using the following details:
Office of the Data Protection Commission
Our contact information
Ifac Privacy Team
Old Naas Road