Privacy Statement

INTRODUCTION TO ICDL FOUNDATION AND THIS NOTICE

We are ICDL Foundation with company number 259212 and address at Level 1, The Chase, Arkle Road, Sandyford, Co. Dublin, D18 Y3X2, Ireland. We are the controller of, and responsible for, your personal data collected on our website.

ICDL Foundation ( “ICDL”) respects your right to privacy and this statement sets out the ICDL’s policy towards safeguarding information which you disclose to us.  Any personal information which you volunteer to ICDL will be treated with the highest standards of security and confidentiality, strictly in accordance with applicable data protection rules, including the General Data Protection Regulation (the “GDPR”).

In any case, where ICDL asks you for personal information, such as your name and address, from which you can be identified on an individual basis, we will only do this where we require that information for specific purposes, for example registration.  In every case, we will let you know what we intend doing with that information before collecting it.  

Types of information we collect

We collect information, which includes personal data, about our students, prospective students, non-member customers, partners and prospective partners, prospective employees, and the directors, officers, employees, agents and/or authorised signatories of other regulatory and oversight bodies, ICDL’s suppliers, service providers, vendors and other commercial entities with which ICDL deals, member’s firms, law enforcement, and members of the public with whom we interact (collectively “individuals”) for the purposes of and in connection with ICDL’s dealings with those individuals and/or relevant commercial entities.  You may be such an individual.

Personal data means any information which ICDL has or obtains, or which you provide to ICDL, and specifically your name, address, email address, phone number(s), title or position, date of birth, gender, employment status, employment details, employer address, work email, work phone, work experience, bank details, credit/debit card details, CV, exam records and educational details from which you can be directly or indirectly personally identified.  Some of this personal data may be special category personal data, namely data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health or sex life or sexual orientation.

We may also collect certain statistical and other analytical information collected on an aggregate basis relating to all visitors to our Website.  This non-personal data comprises information that cannot be used to identify or contact you, such as demographic information regarding browser types, mobile device equipment, mobile network and other anonymous statistical data involving the use of the website. We collect this information to help us monitor traffic and enhance your experience of the website.  Please see further detail on this in our cookie notice on this page.

How we obtain your personal data

We will obtain some of your personal data directly from you where we interact directly with you in the course of our business.  We may also obtain personal data directly from you through the website, including (i) when you make an enquiry about our programmes, modules, services or events (ii) when you sign up to our mailing list, or (iii) when you apply for a position with ICDL.

Our cookie notice also sets out details of the targeting or advertising cookies, which will collect and use your personal data, which are used by or via our website.This information may be collected indirectly from a variety of sources, such as other regulatory and oversight bodies (including where you request that such bodies provide information directly to us), your employer, the commercial entity which you represent, and publicly available sources including media reports and social media, such as LinkedIn.

Use of personal data

ICDL will use the personal data where necessary:

For the purposes of performing our contract with you, or in anticipation of you becoming a partner, test centre or student achieving an ICDL certification, namely:

1. for the purpose of providing services to you, registering you as a partner, test centre or student, register for ICDL certification, providing certification when achieved and other related administration services, as the case may be;
2. for the collection fees associated with ICDL certification resources, subscription fees and certification fees;
3. for training and registration of ICDL Accredited Testers and ATC Coordinators;
4. to deal with your queries or complaints.
5. Where we have a legitimate interest in using it, including:
   1. for the purposes of managing our contracts and relationships with our partners, students, stakeholders, suppliers, service providers, vendors and other commercial entities;
   2. for the purposes of discharging our regulatory obligations including, without limitation, audits, ongoing monitoring, and certification or accreditation of you or your orgnaisation or employer, including without limitation as an audit firm or insolvency practitioner;
   3. for the processing of complaints and disciplinary matters in accordance with the ICDL’s Disciplinary Bye-Laws, Regulations, policies and guidance (this includes, without limitation, undertaking in-house ethical, investigatory and disciplinary proceedings howsoever called);
   4. maintenance of and/or provision of information to public registers;
   5. ensuring compliance with CPD requirements
   6. for day to day operational and business purposes;
   7. board and council reporting and management purposes;
   8. management of the benevolent association;
   9. in the event of a merger, reorganisation or disposal of, or a proposed merger, reorganisation of disposal of all or any part of our business;
   10. to take advice from our external legal and other advisors.
6. For compliance with our legal obligations, including:
   1. for the purposes of discharging our regulatory obligations including, without limitation, assessment, ongoing inspection and monitoring, and certification or licensing of you or your firm or employer, including without limitation as an audit firm or insolvency practitioner;
   2. to comply with our obligations under anti-money laundering law and regulations;
   3. for the processing of complaints and disciplinary matters in accordance with the ICDL’s Disciplinary Bye-Laws, Regulations, policies, and guidance (this includes, without limitation, undertaking in-house ethical, investigatory and disciplinary proceedings howsoever called);
   4. maintenance of and/or provision of information to public registers;
   5. tax and regulatory reporting obligations;
   6. Where we are ordered to disclose information by a court with appropriate jurisdiction.
7. Where use or sharing is for a legitimate interest of a third party to which we provide the personal data, including for day to day operational and business purposes.
8. Where necessary to establish, exercise or defend legal rights or for the purpose of legal proceedings.
9. If we need and you have given your consent to use of your personal data for a particular purpose. 

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purposes and applicable laws.  If we need to use your personal data for a purpose unrelated to the original purpose for which we collected it, we will notify you and we will explain the legal basis which allows us to do so.

Disclosures of personal data

We will not disclose any personal data to any third party, except as outlined above and/or as follows:

1. to enable us to carry out the obligations under and enforce our contracts with our partners, suppliers, service providers, vendors and other commercial entities;
2. to anyone providing a service to us or acting as our agent, as data processors, or for the purposes of providing services to us and on the understanding that they will keep the personal data confidential and only process it in accordance with our instructions and the GDPR;
3. where we need to share personal data with our auditors, legal and other advisors;
4. where we are required or requested to share information with another regulatory or oversight body, including where a candidate requests that we confirm details with such bodies;
5. where you are a candidate and your employer is your sponsor, we will share your personal data with your employer
6. in the event of a merger or proposed merger, any (or any proposed) transferee of, or successor in title to, the whole or any part of our business, and their respective officers, employees, agents, and advisers, to the extent necessary to give effect to such transaction;
7. if the disclosure is required by law or regulation (including but not limited to anti-money laundering law and regulations), or court or administrative order having force of law, or is required to be made to any of our regulators or law enforcement agencies;
8. the Institute may generally share personal data with another Recognised Accountancy Body (“RAB”) where it perceives there is a legitimate interest in doing so.

The following is a list of regulatory and oversight bodies with which we interact and share personal data including but not limited to the Irish Auditing and Accounting Supervisory Authority, the Central Bank of Ireland, the Financial Reporting Council, the Office of the Director of Corporate Enforcement, An Garda Siochana, Revenue Commissioners Ireland, Central Bank of Ireland, National Crime Agency, Office for Professional Body AML Supervision (“OPBAS”), GB/NI Insolvency Service, other RABs, Disciplinary Panel Members, Committee Members and External Disciplinary Committees.

ICDL Foundation collects the following from this website:

Technical information:

Technical details are logged for statistical and other administrative purposes. No information that could be used to identify website visitors is collected or retained. The technical details logged are confined to the following items:

• the IP address of the visitor’s web server
• the top-level domain name used (for example .ie, .com, .org, .net)
• the address of the website that sent the visitor to our website, possibly including search terms used to find our website
• data that shows how users have moved around this website (for example, pages accessed, the order in which they were accessed, or documents downloaded)
• information about the type of computer that the website visitor used (for example, the operating system, web browser, or type of mobile device used)

ICDL will make no attempt to identify individuals, or to associate the technical details listed above with any individual.

Embedded content from other sites:

Articles on this website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

LEGAL BASES

We process your Personal Data in accordance with applicable data protection law. Based on the specific circumstances, the legal basis for our processing is one of the following:

Consent

In certain cases, where required under the law, we process your Personal Data based on your specific and informed consent. For example, where you have opted-in to receive our marketing information you have voluntarily submitted your information and will be asked for consent, we may use your information to send you news and newsletters, special offers, and promotions, or to otherwise contact you about our services, or provide you with information you have specifically requested.

Legal Obligation

We may process your Personal Data when we need to comply with a legal obligation, meet our on-going regulatory and compliance obligations, including in relation to recording and monitoring communications, and regulatory or governmental bodies, and to investigate security incidents and prevent crime.

Legitimate Interest.

We process Personal Data where it is necessary for our legitimate interests (or those of a third party). This includes activities related to everyday business operations, such as administrative tasks like troubleshooting, data analysis, system maintenance, support, reporting and hosting. We also use data analytics to improve our website, marketing, client and customer relationships and experiences in order to develop our business and inform our marketing strategy

We only process your Personal Data in accordance with this Notice and applicable data protection law.

We may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using that data.

We will only use your Personal Data for the purposes for which we collected it, unless we believe that we need to use your Personal Data for another reason that is compatible with the original purpose. If we intend to process Personal Data for an unrelated purpose, prior to that processing we will explain the legal basis that allows us to do so.

THIRD PARTY DISCLOSURES

We will not disclose your Personal Data to third parties unless required by law to do so, or as otherwise set out in this Notice.

It is the policy of ICDL Foundation never to disclose technical information in respect of individual website visitors to any third party other than a web statistics service provider.

We may share your Personal Data with other companies in the ICDL Group to undertake consolidated group corporate services, reporting services and functions, or to provide us with administration and ancillary services.

We may also share information with our third party service providers who provide services to us. Categories of service providers include customer support service providers, data analytics providers, IT professional service providers, data hosting providers, and records-storage companies.

INTERNATIONAL TRANSFERS

ICDL Foundation operates on a global basis. As such, your Personal Data may be transferred and stored in locations outside the European Economic Area (“EEA”) that have different standards of data protection. We will take appropriate steps to ensure that the transfer of Personal Data is in accordance with applicable law and is managed carefully to protect your data protection rights. If we transfer your Personal Data outside the EEA, we will ensure a suitable level of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• we will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
• we may use specific contracts approved by the European Commission that give personal data the same protection it has in Europe.

Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data outside the EEA.

SECURITY MEASURES

We follow industry practice and guidance to inform us of the ways we can maintain information security. We maintain Personal Data on secured servers and all user accounts are password protected. No security or safeguards can ever be completely effective, but we take commercially reasonable efforts to employ security measures to protect Personal Data. We do not knowingly disclose your Personal Data to third parties except as described in this Notice. Unfortunately, since data transmission over the internet cannot be completely secure, we cannot guarantee or warrant the security of any information transmitted to us.

RETENTION

We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes it is provided for. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of further communications or interaction.

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data, whether we can achieve those purposes through other means, and the applicable legal, regulatory or other retention requirements.

You have the right to request deletion of your Personal Data. Please see “Your Legal Rights” below for further information.

COOKIES AND TRACKING

YOUR LEGAL RIGHTS

If you are resident in the European Union, you will the following rights as a data subject under European data protection law.

• right to access the data
• right to rectification;
• right to erasure;
• right to restriction of processing or to object to processing;
• right to data portability; and
• right to withdraw your consent.

While some of these rights apply generally, certain rights apply only in specific circumstances and are subject to certain exemptions under applicable data protection law.

We will at all times endeavour to promptly respond to any request regarding your personal data but you may also contact our lead supervisory authority, the Irish Data Protection Commission (“DPC”) or exercise any of your other rights pursuant to data protection law. Information about how to do this is available on the DPC’s website at https://www.dataprotection.ie.

HOW TO CONTACT US

If you have any questions about this Notice or our data protection practices please contact us. You can send an email to dataprotection@icdl.org or write to us at: Data Protection Queries, ICDL Foundation, Level 1, The Chase, Arkle Road, Sandyford, Co. Dublin, D18 Y3X2, Ireland.

You will not have to pay a fee to access your Personal Data or to exercise any of the other data subject rights. However, if your request is clearly unfounded, repetitive or excessive we may charge a reasonable fee or we could refuse to comply with your request. We try to respond to all legitimate requests within one month. In some cases it could take us longer than one month if you have made a number of requests or if your query is particularly complex. In this case, we will let you know and update you regularly.

UPDATES TO PRIVACY NOTICE

We reserve the right to amend this Notice from time to time. We encourage you to visit and review this Notice periodically.

Copyright

© 1997 – 2023 ICDL Foundation SRL. All rights reserved.
ICDL Foundation, ICDL Europe, ICDL, ECDL and related logos are registered business names and/or trademarks of ICDL Foundation.