Purpose of this notice
This privacy notice describes how we (“CLA Global”, “we” or “us”) collect and use your personal data, in accordance with the GDPR, UK GDPR, the Data Protection Act 2018 and other applicable data protection legislation (collectively “Data Protection Law”).
The privacy notice specifically covers information we may gather about you while you use our intranet, or other systems (collectively, “Systems”) where your data may be collected and used.
For the purposes of this privacy notice, we are a data controller.
We facilitate a global network of accountancy and advisory firms. These firms may become members of the network, where firm personnel may contact other member firms and their personnel for purposes including professional development, cross-referring, and client-service opportunities.
CLA Global refers to CLA Global Limited, a company limited by guarantee incorporated in England and Wales (registered number 14032746), CLA Global Brand Limited, a company limited by guarantee incorporated in England and Wales (registered number 14032779), and CLA Global Services Limited, a company limited by guarantee incorporated in England and Wales (registered number 14032629), all of whose registered offices are at 5 Fleet Place, London, England, EC4M 7RD.
Type of Personal Data Collected
As we facilitate the network, we may collect and process the following personal data in order to provide the services to the members of the network:
- Contact and personal details, including name, postal address, date of birth, employer name, CV, phone number, email address, relevant business profiles (such as LinkedIn).
- Business activities and personal profile, for example relevant business experiences and qualifications.
- Photographs if a person wishes to provide such information (this could be displayed as part of a person’s or member profile, or as part of their registration to an event).
- Any information that a person may provide as part of any contribution to an event or webinar.
- Communication and marketing preferences which may be submitted through use of our Systems.
- Information that is shared with us when making an enquiry or request for certain information.
- Any necessary dietary or access requirements when registering for an event or webinar (if applicable).
- When you visit our intranet pages (or other applicable websites), we may automatically collect information such as:
- Technical information, including IP addresses, your login details, browser type and version, time zone settings, browser plug-ins, operating systems and platforms; and
- Information about your visit to the intranet (or other applicable websites), including the URL click-stream when navigating our website, any searches you have conducted, page interaction and methods used to browse away from our website.
We may collect sensitive personal data if you provide any necessary dietary requirements by reference to religion and/or health conditions or if you provide accessibility requirements by reference to health conditions. We will only process such data where we have your consent to do so.
Most of the personal data we process is provided to us directly by a person who is interacting with us as part of the role with, or employment by, a network member, however, we may also gather information from other sources such as the network member itself (in some cases, as your employer). This will only occur where your employer applies to join our network and asks us to provide an individual with access to our Systems.
Use of Personal Data
We will only process your personal data in accordance with applicable laws and Data Protection Laws. These purposes may include:
- producing an international directory of member firms and employees to provide a search function for our network;
- recording of events, webinars and conferences to individuals who have signed up for events, webinars and conferences and making those recordings available;
- to operate and maintain our Systems, including keeping member contact details up to date;
- to check any potential conflicts across the network;
- for internal record keeping, such as audits and reviewing files;
- to personalise your experience and interaction with the network and Systems;
- to enable our consultants, suppliers and service providers to carry out certain functions on our behalf, including payments processing, verification, technical, logistical or other functions necessary to provide services to you and to our network members;
- to ensure the security of our organisation, including the prevention or detection of fraud or abuses of our website and Systems;
- resolving any potential disputes, if you lawfully exercise your rights as a data subject or to contest any part of our services;
- to carry out marketing activities and send personalised marketing communications, where you have agreed that we may do so, so that we can keep you updated about our services or the network;
- to develop and improve our service and the network, for example, by reviewing visits to our website pages, to identify any areas of improvement; and
- to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.
Legal Grounds for Processing
We may process your personal data for the reasons set out below. Please note that we may process your personal data for more than one of the following reasons.
- Legitimate interests – we may process your personal data for our own legitimate business interests so as to be able to effectively facilitate the network and deliver services.
- Legal obligations – we may process your personal data if we are subject to any legal or regulatory obligations. We may also keep certain records to demonstrate that the services we deliver, and the provision of the network are in accordance with any legal or regulatory obligations.
- Consent – we may process your personal data if you provide us with your consent. Where consent is the sole basis for processing your personal data, you may withdraw your consent at any time for the processing purposes that consent was given.
- Contractual performance – if you represent a member of the network, or your employer is a member, then processing of your personal data may be necessary for the performance of our contract with you or them.
We will hold and store your personal data for as long as is necessary for the purposes for which it is collected.
If a member leaves the network, any personal data that we hold will be deleted once the personal data is no longer required.
Security of Data
We take the security of your personal data seriously and have put in place appropriate technical and organisational measures to ensure the safeguarding of your personal data. Such measures are to prevent your personal data from being accidentally lost, accessed without authorisation, disclosed without authorisation or altered. We have appropriate measures and policies in place to address a data breach in the event one should occur.
We limit access to your personal data to those who require it, in order to deliver any services to you. Third parties will access the personal data on our instruction only.
As mentioned above, we will share your personal data with third parties where we are required to do so by law and where it is necessary to deliver services to you.
As the network we facilitate is a global network, your personal data may be transferred to members and member firms outside of the UK and the European Union. All personal data that we transfer, will be transferred with adequate protections in place. Where we transfer personal data, we rely on the Standard Contractual Clauses, as adopted by the European Commission on 4 June 2021, supplemented as applicable by the UK ICO Addendum.
Third parties with whom we may share personal data include:
- Our employees or consultants;
- Other network members through use of the network directory;
- Our member firms’ ultimate clients through the display of your professional profile on our website;
- CLA Global Services Limited, for the purposes of developing documents for internal purposes and/or documents to be circulated amongst the network, such as brochures;
- CLA Global Brand Limited, who are to hold the intellectual property in such documents to be used to provide services and assist in our delivery of the network;
- Third party services providers, such as: IT service providers; professional advisory services, administration services, marketing services, payment providers or banks, event service providers.
- to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, merger, sale, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your personal data will be permanently transferred to a successor;
- to legal advisors so that they can provide us with advice or to manage or litigate a claim; and/or
- to any other third party (including our third-party event sponsors) if we have your consent to do so.
As a data subject, you are prescribed rights under Data Protection Law. These rights may include:
- right of access – you have the right to ask us for copies of your personal data.
- right to rectification – you have the right to ask us to correct personal data that we hold about you, that you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- right to erasure – you have the right to ask us to erase or delete the personal data we hold about you in certain circumstances.
- right to restriction of processing – you have the right to ask us to restrict the processing of your personal data in certain circumstances.
- right to object to processing – you have the right to object to the processing of your personal data that we hold about you, in certain circumstances.
- right to data portability – you have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
Should you wish to exercise any of your rights, please contact: dataprotection@CLAglobal.com.
Right to Complain
If you have any concerns about the way we handle and process your personal data, you may make a complaint to us at: dataprotection@CLAglobal.com.
You may also make a complaint to the UK’s regulatory authority, the Information Commissioner’s Office, if you are unhappy with the way that we have used your personal data.
The ICO may be contacted via their website: https://www.ico.org.uk
Third Party Links
We may update this privacy notice from time to time. It is your responsibility to familiarise yourself with this policy so that you are aware of how we handle your personal data.