Privacy Policy
We are the Royal College of Surgeons of England (RCS), a charity established by Royal Charter, with charity number 212808
As part of our operations, we deal with information relating to individuals. We take the privacy of all the individuals we interact with very seriously and are committed to protecting your personal information. We comply with all applicable data protection laws and undertake to process your information in line with this policy. If you have any enquiries relating to the policy, our Data Protection Officer can be contacted on dpo@rcseng.ac.uk
This Policy sets out the basis on which any personal data we (RCS, and our subsidiaries) collect from or about you, or that you provide to us, will be used or processed by us.
1. Privacy Notices
1.1 We deal with information relating to our Membership, including those of the dental faculties; (including all past, present, future, and prospective members)
1.1.1 We deal with information relating to our membership for the purposes of providing them with various products and services and communicating with them about membership news and information, subscription fees, examination information and updates on professional issues and about the College and about College events or courses. We do this because we have a contract with members and we need to do all this under that contract. The information we deal with may include (for example) various details about members (such as contact and career details, bank details and details of their interaction with the College). Please note that for some of this information where relevant we share responsibility, we may also use information relating to members to analyse the make-up of membership in the College and we do this because it is in our legitimate interests to properly administer membership and make sure it is suitable for all members.
1.1.2 We also deal with information relating to our membership for the purposes of fundraising. The information we may use includes contact details, any donations you may have made to the RCS and other information to inform our fundraising activity. It is in our legitimate interest to further our charitable objective that we believe our membership will be interested in supporting these objectives.
1.1.3 We deal with information relating to previous members of the College and information relating to people who have attended the College’s examinations, events or courses for the purposes of verifying qualifications awarded by the College. We do this because it is in the interests of the public as one of our public tasks to maintain standards and public safety. The information we have includes (for example) names, examination outcomes and course attendances.
1.1.4 We also deal with information relating to previous members of the College and information relating to people who have attended the College’s examinations, events or courses for the purposes of membership recruitment and to market membership and events and courses to these people. We do this because we think it is in our legitimate interests to increase the membership of the College and increase attendance at events run by the College. The information we have includes various details about these people (such as contact and career details, and details of their interaction with the College). Previous members and people who have attended the College’s examinations, events or courses can always opt out of any contact we have with them or ask us to delete information we hold.
1.1.5 We will provide verification of the membership status of individuals to organisations for the purposes of employment, academia, awards and medical or dental regulation.
1.1.6 We deal with information relating to future or prospective members of the College and non-members who participate in the activities of the College, including Dental applicants, for the purpose of verifying qualifications and, for applicants for the Dental Training Initiative, processing a Certificate of Sponsorship to enable you to obtain a visa and Immigration Health Surcharge refunds (if applicable). We do this because it is in the interests of the pubic as one of our public tasks to maintain standards and public safety. The information we may require may include some sensitive data, for example, names, contact and career details, examination outcomes and details of your interaction with previous institutions, and your history and experience.
1.1.7 Your personal data may be shared within the College and, if required, with our third-party suppliers and partners. For example, survey data may be shared with members of the relevant policy committee(s). As stated in 1.1.6., please note that for some exam outcomes we deal with information about these because we are undertaking a public task. For some information we also share responsibility with the General Medical Council, General Dental Council or other relevant professional bodies, or with other Surgical Royal Colleges in Great Britain and Ireland through the intercollegiate committees. In addition, information relating to applicants for the Dental Training Initiative is shared with UKVI to obtain your CoS and with NHS Business Services Authority to process Immigration Health Surcharge refunds (if applicable). Some of this data may also be shared with your employing NHS Trust to ensure all information is correct before processing a Certificate of Sponsorship. The NHS Business Services Authority may share your data with UKVI and/or DHSC in order to process your Immigration Health Surcharge refund. Find out how NHSBSA process your information by visiting their privacy notice.
1.2 We deal with information relating to our Staff and other Employees (including job applicants, current and former employees)
1.2.1 We deal with information relating to our Staff and Individuals employed by the RCS (including Temporary Staff employed through employment agencies, and Freelance Staff) for the purposes of staff administration and recruitment. We do this in most cases because we have a contract with each such person and we need to use the information to perform that contract. However we are required to process certain information because we have a legal obligation to do so (for example, we deal with staff medical information, staff training records, health surveillance records, or other such reasons that employment law, equality law or Health & Safety legislation obliges us to.) The information we deal with may include (for example) contact details, details of current and previous employment or experience and details about salaries, finances pensions, roles, sick leave, performance, diversity, ethnicity and disabilities.
1.2.2 All of the information you provide during the recruitment process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. The information we ask for is used to assess your suitability for employment.
1.2.3 We collect pictures of employees, associations and third party visitors to print it on door passes within the building and for building security. The pictures will be also kept on the system for health and safety purposes. We collect that because it is our legitimate interest to be able to verify the identity of individuals within our building and ensure no unauthorised individuals enter secure areas. We will only retain the pictures as long as necessary for security purposes, in line with our retention schedules.
1.2.4 Third party visitors have an opportunity to upload their picture during check-in to our visitor management system before the visit to the RCSEng building site, where facial recognition software will identify them to speed up the on-site check-in process. This is optional and we do it on the basis of consent.
1.3 We deal with information relating to our Representatives and Volunteers
1.3.1 We deal with information relating to Member and Non-Member Representatives and Volunteers (for example: Trustees, Council Members, Regional Directors, Lay Advisers, etc.) for the purposes of recruiting them into roles and then providing them with information relating to their role in in the College, to update them about professional issues and the College, and to tell them about events and courses run by the College. We may also use the information to reimburse expenses where relevant. We do this because we have a contract with these people for them to carry out work, on behalf of the RCS. We also deal with this information for the purpose of updating some of them about other member volunteer roles at the College (although anyone can opt out of receiving these updates). We do this because it is in our legitimate interests to increase maximise participation and diversity in the College, and it is in our mutual legitimate interests to update the profession on professional issues and about the College. The information we deal with may include (for example) contact and career details and details of the interaction of each representative or volunteer with the College. We may also collect information about ethnicity and diversity of the non-member volunteers (or potential non-member volunteers) for the purpose of ensuring we treat everyone equally but we will only ever do this with explicit and informed consent.
1.3.2 We deal with information relating to our Examiners for the purposes of examiner administration and recruitment. We do this in most cases because we have a contract with each such person and we need to use the information to perform that contract. However we are required to process certain information because we have a legal obligation to do so (for example, we deal with medical information, training records, health surveillance records, or other such reasons that employment law or Health & Safety legislation obliges us to.) The information we deal with may include (for example) contact details, details of current and previous employment or experience and details about salaries, pensions, roles, sickness, performance, diversity, ethnicity and disabilities.
1.3.3 We deal with information relating to Faculty, Course Leaders and Course Providers (and applicants thereof) for the purposes of administration and recruitment. We do this in most cases because we have a contract with each such person and we need to use the information to perform that contract. However we are required to process certain information because we have a legal obligation to do so (for example, we deal with staff medical information, training records, health surveillance records, etc.) The information we deal with may include (for example) contact details, details of current and previous employment or experience and details about roles, sick leave, performance, diversity, ethnicity and disabilities.
1.3.4 We deal with information relating to accreditation reviewers for the purpose of course and education facility accreditation. We do this because we have a contract with these people. The information we deal with may include (for example) contact details, biographic information and payment information.
1.3.5 We deal with information relating to independent review mechanism reviewers for the purpose of undertaking invited reviews commissioned by healthcare providers. We do this because we have a contract with these people. The information we deal with may include (for example) contact details, biographic information and payment information for the reimbursement of expenses.
1.4 We deal with information relating to our Applicants and Nominees
1.4.1 We deal with information relating to candidates for assessments, examinations or certification for the purpose of administering those assessment and exams. We do this because we have a contract with those candidates and need to use the information for the purposes of that contract. The information we deal with may include (for example) contact details, details about a candidate and their history and experience, details relating to equality and diversity (although we deal with this because we have a legal obligation to do so or because it is in our legitimate interests to make a reasonable adjustment or allowance in exams for these reasons) and details relating to exams. (Please note that for some exam results we deal with information about these because we are undertaking a public task. For some information we also share responsibility with the General Medical Council, General Dental Council or other relevant professional bodies, or with other Surgical Royal Colleges in Great Britain and Ireland through the intercollegiate committees.)
1.4.2 We deal with information relating to members of the Joint Committee for Surgical Training (JCST) and its subsidiary groups, which we administer on behalf of the Surgical Colleges of Great Britain and Ireland, for the purposes of administering mandatory surgical training, and for managing recommendations for surgical certification and continuous professional development. We do this because we have a contract between the three other surgical colleges of Great Britain and Ireland to administer the JCST. The information we deal with may include (for example) contact and identification details, gender, CV details, assessments, details of training and exams.
1.4.3 We deal with information relating to Intercollegiate Surgical Curriculum Programme (ISCP) users for the purpose of Training management, Curriculum development, Quality Assurance & Reporting and Research. We do this because it is necessary for a contract we have with each of these people through the use of the ICSP tool. The information we deal with may include (for example) contact and identification details, gender, CV details, assessments, details of training and exams.
1.4.4 We deal with information relating to Trainees and Course Attendees for the purpose of Recommending for Certification & Reporting and Research purposes. We do this because it is necessary as we are carrying out a task in the public interest. The information we deal with may include (for example) contact details, gender, CV details, assessments, details of certifications and education. Please note that for some of this information where relevant we share responsibility for it with the General Medical Council, General Dental Council, other relevant professional bodies
1.4.5 We deal with information relating to applicants for grant/fellowship awards or bursary awards for the purpose of dealing with grant/fellowship awards or bursary awards. We do this because we have a contract with these people. The information we deal with may include (for example) contact details, qualifications, education and employment history and salary details. We may also deal with details of ethnicity or disability because we are under a legal obligation to do so.
1.4.6 We deal with information relating to employees of healthcare providers and employees of Health Education England (HEE) and the Schools of Surgery, Surgical Specialty Associations (SSAs) for the purposes of managing surgical tutor appointments and facilitating the appointment of consultant surgeons and dental surgeons. We do this because it is in our legitimate interests to inform us of which tutors have been appointed for references and to check availability for time away from Trusts, and to assure prospective employers of the professional training of consultant applicants. The information we deal with may include (for example) the contact details of all of these people.
1.4.7 We deal with information relating to our Honours nominees for the purpose of operating an honours system. We do this because it is in the legitimate interests of the individual surgeons and the profession which to bolster the profession and recognise exemplary work in the profession. The information we deal with may include (for example) contact details, work, research and employment history, family and biographical details. Please note that for some of this information where relevant we share responsibility for it with the HM Department for Health and Social Care, HM Cabinet Office, HM Foreign and Commonwealth Office, other relevant department in HM Government, and relevant Specialist Surgical Association or Society.
1.4.8 We deal with information relating to our ACCEA nominees for the purpose of operating a clinical excellence recognition system. We do this because it is in the legitimate interests of the individual surgeons applying and the profession which to bolster the profession and recognise exemplary work in the profession. The information we deal with may include (for example) contact details, work, research and employment history, family and biographical details. Please note that for some of this information where relevant we share responsibility for it with the HM Department for Health and Social Care, HM Cabinet Office, HM Foreign and Commonwealth Office, other relevant department in HM Government, and relevant Specialist Surgical Association or Society.
1.4.9 We deal with information relating to Nominees for Prizes, Awards & Lectureships for the purpose of giving recognition to individuals who have made notable contributions to the College or to specific fields of surgery. We do this because it is in the legitimate interests of the individual surgeon and the profession of which to bolster the profession, and recognise exemplary work in the profession or in service of the College. The information we deal with may include (for example) contact details, work, research and employment history, family and biographical details.
1.5 We deal with information relating to our Service Users
1.5.1 We deal with information relating to customers of the College for the purpose of providing goods and services. We do this because it is necessary for a contract for commercial services, or professional services that we have with each of these people. The information we deal with may include (for example) contact details and details of the contract and payment details.
1.5.2 We deal with information relating to potential and current customers of the College for the purposes of providing marketing information to them about the organisation and the goods and services offered. We do this because we have a legitimate interest in maximising the revenues from our goods and services. The information we deal with may include (for example) names and e-mail addresses of the individual.
1.5.3 We deal with information relating to ISCP users with no surgical training records (dental trainees, Specialty and Associate Specialist (SAS) doctors, Deanery/Local Education and Training Boards (LETB), etc.) for the purpose of Training management, Curriculum development, Quality Assurance & Reporting and Research. We do this because it is necessary for a contract we have with each of these people through the use of the ICSP tool. The information we deal with may include (for example) contact and identification details, gender, CV details, assessments, details of training and exams.
1.6 We deal with information relating to our Suppliers
1.6.1 We deal with information relating to suppliers to the College for the purposes of administering contracts for supplies of products, goods and services to the College. We do this because we have a contract with those suppliers. The information we deal with may include (for example) contact details, insurance details and financial details. We also deal with information relating to suppliers (and individuals employees at suppliers) for the purpose of maintaining contact lists of people the College can call on to supply the College. We do this because it is in our legitimate interests to maximise the availability of suppliers to the College. The information we deal for this purpose are names and contact details.
1.6.2 We deal with information relating to Identifiable Individuals for the purposes of course and examination administration, and for surgical research. We do this because we have the explicit consent with those individuals. The information we deal with may include (for example) names and images of individuals, medical scans, or other biological material.
1.7 We deal with information relating to our Donors and Prospective Donors
1.7.1 We deal with information relating to our Donors and Prospective Donors for the purposes of fundraising. We do this because it is in the legitimate interests of the College to raise money to further our activities. The information we deal with may include (for example) contact details, publicly available details of trusteeships of companies and charities. However, where we are fortunate enough to deal with a donor to the College, we also deal with information related to that donor for the purpose of processing a donation and we do this because of a contract with that donor. Also sometimes we need to supply details about a donor and any donation to HMRC for Gift Aid purposes (which we do because it is a legal obligation to do so).
1.7.2 How much of this information we collect depends on the type of relationship we have with you and the information we build in the course of your relationship with us. We do not store information that is classed as 'sensitive' or 'special category' personal data (meaning data relating to health (physical or mental); ethnicity; political, religious or philosophical beliefs; trade union membership, sex life; or genetic/biometric identifiers) or any data regarding criminal offences that you share with us, unless there is a clear and valid reason for us having to process this particular data that complies with applicable law, primarily that we have your explicit consent, and/or that you have made that information public and/or we have to process that data in connection with a legal claim.
1.8 We deal with information relating to our Visitors
1.8.1 We deal with information relating to visitors to the College for the purposes Visitor management and building security, of keeping records of individuals accessing the RCS building, of which we have a legitimate interest to do; and any accidents in the College of which we do because we have a legal obligation to do so. The information we deal with may include (for example) contact details of the visitors.
1.9 We deal with information relating to our Contacts
1.9.1 We deal with information relating to employees of an NHS Trust and employees of HEE and the School of Surgery to notify them about professional issues or about the College and we do this because it is in our mutual legitimate interests to inform them about the College, or to inform them about issues in the surgical profession which may have an impact on the individuals.
1.9.2 We deal with information relating to Medical directors, Clinical directors and NHS leaders and Specialty Association contacts for the purpose of providing information relating to their role (where relevant) and to update them about professional issues. We also use this information to market courses and events run by the College. We do this because it is in our legitimate interests as we need to work with these individuals, to conduct business with them and it is in our mutual legitimate interests to be updated about professional issues and professional events and courses. The information we deal with may include (for example) contact details and details of each individual’s interaction with the College. All these people can always opt out of marketing communications we have with them or they can ask us to delete information we hold for marketing purposes.
1.9.3 We deal with information relating to previous visitors to the College, and interested members of the general public for the purposes of providing marketing information to them about the organisation, and public events being held in the College. We do this because we have received explicit consent from the individuals to provide them with the information. The information we deal with may include (for example) names and email addresses of the individual.
1.9.4 We deal with information relating to Media and Key Stakeholder Contacts (including MPs) for the purpose of dealing with the media, the public and their representatives. We do this because it is in our legitimate interests to maintain a good profile in the press and with the public. The information we deal with may include (for example) contact details and publicly available information.
1.9.5 We deal with information relating to our Health Industry Contacts for the purpose of providing marketing information to them about the organisation. We do this because it is in our legitimate interests to market to these people. The information we deal with may include (for example) contact details.
1.9.6 We deal with information relating to Non-member individuals sign-ups for marketing to the College for various purposes which are: (i) to update them about professional issues or about the College; and (ii) to notify them about and market events and courses run by the College. We do this only to the extent that we have the specific and informed consent of these individuals to use that information for each of those purposes. The information we deal with may include (for example) various details on these individuals (such as contact and career details, and details of their interaction with the College).
1.10 We deal with medical records
1.10.1 We deal with information relating to medical records as part of Clinical Effectiveness Unit (CEU) and the Research department for the purposes of research, medical improvement, audit and when we maintain a register. Records that include health information are categorised as special category data. CEU runs a number of projects, details for which can be found here. Please refer to the relevant project sites for more information about legal basis of processing.
2. Transferring Information Outside The European Economic Area (EEA)
In some circumstances your information may be transferred outside the EEA. This is usually where we are providing a service you have applied for where delivery is outside of the EEA, such as an exam or a course. The countries we transfer information to may not have similar data protection laws as in the UK. If you are applying for, or helping us deliver, a service delivered outside of the EEA, you are agreeing to this transfer of data.
If we transfer your information outside of the EEA, we will take steps to ensure your data is secure. We work with trusted service providers, such as the British Council, and require them to hold information securely and confidentially.
3. Your Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal information, as summarised below.
You have the right to:
3.1 Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
3.2 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
3.3 Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
3.4 Object to processing of your personal information where we are relying on a legitimate interest (of our own or of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
3.5 Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
3.6 Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
3.7 Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact our DPO at dpo@rcseng.ac.uk. We aim to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive - alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
4. Your right to lodge a complaint with the ICO
If you feel that we have not handled information relating to you properly, or if you have contacted us about how we use that information and are unhappy with our response, you have the right to lodge a complaint with the Information Commissioner’s Office.
By phone: 0303 123 1113
Online: https://ico.org.uk/concerns/
5. Our Website
Your use of our website signifies your consent to us collecting and using data about you as specified below in accordance with this policy statement.
5.1 How do we collect information about you and how is it used?
- You may provide personal information when contacting or communicating with us, and we may keep a record of that correspondence
- You may use our services and give your name and e-mail address to make a comment about our services or website.
- We will collect information about your tastes and preferences, both when you tell us and by analysis of customer traffic, including using "cookies".
- It may be that you provide us details of credit or debit cards or bank accounts in making payment to us. Any such information (confidential financial information) will be disclosed only in accordance with the disclosure policy below.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
- We may use personal information collected about you through cookies to help us develop the layout of our website to ensure that our site is as useful and enjoyable as possible.
- We may use personal information collected to let you know about functions on our website or changes to our terms and conditions of use.
- Personal data provided to us by third parties in accordance with the law.
5.1.1 IP addresses
We may sometimes collect information about the computer or device you use to access our sites, including where available your IP address, operating system and browser type, for system administration.
5.1.2 Traffic data
We may provide aggregate statistics about sales, customers, traffic patterns and information to third parties, but these statistics will not include any information that identifies you or any individual personally.
5.2 Uses made of the information
We use personal data held about you in the following ways:
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us (for example, our newsletters) or which we feel may be of interest to you. This may be by post, email or other electronic means where you have expressly consented to be contacted for such purposes, or if you have purchased goods or services from us previously, we may contact you with information about similar goods or services that may be of interest.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to any service we have contracted to provide you with.
We will not pass your information on to third parties other than our contractors, suppliers or agents who we use to provide services that you have requested or who help us provide those services. We do not sell or rent your personal data to third parties and shall only permit selected third parties to use your data.
5.3 Security
All information you provide to us is stored on secure servers in the European Union. Any payment transactions will be encrypted using SSL technology and any credit, debit card or payment details you submit online will be processed and held by our third party payment processor, Barclaycard. We do not hold credit or debit card data ourselves.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do what we reasonably can to protect your personal data and we have had this website security tested by a third party, we cannot guarantee the security of your data transmitted to our site and any such transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to protect your personal data against unauthorised or unlawful access or accidental loss, destruction or damage.
6. Disclosure policy
We may disclose your personal information to third parties:
In the event that our organisation merges, transfers its assets or is acquired in which case your personal data may be one of the merged, transferred or acquired assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to establish, defend or enforce our legal rights or to protect the rights, property, or safety of The Royal College of Surgeons of England, our customers or others with whom we interact. This includes exchanging information with other organisations for the purposes of fraud protection and credit risk reduction or the police or regulatory authorities.
7. Changes to our privacy policy
Any changes we may make to our privacy policy in the future will be posted on this page and you should check this page to make sure that you have seen the latest version.