Advice on how the membership department at the Royal College of Physicians (RCP) collects, uses and shares your information.
In this document, ‘we’, ‘us’ and ‘our’ refer to the RCP membership department. We won’t disclose your information to anyone, other than as set out in this privacy statement and any applicable terms and conditions.
The RCP will use the data collected on the membership application form to
- process and manage your application
- provide member benefits and services
- manage your membership.
This includes using your email address to send you a welcome email.
In order to deliver your member benefits, your data will be shared with:
- other RCP internal departments
- trusted partner organisations (if applicable) to process your membership card, welcome pack, renewal/reminder notices and other member benefits (eg delivery of the journal).
Your data will be retained within RCP systems in order to maintain a record of your membership and for continued cross-RCP departmental purposes eg CPD.
In addition to the above, the RCP would like to keep you informed about similar activities and services. You can keep up to date on news and events, most relevant to you, by logging on to your MyRCP account and then accessing your self-service email preference centre (‘Update your email subscriptions’).
If you do not wish to be contacted about any of our optional communications, including the president’s bulletin, please log on to your MyRCP account and access your email preference centre and then click ‘Unsubscribe’.
What do we do with your data?
We maintain information about you in order to provide you with member benefits and information on RCP activities, which involves sharing information across RCP departments:
- We will process your application, manage your membership/fellowship and provide member benefits under legitimate interest and, if you agree, contact you about other membership products and services which may be of interest to you. By processing your data under legitimate interest we will use your data in a way which might reasonably be expected as part of running our organisation and which does not materially impact your rights, freedom or interests.
- We will carry out demographic profiling for analysis in order to provide improved communication, member benefits, and products and services.
- If you are a physician associate member, we will publicly display your name and MVR number on our managed voluntary register (MVR) on the website.
- If you are selected for consideration for fellowship, we will use your data for our fellowship election process.
- If you are a student or foundation doctor member we will use your date of completion, of your medical qualification or foundation level respectively, to upgrade your membership.
- If requested, we will use your data to verify your membership or fellowship with your prior permission.
- We will use your data for relevant marketing purposes, eg the membership survey.You will be able to opt out of receiving specific marketing communications at any time using our self-managed email preference centre located within your online MyRCP account.
The data we hold includes:
- your contact details, in order to send our journals, papers, renewals, reminders and voting papers as part of your member benefits or other relevant communications
- your personal details for identification and/or profiling, eg date of birth, gender
- your career details, including career stage, current appointment and regulatory body number (eg GMC number)
- your qualification details
- your payment details, to enable us to activate and maintain your membership eg direct debit bank details
- optional personal details, eg ethnicity.
Why do we need to collect and use your data?
We will enable you to become part of a membership community, in the UK and internationally, to support and represent you throughout your medical career.
Who will information about you be shared with?
We will share your information with trusted third parties, to act on our behalf, in providing your products and services. The products and services include (if applicable):
- delivery of your welcome pack and membership card by ‘Intercard Ltd’
- delivery of renewals and reminders by the mailing house ‘Lavenhams Ltd’
- production and delivery of voting papers by ‘The Electoral Reform Society’.
We will share your information with internal departments and trusted third parties to enable them to act on our behalf in providing relevant marketing opportunities. We will only release your information in accordance with your mailing preferences. You will be able to opt out of receiving this communication at any time using our email preference centre within your online MyRCP account.
These communications include:
- information on RCP activities
- the president’s bulletin
- discounts on products and services offered by the RCP and its partners
- membership survey by ‘Trueology’
- RCP fundraising communications, including fundraising research, to
- further advance the mission of the RCP.
How will we protect your data outside the territories covered by the GDPR?
All data managed by us is held and used within the UK.
How long will we keep your personal data?
Whenever we collect or process your personal data, we will only keep it for as long as is necessary. At the end of our retention period, your data will be either: deleted, destroyed, deactivated or anonymised.
- We will keep data relating to your basic core information (including name, date of birth, UK region, country, member type, qualifications, joining and leaving dates) permanently as a historical record when your membership expires.
- Personal and contact information will be held on our database for other cross departmental purposes, such as sitting examinations, attending events or recording CPD.
- Direct debit bank details held on our database will be deleted once your direct debit is cancelled.
- Membership information held on our database will be deactivated once your membership has expired.
- We will keep your hard copy and online application forms upon joining, along with any CVs, until April of the following year for auditing purposes. Your application form will then be destroyed or deleted.
- We will keep your hard copy direct debit mandate for 7 years, to enable us to comply with any legal or regulatory requirements, and will then be destroyed.
Where do we get your data from, if not you?
If you are proposed for fellowship of the RCP then your data will be sourced from an existing fellow (the proposer).
What are your rights?
- Access to your data (GDPR Article 15) – You have the right to access all information which identifies you as a living person, held on RCP systems by making a ‘subject access request’.
- Standard format (GDPR Article 20) – You have the right to a copy of your data in a standard format, where technically possible.
The above rights are general rights which will apply across all work areas in the RCP. If you wish to exercise the above rights, please contact our data protection officer: email@example.com.
- Rectify errors (GDPR Article 16) - You have the right to rectify factual errors in current RCP systems and processes when incorrect, out of date, or incomplete.
- Data deletion, restriction or stopping its use (GDPR Articles 17 and 21) – As a member we will need to keep your data in order to provide your membership. As an ex-member we will need to keep your basic core information (eg name, location, membership type, join & leave dates) for our historical records. If your data is being used for our fellowship election process you do have the right to delete or stop your data from being used. If you wish to exercise this right please contact the deputy data protection officer: firstname.lastname@example.org.
You have the right to stop us using your data for any marketing communications by using your online MyRCP account or by clicking the ‘unsubscribe’ link in any email communication that we send you or, alternatively, by contacting us by email/telephone or in writing.
Who do you contact at the RCP and how do you complain about the use of your data?
- If you have any queries or concerns about how we manage privacy, please contact the deputy data protection officer: email@example.com.
- If you are not satisfied with how your data is handled by us, you have the right to complain by email to firstname.lastname@example.org or alternatively to the UK regulator, the Information Commissioner’s Office (ICO). Please see the ICO website for further information on the General Data Protection Regulation (GDPR) and your rights.
If the use of your data changes, we will place an updated version on this page. Regularly reviewing this information ensures you are always aware of what data we collect, how we use it and under what circumstances, we will share it with other parties.
This statement was last updated June 2018.