What this policy takes into account
- the General Data Protection Regulation 2016
- the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011
- Directive 2009/136/EC of 25 November 2009 (“The European Union Cookie Directive”).
Information that we collect
We may collect and process the following data about you:
- Information about your use of our site including details of your visits such as pages viewed and the resources that you access. Such information includes traffic data, location data and other communication data.
- Information provided voluntarily by you. For example, when you register for information or make a purchase.
- Information that you provide when you communicate with us by any means.
You also consent to us transferring your information to countries or jurisdictions which may not provide the same level of data protection as the UK, if necessary for any of the above purposes. If we do transfer your information in this way, we will comply with our legal obligations as a data controller under the General Data Protection Regulation and, if we need to, put in place a contract with the companies we use to process information to ensure your details are properly protected.
Use of your information
What we do with your data
All personal information held by the Royal College of Physicians of London (RCP) will be held in accordance with the General Data Protection Regulation 2016.
The RCP collects data during membership application and registration; through subscription to activities, resources, services, and training; and through partnership activities, resources, services and training.
Why we need to collect and use your data
The RCP maintains information about members and other service users in order to provide membership benefits, educational products, and research services. Information is also retained for monitoring training, research and statistical analysis, in data comparisons to verify qualifications and to prevent fraudulent activity.
The RCP uses information about members and other service users for fundraising, including fundraising research, to further advance the mission of the RCP.
The RCP commits to using your information in accordance with your mailing preferences. Please contact firstname.lastname@example.org or log in to your MyRCP account on the website to amend your profile.
Who we share your data with outside the RCP
The RCP shares information across internal departments to improve our communications and services; and with appropriate third parties* in order to improve clinical practice, medical training and our services. The RCP will not sell information about members and other service users to third parties.
*Non-exclusive list: Department of Health; education, CPD and training programmes in higher education and the NHS; examination centres; Federation of Royal Medical Colleges [Academy of Physicians Colleges]; General Medical Council; postgraduate deaneries and overseas equivalents.
The RCP discloses personal details to appropriate suppliers, in order for members and other service users to take advantage of any discounts on products and services offered by the RCP’s partners.
How we protect your data outside the territories covered by the GDPR
All data sharing outside the EU is covered by full written agreements which include GDPR requirements.
How long we keep your data and why
The RCP collects and holds data on members and other service users in a range of systems, each with their own retention requirements. Further information is available in the full processing statements for individual systems, as below.
Full processing statements for clinical programmes and audits:
- Full processing statement for the CPD diary
- Full processing statement for education
- Full processing statement for FMLM
- Full processing statement for JRCPTB
- Full processing statements for the library, archive and museum services:
- Athens account service
- Document delivery and inter library loans service
- Literature search service
- Full processing statement for medical workforce
- Full processing statement for meetings & events
- Full processing statement for membership
- Full processing statement for MRCP (UK)
- Full processing statement for the National Guidelines Centre
- Full processing statement for the regional network
- Further information can be provided in response to individual requests, as required.
Where we got your data from, if not you
The RCP collects and holds data on members and other service users in a range of systems, each with their own data sources. Further information is available in the full processing statements for individual systems and will be provided in response to individual requests, as required.
You have the right to access all information which identifies you as a living person, held on RCP systems. You have the right to a copy of your data in a standard format, where technically possible. You also have the right to rectify factual errors in current RCP systems and processes. The above rights apply across all work areas in the RCP. If you wish to exercise these rights, contact the data protection officer: email@example.com.
The right to restrict processing, stop your data being processed or have your data deleted will vary across RCP work areas, depending on the circumstances. Further information is available in the full processing statements for individual systems and will be provided in response to individual requests, as required.
Where we use automated decision making and how this affects you
The RCP does not use automated decision making in managing either membership or service activities.
Who makes the decisions about using your data, if not the RCP
The RCP works with a range of partners to deliver membership activities, educational services and research programmes. Further information is available in the full processing statements for individual systems and will be provided in response to individual requests, as required.
Who to contact at the RCP and how to complain
If you wish to know more about how we manage privacy at the RCP, or you wish to make a complaint, contact the data protection officer: firstname.lastname@example.org.
The UK regulator for privacy law is the Information Commissioner's Office (ICO). See their website for further information on your rights.
If the use of your data changes, we will place an updated version on this page. Regularly reviewing this information ensures you are always aware of what data we collect, how we use it and under what circumstances, we will share it with other parties.
No data transmission over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, the RCP cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. Once we receive your transmission, we make our best effort to try to ensure its security both on our systems and while in transit between our systems and the companies who provide us with various services.
We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer's hard drive. Such information will not identify you personally; it is statistical data which does not identify any personal details whatsoever.
You can adjust the settings on your computer to decline any cookies if you wish. This can be done within the ‘settings’ section of your computer. For more information please read the advice at AboutCookies.org.
Our server records your visit for demographic reasons and to help us understand how you use the site. We use the information we collect to improve the site and provide better services. The information we collect is treated in accordance with the Data Protection principles outlined in the Data Protection Act 1998.
This statement was last updated May 2018.