Education Directorate GDPR Processing Statement
 

Under the General Data Protection Regulation (GDPR), the RCP must provide comprehensive information on how records and information about living people are being collected, used and disposed of. This processing statement explains what data the education department holds about you, why we hold it, how we protect it and how you can access your rights.

What we do with your data
We collect your personal data to develop and deliver training and other education services. We also collect data to get a better understanding of our learners and their engagement with the education activities we provide. Collecting this data helps us to continually develop our education activities and allows us to tailor our services.

The RCP may also use your data to contact you about other services and activities that may be of interest.

Why we need to collect and use your data
For services to RCP members the data that we collect is held under the legal basis of legitimate interest.

For services provided to other medical practitioners, the data that we collect is held under the legal basis of contract.

As a provider of education services we need to collect personal data that identifies our leaners and enables us to communicate regarding the provision of education. Some of the data collected helps us to get a better understanding of our learners and their engagement with the education activities we provide. Collecting this data helps us to continually develop our education activities and allows us to tailor our services.

Who we share your data with outside the RCP
The RCP has an obligation to comply with CPD audit processes. To comply with CPD audit activity, we will share your data with the Federation of Royal Colleges.

If you have studied on a programme delivered in partnership with another organisation, for example with a university partner, we will share data with the other organisation to ensure that we can deliver the education activity.

How we protect your data outside the territories covered by the GDPR
If you are attending an education activity in person at a location outside the EU or online and delivered on behalf of a partner outside the EU, the collection, storage and sharing of your data will be protected via a contract with the partner.

How long we keep your data and why
We hold your data for 6 years. This ensures we comply with CPD audit requirements and provides you with time to request evidence of completion of an education activity.

We hold data from learners who access our revision support for the length of time a learner may require access to our revision service. If you access our revision support we hold your data for 6 years.

If you study on a programme with a university partner that carries academic credit, we hold data indefinitely so that we can provide confirmation of academic credit.  

Where we got your data from, if not you
If you are taking part in an education activity that is delivered in partnership with a partner organisation we may have accessed your data through their registration systems.

Your data rights

Access your data

You have the right to access all information which identifies you as a living person, held on RCP systems.

 Any requests for information about RCP activities or processes are considered individually and reasonable access to non-confidential data is usually provided. These requests are managed by the specific work areas, as appropriate.

You have the right to request access to data about you held on RCP systems and request a copy of that data. This is known as a subject access request (SAR). To make a SAR, contact the data protection officer here history@rcplondon.ac.uk.  

Standard format

You have the right to a copy of your data in a standard format, where technically possible.

You also have the right to rectify factual errors in current RCP systems and processes. The above are general rights which will apply across all work areas in the RCP. If you wish to exercise these rights, contact the DPO.

Stop your data being used

We hold your data for 6 years. This ensures we comply with CPD audit requirements and provides you with time to request evidence of completion of an education activity.

If you have studied on a programme with a university partner that carries academic credit, we hold data indefinitely so that we can provide confirmation of academic credit. Therefore we cannot delete your data.  

If you have accessed our revision support or believe that your data is not being held to comply with the CPD audit or for the confirmation of academic credit you can request for that data to be deleted. Contact us at education.courses@rcplondon.ac.uk

Your request will be acknowledged within 5 days and a formal response will be sent within one month. 

Who to contact at the RCP and how to complain
If you wish to know more about how we manage privacy at the RCP, or you wish to make a complaint, contact the data protection officer.

The UK regulator for privacy law is the ICO. See their website for further information on your rights.

If the use of your data changes, we will place an updated version on this page. Regularly reviewing this information ensures you are always aware of what data we collect, how we use it and under what circumstances, we will share it with other parties.

We keep this processing statement up-to-date. Please refer to this statement for the latest description of how we process personal data.

Shopping Cart

Your cart is empty