GDPR privacy statement – General
Who we are
This is the privacy statement of the Royal College of Physicians and Surgeons of Glasgow, including its subsidiary company, Fifteen Ninety Nine Limited.
How we use your personal information generally
This privacy statement explains how we collect and use personal information about you.
In general terms, we collect and use personal information to:
- deliver our services to you and meet our legal responsibilities
- verify your identity where this is required
- contact you by post, email or telephone
- understand your needs and how they may be met
- maintain our records
- process financial transactions, including subscriptions, VAT, fees etc.
- update you on College activities or events that may interest you
- prevent and detect crime, fraud or corruption.
The personal information we hold about you
We will only collect information about you to fulfil the purposes stated above. We will only collect your information where we have a clear purpose for doing so.
The information we may hold in our databases is as follows:
- your name
- your address
- your date of birth
- your contact details, including email and telephone numbers
- your place of work
- your educational history with the College
- courses/events you may have attended
- your examination results for examinations you have sat at the College
- events you may have held at the College, including weddings or dinners
- services you may have provided to the College on a voluntary basis, such as examining at College exams, or providing educational activity
- your bank details for collection of direct debits.
In some circumstances it may be necessary for us to hold the following:
- your spouse/partner’s details
- your dietary requirements for you or your spouse/partner
Information we hold about you will be supplied by you directly, or may be passed to us by another Royal College where there is an intercollegiate agreement to provide examination or membership services.
The College will not share your information with 3rd parties unless it is necessary to provide our services to you.
The College has a data retention schedule and personal data will not be kept longer than is necessary for its purpose. Different categories of Personal data will be retained for different periods of time. Personal data will be destroyed or erased from the College’s systems when it is no longer required.
The College has a duty to retain information including personal data relating to data users and data subjects, for a period of time following their departure/cessation of engagement with the College, mainly for statutory or legal reasons, but also for other purposes such as being able to provide references, or for financial reasons, for example relating to pensions and taxation.
The College may keep personal data stored for longer periods insofar as the data will be processed solely for archiving purposes in the public interest, or scientific, historical, or statistical purposes but such data is subject to the implementation of appropriate safeguards.
Using our website
When someone visits www.rcpsg.ac.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitors’ behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Our website search and decision notice search is powered by Google. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either the Royal College of Physicians and Surgeons or any third party.
Security and performance
Activity from IP addresses is logged for security and fault finding purposes. We use a 3rd party security service, however, no data is directly shared with this company.
Access to your information – You have the right to request a copy of the personal information about you that we hold.
Correcting your information – We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Deletion of your information – You have the right to ask us to delete personal information about you where:
- You consider that we no longer require the information for the purposes for which it was obtained
- We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information below
- You have validly objected to our use of your personal information – see Objecting to how we may use your information below
- Our use of your personal information is contrary to law or our other legal obligations.
Objecting to how we may use your information – You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
Restricting how we may use your information – in some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your personal information but you don't want us to delete the data. Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Automated processing – if we use your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you. Marking of our multiple choice examinations is carried out electronically by scanner. This process is anonymised.
Withdrawing consent using your information – Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us in any of the ways set out in the Contact information and further advice section if you wish to exercise any of these rights.
Changes to our privacy statement
We keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained by emailing the College Data Protection Officer at DPO@rcpsg.ac.uk, or in writing to the address below.
This privacy statement was last updated on 4th May 2018.
Contact information and further advice
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office.
Contact details are: