Privacy Notice

About the Royal College of Physicians of Edinburgh

The Royal College of Physicians of Edinburgh (the College) helps qualified doctors to pursue their careers in specialist (internal) medicine through medical examinations, education and training. We also provide resources and information to support and facilitate professional development for physicians throughout their careers. Our building, located in Edinburgh, is a popular venue for conferences, meetings, exams, training, weddings and other celebratory events.

Data Privacy

We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

The data we collect

We may collect the following information in the course of your use of this website

  • anonymised site usage data including demographic information such as location, preferences and interests
  • contact information including email address through completion of our contact form
  • order and deliver information using the memento ordering site section
  • application data required for Student & Foundation, Associate or Collegiate membership from those using our on-line membership application forms
  • any other information you supply to us through entering them into the site

We use this information to assist with making improvement so our website and a range of College services, to provide assistance where requested and to fulfil membership applications.

 

Additional information for Fellows & Members

Our lawful basis for obtaining and using your data

Article 6 of the UK GDPR Regulations concerns the “Lawfulness of Processing” and the following three definitions provide the College’s legal bases for processing data in relation to the College:

6(1) (b) – Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract

 

When you apply and renew your membership you are entering into a membership servicing contract with us. In order to perform this contract we need to process and store your data. For example, we may need to contact you by email or telephone to verify your information or if there are problems with your payment.

 

6(1) (f) – Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject

 

For the duration of your membership, the Royal College of Physicians of Edinburgh has a genuine and legitimate reason to take forward the College’s objectives of ensuring that patients receive the highest standards of care by providing members with lifelong education and training opportunities for their continued professional development. In doing this we will collect and process additional personal information for purposes that are required for these legitimate interests, and also in the interest of improving the membership services we provide. We will only do this if there is no overriding prejudice to you by using your personal information in this way. 

 
6(1) (a) – Consent of the data subject

Any other personal data we collect based on consent will only be used for the stated purpose and not be shared with third parties except where we have specified this may happen.

 

 

The data we collect

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

The information we ask for is used to maintain a record of you as a member, and in some cases also as an office bearer, and to maintain up-to-date contact information.

The information we will process includes:

  • Contact details – home and professional
  • Exam results with related communications and correspondence
  • Continuous Professional Development records
  • Fellowship proposal information
  • Place of work, role, specialty and interest
  • Communication preferences
  • Subscription fee payment requests

You may also be asked to provide equal opportunities information, so we can promote equality and diversity. This is not mandatory information – if you don’t provide it, it will not affect your status with the College. This information will not be made available to anyone outside of the College in a way which can identify you. Any information you do provide will be used only to produce and monitor equal opportunities statistics.

 

What we do with your data

We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this, we use data that we have stored about you, such as your specialty and interest, the events you have registered for in the recent past, as well as any preferences you may have told us about, to personalise the communications you receive and the on-line services you use. 

We use our legitimate organisational interest as the legal basis for promotional communications by post and email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy. In the case of email, we will give you an opportunity to opt out of receiving College promotions and newsletters or to choose which you would like to receive through setting your College email communication preferences. You can alternatively use the contact details at the end of this policy to request changes to the way we stay in touch by email. 

We may also contact you about our work by telephone however we will always get explicit consent from you before doing this. Please bear in mind that this does not apply to telephone calls that we may need to make to you related to your membership subscription, to respond to your requests for assistance or where we are having difficulty contacting you by email. 

In additional to promotional communications, we also process personal information in the following ways that are within our legitimate organisational interests:

  • We may analyse data we hold about you to ensure that the content and timing of communications we send you are as relevant to you as possible. 
  • In order to improve our website we may analyse information about how you use it and the content and ads that you interact with. You may also see promotions from us on social media that are tailored to your interests. 
  • For the purposes of ensuring membership records are up to date we may check details on databases used by the Federation of Royal Colleges of Physicians in the UK, the GMC etc.
  • We may analyse data we hold about you in order to identify and prevent fraud. 

Any credit/debit card data user to pay for your subscription is not stored on our website but is processed securely through the WorldPay Payment Gateway. If you use credit or debit card to make a payment in person by telephone or by postal mail, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).

When we share your data

Your membership data will not be shared with any external third party other than:

  • Where the College has your express consent to do so,
  • Where the College has a legal obligation,
  • Where there is a Royal College intercollegiate data sharing agreement approved by Council
  • We may share your data with our own service providers who process data on our behalf and on our instructions, such as with providers of print services or postal mailing services. In these cases we make every effort to ensure that these third parties comply strictly with our instructions and with relevant data protection laws.

How long we keep your data

We store your personal information for the duration of your membership. We will retain your data in entirety for a period after your subscription ends and a subset of this data thereafter.

We will keep any records relating to financial transactions for a period of seven years.

How you can access your data

To make an informal request for any personal information we may hold you should in touch with our Membership team at the contact details provided below.

You can contact the Membership Team at memsubs@rcpe.ac.uk

Additionally Fellows & Members can find out which personal information we hold by making a ‘subject access request’ under the GDPR. Where we hold information about you we will provide:

  • A description of what we hold.
  • An overview of why we are holding it.
  • Details of who it could be disclosed to.
  • A copy of the information in a suitable format within 30 days.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

Additional information relevant to applicants for membership, MTI or employment with the College

Our lawful basis for obtaining and using your data

Article 6 of the UK GDPR Regulations concerns the “Lawfulness of Processing” and the following three definitions provide the College’s legal bases for processing data in relation to the College:

6(1) (b) – Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract

 

When you submit your application to us you are entering into a servicing contract with us. In order to perform this contract we need to process and store your data. For example, we may need to contact you by email or telephone to verify your information or if there are problems with your payment.

 
6(1) (a) – Consent of the data subject

Any other personal data we collect based on consent will only be used for the stated purpose and not be shared with third parties except where we have specified this may happen.

 

The data we collect

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

The information we ask for is used for the application process and to updatd contact information where you are already a member or client in some other capacity. The information we will process includes:

  • Contact details – home and professional
  • Other details to support your:
    • membership application
    • MTI application
    • job application

You may also be asked to provide equal opportunities information, so we can promote equality and diversity. This is not mandatory information – if you don’t provide it, it will not affect your application with the College. This information will not be made available to anyone outside of the College in a way which can identify you. Any information you do provide will be used only to produce and monitor equal opportunities statistics.

What we do with your data

Your data will be used for the purposes of processing your application and any additional information about the use of your data will be given with the application form. If you agreed to receiving promotional communications from us it will be used for these purposes.

Any credit/debit card data user to pay for your application is not stored on our website but is processed securely through the WorldPay Payment Gateway. If you use credit or debit card to make a payment in person by telephone or by postal mail, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).

When we share your data

Your application data will not be shared with any external third party other than:

  • Where the College has your express consent to do so,
  • Where the College has a legal obligation,
  • Where there is a Royal College intercollegiate data sharing agreement approved by Council
  • We may be required to share your data with our own service providers who process data on our behalf and on our instructions, such as with providers of print services or postal mailing services. In these cases we make every effort to ensure that these third parties comply strictly with our instructions and with relevant data protection laws.

How long we keep your data

We store your personal information for the duration of the application process. Successful applicant data will be transferred to the relevant internal system. We will retain applications for unsuccessful applicants for a period that allows for re-submission of applications

We will keep any records relating to financial transactions for a period of seven years.

How you can access your data

To make an informal request for any personal information we may hold you should in touch with our Membership team at the contact details provided below.

You can contact the Membership Team at membersupport@rcpe.ac.uk

Additionally applicants can find out which personal information we hold by making a ‘subject access request’ under the GDPR. Where we hold information about you we will provide:

  • A description of what we hold.
  • An overview of why we are holding it.
  • Details of who it could be disclosed to.
  • A copy of the information in a suitable format within 30 days.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

Additional information for Examiners

We need to store examiner information to allow us to organise exams and to provide you with relevant and timely information about the examinations that we deliver. 

Our lawful basis for obtaining and using Examiner data

Article 6 of the UK GDPR Regulations concerns the “Lawfulness of Processing” and the following three definitions provide the College’s legal bases for processing data in relation to the College:

6(1) (b) – Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract

 

When you apply to become an examiner for the College and Federation  we need to process and store your data. For example, we may need to contact you by email or telephone to convey information in relation to examination arrangements. Fellows and Members of the College will have additional data stored – please see the College policy.

 
6(1) (f) – Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject By providing your time to assist the College with examinations, you are helping us take forward the College’s objective of ensuring that patients receive the highest standards of care, by providing members with lifelong education and training opportunities for their continued professional development. In doing this we will collect and process additional personal information for purposes that are required for these legitimate interests, and also in the interest of improving the examination services we provide. We will only do this if there is no overriding prejudice to you by using your personal information in this way.
6(1) (a) – Consent of the data subject

Any other personal data we collect based on consent will only be used for the stated purpose and not be shared with third parties.

 

 

The data we collect

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.

The information we ask for is used to maintain a record of you as an examiner, and to maintain up-to-date contact information.

The information we will process includes:

  • Name
  • Professional and/or home address
  • Specialty
  • Telephone number(s)
  • Email address(es)
  • GMC number
  • Examiner number
  • Fellowship/Membership of RCPE, RCPL, RCPSG
  • Questions as required by MRCP(UK) Central Office for census / compliance purposes

 

What we do with Examiner data

We use your data to:

  • Contact you about exams
  • Allocate you to a PACES centre(s) of your choice and record any examining activity
  • Assist with your accommodation requirements
  • Process any legitimate expense claims in relation to your examining commitment
  • Inform the relevant centre/Host Examiner of your details and any special requirements/assistance that you might need
  • Inform MRCP(UK) Central Office of compliance responses and any other relevant information in relation to examining.

In additional to examination related emails, we also process personal information in the following ways that are within our legitimate organisational interests:

  • We may analyse data we hold about you to ensure that the content and timing of communications we send you are as relevant to you as possible. 
  • In order to improve our website we may analyse information about how you use it and the content and ads that you interact with. You may also see promotions from us on social media that are tailored to your interests. 
  • For the purposes of ensuring examiner records are up to date we may check details on databases used by the Federation of Royal Colleges of Physicians in the UK, and the GMCWe may analyse data we hold about you in order

When we share Examiner data

Other than where the College has a legal obligation or in delivering services related to the legitimate interests previously outlined data will not be shared with any external third party unless the College has your express consent to do so. We will share data when necessary with the administrative teams in RCPL, RCPSG, MRCP (UK) Central Office and hosts/admin exam teams.

The information shared may include:

  • Name
  • Professional address
  • Specialty
  • Telephone number(s)
  • Email address(es)
  • GMC number
  • Examiner number
  • Fellowship/Membership of RCPE, RCPL, RCPSG

In the process of delivering examination services we may be required to share your data with our own service providers who process data on our behalf and on our instructions, such as with providers of print services or postal mailing services. In these cases we make every effort to ensure that these third parties comply strictly with our instructions and with data protection laws. 

How long we keep Examiner data

We will store your personal information and details of your examining record for the duration of your time examining for us. We will retain your data in entirety for seven years after your examiner activity ends, and a subset of this data thereafter.  

How you can access your Examiner data

To make a request for any personal information we may hold, you should contact the College Examinations team at the details provided below.

You can contact the RCPE Examinations team on 0131 247 3612 (open Monday-Friday, 9am-5pm UK time)

Additionally, examiners can find out which personal information we hold by making a ‘subject access request’ under the GDPR. Where we hold information about you we will:

  • Give you a description of it.
  • Tell you why we are holding it.
  • Tell you who it could be disclosed to.
  • Provide you with a copy of the information in a suitable format within 30 days.

If you agree, our Examinations team will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

Additional information for conference, training & event customers

Purpose

We are committed to protecting your personal information and being transparent about any information we hold about you.

Using personal information allows us to develop a better understanding of our customers and to provide you with relevant and timely information about the work we do.

This statement explains how we collect and use the information we receive from you.

The lawful basis for obtaining and using your data

Article 6 of the UK GDPR Regulations concerns the “Lawfulness of Processing” and the following three definitions provide the legal basis for the College to process data in relation to its business

6(1) (b) – Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract When you register to attend a conference, course or other event you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example, we may need to contact you by email or telephone in the case of cancellation of an event, or if there are problems with your payment.
6(1) (f) – Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject For RCPE Education events we may collect and process additional personal information for purposes that are in our legitimate organisational interests and in the interest of improving the educational events we provide. However, we only do this if there is no overriding prejudice to you by using your personal information in this way.
6(1) (a) – Consent of the data subject Personal data we collect will only be used as described here and not be shared with third parties however where event organisers have requested that a specific third party are provided with some limited information about those registering for their event we will request your explicit consent during the event registration process.

 

The data we collect

We keep a record of, and process, data when a transaction is made through the events booking process on this website, in person, by telephone, by email or in writing. This can include information such as your name, email address, postal address and telephone number. Any information related to payment will be processed through a secure payment gateway as soon as possible and will then be securely destroyed. We will store for a period a record of your event registration and payment record.

When we send you a mailing we store a record of this, and in the case of emails we keep a record of which ones you have opened and which links you have clicked on. When you visit our website, we collect information about how you interact with our content.

We occasionally receive information about you from third parties. For example, when an RCPE event is taking place at an external venue and where an appropriate data sharing agreement is in place.

What do we do with your data?

We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as which events you have booked to attend in the past, as well as any preferences you may have told us about.

We use our legitimate organisational interest as the legal basis for communications by post and email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy. In the case of email, we will give you an opportunity to opt in to receiving them during your first purchase with us. We will provide you with an option to unsubscribe or change your preferences in every email we send you. Alternatively you can use the contact details at the end of this policy.

We may also contact you about our work by telephone. However we will always obtain explicit consent from you to do this this. Please bear in mind that this does not apply to telephone calls that may be necessary for events you are attending or payment arrangements for those events.

Other processing activities

In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:

  • We may analyse data we hold about you to ensure that the content and timing of communications that we send are as relevant to you as possible.
  • To improve our website we may analyse information about how you use it and the content and adverts that you interact with. You may also see promotions from us on social media that are tailored to your interests.
  • To ensure membership records are up to date, we will share data with the the College Membership team.
  • For the smooth running of events, we may share data with front-of-house staff.
  • We may analyse data we hold about you in order to identify and prevent fraud.

Any credit/debit card data used to pay for an event is not stored on this website but is processed securely through the Eventbrite website. If you use credit or debit card to make a payment in person by telephone or by post, we will ensure that this is processed securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).

When we share your data

Your personal details and event registration data will not be shared with any external third party other than:

  • Where the College has your express consent to do so,
  • Where the College has a legal obligation,
  • We may be required to share your data with our own service providers who process data on our behalf and on our instructions, such as with providers of print services or postal mailing services. In these cases we make every effort to ensure that these third parties comply strictly with our instructions and with relevant data protection laws.

How long we keep your data

We store your personal information indefinitely so that for subsequent registrations or purchases that you make we are able to link these to a single unique record that we hold for you on our system.

How you can access your data

To access your booking and payment data online please go to the EventBrite website. If you are a College members you can also update your preferences our main website.

Alternatively, you can contact the College on +44 (0)131 247 3600 (open Mondays-Fridays, 9am-5pm).

What can you do if you want to complain about how your data is being used?

The College greatly values the relationship it has with its customers and aims to resolve any issues relating to data protection informally, efficiently and amicably. We will respond quickly to any requests to change your preferences, correct errors with the data we hold, provide access to your data or, if necessary, erase your data. If any matter cannot be resolved by us for you then you may wish to discuss the issue further with the ICO (Information Commissioner’s Office).

 

Security

We continue to implement appropriate measures to ensure your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect and hold online.

 

Controlling our use of your personal information

You have a choice about whether or not you wish to receive information from us.  If you are a current Fellow & Member, client or customer our communications to you will be to support your use of the range of College services that are relevant to your relationship with us. If we have your permission we may promote other College services that may be of interest. If you do not want to receive this type of promotional communication from us then you can select your choices by ticking the relevant boxes on those forms on which we collect your information.

You may choose to restrict our use of your personal information for promotional communications in the following ways:

  • whenever you are asked to fill in a form on the website you will be asked to indicate whether you do or do not want your personal information used for direct marketing purposes
  • if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time:
    • write to us at Membership, Royal College of Physicians of Edinburgh, 9 Queen Street, Edinburgh EH2 1JQ
    • email us at webmaster@rcpe.ac.uk
    • members can update their preferences within the secure membership area
    • if you receive marketing emails from us you will always be able to unsubscribe using the link at the bottom of the email

We will not distribute your personal information to third parties unless we have your permission or are required by law to do so.

 

Other Rights

If we do hold personal data about you, you can:

  • Request that incorrect data is amended.
  • Ask for data to be erased where there is no longer an ongoing need for processing.
  • Specify that access to your data to be restricted.
  • Request that any object you have to the processing of your personal data is considered.
  • Ask not to be contacted as part of any fundraising activities.

If you wish to exercise any of these rights please contact us using the details below.

You may get further assistance with our use of your data by contacting our Data Protection Officer. You can also request details of personal information which we hold about you under your rights within GDPR by requesting this from our Data Protection Officer. To do this write to:

Data Protection Officer, Royal College of Physicians of Edinburgh, 9 Queen Street, Edinburgh EH2 1JQ.

or email dpo@rcpe.ac.uk .

For information on your individual rights in relation to the General Data Protection Regulation (GDPR) please see: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

 

Other third party services

Our website incorporates some integrated features that are operated by third parties some of which are hosted within EU and U.S. based data centres. More information on the steps these providers take to ensure the privacy of your data can be found here:

Eventbrite data privacy information

Google analytics privacy policy

YouTube - data privacy information

Vimeo - data privacy information

 

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

 

This privacy notice was last updated November 2024.