Skip to main content

Privacy policy

The RCOG is committed to protecting your privacy. This policy tells you how we collect, store and manage personal information to comply with the requirements of current data protection legislations. You can also read the College’s Data Protection Policy.

The Royal College of Obstetricians and Gynaecologists (the College) is a Data Controller for much of the personal information we collect and use These include current, past and prospective trainees, members, staff, suppliers, clients, customers, and others with whom we have business, or with whom we communicate.

We are a small organisation with less than 250 employees, so we do not have a Data Protection Officer. This function is shared between the Senior Information Risk Officer (SIRO) and the Head of Information Governance. Our address is in the footer below and our email address is dataprotection@rcog.org.uk

We consider the lawful and correct treatment of personal information as essential to the efficient and successful conduct of our business. We recognise that it is crucial to fostering and maintaining the confidence of our main stakeholders and the wider public.

We are committed to ensuring we treat personal information lawfully and correctly, and recognise that there are safeguards to ensure this in data protection law. The following privacy policy statement tells you what, how and when we collect, process, share and destroy the personal data collected for our business.

Please see our Data Protection Policy for further details on our commitment to data protection, including definitions of key terms used here.

 

Our purposes for processing personal information

The purposes for which we collect, process, share and store your personal information are:

  • To provide you with training, education, research and other support throughout RCOG examinations (including the MRCOG and DRCOG), developing sub-speciality expertise, continual professional development, Advanced Training Skill Modules, and Advanced Professional Modules
  • To manage and deliver RCOG examinations
  • To manage, administer and deliver your specialty training with the College
  • To manage, administer and enable your membership of the College
  • To provide you with access to RCOG products and services
  • To manage and administer the College’s committees, groups and operations
  • To manage, administer and performance monitor all of our staff and volunteers including direct employees, workers, honorary contractors and freelancers
  • To collect and process feedback on the College (including our products and services) or the O&G profession to inform our work
  • To recruit staff, officers, committee members and RCOG representatives
  • To assist NHS Trusts with independent reviews into their obstetric and gynaecological (O&G) services
  • To develop O&G healthcare through dedicated research projects
  • To cascade O&G knowledge, learning and expertise globally
  • To deliver meetings and events held at the College or elsewhere
  • To raise money for the College through dedicated activities and fundraising
  • To manage your registration on the College website
  • To keep you informed of O&G related events and activities either run by, commissioned or supported by the College.

 

Our lawful bases for processing personal information

Personal data processing must have a lawful basis for processing, these are listed in our Data Protection Policy. The College uses the following three lawful bases most:

  • Consent – where the individual provides informed consent to the processing of their data. When using consent we will:
    • check that consent is appropriate
    • make the request for consent prominent and separate from terms and conditions
    • ask people to “opt in
    • use clear, plain language that is easy to understand and do not use pre-ticked boxes
    • specify why we want the data and what we’re going to do with it
    • make separate requests for consent for all differing purposes and types of processing
    • name our organisation and any third party controllers who are relying on the consent
    • tell people they can withdraw their consent and refuse to consent without detriment
    • avoid making consent a precondition of a service.
  • Contract – where the processing of personal data is required to enter into or carry out a contract with the individual(s), i.e. if we need to process someone’s personal data:
    • where the processing is necessary for a contract with the individual, we do not need separate consent
    • where the processing of special category data is necessary for the contract, we will identify a separate condition for processing this data
    • we will document the decision that processing is necessary for the contract, and include information about our purposes and lawful basis in this privacy notice.
    • to fulfil your contractual obligations to them; or
    • because they have asked us to do something before entering into a contract (e.g. provide a quote)
    • the processing must be necessary - if we can reasonably do what we want without processing your personal data, this basis will not apply
    • document our decision to rely on this lawful basis and ensure that we can justify our reasoning
  • Legitimate interests – where the processing of personal data is necessary to meet the legitimate (including administrative) interests of us as a Data Controller or another third party, we will:
    • check that legitimate interests is the most appropriate basis
    • understand our responsibility to protect individual’s interests
    • conduct a legitimate interests assessment (LIA) either separately or as part of a data protection impact assessment (DPIA), to ensure the decision can be justified
    • identify the relevant legitimate interests
    • check the processing is necessary and there is no less intrusive way to achieve the same result
    • complete a balancing test to be confident that the individual’s interests do not override our legitimate interests
    • only use individuals’ data in ways you would reasonably expect, unless there’s a very good reason
    • not use your data in ways you would find intrusive or which could cause you harm, unless there’s a very good reason
    • consider safeguards to reduce any impact where possible
    • consider whether we can offer an opt out
    • if the LIA identifies a significant privacy impact, consider a DPIA
    • keep the LIA under review, and repeat it if circumstances change
    • include information about our legitimate interests in our privacy information.

 

The recipients of the personal information we process

The College will only share personal information where we have a lawful basis to do so. The recipients of such information include:

  • College staff
  • trainees, members and RCOG representatives
  • contracted suppliers and partners
  • international and national professional partners
  • NHS Trusts.

 

Our international transfers of personal information

The College is an international organisation. We therefore process and transfer personal information within the EU/EEA and across the world.

We will ensure that adequate safeguards are in place to process and transfer your personal information securely.

Adequate safeguards include:

  • Countries either signing up to the requirements of GDPR or an EU recognised equivalent, such as the USA’s Privacy Shield
  • Standard Statutory Clauses (SSC) in service agreements and contracts with international suppliers and partners.

 

Our retention of personal information

The College has an established Retention Schedule (PDF) developed in line with statutory requirements and the best practice outlined by The National Archives Office.

All of our records, including those containing personal information, are managed according to this schedule to ensure that the College only retains personal information for the minimum amount of time necessary.

 

Individual’s rights to the personal information we process

Data Subjects have:

  1. the right to be informed – e.g. fair processing/privacy notices
  2. the right of access – e.g. subject access requests (SARs)
  3. the right to rectification - e.g. have their data corrected
  4. the right to erasure – e.g. have their data deleted/removed
  5. the right to restrict processing – e.g. stop their data being used
  6. the right to data portability – e.g. transfer their data easily
  7. the right to object – e.g. challenge what we’re doing with their data
  8. rights in relation to automated decision making and profiling – e.g. safeguards to make sure we don’t make potentially damaging decisions about them without human involvement.

Please see our Individual Rights Request procedure for further details and download our form if you want to make a request.

 

The CROWN Initiative

The CROWN Initiative obtains information about you when you register to receive our email newsletters. We collect your name, position and email address to allow us to send you relevant communications. Some administration for the CROWN Initiative is currently performed at QMUL and your information may be shared with individuals from this institution.

You have the right to withdraw your consent and unsubscribe from CROWN Initiative email communications at any time by contacting us by email (crown@rcog.org.uk).

 

ICO Registration

  • ICO registration number: Z6382904
  • Registration Expiry: 29 January 2021

You can read more in our Data Protection Policy.

 

Cookies

Cookies are small files that are downloaded to your device as you visit websites. Some cookies are essential  the website will not function without them. Others are important as they provide us with information about how well the site is working, or how it is being used.

We do not store information that allows us to identify you without your permission, and we do not share cookies with third parties.

We use cookies to:

  •  Allow you to book examinations and events
  •  Provide access to RCOG eLearning and the CPD ePortfolio
  •  Determine if you are logged in or not
  •  Provide you with other membership benefits, including access to online journals, TOG and BJOG
  •  Ensure the site is functioning correctly

In addition, we also use cookies to compile anonymous visitor statistics, such as how many people have visited our website, what type of system or device they are using (e.g. Mac or Windows, which helps us to identify when our site isn’t working as it should for those systems or devices), how long they spend on the site, what page they look at etc. This helps us to continuously improve our website. These ‘analytics’ tools also tell us, also anonymously, how people reached this site (e.g. from a search engine) and whether they have been here before. All of this information helps us to put more money into developing our services for you, rather than marketing.

This table provides more information about the cookies we use:

Name Information
.ASPXANONYMOUS Anonymous Episerver CMS cookie
ASP.NET_SessionId Session cookie
_ga Google Analytics
_gid Google Analytics
_gat Google Analytics
NID Privacy Enhanced Mode allows you to embed YouTube videos without using cookies that track viewing behaviour. This means no activity is collected to personalize the viewing experience. Instead, video recommendations are contextual and related to the current video. Videos playing in Privacy Enhanced Mode won’t influence the viewer's browsing experience on YouTube.

 

In addition, the College site uses cookies from New Relic, which collects telemetry data to monitor site performance. Some booking payments are processed through a microsite that uses Microsoft Azure Application Insights, which performs a similar function.

 

Turning cookies off

You can usually switch cookies off by adjusting your browser settings to stop it from accepting cookies. However, doing so will limit the functionality of a large proportion of the world’s websites, including this one, as cookies are a standard part of most websites.

For more information about blocking cookies in your browser, click the relevant link below:

PC or Mac browsers

Mobile browsers

To manage your preferences on Google Analytics, please click here.