The RCOG is committed to protecting your privacy. This policy tells you how we collect, store and manage personal information to comply with the requirements of current data protection legislations. You can also read the College’s Data Protection Policy.
The Royal College of Obstetricians and Gynaecologists (the College) is a Data Controller for much of the personal information we collect and use These include current, past and prospective trainees, members, staff, suppliers, clients, customers, and others with whom we have business, or with whom we communicate.
We are a small organisation with less than 250 employees, so we do not have a Data Protection Officer. This function is shared between the Senior Information Risk Officer (SIRO) and the Head of Information Governance. Our address is in the footer below and our email address is email@example.com
We consider the lawful and correct treatment of personal information as essential to the efficient and successful conduct of our business. We recognise that it is crucial to fostering and maintaining the confidence of our main stakeholders and the wider public.
Please see our Data Protection Policy for further details on our commitment to data protection, including definitions of key terms used here.
Our purposes for processing personal information
The purposes for which we collect, process, share and store your personal information are:
- To provide you with training, education, research and other support throughout RCOG examinations (including the MRCOG and DRCOG), developing sub-speciality expertise, continual professional development, Advanced Training Skill Modules, and Advanced Professional Modules
- To manage and deliver RCOG examinations
- To manage, administer and deliver your specialty training with the College
- To manage, administer and enable your membership of the College
- To provide you with access to RCOG products and services
- To manage and administer the College’s committees, groups and operations
- To manage, administer and performance monitor all of our staff and volunteers including direct employees, workers, honorary contractors and freelancers
- To collect and process feedback on the College (including our products and services) or the O&G profession to inform our work
- To recruit staff, officers, committee members and RCOG representatives
- To assist NHS Trusts with independent reviews into their obstetric and gynaecological (O&G) services
- To develop O&G healthcare through dedicated research projects
- To cascade O&G knowledge, learning and expertise globally
- To deliver meetings and events held at the College or elsewhere
- To raise money for the College through dedicated activities and fundraising
- To manage your registration on the College website
- To keep you informed of O&G related events and activities either run by, commissioned or supported by the College.
Our lawful bases for processing personal information
Personal data processing must have a lawful basis for processing, these are listed in our Data Protection Policy. The College uses the following three lawful bases most:
- Consent – where the individual provides informed consent to the processing of their data. When using consent we will:
- check that consent is appropriate
- make the request for consent prominent and separate from terms and conditions
- ask people to “opt in”
- use clear, plain language that is easy to understand and do not use pre-ticked boxes
- specify why we want the data and what we’re going to do with it
- make separate requests for consent for all differing purposes and types of processing
- name our organisation and any third party controllers who are relying on the consent
- tell people they can withdraw their consent and refuse to consent without detriment
- avoid making consent a precondition of a service.
- Contract – where the processing of personal data is required to enter into or carry out a contract with the individual(s), i.e. if we need to process someone’s personal data:
- where the processing is necessary for a contract with the individual, we do not need separate consent
- where the processing of special category data is necessary for the contract, we will identify a separate condition for processing this data
- we will document the decision that processing is necessary for the contract, and include information about our purposes and lawful basis in this privacy notice.
- to fulfil your contractual obligations to them; or
- because they have asked us to do something before entering into a contract (e.g. provide a quote)
- the processing must be necessary - if we can reasonably do what we want without processing your personal data, this basis will not apply
- document our decision to rely on this lawful basis and ensure that we can justify our reasoning
- Legitimate interests – where the processing of personal data is necessary to meet the legitimate (including administrative) interests of us as a Data Controller or another third party, we will:
- check that legitimate interests is the most appropriate basis
- understand our responsibility to protect individual’s interests
- conduct a legitimate interests assessment (LIA) either separately or as part of a data protection impact assessment (DPIA), to ensure the decision can be justified
- identify the relevant legitimate interests
- check the processing is necessary and there is no less intrusive way to achieve the same result
- complete a balancing test to be confident that the individual’s interests do not override our legitimate interests
- only use individuals’ data in ways you would reasonably expect, unless there’s a very good reason
- not use your data in ways you would find intrusive or which could cause you harm, unless there’s a very good reason
- consider safeguards to reduce any impact where possible
- consider whether we can offer an opt out
- if the LIA identifies a significant privacy impact, consider a DPIA
- keep the LIA under review, and repeat it if circumstances change
- include information about our legitimate interests in our privacy information.
The recipients of the personal information we process
The College will only share personal information where we have a lawful basis to do so. The recipients of such information include:
- College staff
- trainees, members and RCOG representatives
- contracted suppliers and partners
- international and national professional partners
- NHS Trusts.
Our international transfers of personal information
The College is an international organisation. We therefore process and transfer personal information within the EU/EEA and across the world.
We will ensure that adequate safeguards are in place to process and transfer your personal information securely.
Adequate safeguards include:
- Countries either signing up to the requirements of GDPR or an EU recognised equivalent, such as the USA’s Privacy Shield
- Standard Statutory Clauses (SSC) in service agreements and contracts with international suppliers and partners.
Our retention of personal information
The College has an established Retention Schedule (PDF) developed in line with statutory requirements and the best practice outlined by The National Archives Office.
All of our records, including those containing personal information, are managed according to this schedule to ensure that the College only retains personal information for the minimum amount of time necessary.
Individual’s rights to the personal information we process
Data Subjects have:
- the right to be informed – e.g. fair processing/privacy notices
- the right of access – e.g. subject access requests (SARs)
- the right to rectification - e.g. have their data corrected
- the right to erasure – e.g. have their data deleted/removed
- the right to restrict processing – e.g. stop their data being used
- the right to data portability – e.g. transfer their data easily
- the right to object – e.g. challenge what we’re doing with their data
- rights in relation to automated decision making and profiling – e.g. safeguards to make sure we don’t make potentially damaging decisions about them without human involvement.
Please see our Individual Rights Request procedure for further details and download our form if you want to make a request.
The CROWN Initiative
The CROWN Initiative obtains information about you when you register to receive our email newsletters. We collect your name, position and email address to allow us to send you relevant communications. Some administration for the CROWN Initiative is currently performed at QMUL and your information may be shared with individuals from this institution.
You have the right to withdraw your consent and unsubscribe from CROWN Initiative email communications at any time by contacting us by email (firstname.lastname@example.org).
- ICO registration number: Z6382904
- Registration Expiry: 29 January 2020
You can read more in our Data Protection Policy.
Our cookies help us to:
- Make our website work as you’d expect
- Save you having to log in every time you visit the site
- Remember your settings during and between visits
- Allow Members and Fellows to access their membership benefits
- Improve the speed/security of the site
- Continuously improve our website for you
- Collect any personally identifiable information (without your express permission)
- Collect any sensitive information (without your express permission)
- Pass data to advertising networks
- Pass personally identifiable data to third parties
- Pay sales commissions
You can learn more about all the cookies we use below.
More about our cookies
Our own cookies
- Making our shopping basket and checkout work
- Providing access to CPD/Revalidation ePortfolio
- Determining if you are logged in or not
- Allowing you to add comments to our site
- Other membership benefits, including access to online journals, TOG and BJOG
There is no way to prevent these cookies being set other than to not use our site.
- A widget from Twitter
- A link to the College’s Facebook page
Disabling these cookies will likely break the functions offered by these third parties.
Anonymous visitor statistics cookies
To do this, we use Google Analytics.
Turning cookies off
You can usually switch cookies off by adjusting your browser settings to stop it from accepting cookies. However, doing so will likely limit the functionality of our and a large proportion of the world’s websites as cookies are a standard part of most modern websites.
For more information about turning off cookies on your browser, click the relevant link below:
PC or Mac browsers
To manage your preferences on Google Analytics, please click here.
It may be that your concerns around cookies relate to so called ‘spyware’. Rather than switching off cookies in your browser you may find that anti-spyware software achieves the same objective by automatically deleting cookies considered to be invasive. Learn more about managing cookies with antispyware software.
The cookie information text on this site was derived from content provided by Attacat Internet Marketing, a marketing agency based in Edinburgh. If you need similar information for your own website you can use their free cookie audit tool.