Royal College of Emergency Medicine Menu Menu
General Data Protection Regulations and our Privacy Policy

General Data Protection Regulations and our Privacy Policy

As a College, RCEM collects a lot of different data from you as an individual, from your training posts and associated data, to your address information for journal mailings and subscription information.

General Data Protection Regulations (GDPR) and privacy

General Data Protection Regulations (Regulation (EU) 2016/679)(GDPR) came into effect in May 2018 and replaced the Data Protection Act 1998.

A new Data Protection Act 2018 replaced the 1998 Data Protection Act.

The EU GDPR is an EU Regulation and it no longer applies to the UK. However, the provisions of the EU GDPR have been incorporated directly into UK law as the UK GDPR, and we remain committed to operating in accordance with these regulations.

We collect a range of data, necessary to maintain membership, examination and training records, and to provide you with relevant information about events, services and other activities at RCEM.

We have legal obligations to keep your data safe and secure and have a number of policies and procedures in place to ensure that our systems adhere to the regulations which cover consent, subject access requests, and the security and retention of personal data.

We do not provide the data to third parties unless you have given us permission to do so, or if there is a legal or statutory requirement to do so.

We have also undergone ISO9001 registration throughout the College, to give us assurance that all our internal policies are appropriate and fit for purpose.

You can read more about definitions of personal data and about the regulations, from the Information Commissioner’s Office.

By accessing or using the RCEM or RCEMLearning and associated websites you agree to the use of how we process your data, if collected via this site.

You can request a copy of the information that we hold on you (also known as a Subject Access Request) by writing to:

The Royal College of Emergency Medicine
54 Ayres Street
London
SE1 1EU

Our nominated Data Protection Officer is Jenny Dyer, and she can be contacted at the address above, or via email at rcem@rcem.ac.uk

 

Privacy Policy

The Royal College of Emergency Medicine (RCEM) recognises the importance of protecting personal information and we are committed to safeguarding members, non-members and staff (known as “The User” in this document) privacy both on-line and off-line.   We have instituted policies and security measures intended to ensure that personal information is handled in a safe and responsible manner.  This Privacy statement is also published on the RCEM web site so that you can agree to the kind of information that is collected, handled and with whom this data is shared with.

RCEM strive to collect, use and disclose personal information in a manner consistent with UK and European law and under the General Data Protection Regulation (GDPR).  This Privacy Policy states the principles that RCEM follows and by accessing or using the RCEM site you agree to the terms of this policy.

The Royal College of Emergency Medicine
7-9 Breams Buildings
Chancery Lane
London
EC4A 1DT
rcem@rcem.ac.uk

Our nominated Data Protection Officer is Jenny Dyer, and she can be contacted at the address above, or via email at jenny.dyer@rcem.ac.uk.

Related FAQs

+ When does RCEM collect information?

If you only visit our website and do not create an account, we will not gather any personal information about you, information is only collected once you create an account on the RCEM system. The collection of this information is essential to ensure that we can provide the best possible service and experience.

RCEM collects information about you for the following reasons:

    • To process membership applications
    • To process E-Portfolio and training applications
    • To process examinations
    • To process Direct Debit payments
    • To process event and conference bookings
    • Complainant and other individual in relation to enquiries made of the College
    • Usage of RCEM Learning and CPD recording
    • Job applications and details of current/former employees

Procurement of supplies and services

If at any point you wish to stop the processing of your data, please contact the relevant member of staff at RCEM, who will cease the processing of your data promptly and without delay, within one month of your contact.

This data is primarily collected as part of a ‘contract’ with you, i.e. for us to provide a service to you as listed above.

We may use the data that you have provided to let you know of any events that may count towards your CPD. RCEM intends to rely on the lawful basis of ‘legitimate interests’ for our existing members when sending direct marketing about events that may be of interest to you. RCEM will not send direct marketing to those who are not current members without their explicit consent.

These emails may come from RCEM, or from one of three third parties that we may pass your personal data on to, as they run events that may be applicable to you and your continuing professional development:

  • Emergency Medicine Trainees’ Association (EMTA)
  • European Society for Emergency Medicine (EUSEM)
  • Forum for Associate Specialist and Staff Grade Doctors in Emergency Medicine (FASSGEM)

The marketing of such events will always be related to our missions, values and objectives. The content of these events will always be professionally or socially relevant and should therefore always result in a positive benefit to you.

Please note that consent for this direct marketing can be withdrawn at any time via your account on the College website, or by contacting any member of staff.

+ What information is collected?

RCEM requests personal information as you create an account or for one of the purposes listed above. The type of information generally required is:

  • Name
  • Mailing address (Home and/or Work)
  • Contact details (telephone, mobile and email address)
  • Current employment grade
  • Date of Birth
  • GMC or equivalent number
  • Employment History
  • Bank Details if paying by Direct Debit or being paid by us
  • Qualifications and Educational Experience

We also receive personal information from regulatory bodies to validate medical registration.

By creating an account and becoming either a member, trainee or examination candidate, or by becoming a supplier of goods and/or services to us, you agree to allow RCEM to store personal information into the software or service that resides on our servers.

Please note that you have the right to request that we remove your personal information at any time. You can do this by contacting any member of staff at the College, who will be happy to help.

CEM does not hold credit/debit card details for those who pay on-line or ring the office to make a payment off-site, this data is held securely on RCEM’s payment service provider Sagepay, and only the last 4 digits of your card number are visible for reconciliation purposes only.

We will never collect sensitive personal data about you without your explicit consent.

We will endeavour to hold accurate and up-to-date information. Some information can be amended by you and some can be amended by RCEM. If you are aware of an inaccuracy that you are unable to amend, please contact RCEM who will correct or delete it promptly and within one month of receipt.

+ How we use your information

This privacy notice tells you what to expect when the Royal College of Emergency Medicine (RCEM) collects personal information. It applies to information we collect about:

  • our Members and Fellows
  • examination candidates
  • trainees and users of the Eportfolio
  • visitors to our websites
  • complainants and other individuals in relation to enquiries made of RCEM
  • people who use our services, e.g. who subscribe to our newsletter, request a publication from us, book to attend our events and conferences, use our Continuing Professional Development, Revalidation and Eportolio systems
  • job applicants and our current and former employees
  • Procurement of supplies and services

All decisions regarding your data, i.e. membership categories or examination requirements are made via a human interaction, there are no automatic decision making processes within RCEM, this includes profiling.

We automatically gather generic information automatically to monitor traffic patterns and site usage to help us refine and improve design and layout of our Site and the user experience. Cookies are also used within the RCEM Learning environment to enhance the user experience.

Emails and personal correspondence (regular mailings) will be stored securely on our database, as a record of that correspondence.

Any sensitive personal data collected from you is stored securely and is collected to provide generic information to the GMC on an annual basis. Account holders can choose whether to supply this information, please contact the College if you wish to remove any sensitive personal data from your record.

We do not sell, trade or rent personal details to third parties. Some data is passed to Regional and National Chairs who sit on the RCEM Council within their respective Regions and Nations. This is generally to gain assessment of their regional or national workforce for Emergency Medicine policy decisions.

Your data will never be passed to any third countries.

+ People who use College services

The Royal College of Emergency Medicine provides many services, some of which are run by organisations outside of the College. Personal data may be provided to these third-party organisations in order to facilitate these services.

We have contractual arrangements with suppliers who provide RCEM IT systems. We take important steps to make sure that these companies deal with your data in a secure way, they are required to sign an agreement to state that they will handle your data in accordance with the requirements of the College. This may include taking payments for services and subscriptions, administering our membership database and maintaining services such as our Eportfolio system, Continuing Professional Development (CPD) system and Revalidation data storage, exam system(s), external consultants/advisers.

We have a partnership arrangement with the British Medical Journal (BMJ) with whom we produce the Emergency Medicine Journal (EMJ). In order for the BMJ to send out the EMJ, we provide them with contact details such as your name and mailing address. This information is sent via a Secure File Transfer Protocol process and is securely disposed of as soon as the publications have been sent.

We share also membership information with the Emergency Medicine Trainees’ Association (EMTA), European Society for Emergency Medicine (EUSEM) and Forum for Associate Specialist and Staff Grade Doctors in Emergency Medicine (FASSGEM) to encourage appropriate development opportunities for our Members. It is a requirement of those using our systems to record Audit information that no patient identifiable data is entered in these by the users.

+ Access to Personal Information

A lot of your personal information can be accessible via My Account on the RCEM website, but there are some data that is not visible via your account. If you would like access to this information, then you can request it via a ‘Subject Access Request’ under the General Data Protection Regulation (GDPR)(2018).

This request can be made free of charge, and may be made verbally (over the telephone) or in writing (either by email or in letter form), and RCEM may contact you to gain more information about your request before the information is provided.

If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.

If you would like to make a request in writing, please contact the Data Protection Officer; Jenny Dyer at jenny.dyer@rcem.ac.uk, or send a letter to Jenny Dyer, Data Protection Officer, 7Octavia House, 54 Ayres Street, London, SE1 1EU. Please try to include as much information as possible to help us with your request.

If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting any member of staff.

+ How long is my information kept for?

Under GDPR (2018) your information will be kept “in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed” (GDPR, Article 5, 2018)

Any information related to your membership of the college, including trainee data, will be maintained while you are a member, and will be kept for 7 years after your membership lapses.

Access to the eportfolio system will be changed to read-only once your membership has lapsed, and trainee-type roles and associated data will be removed from user accounts if they do not contain a current/future post or at least one historic post that has ended within the last 7 years. Where a user account has no trainee type roles and has not been logged into for 7 years it will be deleted.

Individuals who have access to the RCEMLearning platform have full access while they are members. Once your membership lapses, this access is withdrawn, your record remains on the system, but you do not have access unless your subscriptions are paid, and your access is reinstated.

Individuals who have access to the national QIP system for data entry or data viewing have access indefinitely, as it is not related to their membership status. Past data is also accessible via the QIP system, data is not removed from the system, as it may need to be accessed at any point.

Any data surrounding qualifications gained through RCEM will be kept on our systems indefinitely, as this information may be used to verify qualifications with the GMC and other organisations at any time.

+ Cardholder Information

Cardholder information is not stored on any RCEM system or on the premises as per our PCI compliance. On-line payment data is protected and is not forwarded to any third parties.

+ Security Measures

Security measures are in place to secure personal information include encryption technology and firewalls as well as restrictions regarding the storage of sensitive information.

Your RCEM website account is password protected, and you can log on using your username and password to edit any personal information held on your account. If you do not know your username or password, please use the ‘Forgot my password’ function, or contact the Membership department at membership@rcem.ac.uk.

Staff access to the customer relationship management (CRM) system is also password protected and is not accessible by members of the public.

+ Job applicants, current and former College employees

When individuals apply to work at College, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference we will not do so without informing them beforehand.

Personal information about unsuccessful candidates will be held for six months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once a person has taken up employment with RCEM, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with College has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.

+ Cookies on our website

This site, like many other sites, uses small files called cookies to help customize your experience. Find out more about cookies and how you can control them

Quick description of cookies

‘Cookies’ are small text files that are stored by the browser (e.g. Internet Explorer, Firefox, Chrome or Safari) or by a mobile phone (e.g. Android or iPhone) on your computer or mobile device. They allow websites to store such things as user preferences. You can think of cookies as providing a “memory” for the website, enabling it to recognize a user and respond appropriately.

Cookies and their use

There are different types of cookies based on their use:

  • Some cookies we use to remember your preferences for tools found on our web sites, so you don’t have to reenter them each time you switch a page or each time you visit. They will remember your user login, the language you prefer and other things such as what video streaming speeds you use.
  • Some are created and used by web analytics software (such as Google Analytics) to track how many individual unique users we have, and how often they visit the site. Unless you are signed in to the site, these cookies cannot be used to identify you personally. If you are logged in, the login process links you to your stored membership record that includes your username and email address.
  • Some cookies are used by geo-targeting software which tries to identify what country you are in based on the information supplied by your browser when it requests a web page. This cookie is completely anonymous, and is only used to help target content – such as whether you see our UK or another home page – and advertising.
  • When you register with us, we generate cookies that signal whether you are signed in or not. We use these cookies to determine which account you are signed in with, and if you should get access to a service. It also allows us to associate any comments you post with your Advertising cookies
  • On some of our pages, third parties may also set their own anonymous cookies, for the purposes of tracking the use of their application, or tailoring the application for you. Because of how cookies work, we cannot access these cookies, nor can the third parties access the data in cookies used by us. As an example, when you share an article using a social media sharing button on our sites, the social network that has created the button will record that you have done this.

Turning off cookies

Most browsers and phones have a way to stop accepting classes of cookies, or to stop it accepting cookies from a particular website. For example, using cookies is needed in order to use our shopping cart, so you would not be able to buy things through our web site if you turned off our cookies.

Help in turning off cookies can be found in your browser or mobile phone help files

If you are concerned about third party cookies generated by advertisers from Europe, you can turn some of these off by going to the Your Online Choices site.

+ Disclosure of personal information

In many circumstances we will not disclose personal data without consent. However if we are involved in the investigation of a complaint or misconduct, for example, we may need to share personal information with regulatory organisations and with other relevant bodies, for example suppliers, deaneries, supervisors and others for the purposes of training, assessment, e-Portfolio, research and other College purposes.

Exam performance and a personal identifier will be shared with educational supervisors and/or your deaneries.

 

+ Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

+ Concerns or complaints

If you have any concerns or complaints about RCEM’s Data Protection and Privacy processes, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or another supervisory authority.

You can contact the ICO via their website at www.ico.org.uk.

+ Changes to this privacy notice

We keep our privacy notice under regular review. This privacy notice was last updated on 17th November 2022.

+ More Information

If you have any questions, please do not hesitate to contact us.



Back to top Back to top