The Royal College of Pathologists is committed to protecting and respecting your privacy. This policy (together with any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
The College’s website (www.rcpath.org) is owned and operated by the Royal College of Pathologists.
What kind of personal data do we collect?
- Member data: In order to provide the range of membership services for you, we need to process certain information about you. We only ask for details that are necessary for providing you with information about how the College is fulfilling its objectives or to help us to help you with professional development or in pathology matters. This includes details such as your name, contact details, qualifications, workplace, professional specialism(s), CPD records, attendance at events, and other information. Where appropriate and in accordance with regulatory or legal requirements, we may also collect information related to your gender, diversity information or details of any professional misconduct. We also collect your banking details in order to process subscription fees or for payments for other services which you contract from the College.
- Prospective member data: If you are in training and/or working towards a College qualification, we need to collect and use information about you, or individuals at your organisation, in the course of providing you services such as: (i) providing examinations; (ii) monitoring your progress through training; (iii) providing you with support in your training programme (or assisting another organisation to do so); (iv) providing you with trainee/work placement services (or assisting another organisation to do so); and/or (v) notifying you of content provided by the College which is likely to be relevant and useful for your career in pathology to you (for example our Bulletin). Where appropriate and in accordance with regulatory or legal requirements, we may also collect information related to your gender and diversity information. If you are enquiring about how to become a member of the College or looking for information about a career in pathology we need to collect and use information so that we can supply such information directly to you by post, email or telephone. We also collect your banking details in order to process any fees payable or for payments for services which you contract from the College that you request for this purpose.
- Supplier data: We need a small amount of information from our Suppliers to ensure that things run smoothly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).
- Visitor data: We require information to identify all persons who are in our building at 6 Alie Street, London E1 8QT which is collected at our reception or other means of registering you when you enter the building. The purpose for this is to comply with health and safety requirements that are necessary should the building need to be evacuated and for the safety of all visitors when in the building.
How do we collect your personal data?
directly via our website (www.rcpath.org) by entering your details through the MYRCPATH member area
emailing your CV to a College employee with regard to a voluntary appointment
providing information via on-line forms, surveys or via MYRCPATH related to College activities such as consultations or pathology workforce matters
collecting your data through a contractual or commercial relationship with you e.g. for membership subscriptions or attending a fee paying event
via a form which could be online as part of our website or a form provided to us as a hard copy or electronically. Examples of these include:
an application form, as part of the membership registration process
a form to apply for a voluntary role at the College
a form or other request for information about the College, an event, a professional or pathology matter
a form to participate in a training programme
a form to sit an examination
a form to register for events and any hard copy registration at events
contacting us with enquiries or comments by telephone, email or hard copy correspondence
- your information is collected when you visit our premises for the following purposes:
- Site security
- Fire safety
- Health & safety management
- This information is collected from you verbally or recorded in our electronic or manuscript registers when you enter buildings owned or managed by the College. Personal data, including images are stored for up to 30 days before being deleted.
- Electronic images are collected when you visit our sites through CCTV cameras installed and operated on behalf of the College. CCTV is used to maintain public safety, to ensure the security of property and premises and for the purposes of preventing and investigating crime.
- CCTV may also be used to monitor staff when carrying out their work duties to assess their compliance with the College’s policies and procedures and to ensure the security of our premises, IT systems and employees.
via a regulatory body such as the General Medical Council
via another authorised body with whom joint education or professional development takes place
via professional bodies with whom there is a sharing of registration for events or activities.
We collect your data automatically via cookies when you visit our website, in line with cookie settings in your browser. We will also collect data from you when you contact us via the website, for example by using the MyRCPath function. Please see our Cookies Policy for more information.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
How do we use your personal data?
We will process any of your personal data, in accordance with our obligations under applicable data protection laws and regulations, for the following reasons: to provide you with the services you have requested; to comply with applicable laws and regulations; for administrative purposes; to assess enquiries; and to provide you with information about us and our services. If, at any time, you do not wish to receive further information about us and our services, contact us at ([email protected]).
What lawful bases do we use to process your information?
The lawful bases for processing personal data are set out in Article 6 of the UK GDPR. At least one of these must apply whenever personal data is to be processed:
- Consent: you have given your consent for us to process your personal data for a specific purpose.
- Performance of a contract: the processing is necessary for the performance of a contract that you have with us, including for the purposes of entering a contract with us.
- Compliance with legal obligation: our processing of your personal information is necessary to comply with the law (e.g. the tax/social security obligation/employment law, health and safety legislation) (not including contractual obligations).
- Vital interests: the processing is in yours, or someone else’s vital interests.
- Public interest: the processing is necessary to enable us to perform a task in the public interest or an official function, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary in your legitimate interests or the legitimate interests of the College, or those of a third-party, unless the need to protect your personal data overrides those legitimate interests.
Our legitimate interests
a) Committee work and sharing of email address
We rely on ‘legitimate interests’ to make your email address (private or business) available to other committee members when you apply to become a member or participate in the work of a College committee, or one which is jointly administered by the College. We do this to:
- enable committee member to committee member (peer to peer) communication about committee matters and outputs according to agreed, defined terms of reference;
- benefit the work of a committee, its members and effectiveness of supporting committee administration and management; and,
- ensure that the work of the committee is not curtailed, which is a specific benefit for both the member and the College.
Your email address will only be shared with other committee members, including those participating in the work of the committee: it will not be shared with any other parties and when you cease to be a committee member, the email address you provided will be deleted.
You have the right under Article 21 of the UK GDPR to object to your email address being shared with other committee members. This right will be brought to your attention when you apply to serve on a committee, and before your email address (personal or business) is shared. However, should you choose not to disclose your email address, your application is likely to be turned down as you will, in effect, be incommunicado, and therefore unable to engage in the work of the committee you have asked to join.
b) Use photos of people over 18 at College-run events, meetings, conferences and symposia
We rely on legitimate interests’ to make photographs and images available for use in printed publications, on the College website, in promotional material and for recruitment purposes, and on our social media channels. These are photographs of attendees who are over the age of 18 at events, conferences, meetings and symposiums run by the College. We do this in order to:
- use photographs to highlight and promote the work of the College and our members who play a vital role in the healthcare system. Imagery is an important part of showing the diversity of pathology in terms of the workforce, their roles and the different pathology specialties. We also use images in our work to engage and lobby UK governments, and external stakeholders and organisations, and advocate for pathology for the benefit of our members and for their patients.
- promote pathology careers to school students and undergraduates. Images are also used to recruit trainees, pathologists and scientists to College roles – these roles are essential to the success of the College. Recruiting the next generation of pathologists and clinical scientists is vital to ensure adequate staffing levels and a sustainable pathology service.
Your photograph will be shared for the purposed above: it will not be shared with any other parties and the College operates a retention and deletion policy within its’ Photography Policy and images provided will be deleted within the specified timeframe. Your rights to have the image deleted at any time are upheld.
c) Collection of special category and private data related to socio-economic indicators, work patterns and caring responsibilities
We rely on legitimate interests’ to collect your data as part of the College’s commitment to improving diversity and inclusion and to determine how representative our College structures are and to work towards improving diversity and inclusion at the College . We collect this data in order to:
- help us understand if the diversity of our members is represented sufficiently in the College and whether or not any of our policies or processes create barriers to certain groups. By so doing we hope to reduce lack of representation and barriers if these are present.
- collate, analyse and report your data on an anonymised basis and share a summarised report about the data with relevant working groups and committees in the College including the Trustee Board and Council to support our ongoing work in relation to equality, diversity and inclusion. We will also publish the highlights of our report to our website so that members can see the results.
- use your data on proatected characteristics to ensure our Trustee Board, Council and staff are representative of the membership, and will use the data we collect to help us explore whether any of our policies or processes create unintended barriers to certain groups.
- use your socio-economic status to inform our monitoring and influencing roles. For example, the approach we take to communications activities, the steps we take to influence education programmes, and what content we raise in discussion with key stakeholders about workforce issues.
- use your information about working patterns and caring responsibilities to help inform our approach to policies, processes and guidance and ensure these are as equitable and inclusive as possible. We will also use this data to support our understanding of the workforce and how it evolves over time, so that we are able to set out as accurately as possible, what the current and future workforce requirements are.
- use your data on work setting and plans to help us better understand current and future workforce need across countries and settings.
Your data will be stored as part of your College member data and will be requested from all members to inform an annual anonymised report. We clearly explain the reasons for collecting the data and provide ‘prefer not to say’ options for all questions relating to protected characteristics. Data will be stored securely and only accessed by College staff who need it for the processing purpose we have outlined. You have the right to update or have the data deleted.
Who do we share your personal data with?
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements; or to protect the rights, property, or safety of the College, or others. This includes exchanging information with other companies and organisations for the purposes of safeguarding or other statutory regulations we have to comply with as well as those organisations with whom you and we have reciprocal agreements for providing services for education or professional development.
How do we safeguard your personal data?
We care about protecting your information. That's why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data. The data that we collect from you may be transferred to, and stored at, our servers in the UK. It may also be processed by persons operating in the EEA who work for us or an organisation we have instructed. If we do send your personal data outside the EEA we will take steps to ensure that the recipient implements appropriate measures to protect your information. If we send your data to organisations outside of the EEA area and Switzerland, we will take steps to ensure that there are binding commercial agreements to uphold the security and integrity of your data.
How do we uphold your rights to use personal data?
In order to best tailor our communication to suit you and ensure that you are able to ‘opt-in’ to receive the information that you want, we have a Preferences centre within the members only (myrcpath) area of the website. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You have the right to ask us not to process your personal data for marketing purposes. You can also exercise the right at any time by contacting us at [email protected].
What are cookies and how do we use them?
Please see our Cookies Policy for more information.
What are my data subject rights?
We support your data subject rights in relation to the processing of your information under the Data Protection Act 2018 and the UK GDPR, including your:
- right to be informed (chiefly via this policy)
- right of access
- right to rectification
- right to erasure
- right to restrict processing
- right to data portability
- right to object
- rights related to automated decision-making including profiling.
You can exercise any of these rights by contacting us using any of the methods shown below in the ‘How do I contact you?’ section. We will respond to your request as quickly as possible. Usually, this will be within one month of receiving your request.
Access rights to academic performance
You are advised that under the UK GDPR, you may use your right of access to request information about you and your academic performance, this may include:
- the examiner's assessment
- written comments about the provisional grade
- records of past performance
However, you do not have the right to access any information that you have recorded yourself. This means that you cannot get copies of your answers from examinations or assessments.
Provided the results have been announced, we must respond to your request within one month. However, if you request this information before the results are announced, we must respond:
- within five months of the date of your request; or
- within 40 days from when the results are announced (whichever is earlier).
In some circumstances it may be necessary for us to withhold some of the information you have requested. For example, the information you have requested may reveal something about another individual.
You can request a copy of the information we hold about you by using any of the methods shown below in the ‘How do I contact you?’ section. We will respond to your request as quickly as possible. Usually, this will be within one month of receiving your request.
How do I update my information?
You may choose to correct, update, or delete your personal data, including your membership information, by contacting us using any of the methods shown below in the ‘How do I contact you?’ section.
If you have opted-in to receiving communications form us, your preferences will remain in effect until you tell us that you want to opt-out of receiving any further communications. Normally, you can do this by clicking the link at the footer of the email you have received.
You can change your preferences at any time by clicking the relevant link in the emails we send you or by contacting using any of the methods shown below in the ‘How do I contact you?’ section.
If, at any time, you do not wish to receive further information about us and our services, contact us at ([email protected]).
How do I withdraw my consent?
Where we process your information based on your consent, you may withdraw your consent at any time. You can do this by contacting us using any of the methods shown below in the ‘How do I contact you?’ section.
How do I make a complaint?
We hope you’ll never have the need to do so, but if you do want to complain about our use of your personal data, or our facilitation of your data subject rights requests, you can contact us using any of the methods shown below in the ‘How do I contact you?’ section.
Our Data Protection Officer will investigate your complaint and provide you with an appropriate response as quickly as possible.
How do I contact you?
You may contact us using any of the following methods:
By email: [email protected]
What if I am still not happy?
You can lodge a complaint with the Information Commissioner at any time if you are unhappy with the way in which we are processing your information, or we have failed to facilitate your data subject rights. The Information Commissioner can be contacted as follows:
For further information about your data subject rights and how to complain to the ICO, please refer to the ICO website: ICO Make a Complaint